W3C home > Mailing lists > Public > public-credentials@w3.org > August 2017

Re: Schemas or Models of Credentials and Issuers

From: Mike Lodder <mike.lodder@evernym.com>
Date: Wed, 30 Aug 2017 08:23:52 -0600
Message-ID: <CABW+ph-1c6b-sNdgpkV-EKiZu509mtNTuTo8Tgirp-fOnukHOA@mail.gmail.com>
To: David Chadwick <D.W.Chadwick@kent.ac.uk>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Digital Wallets are a very fascinating subject for me too.
It may also be necessary to describe recommendations for the various types
of digital wallets and how they are accessed.
Web, file, browser, hardware each could have their own recommendations for
authentication and authorization.  As the risk of exposure of the contents
increases we should recommend increasing layers of authentication.  A claim
that is from the government is far more valuable to me than self issued
claims so I will want to   require at least 2 or more forms of
authentication.  A US social security number claim might require passive
forms of authentication like where the user is accessing it from, which
program or browser is used.

The idea of self-issued claims is needed.  I claim that I use a particular
bank could later be verified by the bank issuing me a follow up claim or
signing my self issued claim.

On Wed, Aug 30, 2017 at 5:40 AM, David Chadwick <D.W.Chadwick@kent.ac.uk>
wrote:

> The issue is not so much about who can issue VCs, because in fact anyone
> can. The issue is more about verifier trust in the issuer. How does a
> verifier determine who should be trusted to issue credential X,
> regardless of whether X is self issued or a reputation type of
> credentials.
>
> On 29/08/2017 19:32, Steven Rowat wrote:
> > On 2017-08-29 1:28 AM, Adam Sobieski wrote:
> >> Credentials Community Group,
> >>
> >> In a decentralized identity model, various issuers can provide
> >> identifying credentials (nations, states, cities, universities, banks,
> >> companies, etc.).
> >
> > This is perhaps an unnecessary aside, but would this list also include:
> > self-issued
> > reputation issued
> >
> > credentials?
> >
> > For the first, I believe it's been discussed in the past in this group
> > that there are situations where a person, or entity, would like to issue
> > their own credential.
> >
> > But perhaps the reputation one is more important. I mean both the small
> > scale -- two people with Passports identify person X as being known --
> > as well as large-scale: 4,000 reviewers on a music site decide to bestow
> > "Best of category" on work Y, and issue it as a credential.
> >
> > Steven
> >
> >
> >
> >
> >>
> >> While querying digital wallets is still a pioneer topic and a work in
> >> progress, we can envision that a verifiable profile is composed by a
> >> user, utilizing a set of credentials, in response to a query or
> >> request. We can envision that a set of attributes may be requested,
> >> each attribute may be optional or required for a request, and, for
> >> each attribute, data and metadata about pertinent credentials and
> >> issuers may be specified or described, defining acceptable credentials
> >> per attribute.
> >>
> >> Topical is describing credentials’ and issuers’ data and metadata so
> >> that a verifier can ensure that a verifiable profile is composed from
> >> a set of acceptable credentials. I would like to ask about schemas or
> >> models of credentials and issuers.
> >>
> >>
> >> Best regards,
> >> Adam Sobieski
> >>
> >
> >
>
>


-- 
Mike Lodder
Senior Crypto Engineer
Received on Wednesday, 30 August 2017 14:24:16 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:45 UTC