W3C home > Mailing lists > Public > public-credentials@w3.org > August 2020

Re: A question on best practices for dependent claims

From: Christopher Allen <ChristopherA@lifewithalacrity.com>
Date: Fri, 31 Jul 2020 17:43:00 -0700
Message-ID: <CACrqygC-gTt4z9i2Qzg_GXMVGyjPsz8Q64FZn4Cf7=zsGaWBmg@mail.gmail.com>
To: steve capell <steve.capell@gmail.com>
Cc: steve.e.magennis@gmail.com, Daniel Hardman <daniel.hardman@evernym.com>, Luca Boldrin <luca.boldrin@infocert.it>, Adrian Gropper <agropper@healthurl.com>, W3C Credentials CG <public-credentials@w3.org>, Chris Gough <chris.gough@gosource.com.au>, Roman Evstifeev <someuniquename@gmail.com>, Richard Spellman <richard.spellman@gosource.com.au>
There are three slightly divergent issues brought up in this discussion
that I'd like to make clear my thoughts on:

* There is nothing that stops an organization from reproducing a
certificate authority style models or other centralized models using
self-sovereign technologies. However, I will fight against that style being
mandated in open standards in any form — I didn't object strongly enough
against the risks of X.509, certificate authority models, and
browser control of root certificates when I co-authored SSL/TLS, and I
don't want us to make that same mistake again.

* Many of these scenarios do not adequately allow parties at the edges to
choose who they trust. Again, in the DID/VC architecture all parties are
peers and can offer any role. I'm fine someone chooses to only trust
parties trusted by someone else, but again, it should not be mandated. I
worry that some solutions offered will not allow the edges to choose. I
also worry that many of the scenarios shared so far do not adequately
separate identity assurance, claim verification, authorization, etc.

* Be aware that the future will be moving toward multisignature scenarios.
I may use a 3 of 5 collaborative control set under my personal authority to
demonstrate control of my self-sovereign DID, and I may also have a 4 of 9
set of keys give people that are authorized to revoke my control or 5 of 9
that have authority to give it to a new party (ideally me in case of a
catastrophe, buy maybe my heirs.) Many of these scenarios may be better
addressed by multisig threshold scenarios as well. For instance, presenting
an aggregation signature of 3 of 5 verifiable claims from different issuers
could be used to authorize something greater, without having to "phone
home" to the issuers for the greater authority.

— Christopher Allen
Received on Saturday, 1 August 2020 00:43:50 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 1 August 2020 00:43:51 UTC