- From: David Chadwick <D.W.Chadwick@kent.ac.uk>
- Date: Fri, 11 Aug 2017 08:47:31 +0100
- To: Kim Hamilton Duffy <kim@learningmachine.com>, public-credentials@w3.org
Hi Kim On 11/08/2017 03:54, Kim Hamilton Duffy wrote: > Hi David, > The final proposed paragraph is on the very last page of the google doc. thanks, I must have missed it last time > I looked at your comment and I'm not sure where it would fit into the > current draft, which is significantly shortened. We're not listing types > of credentials/claims (as in the context where your comment appeared). > Please have a look and add your comment if you think the current draft > needs to call out group membership. I agree that it is no longer needed. > > Some questions: > 1. Bearer credentials: what are some positive disadvantages? they can be stolen, copied and used by anyone who gets a copy of them. > It's > possible we picked a bad phrase here. Our intent was to emphasize that > the approaches enable recipient consent/empowerment the new phrase is much better. > 2. About longevity: I agree it's extremely challenging. The goal here is > to emphasize that the approaches we are considering get us closer to > that goal (e.g. blockchain), but brushes over many details and caveats. there is already a whole lot of research about the longevity of digitally signed documents that should remain valid long after the original crypto is broken or the issuer no longer exists. So I don't think we want to stray into that topic in the VC work. > > To expand on that, we wanted the mission statement to be brief, and > sometimes we erred on the side of being more aspirational than exact. We > could probably avoid this tradeoff with more iterations, but I think > many are wanting to wrap this up and switch to (at least) a better > mission statement than what we currently have. > > For that reason, I'd be fine dropping my request to work in "longevity" > because that could be also viewed as a factor in enabling > recipient-centric credentials (at least in some scenarios...I encounter > this in EDU very frequently). I have added a comment that user control (aka user centric) is missing from the current mission statement and should be included regards David > > Thanks, > Kim > > On Wed, Aug 9, 2017 at 3:06 AM David Chadwick <D.W.Chadwick@kent.ac.uk > <mailto:D.W.Chadwick@kent.ac.uk>> wrote: > > Hi Chris > > It all depends upon what you call long lived. PKI certificates can last > 20 years or so, and these already exist on the web, so I would not say > that it is particularly unique to VCs to have long lived credentials. > > However, proving that a credential is still valid after the issuer no > longer exists is clearly a challenge. Even more so, if the issuer went > out of business suddenly and did not make any provisions for VC > validation after its demise. > > Finally on the topic of bearer credentials, I would not shout so loudly > about them, as I think they have positive disadvantages and should not > be championed in our work. > > regards > > David > > On 08/08/2017 18:54, Christopher Allen wrote: > > By the end of the call today we had a good discussion and an improved > > proposal for mission statement: > > > > > https://docs.google.com/document/d/1kxm6yGnGAVgNTLMYft_cz2zW3c1AE8uSCy4i5A6OhG8/edit?usp=sharing > > > > “The mission of the Credentials Community Group is to explore the > > creation, storage, presentation, and verification of > credentials. We > > focus on a verifiable credential (a set of claims) created by an > > issuer about a subject—a person, group, or thing—and seek > solutions > > inclusive of approaches such as: self-sovereign identity; > > presentation of proofs by the bearer; data minimization; and > > centralized, federated, and decentralized registry and identity > > systems. Our tasks include drafting and incubating Internet > > specifications for further standardization and prototyping and > > testing reference implementations.” > > > > > > The remaining issue was that I was hoping to incorporate a phrase > about > > another unique thing about our architecture — the ability to present > > claims that are long-lived. For instance, I should be able to > present a > > valid claim that I was legally married 25 years ago, even if the > issuer > > has rotated or revoked their keys since. This is possible with > proof of > > existence and dated key rotation/revocation registries. It should be > > possible for me to prove that I graduated from college, even if > colleges > > have changed names, merged, etc., name systems and degree changes, for > > as long as the claim was not fraudulent. > > > > That, and the bearer instrument side of our work, offers something > > unique and compelling about our architecture, and also ties us > into the > > newer possibilities offered by blockchain systems. > > > > If you would like to discuss this, or other issues with the mission > > statement, please reply to this email. If you have ideas on how to > > specific change that in the above mission statement, submit the change > > as a suggestion to the google doc above. > > > > Thanks! > > > > — Christopher Allen > > -- > Kim Hamilton Duffy > Principal Engineer | Learning Machine + MIT Media Lab > Co-chair W3C Credentials Community Group > 400 Main Street Building E19-732, Cambridge, MA 02139 > 12001 N. Central Expy, Suite 1025, Dallas, TX 75243 > > kim@learningmachine.com <mailto:kim@learningmachine.com> | kimhd@mit.edu > <mailto:kimhd@mit.edu> > 425-652-0150 | LearningMachine.com >
Received on Friday, 11 August 2017 07:47:59 UTC