Re: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios from Adrian Gropper on 2021-07-17 (public-credentials@w3.org from July 2021)

From: Adrian Gropper <agropper@healthurl.com>
Date: Sat, 17 Jul 2021 08:58:40 -0400
To: David Chadwick <d.w.chadwick@verifiablecredentials.info>
Cc: public-credentials@w3.org
Message-ID: <CANYRo8g3NR5QZa6fmQZu69qb4CmDCo_WpyUpd=LJBek8vGRNYw@mail.gmail.com>
+1 - David’s framing of what notaries do matches mine.

Notaries and auditors are separate examples of trusted third parties. They
both sign a VC. The notary is only attesting to an identity on a document.
The document is a VC issued by the Subject.

The result is related to what we in the SSI community like to call a VP, I
think. In a VP, the document is a VC of the Subject. The notary is not a
third party capable of verifying identity. The signature on the VP is just
proving that the person being authenticated by the Verifier is the same as
the one authenticated by the Issuer. This is a verification of identity
only if there was some separate (biometric) validation done by _both_ the
Issuer and the Verifier.

What Michael might be thinking of is an auditor. That’s a notary that
actually validates the VC document as well as the identity of the Subject.
This is much more valuable, and expensive. EY project Nightfall is a great
example of ZKP to reduce the cost of audit but I think it requires the
material being audited to be on a private ledger if the transactions are to
be kept private.

Adrian

On Sat, Jul 17, 2021 at 6:37 AM David Chadwick <
d.w.chadwick@verifiablecredentials.info> wrote:

> Hi Michael
>
> I have a real life example of what you are trying to achieve. I had to
> sign a deposition in front of a notary that could subsequently be used in
> court if needed.  So I took the unsigned letter to the notary, and we both
> signed it in front of each other. The notary is not validating the content
> of my letter (or blood pressure or anything else). They dont care. They are
> simply validating my signature, and my identity, as I had to show the
> notary my passport first before the signing took place. I am asserting the
> truth of the contents, not the notary. The court will believe my deposition
> is the truth, the whole truth and nothing but the truth from my
> perspective, since each witness is obliged to do this.
>
> This is the example you should be trying to replicate in A rather than
> your stated ones.
>
> B does not work in my opinion. If the verifier cannot verify the signature
> of Sovrona because they do not trust it, then it does not matter how many
> notories validate the signature. The contents still wont be trusted.
>
> Kind regards
>
> David
> On 16/07/2021 22:10, Michael Herman (Trusted Digital Web) wrote:
>
> RE: but I would be uncomfortable as a notary notarizing that a person’s
> Blood Pressure was 120/80 or any other number as it is dependent on the
> accuracy of the device and the skill of the individual using it
>
>
>
> John, that’ not the point …my apologies if my example was too specific.
>
>
>
> Alice simply has 2 numbers to report. …2 metrics Alice wants to send to
> Dr. Bob …where there exists an existing trusted relationship as a patient
> of the doctor and doctor to the patient.
>
>
>
> Scenario A could, alternatively, be recast as Alice wanting to send an
> Appointment Confirmation to Dr. Bob’s Clinic …instead of a blood pressure
> reading.
>
>
>
> This is important feedback.
>
>
>
> Thank you,
>
> Michael
>
>
>
> p.s. When a public notary witnesses your signature on a passport
> application, for example, they’re simply attesting to the fact they saw you
> sign the passport application (and perhaps your address information) …not
> that any of the information provided by you is correct.
>
>
>
> *From:* john@reliableid.com <john@reliableid.com> <john@reliableid.com>
> *Sent:* July 16, 2021 1:46 PM
> *To:* Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
> <mwherman@parallelspace.net>; public-credentials@w3.org; 'David Chadwick'
> <d.w.chadwick@verifiablecredentials.info>
> <d.w.chadwick@verifiablecredentials.info>
> *Subject:* RE: Verifiable Credential Notarization and Third-Party Notary
> Services Providers: User Scenarios
>
>
>
> Not sure of all the background discussion on this, but I would be
> uncomfortable as a notary notarizing that a person’s Blood Pressure was
> 120/80 or any other number as it is dependent on the accuracy of the device
> and the skill of the individual using it
>
> John King
>
>
>
> *From:* Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
> *Sent:* Friday, July 16, 2021 2:36 PM
> *To:* public-credentials@w3.org; David Chadwick <
> d.w.chadwick@verifiablecredentials.info>
> *Subject:* Re: Verifiable Credential Notarization and Third-Party Notary
> Services Providers: User Scenarios
>
>
>
> In scenario A, Alice wants to report an actual blood pressure reading to
> Dr. Bob's Clinic. ...something like "120/80" ... really the pair of
> individual numbers. Alice wants the reading to be signed by her and
> notarized by SOVRONA as trusted notary ...that is, SOVRONA acts as a
> witness to Alice's signature of her own self-issued blood pressure home
> reading.
>
> Wrt to your question about scenario B, the Sovronia driver's license
> should appear to be signed by the Province of Sovronia whose signature is
> witnessed by SOVRONA, the mutually trusted credential notary.
>
> A and B are actually different examples of the same more generic
> credential notarization scenario/problem.
>
> Get Outlook for Android <https://aka.ms/AAb9ysg>
>
>
> ------------------------------
>
> *From:* David Chadwick <d.w.chadwick@verifiablecredentials.info>
> *Sent:* Friday, July 16, 2021 11:05:33 AM
> *To:* public-credentials@w3.org <public-credentials@w3.org>
> *Subject:* Re: Verifiable Credential Notarization and Third-Party Notary
> Services Providers: User Scenarios
>
>
>
> Hi Michael
>
> can you please explain these scenarios a bit more for me.
>
> A. The user creates any blood pressure reading they like, true or false,
> and gets a notary to certify this? Is this what you intended?
>
> B. What is the difference between a Sovronia DL signed with Sovronia's key
> or with Soveronia's notariser's key if the verifier knows and trusts the
> right public key?
>
> Kind regards
>
> David
>
> On 15/07/2021 20:45, Michael Herman (Trusted Digital Web) wrote:
>
> I believe there are a large number of scenarios where individual Persons
> as well as Organizations are going to want to (self) issue Verifiable
> Credentials using the credential notarization services of a third-party
> notary service provider.
>
> Here’s 2 user scenarios as examples:
>
>
>
>    - User Scenario A:  (steps A1…A8)
>    Alice self-issues a blood pressure home reading (BPHR) credential to
>    Dr. Bob’s Clinic using SOVRONA’s credential notarization services. SOVRONA
>    is a third-party notary services provider/network.
>    - User Scenario B: (steps B1…B8)
>    The Province of Sovronia issues a Sovronia Driver’s License to Alice
>    using SOVRONA’s credential notarization services. SOVRONA is a third-party
>    notary services provider/network.
>
>
>
> I have a some drill-down questions (e.g. protocol detail questions) but
> first, let me ask what general questions/comments have about the validity
> of the  2 user scenarios depicted below.
>
>
>
>
>
> Best regards,
>
> Michael Herman
>
> Far Left Self-Sovereignist
>
>
>
> Self-Sovereign Blockchain Architect
>
> Trusted Digital Web
>
> Hyperonomy Digital Identity Lab
>
> Parallelspace Corporation
>
>
>
>
>
>
Attachments

image/jpeg attachment: image002.jpg
image/jpeg attachment: image001.jpg
Received on Saturday, 17 July 2021 12:59:07 UTC