W3C home > Mailing lists > Public > public-credentials@w3.org > June 2020

Re: My Testimony before the CA Assembly Re: Authorizing use of Verifiable Credentials

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 9 Jun 2020 09:45:50 -0400
To: public-credentials@w3.org
Message-ID: <71a30a15-ba1b-8ffc-9b5a-64f619cb2f0b@digitalbazaar.com>
On 6/9/20 2:17 AM, Tony Rose wrote:
> My focus as a member of the SSI community has been to seek guidance from
> experts in our community and provide a definition that encapsulates what
> a verifiable credential is: Private, Secure, Portable, Verifiable, and
> Non Correlate able.

Since we're dipping our toes in legislation, I'd like to point out that
your definition above for what a verifiable credential is -- is not
always correct. In some cases, the definition you provided is
dangerously wrong. :)

If you are going to use a definition of what a verifiable credential
is... use the one from the specification:

https://www.w3.org/TR/vc-data-model/#terminology

"""
credential:

A set of one or more claims made by an issuer. A verifiable credential
is a tamper-evident credential that has authorship that can be
cryptographically verified.
"""

That definition was hard won over years of debate.

Specifically, noting the definition you used, a Verifiable Credential is:

* NOT private when it's published on the open Web.
* Correlatable among colluding parties if *any* correlatable
  information is included in the payload... and, some would
  argue, that this is the vast majority of VCs being issued
  today.

In other words, we have to be very, very careful to not infer that VCs
are some sort of magic technology that achieves all the things that you
listed all of the time.

My apologies if this comes across as overly pedantic... but you seem to
be in a position where laws are being contemplated using this
technology... and so, we have to be very careful about what the law is
going to say on these matters.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches
Received on Tuesday, 9 June 2020 13:46:05 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 9 June 2020 13:46:05 UTC