Re: A question on best practices for dependent claims from steve capell on 2020-08-01 (public-credentials@w3.org from August 2020)

From: steve capell <steve.capell@gmail.com>
Date: Sat, 1 Aug 2020 10:54:12 +1000
To: Christopher Allen <ChristopherA@lifewithalacrity.com>
Cc: steve.e.magennis@gmail.com, Daniel Hardman <daniel.hardman@evernym.com>, Luca Boldrin <luca.boldrin@infocert.it>, Adrian Gropper <agropper@healthurl.com>, W3C Credentials CG <public-credentials@w3.org>, Chris Gough <chris.gough@gosource.com.au>, Roman Evstifeev <someuniquename@gmail.com>, Richard Spellman <richard.spellman@gosource.com.au>
Message-ID: <CAEMprtLoW_nV_5jiAmX_H_2CzV354U3i+SW6GgTZ2nHRKJY2og@mail.gmail.com>

thanks christopher

this is exactly why i'm hassling this group for your sage advice.  I'd
agree that the distributed model is the future and I'm unsure whether that
is best achieved through multiple separate linked credentials or multiple
signatures on a single credential - or whatever else.

I wouldn't expect any mandates by the way - particularly around PKI style
solutions.  just asking "how would you do this?" - ie what is a best
practice usage within a deliberately broader standards framework

kind regards,
steve

On Sat, 1 Aug 2020 at 10:43, Christopher Allen <
ChristopherA@lifewithalacrity.com> wrote:

> There are three slightly divergent issues brought up in this discussion
> that I'd like to make clear my thoughts on:
>
> * There is nothing that stops an organization from reproducing a
> certificate authority style models or other centralized models using
> self-sovereign technologies. However, I will fight against that style being
> mandated in open standards in any form — I didn't object strongly enough
> against the risks of X.509, certificate authority models, and
> browser control of root certificates when I co-authored SSL/TLS, and I
> don't want us to make that same mistake again.
>
> * Many of these scenarios do not adequately allow parties at the edges to
> choose who they trust. Again, in the DID/VC architecture all parties are
> peers and can offer any role. I'm fine someone chooses to only trust
> parties trusted by someone else, but again, it should not be mandated. I
> worry that some solutions offered will not allow the edges to choose. I
> also worry that many of the scenarios shared so far do not adequately
> separate identity assurance, claim verification, authorization, etc.
>
> * Be aware that the future will be moving toward multisignature scenarios.
> I may use a 3 of 5 collaborative control set under my personal authority to
> demonstrate control of my self-sovereign DID, and I may also have a 4 of 9
> set of keys give people that are authorized to revoke my control or 5 of 9
> that have authority to give it to a new party (ideally me in case of a
> catastrophe, buy maybe my heirs.) Many of these scenarios may be better
> addressed by multisig threshold scenarios as well. For instance, presenting
> an aggregation signature of 3 of 5 verifiable claims from different issuers
> could be used to authorize something greater, without having to "phone
> home" to the issuers for the greater authority.
>
> — Christopher Allen
>
>
>
>

-- 
Steve Capell

Received on Saturday, 1 August 2020 00:54:38 UTC