- From: David Chadwick <d.w.chadwick@kent.ac.uk>
- Date: Tue, 14 Jun 2016 16:10:42 +0100
- To: public-credentials@w3.org
On 14/06/2016 15:59, Manu Sporny wrote: > On 06/14/2016 10:34 AM, David Chadwick wrote: >> And if I do not want to register a subject ID, can I simply use my >> public key as my subject ID and submit the same string twice? > > In theory, yes. > > In practice, no one has built out that kind of system because it doesn't > address many of the use cases we have. Some see it as an evolutionary > dead end - it's great for pseudo-anonymity, but doesn't address the vast > majority of multi-origin use cases we have. I agree that with multiple credential issuers (I assume that is what you mean by multi-origin) some sort of correlating handle is needed in order to prove that all the credentials belong to me. So I see why a registered globally unique ID is useful to solve this problem. But if I had a public key specifically minted for one requester/relying party, and all my issuers would bind my claims to this, then I could prove possession of all credentials to this requester/relying party. And I would not actually need to register this public key anywhere as I can always prove possession. regards David > > What would need to be done to achieve what you are saying is: > > 1. A terse public key identifier/fingerprint format > 2. A digital signature suite that uses the public key fingerprint > as the creator of the signature. > 3. A protocol that uses #1 and #2 above. > > #1 and #2 are not difficult. #3 is a lot of work, but is do-able. > > -- manu >
Received on Tuesday, 14 June 2016 15:11:01 UTC