W3C home > Mailing lists > Public > public-credentials@w3.org > December 2020

Re: VCs - zCaps / OCap a Discussion

From: Alan Karp <alanhkarp@gmail.com>
Date: Mon, 28 Dec 2020 10:10:44 -0800
Message-ID: <CANpA1Z2wORo0djBVTRfy0ctFiMFJhmJoz3UqQD-7tbrhYrEMug@mail.gmail.com>
To: David Chadwick <D.W.Chadwick@kent.ac.uk>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
David Chadwick <D.W.Chadwick@kent.ac.uk> wrote:

> >
> > You may still want to delegate a bearer capability for sub-scoping and
> > responsibility tracking.
> Yes you can do that, but only for a non-bearer credential that you have.
> A bearer credential by its very definition does not belong to anyone
> specifically. Some external (to the credential) mechanism would be
> needed to track its provenance, rather like banks track your money in
> its account. They cannot track the notes you hold unless they record
> their serial numbers.

You're right.  My thinking is colored by my work using SAML certificates,
which are assumed to be public documents.  That ruled out true bearer
credentials.  We noted you could get behavior similar to a bearer
credential by sharing the certificate and the private key it was issued
to.  Any holder could then do a sub-scope delegation.  That approach
doesn't work with true bearer credentials.

Alan Karp
Received on Monday, 28 December 2020 18:11:08 UTC

This archive was generated by hypermail 2.4.0 : Monday, 28 December 2020 18:11:10 UTC