W3C home > Mailing lists > Public > public-credentials@w3.org > July 2021

RE: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios

From: <steve.e.magennis@gmail.com>
Date: Mon, 19 Jul 2021 17:11:30 -0700
To: "'Michael Herman \(Trusted Digital Web\)'" <mwherman@parallelspace.net>, "'David Chadwick'" <d.w.chadwick@verifiablecredentials.info>, <public-credentials@w3.org>, "'Luca Boldrin'" <luca.boldrin@infocert.it>
Cc: "'Luca Boldrin'" <luca.boldrin@infocert.it>
Message-ID: <06af01d77cfb$cb10f280$6132d780$@gmail.com>
Wouldn’t Case ii then ultimately just be adding confidence that a private
key was not compromised?

 

From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net> 
Sent: Monday, July 19, 2021 3:07 PM
To: David Chadwick <d.w.chadwick@verifiablecredentials.info>;
public-credentials@w3.org; Luca Boldrin <luca.boldrin@infocert.it>
Cc: Luca Boldrin <luca.boldrin@infocert.it>
Subject: Re: Verifiable Credential Notarization and Third-Party Notary
Services Providers: User Scenarios

 

Re: On the other side, the concept of “notarizing a signature” makes little
sense in the eIDAS context, since it expected that the user’s signature is
already legally binding – a countersignature by a notary would not add
value.

 

There is a subtle distinction here between:

Case i. Notarization of a user's signature (e.g. public key associated with
Alice's digital identifier), and

Case ii. Notarization of a the digital signature (of the hash) associated
with an instance of a Credential using Alice's digital identifier key pair.

They're different. 

 

With VCNP, I'm referring to the latter Case ii. 

Case ii. above is not really binding if no one trusts the un-notarized
Alice's self-signed Appointment Confirmation, for example.

 

Michael

Get Outlook for Android <https://aka.ms/AAb9ysg> 

 

  _____  

From: Luca Boldrin <luca.boldrin@infocert.it
<mailto:luca.boldrin@infocert.it> >
Sent: Monday, July 19, 2021 1:53:05 AM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net
<mailto:mwherman@parallelspace.net> >; David Chadwick
<d.w.chadwick@verifiablecredentials.info
<mailto:d.w.chadwick@verifiablecredentials.info> >;
public-credentials@w3.org <mailto:public-credentials@w3.org>
<public-credentials@w3.org <mailto:public-credentials@w3.org> >
Cc: Luca Boldrin <luca.boldrin@infocert.it>
Subject: R: Verifiable Credential Notarization and Third-Party Notary
Services Providers: User Scenarios 

 

Hi,

I appreciate the distinction between “notary” and “auditor”.

The recent proposal for revision of eIDAS regulation introduces the concept
of “(qualified) electronic attestations of attributes”. 

https://ec.europa.eu/newsroom/dae/redirection/document/76608

The idea is that a trusted third party will issue these attributes by
checking their veracity at the source – when the source itself cannot act as
an issuer. That would be some sort of “auditor”.

EU member states are even required to set up technical ways for checking a
set of attributes, when they are the authoritative source:



 

 

On the other side, the concept of “notarizing a signature” makes little
sense in the eIDAS context, since it expected that the user’s signature is
already legally binding – a countersignature by a notary would not add
value.

Best,

 

--luca

 

 

Da: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net
<mailto:mwherman@parallelspace.net> > 
Inviato: sabato 17 luglio 2021 16:20
A: David Chadwick <d.w.chadwick@verifiablecredentials.info
<mailto:d.w.chadwick@verifiablecredentials.info> >;
public-credentials@w3.org <mailto:public-credentials@w3.org> 
Oggetto: RE: Verifiable Credential Notarization and Third-Party Notary
Services Providers: User Scenarios

 

ATTENZIONE: Questa e-mail proviene dall'esterno dell'organizzazione. Non
cliccare sui link o aprire gli allegati a meno che tu non riconosca il
mittente e sappia che il contenuto  sicuro.

RE: Your deposition user scenario 

 

Perfect David.  I’ve amended my User Scenario A to be Alice self-issuing a
(less prickly) Appointment Confirmation to Dr. Bob’s Clinic to remove the
contentious issue around blood pressure readings.

 

Your previous email also highlighted that the Credential Notarization
process/workflow needs to also take into consideration sensitive data, PII,
etc. (e.g. sensitive health data like blood pressure readings, etc.) … avoid
passing it around even to a trusted Notary.

 

Wrt to User Scenario B (Province of Sovronia issuing a provincial drivers
license), both signatures should be (and will be in my implementation) so
that a Verifier can verify the SDL VC in the same or similar way to how they
would verify any VC.  A Verifier might choose to verify against one, the
other, or both signatures …or verify the Notary’s signature first before
verifying the Issuer’s signature …dependent on the trust level the Issuer
has with the Verifier.

 

Michael

 

From: David Chadwick <d.w.chadwick@verifiablecredentials.info
<mailto:d.w.chadwick@verifiablecredentials.info> > 
Sent: July 17, 2021 4:36 AM
To: public-credentials@w3.org <mailto:public-credentials@w3.org> 
Subject: Re: Verifiable Credential Notarization and Third-Party Notary
Services Providers: User Scenarios

 

Hi Michael

I have a real life example of what you are trying to achieve. I had to sign
a deposition in front of a notary that could subsequently be used in court
if needed.  So I took the unsigned letter to the notary, and we both signed
it in front of each other. The notary is not validating the content of my
letter (or blood pressure or anything else). They dont care. They are simply
validating my signature, and my identity, as I had to show the notary my
passport first before the signing took place. I am asserting the truth of
the contents, not the notary. The court will believe my deposition is the
truth, the whole truth and nothing but the truth from my perspective, since
each witness is obliged to do this.

