Re: Call for Focal DID Use Cases from Chris Boscolo on 2018-06-02 (public-credentials@w3.org from June 2018)

From: Chris Boscolo <chris@boscolo.net>
Date: Sat, 2 Jun 2018 10:00:18 -0700
To: "Jordan, John CITZ:EX" <John.Jordan@gov.bc.ca>
Cc: Credentials Community Group <public-credentials@w3.org>, Manu Sporny <msporny@digitalbazaar.com>, Kettunen Antti J <antti.j.kettunen@tieto.com>
Message-ID: <CAByYRhY+XgQKa0LzUFaKpahx2NOo3ZC_6EcdJeAhNGfzn_yShA@mail.gmail.com>
Oops, meant "John" not "Jordan".

On Sat, Jun 2, 2018 at 9:48 AM, Chris Boscolo <chris@boscolo.net> wrote:

> Thanks for this contribution, Jordan.
>
> I agree with you that GOV-issued VCs are the right way to prove the
> existence of a legal entity.
>
> I have a couple of follow-up questions/comments.
>
> 1) Since the issuer of a VC is also identified via a DID, how is this GOV
> DID that signs the Org VCs made know to others?
>
> 2) Not all organizations are legal entities.  Some are more informal, like
> a book club?  Who signs these VCs?
>
> I have some thoughts on these questions but am curious about what others
> think.
>
>    -chrisb
>
>
> On Fri, Jun 1, 2018 at 12:37 PM, Jordan, John CITZ:EX <
> John.Jordan@gov.bc.ca> wrote:
>
>> So ...
>>
>> I think I have a different point of view on corporate identifiers ... I
>> don’t think we need a single identifier like we have been trying to
>> unsuccessfully have in some places for years. I feel like those numbers are
>> a bad side effect of centralized database primary keys.
>>
>> For sure a legal entity that isn't human (corporations, partnerships,
>> societies, etc) will have DIDs, however I don't think they need one DID to
>> be known by. These types of entities have to be created by some
>> legislatively authorized authority. They only exist as a construct of a
>> law. Therefore, there must be a Verifiable Credential issued to that
>> entity. It is this verifiable credential that is the proof of existence for
>> that legal entity. It may contain some sort of locally unique identifier
>> but that is beside the point I believe. The entity will have presented the
>> authority with a DID to which the verifiable credential would be issued
>> from the point of view of the authority. However, if the legal entity later
>> establishes a digital relationship with a supply chain partner or what not
>> .. they could use a different DID for that relationship and use the
>> verifiable credential they hold to prove they are a registered legal entity
>> (and whatever other proofs they are required to provide) to their new
>> partner.
>>
>> I think the reason I am quite resistant to a single identifier (if that
>> is what is being contemplated) for an organization is that in the real
>> world stuff happens. Organizations, change, merge, are sold and so forth.
>> Very rarely do they go about the task of informing all the connections they
>> have after this real world event has happened  and when it impacts things
>> like legal name, the identifier they are known by and whatnot. And so, over
>> time the real world events wander off from these single identifiers no
>> matter who controls those identifiers. What is more dynamic and more
>> closely related to the real world happenings are the verifiable
>> credentials. When a corporation is bought by another there must be an
>> interaction with the Corporate Registrar to deal with credentials. This
>> purchasing corporation may, likely will, create new relationships (DIDs)
>> and perhaps have ways to have the verifiable credentials of the purchased
>> company transferred to them with the proper new legal name etc.
>>
>> Anyway, I think it better to separate the DID (addressing space) from the
>> verifiable credential (business space).
>>
>> My thoughts.
>> J
>>
>>
>>
>> On 2018-06-01, 6:12 AM, "Manu Sporny" <msporny@digitalbazaar.com> wrote:
>>
>>     On 05/31/2018 07:15 AM, Kettunen Antti J wrote:
>>     > Manu, this sounds a really interesting use case. The Corporate
>>     > identifiers is a huge topic, since it touches on a vast number of
>>     > additional use cases, like representation rights, founding
>>     > documents, share ownership, etc.
>>
>>     Yes, cryptographic corporate identifiers seem to be a very common use
>> of
>>     Decentralized Identifiers. The process seems to be:
>>
>>     1. Organization gets a DID.
>>     2. Government issues a Verifiable Credential for the DID.
>>     3. DID + VC is used to perform some task.
>>
>>     > Do you think these use cases should be separate, or should we
>>     > collaborate on this?
>>
>>     I think they are separate use cases that depend on the same three
>> steps
>>     above and I think you should submit your use case as well. We can
>> always
>>     combine use cases later, but I think the most interesting thing about
>>     your use case is that the DID is used in a different set of industries
>>     and for a different set of purposes than the one I mentioned.
>>
>>     Part of the purpose of these use cases is to demonstrate to the W3C
>>     Membership (400+ organizations) that this technology has broad
>>     applications and in order to do that, we need to show its use in a
>> very
>>     diverse set of market verticals and business processes as possible.
>>
>>     -- manu
>>
>>     --
>>     Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
>>     Founder/CEO - Digital Bazaar, Inc.
>>     blog: Veres One Decentralized Identifier Blockchain Launches
>>     https://tinyurl.com/veres-one-launches
>>
>>
>>
>>
>
Received on Saturday, 2 June 2018 17:00:44 UTC