Re: public key in a verifiable credential from Adrian Gropper on 2021-04-01 (public-credentials@w3.org from April 2021)

From: Adrian Gropper <agropper@healthurl.com>
Date: Thu, 1 Apr 2021 10:48:20 -0400
To: Nikos Fotiou <fotiou@aueb.gr>
Cc: Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <CANYRo8jp4MLtKdtVCLy6cHOPAZT25qbSv8MGVZvy+u=NAb0=jQ@mail.gmail.com>

Our "patient" is open on the surgical table in IETF. Here's one of the
threads: https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/145 but
there are many others. We're in the OR trying to apply what we've learned
from OAuth2, UMA 2, and protocol discussions around the VC and DID data
models. We're actively trying to harmonize IETF authorization protocols
with SSI.

The IoT use-cases have nor been front of mind in the recent GNAP
discussions. Please join us, if you can.

- Adrian

On Thu, Apr 1, 2021 at 10:38 AM Nikos Fotiou <fotiou@aueb.gr> wrote:

> The exact use case is an OAuth 2.0 Authorization Server that issues JWTs
> that include the "client" public keys. For a number of reasons we want to
> replace these JWTs with VCs, but we cannot find a straightforward way to
> include the "client" key in the VC.
>
> Best,
> Nikos
> --
> Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou
> Researcher - Mobile Multimedia Laboratory
> Athens University of Economics and Business
> https://mm.aueb.gr
>
> > On 1 Apr 2021, at 5:34 PM, Adrian Gropper <agropper@healthurl.com>
> wrote:
> >
> > @Nikos Fotiou You seem to be describing the authorization use-case based
> on VCs. This is reasonable and has been extensively discussed already but
> I'm having a hard time remembering which thread.
> >
> > - Adrian
> >
> > On Thu, Apr 1, 2021 at 10:20 AM Nikos Fotiou <fotiou@aueb.gr> wrote:
> > Hi,
> >
> > The VC includes a list of "IoT devices" that a "user" can access. The
> subject is the "user" and each "user" can be authenticated by a public key.
> We do not want the VC to be used as a bearer token.
> >
> > Best,
> > Nikos
> > --
> > Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou
> > Researcher - Mobile Multimedia Laboratory
> > Athens University of Economics and Business
> > https://mm.aueb.gr
> >
> > > On 1 Apr 2021, at 4:57 PM, Manu Sporny <msporny@digitalbazaar.com>
> wrote:
> > >
> > > On 4/1/21 7:56 AM, Nikos Fotiou wrote:
> > >> I find the latter approach "cleaner" but I am not sure if it is
> correct.
> > >> Any opinion?
> > >
> > > Could you elaborate more on the use case, Nikos?
> > >
> > > What are you trying to express with the VC? That might help us answer
> your
> > > question with more specific guidance.
> > >
> > > Note that a DID Document is one example of a data structure that does
> what
> > > you're trying to do.
> > >
> > > Have you considered the type of relationship between the subject and
> the
> > > public key? Or is the VC subject the public key?
> > >
> > > -- manu
> > >
> > > --
> > > Manu Sporny - https://www.linkedin.com/in/manusporny/
> > > Founder/CEO - Digital Bazaar, Inc.
> > > blog: Veres One Decentralized Identifier Blockchain Launches
> > > https://tinyurl.com/veres-one-launches
> > >
> > >
> >
>
>

Received on Thursday, 1 April 2021 14:48:48 UTC