This is the example you should be trying to replicate in A rather than your
stated ones.

B does not work in my opinion. If the verifier cannot verify the signature
of Sovrona because they do not trust it, then it does not matter how many
notories validate the signature. The contents still wont be trusted.

Kind regards

David

On 16/07/2021 22:10, Michael Herman (Trusted Digital Web) wrote:

RE: but I would be uncomfortable as a notary notarizing that a person’s
Blood Pressure was 120/80 or any other number as it is dependent on the
accuracy of the device and the skill of the individual using it

 

John, that’ not the point …my apologies if my example was too specific.

 

Alice simply has 2 numbers to report. …2 metrics Alice wants to send to Dr.
Bob …where there exists an existing trusted relationship as a patient of the
doctor and doctor to the patient.

 

Scenario A could, alternatively, be recast as Alice wanting to send an
Appointment Confirmation to Dr. Bob’s Clinic …instead of a blood pressure
reading.

 

This is important feedback.  

 

Thank you,

Michael

 

p.s. When a public notary witnesses your signature on a passport
application, for example, they’re simply attesting to the fact they saw you
sign the passport application (and perhaps your address information) …not
that any of the information provided by you is correct.

 

From: john@reliableid.com <mailto:john@reliableid.com>
<mailto:john@reliableid.com> <john@reliableid.com> 
Sent: July 16, 2021 1:46 PM
To: Michael Herman (Trusted Digital Web)
<mailto:mwherman@parallelspace.net> <mwherman@parallelspace.net>;
public-credentials@w3.org <mailto:public-credentials@w3.org> ; 'David
Chadwick'  <mailto:d.w.chadwick@verifiablecredentials.info>
<d.w.chadwick@verifiablecredentials.info>
Subject: RE: Verifiable Credential Notarization and Third-Party Notary
Services Providers: User Scenarios

 

Not sure of all the background discussion on this, but I would be
uncomfortable as a notary notarizing that a person’s Blood Pressure was
120/80 or any other number as it is dependent on the accuracy of the device
and the skill of the individual using it

John King

 

From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net
<mailto:mwherman@parallelspace.net> > 
Sent: Friday, July 16, 2021 2:36 PM
To: public-credentials@w3.org <mailto:public-credentials@w3.org> ; David
Chadwick <d.w.chadwick@verifiablecredentials.info
<mailto:d.w.chadwick@verifiablecredentials.info> >
Subject: Re: Verifiable Credential Notarization and Third-Party Notary
Services Providers: User Scenarios

 

In scenario A, Alice wants to report an actual blood pressure reading to Dr.
Bob's Clinic. ...something like "120/80" ... really the pair of individual
numbers. Alice wants the reading to be signed by her and notarized by
SOVRONA as trusted notary ...that is, SOVRONA acts as a witness to Alice's
signature of her own self-issued blood pressure home reading. 

Wrt to your question about scenario B, the Sovronia driver's license should
appear to be signed by the Province of Sovronia whose signature is witnessed
by SOVRONA, the mutually trusted credential notary. 

A and B are actually different examples of the same more generic credential
notarization scenario/problem. 

Get Outlook for Android <https://aka.ms/AAb9ysg> 

 

  _____  

From: David Chadwick <d.w.chadwick@verifiablecredentials.info
<mailto:d.w.chadwick@verifiablecredentials.info> >
Sent: Friday, July 16, 2021 11:05:33 AM
To: public-credentials@w3.org <mailto:public-credentials@w3.org>
<public-credentials@w3.org <mailto:public-credentials@w3.org> >
Subject: Re: Verifiable Credential Notarization and Third-Party Notary
Services Providers: User Scenarios 

 

Hi Michael

can you please explain these scenarios a bit more for me.

A. The user creates any blood pressure reading they like, true or false, and
gets a notary to certify this? Is this what you intended?

B. What is the difference between a Sovronia DL signed with Sovronia's key
or with Soveronia's notariser's key if the verifier knows and trusts the
right public key?

Kind regards

David

On 15/07/2021 20:45, Michael Herman (Trusted Digital Web) wrote:

I believe there are a large number of scenarios where individual Persons as
well as Organizations are going to want to (self) issue Verifiable
Credentials using the credential notarization services of a third-party
notary service provider.  

Here’s 2 user scenarios as examples: 

 

1.	User Scenario A:  (steps A1…A8) 
Alice self-issues a blood pressure home reading (BPHR) credential to Dr.
Bob’s Clinic using SOVRONA’s credential notarization services. SOVRONA is a
third-party notary services provider/network.
2.	User Scenario B: (steps B1…B8)
The Province of Sovronia issues a Sovronia Driver’s License to Alice using
SOVRONA’s credential notarization services. SOVRONA is a third-party notary
services provider/network.

 

I have a some drill-down questions (e.g. protocol detail questions) but
first, let me ask what general questions/comments have about the validity of
the  2 user scenarios depicted below.

 



 

Best regards,

Michael Herman

Far Left Self-Sovereignist

 

Self-Sovereign Blockchain Architect

Trusted Digital Web

Hyperonomy Digital Identity Lab

Parallelspace Corporation

 



 


image001.jpg
(image/jpeg attachment: image001.jpg)

image002.jpg
(image/jpeg attachment: image002.jpg)

image003.jpg
(image/jpeg attachment: image003.jpg)

Received on Tuesday, 20 July 2021 00:11:48 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 20 July 2021 00:11:50 UTC