W3C home > Mailing lists > Public > public-credentials@w3.org > June 2017

Re: Relying Part & Last Two Lines of Playground [was: Re: Terminology poll]

From: Steven Rowat <steven_rowat@sunshine.net>
Date: Mon, 26 Jun 2017 17:31:36 -0700
To: public-credentials@w3.org
Message-ID: <2cc86603-a0c9-d819-0bc5-9c050c424801@sunshine.net>
On 2017-06-26 4:22 PM, Christopher Allen wrote:
> This says that there may be something broken in our last sentences, 
> rather than it being the words.
> Here I’ve tried to fix the last two lines so that they work with 
> Relying Party, and ended up just modifying the first and deleting the 
> second as it became redundant.
>     *Verifier* verifies that *Relying Party* is either the
>     *Subject* of the *Claim* or is */_authorized _/*/*_to present_
>     */the *Claims /_to the Verifier_./*

I see your reasoning and it seems cleaner.

But who decides who is 'authorized'? This seems it could be abused if 
it's left completely open.

Suppose I wrote a book B that won Prize P.
Issuer I issues a Claim that book B won Prize P.
Then *somebody* authorizes Holder X to use that Claim.

Couldn't that be, say, a Mafia warlord who gave the authorization?
He decided that his son had actually written my book?
So his son became the Holder who was authorized to present the Claim, 
and get royalties from the book, etc.?

Or is all this out of scope?   :-)

Received on Tuesday, 27 June 2017 00:32:10 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:39 UTC