W3C home > Mailing lists > Public > public-credentials@w3.org > July 2021

RE: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios

From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
Date: Thu, 22 Jul 2021 01:18:22 +0000
To: "steve.e.magennis@gmail.com" <steve.e.magennis@gmail.com>, 'David Chadwick' <d.w.chadwick@verifiablecredentials.info>, "public-credentials@w3.org" <public-credentials@w3.org>, 'Luca Boldrin' <luca.boldrin@infocert.it>
CC: 'Luca Boldrin' <luca.boldrin@infocert.it>
Message-ID: <MWHPR1301MB20941A03939CFA188F3FBF57C3E49@MWHPR1301MB2094.namprd13.prod.outlook.com>
Re: Wouldn't Case ii then ultimately just be adding confidence that a private key was not compromised?

I guess the real answer is "it depends".

If you think of the passport application scenario, Passport Canada isn't going to accept "your word"/signature.  They insist you find a local, legally certified notary to witness your signature, supporting credentials, and photo.  That's their business process/policy.

If I want to give you a different kind of credential (e.g. $10 bill), yes, you're most likely willing to accept it because you trust the local currency.  You don't usually need someone to verify/notarize the $10 bill for you.

From: steve.e.magennis@gmail.com <steve.e.magennis@gmail.com>
Sent: July 19, 2021 6:12 PM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>; 'David Chadwick' <d.w.chadwick@verifiablecredentials.info>; public-credentials@w3.org; 'Luca Boldrin' <luca.boldrin@infocert.it>
Cc: 'Luca Boldrin' <luca.boldrin@infocert.it>
Subject: RE: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios

Wouldn't Case ii then ultimately just be adding confidence that a private key was not compromised?

From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>>
Sent: Monday, July 19, 2021 3:07 PM
To: David Chadwick <d.w.chadwick@verifiablecredentials.info<mailto:d.w.chadwick@verifiablecredentials.info>>; public-credentials@w3.org<mailto:public-credentials@w3.org>; Luca Boldrin <luca.boldrin@infocert.it<mailto:luca.boldrin@infocert.it>>
Cc: Luca Boldrin <luca.boldrin@infocert.it<mailto:luca.boldrin@infocert.it>>
Subject: Re: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios

Re: On the other side, the concept of "notarizing a signature" makes little sense in the eIDAS context, since it expected that the user's signature is already legally binding - a countersignature by a notary would not add value.

There is a subtle distinction here between:
Case i. Notarization of a user's signature (e.g. public key associated with Alice's digital identifier), and
Case ii. Notarization of a the digital signature (of the hash) associated with an instance of a Credential using Alice's digital identifier key pair.
They're different.

With VCNP, I'm referring to the latter Case ii.
Case ii. above is not really binding if no one trusts the un-notarized Alice's self-signed Appointment Confirmation, for example.

Michael
Get Outlook for Android<https://aka.ms/AAb9ysg>

________________________________
From: Luca Boldrin <luca.boldrin@infocert.it<mailto:luca.boldrin@infocert.it>>
Sent: Monday, July 19, 2021 1:53:05 AM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>>; David Chadwick <d.w.chadwick@verifiablecredentials.info<mailto:d.w.chadwick@verifiablecredentials.info>>; public-credentials@w3.org<mailto:public-credentials@w3.org> <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Cc: Luca Boldrin <luca.boldrin@infocert.it<mailto:luca.boldrin@infocert.it>>
Subject: R: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios


Hi,

I appreciate the distinction between "notary" and "auditor".

The recent proposal for revision of eIDAS regulation introduces the concept of "(qualified) electronic attestations of attributes".

https://ec.europa.eu/newsroom/dae/redirection/document/76608

The idea is that a trusted third party will issue these attributes by checking their veracity at the source - when the source itself cannot act as an issuer. That would be some sort of "auditor".

EU member states are even required to set up technical ways for checking a set of attributes, when they are the authoritative source:

[cid:image001.jpg@01D77E65.28896A90]





On the other side, the concept of "notarizing a signature" makes little sense in the eIDAS context, since it expected that the user's signature is already legally binding - a countersignature by a notary would not add value.

Best,



--luca





Da: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>>
Inviato: sabato 17 luglio 2021 16:20
A: David Chadwick <d.w.chadwick@verifiablecredentials.info<mailto:d.w.chadwick@verifiablecredentials.info>>; public-credentials@w3.org<mailto:public-credentials@w3.org>
Oggetto: RE: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios



ATTENZIONE: Questa e-mail proviene dall'esterno dell'organizzazione. Non cliccare sui link o aprire gli allegati a meno che tu non riconosca il mittente e sappia che il contenuto  sicuro.

RE: Your deposition user scenario



Perfect David.  I've amended my User Scenario A to be Alice self-issuing a (less prickly) Appointment Confirmation to Dr. Bob's Clinic to remove the contentious issue around blood pressure readings.



Your previous email also highlighted that the Credential Notarization process/workflow needs to also take into consideration sensitive data, PII, etc. (e.g. sensitive health data like blood pressure readings, etc.) ... avoid passing it around even to a trusted Notary.



Wrt to User Scenario B (Province of Sovronia issuing a provincial drivers license), both signatures should be (and will be in my implementation) so that a Verifier can verify the SDL VC in the same or similar way to how they would verify any VC.  A Verifier might choose to verify against one, the other, or both signatures ...or verify the Notary's signature first before verifying the Issuer's signature ...dependent on the trust level the Issuer has with the Verifier.



