Re: Current List of W3C Proposed Proof Purposes?

On 2/22/21 4:50 PM, Christopher Allen wrote:
> I can't seem to find a list of current possible signature Proof Purposes
> for listing in DID Documents and using for VCs and zCaps. The best i can
> find is from 2018 from David Longley <dlongley@digitalbazaar.com
> <mailto:dlongley@digitalbazaar.com>>:
> 
> "authentication" => "<vocab>#authenticationMethod"
> "assertionMethod" => "<vocab>#assertionMethod"
> "capabilityInvocation" => "<vocab>#capabilityInvocationMethod"
> "capabilityDelegation" => "<vocab>#capabilityDelegationMethod"
> "contractAgreement" => "<vocab>#contractAgreementMethod"
> 
> Is this correct? Are there more? Have some of these been deprecated?

Others have replied covering this.

> 
> In particular, I'm wondering where timestamps fit in, and other kinds of
> proofs besides signatures.

I would think that a timestamp proof is created to assert the existence
of something at a point of time. So it seems it would fall under
`assertionMethod`.

Note: Proof purposes enable verifiers to know what the proof creator's
intent was so the message can't be accidentally abused for another
purpose, e.g., a message signed for the purpose of merely making an
assertion (and thus perhaps intended to be widely shared) being abused
as a message to authenticate to a service or take some action (invoke a
capability). It's a goal to keep the number of them limited to as few
categories as are really needed to accomplish this goal. I would think
`assertionMethod` gets that job done for timestamp proofs.


-- 
Dave Longley
CTO
Digital Bazaar, Inc.

Received on Tuesday, 23 February 2021 16:12:47 UTC