- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Tue, 9 Jun 2020 09:45:50 -0400
- To: public-credentials@w3.org
On 6/9/20 2:17 AM, Tony Rose wrote: > My focus as a member of the SSI community has been to seek guidance from > experts in our community and provide a definition that encapsulates what > a verifiable credential is: Private, Secure, Portable, Verifiable, and > Non Correlate able. Since we're dipping our toes in legislation, I'd like to point out that your definition above for what a verifiable credential is -- is not always correct. In some cases, the definition you provided is dangerously wrong. :) If you are going to use a definition of what a verifiable credential is... use the one from the specification: https://www.w3.org/TR/vc-data-model/#terminology """ credential: A set of one or more claims made by an issuer. A verifiable credential is a tamper-evident credential that has authorship that can be cryptographically verified. """ That definition was hard won over years of debate. Specifically, noting the definition you used, a Verifiable Credential is: * NOT private when it's published on the open Web. * Correlatable among colluding parties if *any* correlatable information is included in the payload... and, some would argue, that this is the vast majority of VCs being issued today. In other words, we have to be very, very careful to not infer that VCs are some sort of magic technology that achieves all the things that you listed all of the time. My apologies if this comes across as overly pedantic... but you seem to be in a position where laws are being contemplated using this technology... and so, we have to be very careful about what the law is going to say on these matters. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Tuesday, 9 June 2020 13:46:05 UTC