Re: [Agenda] W3C CCG 2024-02-20 - VC Bitstring Status List

On Tue, Feb 20, 2024 at 11:10 AM Bob Wyman <bob@wyman.us> wrote:
> Can a single bit be used to do more than one revocation?

In theory, yes.

In practice, make sure you understand all of the ramifications to your
use case if you go down that path. :)

> If I signed 100 claims as part of a single transaction, or while performing some role, could I revoke them all by flipping a single-bit?

I'm going to be pedantic about the language you're using to make sure
we're not miscommunicating. :)

If you signed 100 claims as part of a single transaction... that
sounds like a "Verifiable Credential containing 100 claims", so you
could associate one revocation status list bit for that one VC.

If you meant "I signed 100 VCs", then you could  associate ONE
revocation status list bit for all 100 VCs. If you flip that one bit,
all 100 VCs become revoked.

> Could I produce a "conditional signature" that depends on a bit which is controlled by someone else? (i.e. My claim is valid unless Alice revokes her claim.)

Let's not use the word "conditional signature", because that's a
different branch of computer science (cryptographic circuits,
multi-signatures, chained proofs, etc.) that I don't want to get
confused with the status list stuff.

I think I know what you're asking, which is "Can I make the validity
of the VC conditional on something that Alice controls?"... and the
answer is "yes".

You could digitally sign the VC while giving Alice change control over
the revocation bit. This  can happen when the issuing authority for a
license is not the same authority that is responsible for the
continued validity of that license... though, I'm struggling to think
of a real world use case where they wouldn't just run it all through
the same authority.

Did that answer your questions, Bob?

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
https://www.digitalbazaar.com/

Received on Tuesday, 20 February 2024 16:42:48 UTC