- From: Daniel Hardman <daniel.hardman@evernym.com>
- Date: Mon, 13 Jul 2020 09:22:10 -0600
- To: Keerthi Thomas <thomas.keerthi@gmail.com>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CAFBYrUom0FWM3jb_CHOtT+BHcJi7FCCqGwcw7BXNVWLrLUvi2g@mail.gmail.com>
Yes, there has been some thought around this. The simple way would be to exert control over an issuer DID using a multisig scheme. This would mean that issuance itself is trivial, and so is the signature block and the revocation handling in the credential; all the complexity shifts into what generates the signature from the DID controller. The only DID method that I know of that explicitly describes how to do this today is peer DIDs, but it would not be helpful in VC issuance, since it isn't anchored to a ledger. Perhaps there are other methods that support multisig as a verification method, that I'm not aware of. The other option is to make issuance itself a multisig process. Some design work has been completed on this in Hyperledger Ursa discussion circles, but it's only a little more than whiteboard, AFAIK. This would allow holders to start with a credential signed by one issuer, and then to go around and collect endorsements from other issuers until the endorsements hit a critical mass, at which point the VC becomes valid. There are also some other usage models it would enable. How revocation would be handled with such a credential is not obvious, however. Bottom line is that I think you're asking an important and interesting question. It's received some attention already, but I don't believe there's any mature solution yet. On Mon, Jul 13, 2020 at 9:00 AM Keerthi Thomas <thomas.keerthi@gmail.com> wrote: > Hello everyone, > > I thought this community might be able to provide some direction. I am > still on the learning curve, apologies if I missed some earlier work done > by yourselves. > > I am currently working on a problem which I think may have already been > solved, I would appreciate it if you can kindly point me in the right > direction. > > I understand and I have previously built POCs using Hyperledger Indy/Aries > that allows for verifiable credentials to be issued by a single party > (issuer). The question is, how do we issue verifiable credentials issued by > multiple-parties? > > Contracts and other legal documents are sometimes signed between multiple > (more than two) parties. In a paper based approach, it is relatively > straightforward, signatures are obtained serially. A similar approach is > adopted in electronic signing where copies of PDF are signed serially, > internally, the system generates a 'certificate of completion' which > captures metadata for legal purposes. > > In the real-estate use-case I am currently working on similar 'certificate > of completion' to hold multiple cryptographic signatures of contracting > parties over an digital artifact i.e. 'smart legal contract' (for > simplicity, consider the artifact as a file containing some text and source > code before they are deployed on a DLT or VM). I was thinking the SSI + VC > model could be appropriate for this 'certificate of agreement or > completion' but I am happy to hear your thoughts and suggestions. > > Many thanks in advance. > > Best wishes, > Keerthi Thomas > >
Received on Monday, 13 July 2020 15:22:36 UTC