- From: Steven Rowat <steven_rowat@sunshine.net>
- Date: Mon, 26 Jun 2017 17:31:36 -0700
- To: public-credentials@w3.org
On 2017-06-26 4:22 PM, Christopher Allen wrote: > This says that there may be something broken in our last sentences, > rather than it being the words. > > Here I’ve tried to fix the last two lines so that they work with > Relying Party, and ended up just modifying the first and deleting the > second as it became redundant. > > *Verifier* verifies that *Relying Party* is either the > *Subject* of the *Claim* or is */_authorized _/*/*_to present_ > */the *Claims /_to the Verifier_./* > I see your reasoning and it seems cleaner. But who decides who is 'authorized'? This seems it could be abused if it's left completely open. Suppose I wrote a book B that won Prize P. Issuer I issues a Claim that book B won Prize P. Then *somebody* authorizes Holder X to use that Claim. Couldn't that be, say, a Mafia warlord who gave the authorization? He decided that his son had actually written my book? So his son became the Holder who was authorized to present the Claim, and get royalties from the book, etc.? Or is all this out of scope? :-) Steven
Received on Tuesday, 27 June 2017 00:32:10 UTC