Re: Question concerning proof purpose in a VP

- > Is the proof purpose "authentication" appropriate for this use case?
- To align with the Well Known DID Configuration specification, I think it
may be more useful to use assertionMethod here. The decision to use
"assertionMethod" here I don't believe was heavily debated at the time
though. In both cases, they are publicly available credential (although
well-known did configuration is a VC instead of a VP) to assert a binding
about a subject. However, I will note that within our team we've had people
fall on both sides of this design choice and there's likely a broader
discussion to be had about when a particular verification method should be
used.

> Should we just use a self-selected challenge like the current timestamp?
- A nothing up my sleeve self generated challenge is a good way to go about
this if you want to self select a challenge. One of the good ones that Mike
Lodder often suggests is the latest hash of a well known blockchain such as
bitcoin or ethereum. You could also use the latest state proof from an indy
chain since based on the examples you've already got access to an indy
network.

- -Kyle

On Tue, May 4, 2021 at 6:20 PM Dominic Wörner <dom.woe@gmail.com> wrote:

> Hi,
>
> We've been using a Verifiable Presentation to represent a public profile
> <https://hackmd.io/qFuh5MvEQBmvH8xSKud-BA> of an organization. This VP is
> basically prepared once and can be fetched by various verifiers. We used
> the proof purpose "Authentication", because it is used for subject
> authentication. However, it's not really used "for the purposes of an
> authentication protocol" [1] I'd say, since you can get the VP from any
> party and this is by design, because we think this profile could be on a
> CDN for example.
>
> In our use case the challenge/nonce in the proof does not make much sense,
> but libraries do expect the challenge for this proof purpose which makes
> sense in an authentication protocol.
>
> So, my questions are:
>
>    - Is the proof purpose "authentication" appropriate for this use case?
>    - Should we just use a self-selected challenge like the current
>    timestamp?
>
> Thanks!
>
> Best,
> Dominic
>
> [1] https://w3c-ccg.github.io/ld-proofs/#proof-purpose
>

-- 
This communication, including any attachments, is confidential. If you are 
not the intended recipient, you should not read it - please contact me 
immediately, destroy it, and do not copy or use any part of this 
communication or disclose anything about it. Thank you. Please note that 
this communication does not designate an information system for the 
purposes of the Electronic Transactions Act 2002.

Received on Wednesday, 5 May 2021 00:37:53 UTC