Re: Questions about Linked Data Signatures for Verifiable Claims

Great questions about this idea, Dave. A couple comments inline.

On Tue, Jul 26, 2016 at 9:07 AM, David Chadwick <d.w.chadwick@kent.ac.uk>
wrote:
>
> 1. Who determines who should be the recipients: the issuer or subject or
> both?


Both issuer and subject would have to agree to share one of these
credentials.

>
> 2. Who must trust the recipient: the issuer or subject or both? A
> subject should be able to give his/her credentials to a recipient that
> the issuer does not trust but that he/she does trust. Conversely, a
> subject should also be able to give a credential to a recipient he/she
> does not fully trust yet wishes to obtain some sort of service from.
>

So while the issuer could presumably deny a subject's request to share a
badge with a specific inspector, I'd expect the subject to know what the
issuer's preferences are in advance of making requests to share.


> 3. What is the overall trust model, and how does this impact on the
> likelihood that a recipient [holder] will forward a credential without the
> express permission of the subject? A fully trusted recipient [holder]
> would never
> forward a credential without the subject's permission. A fully untrusted
> recipient might well forward a credential if there was some benefit in
> this. What would a partially trusted recipient do?
>
I'd expect behavior to vary broadly. Currently, if I shared a credential
with five partially-trusted inspectors, and then it got into an advertising
database, I wouldn't be able to tell who shared it, and the advertising
database, which I might not want to see my credential, could fully verify
the claim. In the current environment, I would be more likely to share
badges/claims with parties I trust, but because there are no consequences
for breaching trust (because it's unlikely that I could learn which
inspector breached trust), the model feels weak.

>
> 4. Should forward sharing be controlled by technical constraints or is
> the trust model (when this is defined) sufficient for this?
>

 Good question. It may also be possible to enable both. For example, even
if we implement this flavor of verifiable claim (with "forward sharing
protection"), I would not expect a majority of claims to be issued with
this extra measure of protection.

>
> 5. How many different flavours of the same credential is it reasonable
> to ask the issuer to issue? In the extreme case this would be a
> different credential for each recipient [inspector].
>

 The portability of a verifiable claim is a strong advantage of the tech. I
would expect perhaps that if we built an ecosystem around claims with
forward sharing protection that there would be a small number of
superproviders who would be broadly trusted by the community, and I could
share my badges/credentials with them and because these inspectors would be
trusted, I could then lean on that trust to use those networks to propagate
my badges further. For example, if Facebook was a claim inspector, I would
instruct my issuer to share a verifiable badge with Facebook that is only
verifiable by Facebook. Facebook would verify it and then share it broadly
with my friends on that network. My friends, because they trust Facebook,
would not need their own verifiable copy of the claim.

I see we have placed this question on today's VCTF call agenda. Looking
forward to discussing it briefly in an hour!

Nate

Received on Tuesday, 2 August 2016 13:45:35 UTC