W3C home > Mailing lists > Public > public-credentials@w3.org > April 2021

Re: public key in a verifiable credential

From: Nikos Fotiou <fotiou@aueb.gr>
Date: Thu, 1 Apr 2021 19:17:44 +0300
Message-Id: <486FB023-8591-44B8-B5AE-DB051F780A9B@aueb.gr>
Cc: public-credentials@w3.org
To: David Chadwick <D.W.Chadwick@kent.ac.uk>
This is what I understood. But then I read more carefully this https://www.w3.org/TR/vc-data-model/#json-web-token and I am wondering if something like the following makes sense:
https://gist.github.com/nikosft/d593202f4d16aaa1f94c06fdd99729c5

Best,
Nikos
--
Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou
Researcher - Mobile Multimedia Laboratory
Athens University of Economics and Business
https://mm.aueb.gr

> On 1 Apr 2021, at 7:07 PM, David Chadwick <D.W.Chadwick@kent.ac.uk> wrote:
> 
> By  Oauth "client" key you actually mean the subject's (in VC terminology) public key. Thus the subject ID is the natural place to put this. Using a DID as the subject's ID is either a direct or indirect way of referencing the subject's public key. So all VCs do this. 
> 
> Kind regards
> 
> David
> 
> On 01/04/2021 15:38, Nikos Fotiou wrote:
>> The exact use case is an OAuth 2.0 Authorization Server that issues JWTs that include the "client" public keys. For a number of reasons we want to replace these JWTs with VCs, but we cannot find a straightforward way to include the "client" key in the VC.
>> 
>> Best,
>> Nikos 
>> --
>> Nikos Fotiou - 
>> http://pages.cs.aueb.gr/~fotiou
>> 
>> Researcher - Mobile Multimedia Laboratory
>> Athens University of Economics and Business
>> 
>> https://mm.aueb.gr
>> 
>> 
>> 
>>> On 1 Apr 2021, at 5:34 PM, Adrian Gropper <agropper@healthurl.com>
>>>  wrote:
>>> 
>>> @Nikos Fotiou You seem to be describing the authorization use-case based on VCs. This is reasonable and has been extensively discussed already but I'm having a hard time remembering which thread. 
>>> 
>>> - Adrian
>>> 
>>> On Thu, Apr 1, 2021 at 10:20 AM Nikos Fotiou 
>>> <fotiou@aueb.gr>
>>>  wrote:
>>> Hi,
>>> 
>>> The VC includes a list of "IoT devices" that a "user" can access. The subject is the "user" and each "user" can be authenticated by a public key. We do not want the VC to be used as a bearer token.  
>>> 
>>> Best,
>>> Nikos 
>>> --
>>> Nikos Fotiou - 
>>> http://pages.cs.aueb.gr/~fotiou
>>> 
>>> Researcher - Mobile Multimedia Laboratory
>>> Athens University of Economics and Business
>>> 
>>> https://mm.aueb.gr
>>> 
>>> 
>>> 
>>>> On 1 Apr 2021, at 4:57 PM, Manu Sporny <msporny@digitalbazaar.com>
>>>>  wrote:
>>>> 
>>>> On 4/1/21 7:56 AM, Nikos Fotiou wrote:
>>>> 
>>>>> I find the latter approach "cleaner" but I am not sure if it is correct.
>>>>> Any opinion?
>>>>> 
>>>> Could you elaborate more on the use case, Nikos?
>>>> 
>>>> What are you trying to express with the VC? That might help us answer your
>>>> question with more specific guidance.
>>>> 
>>>> Note that a DID Document is one example of a data structure that does what
>>>> you're trying to do.
>>>> 
>>>> Have you considered the type of relationship between the subject and the
>>>> public key? Or is the VC subject the public key?
>>>> 
>>>> -- manu
>>>> 
>>>> -- 
>>>> Manu Sporny - 
>>>> https://www.linkedin.com/in/manusporny/
>>>> 
>>>> Founder/CEO - Digital Bazaar, Inc.
>>>> blog: Veres One Decentralized Identifier Blockchain Launches
>>>> 
>>>> https://tinyurl.com/veres-one-launches
>>>> 
>>>> 
>>>> 
>>>> 


Received on Thursday, 1 April 2021 16:18:02 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 1 April 2021 16:18:03 UTC