W3C home > Mailing lists > Public > public-credentials@w3.org > July 2020

A question on best practices for dependent claims

From: steve capell <steve.capell@gmail.com>
Date: Thu, 30 Jul 2020 08:34:24 +1000
Message-ID: <CAEMprt+npjWY02aLGkkVa+qDhj8LJPVrdFMwqpPP+mLJ=Pocfw@mail.gmail.com>
To: W3C Credentials CG <public-credentials@w3.org>
Hi all,

I'm hoping some of you will have some sage advice for me on how best to
handle a common pattern that we need to solve here in Australia.  The
generalised case is that a certificate (ie credential) issued by X has
little value to verifier Y unless backed up by an accreditation (ie
credential) issued by recognised authority Z that says X is authorised to
issue this type of claim.  Some real world examples

   - Business identity ABN123 issues a claim that a consignment of wine is
   genuine penfolds.  But without another claim from IP Australia that ABN123
   is the holder of trademark "Penfolds" then it's of little value.
   - Veterinary surgeon John Smith issues an animal health certificate
   about snoopy the dog.  But without a supporting claim from
   https://www.anzcvs.org.au/ that john smith is an accredited vetinary
   surgeon, the certificate is useless.
   - And there are hundreds of others....

Some initial thinking

   - If these are totally separate credentials then there is a problem with
   identity linking.  The subject of one claim (john smith is a vet) must be
   identical to the issuer of the other claim (snoopy is healthy).  even if
   the identifiers are the same, there are lots of john smiths in the world so
   how to be sure that the one issuing the cert about snoopy is the one that
   was accredited?  Does John smith first create a self-sovereign identity and
   get https://www.anzcvs.org.au/ to issue the claim to that identity?
   - Another approach is that the accreditation authority runs a service
   that counter-signs each certificate.  so john issues the health cert and
   then authenticates to https://www.anzcvs.org.au/ and gets it
   counter-signed.  the verifier can trace the authority through a single
   health certifiate.  This implies some real-time infrastructure capability
   on the part of all accreditation authorities that might be a bit
   impractical.
   - Another is that the accreditation authorities maintain public lists of
   accredited identities via some public ledger protocol. verifiers can check
   the issuer id in the health claim and then check the public list. Maybe the
   lists need to be anonymised via some kind of zero knowledge proof.
   - and so on...

Looking for best practice advice that is both cryptographically secure and
practical to implement for large number of accreditors and certifiers.

Thanks in advance!

-- 
Steve Capell
+61 410 437854
Received on Wednesday, 29 July 2020 22:34:49 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:01 UTC