- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Tue, 27 Mar 2018 12:24:07 -0400
- To: Carlos Bruguera <cbruguera@gmail.com>, public-credentials@w3.org
On 03/26/2018 11:23 PM, Carlos Bruguera wrote: > Hello everyone, I've been following the recent discussions on DID, and > more specifically DID-Auth. I haven't been able to join the calls since > I'm in a bit of an inconvenient timezone right now. > > I was just wondering to what degree is current discussion on this matter > taking into account Verifiable Credentials as part of the DID-Auth flow. > If my understanding is correct, I've only seen DID-Auth to cover the > "proof" process of DID ownership (or private key-ownership of an > associated public key pertaining to a DID). However, I can easily > envision cases where the authenticating party is requiring a certain set > of (verified) attributes linked (or owned) to the identity owner that > corresponds to the DID being authenticated. An example is simple > "sign-up" on a website, where /name/, /email/, /nationality/, and/or > other personal attributes are to be provided. If such sign-up process is > being performed via DID-Auth, it makes sense to re-use any claims that > already attest for the validity of such attributes, and these claims > might be or might be not publicly accessible. > > Any thoughts or drafted ideas/diagrams on this regard? Does this make > any sense or maybe I'm missing something on the currently proposed > DID-Auth flow? In case DID-Auth gets to include the request and > verification of credentials as well, I think it should take into account > public as well as private credentials. Markus covered this a bit in his response, but I wanted to give you links to the Credential Handler API which enables both DID-Auth and the exchange of Verifiable Credentials in the browser: Github: https://github.com/w3c-ccg/credential-handler-api Spec: https://w3c-ccg.github.io/credential-handler-api/ Demo: https://credential-repository.demo.digitalbazaar.com/ Video: https://www.youtube.com/watch?v=bm3XBPB4cFY -- Dave Longley CTO Digital Bazaar, Inc. http://digitalbazaar.com
Received on Tuesday, 27 March 2018 16:24:34 UTC