W3C home > Mailing lists > Public > public-credentials@w3.org > June 2017

Re: Negative VCs

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Mon, 26 Jun 2017 12:20:52 -0400
To: Joe Andrieu <joe@joeandrieu.com>, public-credentials@w3.org
Message-ID: <fbb0a9cb-c618-848b-b48f-6429376f3650@digitalbazaar.com>
On 06/24/2017 03:30 PM, Joe Andrieu wrote:
> David,
> I can see where it reads that way, but I'm not making that
> assumption at all.
> Relating the subject to any particular entity is dealt with outside 
> the claim. There may be enough information in the claim itself to do 
> the correlation or it may need to be done externally either in 
> context or based on other data. This is a problem of authentication, 
> not verification.
> Of course, if the subject is uncorrelatable through any means then 
> the claim can't be tied to a specific entity, then the 
> inspector/verifier/relying-party will have a hard time applying the 
> claim.
> However, one could generate random pseudonymous unique identifiers 
> and use those to collect a set of claims from various issuers, 
> presenting the set of claims as a related set and the RP could 
> correlate across those claims some relevant fact. For any given
> claim the subject appears random and private, but isn't in fact in
> the context the set of claims. Each of those claims are valid, even
> if useless in isolation.
> In the case of a truly noncorrelatable subject, i.e., the random 
> unique number private to the subject, the claimant still doesn't 
> *have* to prove anything for the claim to be valid. The claim, 
> however, may be useless. Which is fine. Not all verified claims are 
> going to be useful. But bearer claims exactly fit this use case. The 
> bearer of this claim *is* the subject of the claim and due the 
> privileges associated with the claim.
> We don't want to conflate the possibility of authenticating the 
> claimant as the subject with it being an innate requirement of 
> Verifiable Claims. Nor do we want to require some proof of rights or 
> relationship between the claimant and subject. These are outside the 
> scope of the claim itself. That's why I say that ROLE_B doesn't 
> innately have to prove anything.

I agree -- but I'd like to note that "outside the scope of the claim"
does not mean outside the scope of the VCWG (and definitely not outside
the scope of the CG).

Dave Longley
Digital Bazaar, Inc.
Received on Monday, 26 June 2017 16:21:20 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:38 UTC