W3C home > Mailing lists > Public > public-credentials@w3.org > August 2020

RE: A question on best practices for dependent claims

From: <steve.e.magennis@gmail.com>
Date: Fri, 31 Jul 2020 17:50:14 -0700
To: "'Christopher Allen'" <ChristopherA@lifewithalacrity.com>, "'steve capell'" <steve.capell@gmail.com>
Cc: "'Daniel Hardman'" <daniel.hardman@evernym.com>, "'Luca Boldrin'" <luca.boldrin@infocert.it>, "'Adrian Gropper'" <agropper@healthurl.com>, "'W3C Credentials CG'" <public-credentials@w3.org>, "'Chris Gough'" <chris.gough@gosource.com.au>, "'Roman Evstifeev'" <someuniquename@gmail.com>, "'Richard Spellman'" <richard.spellman@gosource.com.au>
Message-ID: <096001d6679d$b82fb8f0$288f2ad0$@gmail.com>
Many of these scenarios do not adequately allow parties at the edges to choose who they trust.


@Christopher, can you explain more about what you mean here? Are you advocating negotiation between issuer and verifier or something else?




From: Christopher Allen <ChristopherA@lifewithalacrity.com> 
Sent: Friday, July 31, 2020 5:43 PM
To: steve capell <steve.capell@gmail.com>
Cc: steve.e.magennis@gmail.com; Daniel Hardman <daniel.hardman@evernym.com>; Luca Boldrin <luca.boldrin@infocert.it>; Adrian Gropper <agropper@healthurl.com>; W3C Credentials CG <public-credentials@w3.org>; Chris Gough <chris.gough@gosource.com.au>; Roman Evstifeev <someuniquename@gmail.com>; Richard Spellman <richard.spellman@gosource.com.au>
Subject: Re: A question on best practices for dependent claims


There are three slightly divergent issues brought up in this discussion that I'd like to make clear my thoughts on:


* There is nothing that stops an organization from reproducing a certificate authority style models or other centralized models using self-sovereign technologies. However, I will fight against that style being mandated in open standards in any form — I didn't object strongly enough against the risks of X.509, certificate authority models, and browser control of root certificates when I co-authored SSL/TLS, and I don't want us to make that same mistake again.


* Many of these scenarios do not adequately allow parties at the edges to choose who they trust. Again, in the DID/VC architecture all parties are peers and can offer any role. I'm fine someone chooses to only trust parties trusted by someone else, but again, it should not be mandated. I worry that some solutions offered will not allow the edges to choose. I also worry that many of the scenarios shared so far do not adequately separate identity assurance, claim verification, authorization, etc.


* Be aware that the future will be moving toward multisignature scenarios. I may use a 3 of 5 collaborative control set under my personal authority to demonstrate control of my self-sovereign DID, and I may also have a 4 of 9 set of keys give people that are authorized to revoke my control or 5 of 9 that have authority to give it to a new party (ideally me in case of a catastrophe, buy maybe my heirs.) Many of these scenarios may be better addressed by multisig threshold scenarios as well. For instance, presenting an aggregation signature of 3 of 5 verifiable claims from different issuers could be used to authorize something greater, without having to "phone home" to the issuers for the greater authority.


— Christopher Allen



Received on Saturday, 1 August 2020 00:50:29 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:02 UTC