- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Wed, 11 Jul 2018 09:36:33 -0400
- To: public-credentials@w3.org
On 07/11/2018 12:53 AM, Carlos Bruguera wrote: > One thing that's not clear to me yet, though, is how can DIDs/VCs > actually avoid the risks of improper personal information management > once credentials and personal data have been shared with a relying > party... Any opinions shared by the community on this regard? VC's contain a "Terms of Use" field: https://w3c.github.io/vc-data-model/#terms-of-use While the contents of that field are still under discussion, the idea is that both the Issuer[1] of the Verifiable Credential and the Holder[2], who creates Verifiable Presentations[3], can attach Terms of Use to the data and digitally sign it such that their intent in sharing the data is clear. This enables issuers to say things like: "This credential can only be used to prove citizenship." It also enables holders (us) to say things like: "I only authorize the use of this credential to establish an account with your service, you are not authorized to store, cache, or share the credential." ... but in a machine-readable way that makes processing and compliance with those statements automatic. -- manu [1] https://w3c.github.io/vc-data-model/#dfn-issuers [2] https://w3c.github.io/vc-data-model/#dfn-holders [3] https://w3c.github.io/vc-data-model/#presentations -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Wednesday, 11 July 2018 13:36:56 UTC