- From: Oleksandr Brezhniev <oleksandr.brezhniev@gmail.com>
- Date: Tue, 24 Nov 2020 13:30:01 +0200
- To: public-credentials@w3.org
- Message-ID: <CABsvQ0cV6X+yDn_nwD_4bewaOLUm==qenwGWfY93pNcouD2AfQ@mail.gmail.com>
Hi everyone! I wonder if multiple signatures are supported by DID&VC standards. For example, a credential wallet on a child's phone could create DID requiring all VC presentations to be signed by the child and one of the parents. Or DID Auth requiring signatures from an employee and a manager to deploy to production or access strictly confidential information. While it's possible to request multiple credentials to cover such cases, it puts too much responsibility and trust on the requesting party. And also there's a whole range of real world credentials that require multiple signatures (where some of them may be optional / conditional), it would be strange to split them in separate credentials for each party's signature. I have found that both JWS and JSON LD Proofs allow to include several signatures, but there are no strong rules for the verifier on how to proceed with this data. Also DID document VerificationMethod field description contains this information: “Verification methods might take many parameters. An example of this is a set of five cryptographic keys from which any three are required to contribute to a threshold signature”. And I assume all of them should be evaluated on DID auth/credential presentation (but don't think any wallet has implemented it). Anyway, in both cases it’s not clear where to specify the threshold (2 of 3 / 3 of 5). Is a custom Verification Method with defined properties needed? Or am I missing something? Best regards, Oleksandr Brezhniev
Received on Tuesday, 24 November 2020 18:13:47 UTC