Question concerning proof purpose in a VP from Dominic Wörner on 2021-05-04 (public-credentials@w3.org from May 2021)

From: Dominic Wörner <dom.woe@gmail.com>
Date: Tue, 4 May 2021 08:16:20 +0200
To: W3C Credentials CG <public-credentials@w3.org>
Message-ID: <CALXJN2W5=iDEzNcAPr9VguDO96Paabaq4b_sVugD6Eu_SY=tAg@mail.gmail.com>

Hi,

We've been using a Verifiable Presentation to represent a public profile
<https://hackmd.io/qFuh5MvEQBmvH8xSKud-BA> of an organization. This VP is
basically prepared once and can be fetched by various verifiers. We used
the proof purpose "Authentication", because it is used for subject
authentication. However, it's not really used "for the purposes of an
authentication protocol" [1] I'd say, since you can get the VP from any
party and this is by design, because we think this profile could be on a
CDN for example.

In our use case the challenge/nonce in the proof does not make much sense,
but libraries do expect the challenge for this proof purpose which makes
sense in an authentication protocol.

So, my questions are:

   - Is the proof purpose "authentication" appropriate for this use case?
   - Should we just use a self-selected challenge like the current
   timestamp?

Thanks!

Best,
Dominic

[1] https://w3c-ccg.github.io/ld-proofs/#proof-purpose

Received on Tuesday, 4 May 2021 06:16:44 UTC