- From: Tim Bouma <trbouma@gmail.com>
- Date: Mon, 23 Mar 2020 13:02:40 -0400
- To: "Jordan, John CITZ:EX" <John.Jordan@gov.bc.ca>
- Cc: "public-credentials@w3.org" <public-credentials@w3.org>, Isaac Patka <isaac@bloom.co>, Anil Lewis <anillewi@ca.ibm.com>
- Message-ID: <CAPzZSkiQumeuLks-fXGe=qJxgqArYxj_cw16FNAUyxGf5xG4YA@mail.gmail.com>
Hi everyone, Re-emphasizing what John is saying... The PCTF is about the governance authority over the assessment and acceptance of legitimate issuers of a credential. Using the PCTF, the Government of Canada has already assessed Alberta and British Columbia as trusted issuers of digital identity which can be accepted into federal programs (tax and social services). The tech integration mechanisms are a separate issue: legacy SAML, OIDC, and hopefully, very soon emerging ToIP. Based on the PCTF, we would then set up a Credential Registry of all the DIDs we would be prepared to 'trust' - provinces, territories, eventually other countries. When we assessed BC, there were a variety of public institutions and commercial service providers in the mix - all accounted for by the Province of BC, to whom we issued a letter of acceptance (formal recognition as a trusted issuer) The nice thing about PCTF/ToIP is that it very clearly separates the concerns, which can be managed separately. Best regards, Tim On Mon, 23 Mar 2020 at 12:43, Jordan, John CITZ:EX <John.Jordan@gov.bc.ca> wrote: > Hi All … I should think this a typical “accreditation” pattern. > > By this I mean there is a body that maintain governance authority over the > legitimate issuing of a credential. So there may be an authority on > accredited universities and the types of credentials they may issue. > > This accreditation organization can run a “Credential Registry” that lists > all accredited entities including their issuer DID for example… this allows > machine discovery of DID. Of course the DID would be created by the > accredited entity and added to their page in the credential registry via a > trusted process. > > An example of a credential registry is our OrgBook BC service which list > the authentic and authoritative data for all British Columbia legal > entities. Right now there are no DIDs in there as we don’t yet have a > trusted process to connect humans to legal entities and therefore grant > them access to OrgBook BC to add their issuer DID .. but .. this is > possible in time. > > So .. just seeing Brent’s comment re Trust Framework .. I am agreeing with > that .. this is about knowing the trusted issuers, what are the credentials > that are meaningful to a trust community/ecosystem and making that chain of > trust discoverable both by humans via governance and digitally via a suite > of capabilities including DIDs, VCs, credential registries, etc. > > This isn’t a problem that is solved within the VC data structure I don’t > believe. > > You can read more about the concepts of the Trust over IP stack (tech and > governance) here if you have IEEE Exploe … > https://ieeexplore.ieee.org/document/9031548/keywords#keywords or here > (and there are updates coming this week to the RFC) > https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0289-toip-stack > > My thoughts anyways, > J > > > > From: Isaac Patka <isaac@bloom.co> > Date: Monday, March 23, 2020 at 9:25 AM > To: "public-credentials@w3.org" <public-credentials@w3.org>, Anil Lewis < > anillewi@ca.ibm.com> > Subject: Re: Modeling credentials issued by a proxy issuer > Resent-From: <public-credentials@w3.org> > Resent-Date: Monday, March 23, 2020 at 9:23 AM > > Hi Anil, > > It depends on if the delegated issuer is responsible for managing the > lifecycle of the credential. If the issuer is taking full responsibility > for the credential, it may make sense to put the university/ employer > inside of the credentialSubject as a data provider. If the university/ > employer is taking a more active role in managing the credentials, then > they could be the issuer with the 3rd party acting as a custodian for the > key. > > Isaac > On Mar 23, 2020, 12:12 PM -0400, Anil Lewis <anillewi@ca.ibm.com>, wrote: > > Hi Dmitri, > This use case is more for the clearing house of the worlds who issue > credentials on behalf of other universities and employers trusts these 3rd > parties. However, these 3rd parties when they issue the credential, want to > make sure that when they issue these credentials, the holder understands > that the 3rd party is doing it on behalf of the university and want that > information conveyed in the verifiable credential. How can this be modeled > in the current version of Verifiable credential. Note that this 3rd party > has no access to any of the keys of the original issuers so the signature > in the proof will belong to the 3rd party > > > > ________________________________ > > > Anil Lewis > Senior Managing Consultant > > > > > > > > > > > > > > > <Image.15849663741781.png> > > > > > > -- Follow me on Twitter: http://twitter.com/trbouma
Received on Monday, 23 March 2020 17:03:05 UTC