- From: Adrian Gropper <agropper@healthurl.com>
- Date: Tue, 9 Jun 2020 10:07:19 -0400
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANYRo8h8EeuRhpLiwFKUAnzrzOyqfdGSv2Xk=CDYdDXQ3j5wVQ@mail.gmail.com>
There's danger in pushing VCs in the context of patients / employees. We would do well to take the EFF comments on this law seriously. I wrote https://github.com/agropper/secure-data-store/blob/master/COVID-19_Health_Report_Use_Case.md#41-review-of-issues-raised-by-eff with this in mind. - Adrian On Tue, Jun 9, 2020 at 9:47 AM Manu Sporny <msporny@digitalbazaar.com> wrote: > On 6/9/20 2:17 AM, Tony Rose wrote: > > My focus as a member of the SSI community has been to seek guidance from > > experts in our community and provide a definition that encapsulates what > > a verifiable credential is: Private, Secure, Portable, Verifiable, and > > Non Correlate able. > > Since we're dipping our toes in legislation, I'd like to point out that > your definition above for what a verifiable credential is -- is not > always correct. In some cases, the definition you provided is > dangerously wrong. :) > > If you are going to use a definition of what a verifiable credential > is... use the one from the specification: > > https://www.w3.org/TR/vc-data-model/#terminology > > """ > credential: > > A set of one or more claims made by an issuer. A verifiable credential > is a tamper-evident credential that has authorship that can be > cryptographically verified. > """ > > That definition was hard won over years of debate. > > Specifically, noting the definition you used, a Verifiable Credential is: > > * NOT private when it's published on the open Web. > * Correlatable among colluding parties if *any* correlatable > information is included in the payload... and, some would > argue, that this is the vast majority of VCs being issued > today. > > In other words, we have to be very, very careful to not infer that VCs > are some sort of magic technology that achieves all the things that you > listed all of the time. > > My apologies if this comes across as overly pedantic... but you seem to > be in a position where laws are being contemplated using this > technology... and so, we have to be very careful about what the law is > going to say on these matters. > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > blog: Veres One Decentralized Identifier Blockchain Launches > https://tinyurl.com/veres-one-launches > >
Received on Tuesday, 9 June 2020 14:07:44 UTC