- From: David Chadwick <D.W.Chadwick@kent.ac.uk>
- Date: Sat, 16 Sep 2017 18:56:33 +0100
- To: Adam Sobieski <adamsobieski@hotmail.com>, "public-credentials@w3.org" <public-credentials@w3.org>
On 15/09/2017 15:27, Adam Sobieski wrote: > David, > > I see your point. I was thinking about the special case of journalistic > retractions. I updated the example indicating a revocation object. > > I’m thinking that we can also use revocations for superseding > statements, which allows features including the updating of and the > moving/redirection of statements. This is conceptually something different from a revocation statement. Consequently I would suggest that the original statement is revoked and a new statement is issued. regards David > > { > "id":"https://example.com/users/1/revocations/ebfeb1f712ebc6f1/", > "type":"Revocation", > "issuer":"https://example.com/users/1/issuer/", > "issued":"2017-06-19T21:19:10Z", > "revoked":"https://example.com/facts/ebfeb1f712ebc6f1/", > "supersededBy": "https://example.com/facts/a3cc92841ac9c3f2/" > "signature":{ > "type":"LinkedDataSignature2017", > "created":"2017-06-19T21:19:10Z", > "creator":"https://example.com/users/1/keys/", > "nonce":"c0ae1c8e-c7e7-469f-b252-86e6a0e7387e", > "signatureValue":"BavEll0/I1zpYw8XNi1bgVg/sCneO4Jugez8RwDg/+MCR > VpjOboDoe4SxxKjkCOvKiCHGDvc4krqi6Z1n0UfqzxGfmatCuFibcC1wpsPRdW+g > GsutPTLzvueMWmFhwYmfIFpbBu95t501+rSLHIEuujM/+PXr9Cky6Ed+W3JT24=" > } > } > > > Best regards, > Adam > > *From:* David Chadwick <mailto:D.W.Chadwick@kent.ac.uk> > *Sent:* Friday, September 15, 2017 5:51 AM > *To:* Adam Sobieski <mailto:adamsobieski@hotmail.com>, > public-credentials@w3.org <mailto:public-credentials@w3.org> > > Hi Adam > > the revocation statement should not contain details of the VC that has > been revoked as this is privacy invasive. There are no ACLs on > revocation lists (usually). All it should contain is the ID of the VC > that has been revoked, signed by the issuer (in a similar way to an > X.509 CRL). In this was an inspector who has the VC, has the unique ID > and can therefore check if the VC was revoked or not > > regards > > David > > On 15/09/2017 02:52, Adam Sobieski wrote: >> David, >> >> Updated the sketchpad per your recommendation: >> > https://w3c-ccg.github.io/verifiable-news/sketchpad.html#revocation-of-statements . >> >> >> Best regards, >> Adam >> >> *From:* David Chadwick <mailto:D.W.Chadwick@kent.ac.uk> >> *Sent:* Thursday, September 14, 2017 6:33 PM >> *To:* public-credentials@w3.org <mailto:public-credentials@w3.org> >> >> Hi Adam >> >> On 14/09/2017 02:50, Adam Sobieski wrote: >>> David, >>> >>> Thank you. At >>> >> > https://w3c-ccg.github.io/verifiable-news/sketchpad.html#http-based-revocation , >>> I describe a system where Not found (404, 410) means revoked and Ok >>> (200) means not revoked. I see what you’re saying about Not found >>> meaning not revoked and Ok with a credential ID meaning revoked as well >>> as the feature of retrieving lists of revoked credentials. I think that >>> we should have both HTTP-based approaches. I updated the document with >>> these ideas. >>> >> >> In order to make the revocation more secure we placed a digitally signed >> CRL at the revoke URL. In this way a hacker is not able to hack the web >> site and get it to return OK with a message, because he does not have >> access to the issuer's private key >> >> regards >> >> David >>> >>> Best regards, >>> Adam >>> >>> *From:* David Chadwick <mailto:D.W.Chadwick@kent.ac.uk> >>> *Sent:* Wednesday, September 13, 2017 3:21 PM >>> *To:* public-credentials@w3.org <mailto:public-credentials@w3.org> >>> >>> Hi Adam >>> >>> I notice that you are also including a revocation mechanism in your >>> claims. I produced an IETF draft 10 years ago which proposed something >>> very similar for X.509 certificates >>> ( See https://www.ietf.org/archive/id/draft-chadwick-webdav-00.txt). >>> Conceptually they are the same: the credential contains the URL where >>> the revocation information can be found. If Not found is returned the >>> credential has not been revoked, otherwise Ok is returned along with a >>> CRL of length 1 containing the ID of the revoked credential. My ID >>> contains other features as well, such as the ability to retrieve all the >>> revoked credentials of a particular issuer. You might wish to consider >>> this as well >>> >>> regards >>> >>> David >>> >>> On 12/09/2017 22:13, Adam Sobieski wrote: >>>> I’m exploring and sketching some ideas with regard to verifiable >>>> text-based claims. >>>> >>>> https://w3c-ccg.github.io/verifiable-news/sketchpad.html >>>> >>>> Questions, comments and suggestions welcomed. >>>> >>>> >>>> Best regards, >>>> Adam Sobieski >>>> >>> >>
Received on Saturday, 16 September 2017 17:57:02 UTC