Re: VC HTTP Authorization Conversation

On 6/10/21 11:00 AM, Adrian Gropper wrote:
> If there's no choice of issuer, then the issuer can control the holder and 
> their wallet and probably will.

Yes, but nothing we do will ever change this.

If there is an issuer that has a credential that you want to use, like say, a
state-issued Driver's License, and there is only one place to get that
Driver's License... which is your state DMV, then they will always be able to
dictate the rules under which you can pick up and use said driver's license.

That is not a technology challenge, it is a policy challenge.

What concrete thing do you suggest we do to address that policy problem,
assuming we worked on policy problems (which we don't) in this group?

> For example, Apple announced support for state drivers licenses in their 
> iPhone wallet on Monday. As with the GAEN COVID exposure notification work,
> it's easy to see how state authority will license specific vendors to act
> as their agent.

You need to be more specific... what do you think this group has control over
in that situation?

> This is why our good work on the VC data model risks significant 
> nullification if we rush protocols under the "internal" assumption.

We already have the concept of "internal" and "external" VC HTTP APIs, so we
don't just have an "internal" assumption that is being applied to everything.
Presentation request/response is very much an "external" thing.

The group isn't doing what you're suggesting above. Could you be more clear
around what this has to do with the VC HTTP API? There is some assumption you
have in your head that you haven't stated out loud yet (which is why everyone
seems to be having trouble addressing your concerns).

-- manu

Manu Sporny -
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)

Received on Friday, 11 June 2021 17:30:37 UTC