- From: David Chadwick <D.W.Chadwick@kent.ac.uk>
- Date: Wed, 17 Jan 2018 17:47:15 +0000
- To: Steven Rowat <steven_rowat@sunshine.net>, W3C Credentials Community Group <public-credentials@w3.org>
On 17/01/2018 17:06, Steven Rowat wrote: > On 2018-01-17 8:23 AM, David Chadwick wrote: >> Here are my comments on the latest version (31 Dec 17) of the data model >> document >> [snip]... >> 6.3 Issuer >> The current text says >> The issuer id must match expectations. Likely, that means it is the id >> of a known and trusted verifiable profile. >> >> The use of 'verifiable profile' does not seem to be correct. > > To me, that text seems all right, and says that "the means of trusting > the issuer id is most likely via a verifiable profile of the issuer, but > could be done some other way." > > Is this not your reading? Or if it is, is that not possible for some > reason? No, I was reading it as the verifiable profile of the holder (subject) which is why it did not make sense to me. The current document only talks about profiles of holders, not of issuers. > > As a guess, do you mean that the trust of the issuer must come by means > of the DID system, which underlies the VC system? I think trust in the issuer is outside the scope of the spec. It is something that a verifier has to configure in out of band. Cf PKI CA roots of trust regards David > > Steven > >
Received on Wednesday, 17 January 2018 17:47:41 UTC