W3C home > Mailing lists > Public > public-credentials@w3.org > May 2021

Question concerning proof purpose in a VP

From: Dominic Wörner <dom.woe@gmail.com>
Date: Tue, 4 May 2021 08:16:20 +0200
Message-ID: <CALXJN2W5=iDEzNcAPr9VguDO96Paabaq4b_sVugD6Eu_SY=tAg@mail.gmail.com>
To: W3C Credentials CG <public-credentials@w3.org>
Hi,

We've been using a Verifiable Presentation to represent a public profile
<https://hackmd.io/qFuh5MvEQBmvH8xSKud-BA> of an organization. This VP is
basically prepared once and can be fetched by various verifiers. We used
the proof purpose "Authentication", because it is used for subject
authentication. However, it's not really used "for the purposes of an
authentication protocol" [1] I'd say, since you can get the VP from any
party and this is by design, because we think this profile could be on a
CDN for example.

In our use case the challenge/nonce in the proof does not make much sense,
but libraries do expect the challenge for this proof purpose which makes
sense in an authentication protocol.

So, my questions are:

   - Is the proof purpose "authentication" appropriate for this use case?
   - Should we just use a self-selected challenge like the current
   timestamp?

Thanks!

Best,
Dominic

[1] https://w3c-ccg.github.io/ld-proofs/#proof-purpose
Received on Tuesday, 4 May 2021 06:16:44 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 4 May 2021 06:16:50 UTC