- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Tue, 23 Feb 2021 11:12:29 -0500
- To: Christopher Allen <ChristopherA@lifewithalacrity.com>, Credentials Community Group <public-credentials@w3.org>
- Cc: gorazd <gorazdko@gmail.com>
On 2/22/21 4:50 PM, Christopher Allen wrote: > I can't seem to find a list of current possible signature Proof Purposes > for listing in DID Documents and using for VCs and zCaps. The best i can > find is from 2018 from David Longley <dlongley@digitalbazaar.com > <mailto:dlongley@digitalbazaar.com>>: > > "authentication" => "<vocab>#authenticationMethod" > "assertionMethod" => "<vocab>#assertionMethod" > "capabilityInvocation" => "<vocab>#capabilityInvocationMethod" > "capabilityDelegation" => "<vocab>#capabilityDelegationMethod" > "contractAgreement" => "<vocab>#contractAgreementMethod" > > Is this correct? Are there more? Have some of these been deprecated? Others have replied covering this. > > In particular, I'm wondering where timestamps fit in, and other kinds of > proofs besides signatures. I would think that a timestamp proof is created to assert the existence of something at a point of time. So it seems it would fall under `assertionMethod`. Note: Proof purposes enable verifiers to know what the proof creator's intent was so the message can't be accidentally abused for another purpose, e.g., a message signed for the purpose of merely making an assertion (and thus perhaps intended to be widely shared) being abused as a message to authenticate to a service or take some action (invoke a capability). It's a goal to keep the number of them limited to as few categories as are really needed to accomplish this goal. I would think `assertionMethod` gets that job done for timestamp proofs. -- Dave Longley CTO Digital Bazaar, Inc.
Received on Tuesday, 23 February 2021 16:12:47 UTC