Re: Negative VCs from Dave Longley on 2017-06-26 (public-credentials@w3.org from June 2017)

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Mon, 26 Jun 2017 12:26:33 -0400
To: David Chadwick <D.W.Chadwick@kent.ac.uk>, public-credentials@w3.org
Message-ID: <9f39121a-9f7e-1637-e101-d137941ad10f@digitalbazaar.com>

On 06/25/2017 05:37 AM, David Chadwick wrote:
> 
> 
> On 24/06/2017 20:30, Joe Andrieu wrote:
>> David,
>> 
>> I can see where it reads that way, but I'm not making that 
>> assumption at all.
>> 
>> Relating the subject to any particular entity is dealt with outside
>> the claim. There may be enough information in the claim itself to
>> do the correlation or it may need to be done externally either in
>> context or based on other data. This is a problem of 
>> authentication, not verification.
> 
> To be more precise, verification comprises authentication and 
> identification. In order to verify a claim I think that the
> following procedure is needed:
> 
> 1. The inspector needs to first identify the issuer and the subject. 
> 2. The inspector then needs to authenticate that the VC was issued by
> the identified issuer and has not been revoked since issuance.
> 3. The inspector then needs to verify that the issuer is trusted to issue
> the contents of the claim.
> 4. If the subject is 'any/bearer' the
> verification procedure now ends.
> 5. Otherwise the inspector needs to
> authenticate the presenter. If the presenter is the subject the
> verification procedure ends. > 6. If the presenter is not the subject
> then the inspector needs to verify that the presenter is authorised
> to present the claim. This can be done in a variety of ways e.g. a
> pre-established trust relationship between the inspector and
> presenter; a VC delegating authority from the subject to the 
> presenter; a recognised procedure for certain classes of subject and
>  presenter; etc.
> 
> You seem to think that the VC verification model should stop at step
>  3. I would argue that these steps are necessary but not sufficient 
> for verifying VCs. The VC verification process should comprise all 
> steps necessary for the inspector to determine whether to keep the VC
> or discard it as untrustworthy.

I agree that this list is important, fully in scope for the CG, and
that the VCWG may make certain recommendations around this process and
any data modeling related to it. But if it heads too far in the
protocol direction then it would be out of scope for the VCWG.


-- 
Dave Longley
CTO
Digital Bazaar, Inc.
http://digitalbazaar.com

Received on Monday, 26 June 2017 16:27:01 UTC