Michael



From: David Chadwick <d.w.chadwick@verifiablecredentials.info<mailto:d.w.chadwick@verifiablecredentials.info>>
Sent: July 17, 2021 4:36 AM
To: public-credentials@w3.org<mailto:public-credentials@w3.org>
Subject: Re: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios



Hi Michael

I have a real life example of what you are trying to achieve. I had to sign a deposition in front of a notary that could subsequently be used in court if needed.  So I took the unsigned letter to the notary, and we both signed it in front of each other. The notary is not validating the content of my letter (or blood pressure or anything else). They dont care. They are simply validating my signature, and my identity, as I had to show the notary my passport first before the signing took place. I am asserting the truth of the contents, not the notary. The court will believe my deposition is the truth, the whole truth and nothing but the truth from my perspective, since each witness is obliged to do this.

This is the example you should be trying to replicate in A rather than your stated ones.

B does not work in my opinion. If the verifier cannot verify the signature of Sovrona because they do not trust it, then it does not matter how many notories validate the signature. The contents still wont be trusted.

Kind regards

David

On 16/07/2021 22:10, Michael Herman (Trusted Digital Web) wrote:

RE: but I would be uncomfortable as a notary notarizing that a person's Blood Pressure was 120/80 or any other number as it is dependent on the accuracy of the device and the skill of the individual using it



John, that' not the point ...my apologies if my example was too specific.



Alice simply has 2 numbers to report. ...2 metrics Alice wants to send to Dr. Bob ...where there exists an existing trusted relationship as a patient of the doctor and doctor to the patient.



Scenario A could, alternatively, be recast as Alice wanting to send an Appointment Confirmation to Dr. Bob's Clinic ...instead of a blood pressure reading.



This is important feedback.



Thank you,

Michael



p.s. When a public notary witnesses your signature on a passport application, for example, they're simply attesting to the fact they saw you sign the passport application (and perhaps your address information) ...not that any of the information provided by you is correct.



From: john@reliableid.com<mailto:john@reliableid.com> <john@reliableid.com><mailto:john@reliableid.com>
Sent: July 16, 2021 1:46 PM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net><mailto:mwherman@parallelspace.net>; public-credentials@w3.org<mailto:public-credentials@w3.org>; 'David Chadwick' <d.w.chadwick@verifiablecredentials.info><mailto:d.w.chadwick@verifiablecredentials.info>
Subject: RE: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios



Not sure of all the background discussion on this, but I would be uncomfortable as a notary notarizing that a person's Blood Pressure was 120/80 or any other number as it is dependent on the accuracy of the device and the skill of the individual using it

John King



From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>>
Sent: Friday, July 16, 2021 2:36 PM
To: public-credentials@w3.org<mailto:public-credentials@w3.org>; David Chadwick <d.w.chadwick@verifiablecredentials.info<mailto:d.w.chadwick@verifiablecredentials.info>>
Subject: Re: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios



In scenario A, Alice wants to report an actual blood pressure reading to Dr. Bob's Clinic. ...something like "120/80" ... really the pair of individual numbers. Alice wants the reading to be signed by her and notarized by SOVRONA as trusted notary ...that is, SOVRONA acts as a witness to Alice's signature of her own self-issued blood pressure home reading.

Wrt to your question about scenario B, the Sovronia driver's license should appear to be signed by the Province of Sovronia whose signature is witnessed by SOVRONA, the mutually trusted credential notary.

A and B are actually different examples of the same more generic credential notarization scenario/problem.

Get Outlook for Android<https://aka.ms/AAb9ysg>



________________________________

From: David Chadwick <d.w.chadwick@verifiablecredentials.info<mailto:d.w.chadwick@verifiablecredentials.info>>
Sent: Friday, July 16, 2021 11:05:33 AM
To: public-credentials@w3.org<mailto:public-credentials@w3.org> <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: Re: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios



Hi Michael

can you please explain these scenarios a bit more for me.

A. The user creates any blood pressure reading they like, true or false, and gets a notary to certify this? Is this what you intended?

B. What is the difference between a Sovronia DL signed with Sovronia's key or with Soveronia's notariser's key if the verifier knows and trusts the right public key?

Kind regards

David

On 15/07/2021 20:45, Michael Herman (Trusted Digital Web) wrote:

I believe there are a large number of scenarios where individual Persons as well as Organizations are going to want to (self) issue Verifiable Credentials using the credential notarization services of a third-party notary service provider.

Here's 2 user scenarios as examples:



  1.  User Scenario A:  (steps A1...A8)
Alice self-issues a blood pressure home reading (BPHR) credential to Dr. Bob's Clinic using SOVRONA's credential notarization services. SOVRONA is a third-party notary services provider/network.
  2.  User Scenario B: (steps B1...B8)
The Province of Sovronia issues a Sovronia Driver's License to Alice using SOVRONA's credential notarization services. SOVRONA is a third-party notary services provider/network.



I have a some drill-down questions (e.g. protocol detail questions) but first, let me ask what general questions/comments have about the validity of the  2 user scenarios depicted below.



[cid:image002.jpg@01D77E65.28896A90]



Best regards,

Michael Herman

Far Left Self-Sovereignist



Self-Sovereign Blockchain Architect

Trusted Digital Web

Hyperonomy Digital Identity Lab

Parallelspace Corporation



[cid:image003.jpg@01D77E65.28896A90]



image001.jpg
(image/jpeg attachment: image001.jpg)

image002.jpg
(image/jpeg attachment: image002.jpg)

image003.jpg
(image/jpeg attachment: image003.jpg)

Received on Thursday, 22 July 2021 01:18:40 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 22 July 2021 01:18:42 UTC