- From: Nate Otto <nate@ottonomy.net>
- Date: Tue, 2 Aug 2016 09:20:11 -0700
- To: David Chadwick <d.w.chadwick@kent.ac.uk>, Manu Sporny <msporny@digitalbazaar.com>
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAPk0ugmMnf2gvYfjUVugw_Gx1PQYTQWJ0VosY0Ci245kxUE7Og@mail.gmail.com>
Thanks, Manu for adding this topic to the agenda for today's call. A couple follow up points: 1. This exploration demonstrated that Linked Data Signatures spec is fairly flexible and can easily be adapted for interesting new purposes. 2. It sounds like the benefits of adapting such a complicated procedure are not justified in most people's minds by the use cases already discussed. 3. There is some doubt that implementing this procedure would protect claim subjects from any significant attack on privacy. Let's narrow the use cases to the following: - Steve wishes to share one of his credentials with a job board Service that will make it part of his verified profile on the Service. Steve assumes many of the viewers of that Service will trust it to only display credentials it has verified, but he does not want those viewers to be able to take and share the claim with other job board services he has not specifically authorized. The players: - Credential issuer - Steve - Job board Service 1 - Viewers - Other job board Services 2 and 3 What some people have pointed out is that if job board Service 2 trusts Service 1 to have independently verified the claim, they can interpret the display of it on Steve's profile as enough evidence that it is valid and do not need to verify it themselves. I think there is a significant enough difference between a verifiable claim and a verifiable-claim-one-trust-link-removed, that Service 2 will be forced to treat that claim differently than Service 1 did, where there was a direct verification link. The further removed the trust chain becomes from the primary inspector, the weaker the verifiable character of the link is. Nate
Received on Tuesday, 2 August 2016 16:20:41 UTC