W3C home > Mailing lists > Public > public-credentials@w3.org > December 2020

Re: VCs - zCaps / OCap a Discussion

From: Alan Karp <alanhkarp@gmail.com>
Date: Mon, 28 Dec 2020 10:10:44 -0800
Message-ID: <CANpA1Z2wORo0djBVTRfy0ctFiMFJhmJoz3UqQD-7tbrhYrEMug@mail.gmail.com>
To: David Chadwick <D.W.Chadwick@kent.ac.uk>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
David Chadwick <D.W.Chadwick@kent.ac.uk> wrote:

>
> >
> > You may still want to delegate a bearer capability for sub-scoping and
> > responsibility tracking.
>
> Yes you can do that, but only for a non-bearer credential that you have.
> A bearer credential by its very definition does not belong to anyone
> specifically. Some external (to the credential) mechanism would be
> needed to track its provenance, rather like banks track your money in
> its account. They cannot track the notes you hold unless they record
> their serial numbers.
>

You're right.  My thinking is colored by my work using SAML certificates,
which are assumed to be public documents.  That ruled out true bearer
credentials.  We noted you could get behavior similar to a bearer
credential by sharing the certificate and the private key it was issued
to.  Any holder could then do a sub-scope delegation.  That approach
doesn't work with true bearer credentials.

--------------
Alan Karp
Received on Monday, 28 December 2020 18:11:08 UTC

This archive was generated by hypermail 2.4.0 : Monday, 28 December 2020 18:11:10 UTC