RE: A question on best practices for dependent claims from steve.e.magennis@gmail.com on 2020-08-01 (public-credentials@w3.org from August 2020)

From: <steve.e.magennis@gmail.com>
Date: Fri, 31 Jul 2020 17:50:14 -0700
To: "'Christopher Allen'" <ChristopherA@lifewithalacrity.com>, "'steve capell'" <steve.capell@gmail.com>
Cc: "'Daniel Hardman'" <daniel.hardman@evernym.com>, "'Luca Boldrin'" <luca.boldrin@infocert.it>, "'Adrian Gropper'" <agropper@healthurl.com>, "'W3C Credentials CG'" <public-credentials@w3.org>, "'Chris Gough'" <chris.gough@gosource.com.au>, "'Roman Evstifeev'" <someuniquename@gmail.com>, "'Richard Spellman'" <richard.spellman@gosource.com.au>
Message-ID: <096001d6679d$b82fb8f0$288f2ad0$@gmail.com>

Many of these scenarios do not adequately allow parties at the edges to choose who they trust.

 

@Christopher, can you explain more about what you mean here? Are you advocating negotiation between issuer and verifier or something else?

Thanks.

-S  

 

From: Christopher Allen <ChristopherA@lifewithalacrity.com> 
Sent: Friday, July 31, 2020 5:43 PM
To: steve capell <steve.capell@gmail.com>
Cc: steve.e.magennis@gmail.com; Daniel Hardman <daniel.hardman@evernym.com>; Luca Boldrin <luca.boldrin@infocert.it>; Adrian Gropper <agropper@healthurl.com>; W3C Credentials CG <public-credentials@w3.org>; Chris Gough <chris.gough@gosource.com.au>; Roman Evstifeev <someuniquename@gmail.com>; Richard Spellman <richard.spellman@gosource.com.au>
Subject: Re: A question on best practices for dependent claims

 

There are three slightly divergent issues brought up in this discussion that I'd like to make clear my thoughts on:

 

* There is nothing that stops an organization from reproducing a certificate authority style models or other centralized models using self-sovereign technologies. However, I will fight against that style being mandated in open standards in any form — I didn't object strongly enough against the risks of X.509, certificate authority models, and browser control of root certificates when I co-authored SSL/TLS, and I don't want us to make that same mistake again.

 

* Many of these scenarios do not adequately allow parties at the edges to choose who they trust. Again, in the DID/VC architecture all parties are peers and can offer any role. I'm fine someone chooses to only trust parties trusted by someone else, but again, it should not be mandated. I worry that some solutions offered will not allow the edges to choose. I also worry that many of the scenarios shared so far do not adequately separate identity assurance, claim verification, authorization, etc.

 

* Be aware that the future will be moving toward multisignature scenarios. I may use a 3 of 5 collaborative control set under my personal authority to demonstrate control of my self-sovereign DID, and I may also have a 4 of 9 set of keys give people that are authorized to revoke my control or 5 of 9 that have authority to give it to a new party (ideally me in case of a catastrophe, buy maybe my heirs.) Many of these scenarios may be better addressed by multisig threshold scenarios as well. For instance, presenting an aggregation signature of 3 of 5 verifiable claims from different issuers could be used to authorize something greater, without having to "phone home" to the issuers for the greater authority.

 

— Christopher Allen

Received on Saturday, 1 August 2020 00:50:29 UTC