W3C home > Mailing lists > Public > public-credentials@w3.org > June 2021

Re: The dangers of using VCs as permission tokens

From: Snorre Lothar von Gohren Edwin <snorre@diwala.io>
Date: Mon, 28 Jun 2021 11:57:04 +0200
Message-ID: <CAE8zwO2H6PCGsW_822eUkF9MAifoyHRxh7t4Q56FH+8fVi8ooA@mail.gmail.com>
To: daniel.hardman@gmail.com
Cc: Alan Karp <alanhkarp@gmail.com>, Kim Hamilton <kimdhamilton@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
In relation to this thread, is Power of Attorney a use case along these
lines? Power of attorney VCs for certain services and so on?

On Mon, Jun 28, 2021 at 9:59 AM Daniel Hardman <daniel.hardman@gmail.com>
wrote:

> The use case that Kyle describes around delegation seems reasonable -- but
> I don't agree with the article's suggestion about how this would/could be
> modeled with VCs. The complexity of VCs as a delegation mechanism is not an
> inherent characteristic of VCs, but rather a characteristic of the wrong VC
> schemas. In other words, Kyle's critique might be better summarized as, "If
> you attempt to adapt complex VCs that weren't built for delegation to a
> simple delegation problem, you get a lot of baggage that makes it easy to
> make mistakes." Cue Alan's comment about confusion...
>
> My conclusion would be: "Don't use complex VC schemas to delegate along
> the lines of the model Kyle warned against."
>
> We had a deep discussion about whether or not to use VCs as OCAPs,
> facilitated by the chairs of the CCG. I suggest that if we want to explore
> this topic further, we allocate proper time and focus to it again, rather
> than touching on it in smaller, less contextualized increments.
>
> --Daniel
>


-- 

*Snorre Lothar von Gohren Edwin*
Co-Founder & CTO, Diwala
+47 411 611 94
www.diwala.io
Received on Monday, 28 June 2021 09:57:29 UTC

This archive was generated by hypermail 2.4.0 : Monday, 28 June 2021 09:57:30 UTC