Re: The Unique Consignment Reference - a Nirvana powered by DID/VC? from Steve Capell on 2020-08-29 (public-credentials@w3.org from August 2020)

From: Steve Capell <steve.capell@gmail.com>
Date: Sun, 30 Aug 2020 07:47:17 +1000
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: public-credentials@w3.org
Message-Id: <70C9B3C8-305D-4662-9776-5CACB8D1E888@gmail.com>
Thanks Manu 

We currently use the Singapore trade trust model for certificates of origin.  The QR on the paper copy includes a secret key to decode the digital version that is hosted on an unguessable public URL.  The theory is that if you have been given the paper / PDF one then you also have rights to see the digital one.   Also only the hash of the digital one is notarised to the ledger.  I had assumed that w3c vc works the same way in that there is no private data on chain?

The wrinkle with the bill of lading is that most use cases the verifier doesn’t have the bill, they have some other document (like a certificate of origin) that **references** the bill.  So it doesn’t follow that the verifier is entitled to all the info in the bill.  

The Singapore tradetrust system handles that through selective redaction.  So the certificate could reference a redacted version of the bill. It’s a clever tweak that means the full original and the redacted version are both verifiable against the same notarised hash.  Essentially a Merkel tree of individual data element hashes.  Does VC include that sort of capability ?

Regards 

Steven Capell
Mob: 0410 437854

> On 30 Aug 2020, at 2:57 am, Manu Sporny <msporny@digitalbazaar.com> wrote:
> 
> On 8/28/20 10:13 PM, steve capell wrote:
>> 1. Can DIDs be used to identify things (eg a consignment) as well as
>>    entities (eg people or organisations)?
> 
> Yes, although using a DID for a consignment is partly strange... why
> does the consignment need to authenticate itself or issue VCs? Now, you
> might choose to use DIDs as a unique identifier, or point to something
> on a ledger. It's a bit of an abuse of the technology, but could be done
> in some circumstances (smart consignment, smart custody, smart
> contracts, etc.)
> 
>> 2. Would the actual data about the consignment be contained in a VC or
>>    in a DID related document ?  It's worth noting here that the bill is
>>    a commercial in confidence (ie non-public) document.
> 
> In a VC. DID Documents aren't really designed to carry that sort of
> data... DID Documents are mostly about how to initiate a trusted
> interaction with the DID Controller (who might also be the subject). VCs
> are about expressing things about a particular subject, whether or not
> they're identified by a DID, URN, URL, etc.
> 
>> 3. In order to blend with the non-DID/VC world it's reasonable to
>>    expect that various EDI documents might reference a consignment via
>>    it's DID- eg did:{some method}:{some uuid}.  Or would it be better
>>    to reference the consignment as a VC via a URI/QR code that is the
>>    key to discovery? 
> 
> The latter.
> 
>> This depends on the answer to 1 & 2.  ie is the
>>    bill of lading a VC issued by a party identified by a DID or is the
>>    bill of lading itself a DID?
> 
> Bill of Lading is a VC... I'd argue pretty strongly against using DID
> Documents to express Bills of Lading unless there was a really
> compelling reason to do it.
> 
>> 4. If the UCR is a DID did:{some method}:{some uuid} - then which of
>>    the bewildering array of existing methods would be most appropriate
>>    to use where the goal is a to use the DID as a discovery key to
>>    access a (possibly encrypted) document.  ie "I have the DID now I
>>    want the data in the document this DID references" 
> 
> Don't put encrypted stuff on the ledger. Put it off ledger, with it's
> own form of authorization to access. This is a use case for DIDs (for
> entities in the ecosystem), VCs (for documents that need to be digitally
> signed), and Encrypted Data Vaults (for storage/retrieval of said
> documents by authorized parties). You could use a blockchain for
> discoverability and time stamping, but that's optional as if you trust
> the entity signing the VC, you probably trust their time stamp... and
> with Bills of Lading, at some point, some one wants to pick up their
> cargo and if they don't have all of the electronic paperwork to do so,
> they can't... so there is a strong incentive to produce everything...
> blockchain or not.
> 
> Hope that helps, Steve.
> 
> -- manu
> 
> -- 
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches
>
Received on Saturday, 29 August 2020 21:47:34 UTC