Re: Authorized Issuer Lists from Adrian Gropper on 2022-08-14 (public-credentials@w3.org from August 2022)

From: Adrian Gropper <agropper@healthurl.com>
Date: Sun, 14 Aug 2022 19:31:17 -0400
To: Steve Capell <steve.capell@gmail.com>
Cc: Kyano Kashi <kyanokashi2@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>, Tobias Looker <tobias.looker@mattr.global>, W3C Credentials CG <public-credentials@w3.org>
Message-ID: <CANYRo8juZ0==ehKL5VVCNOLzeLyM_QjmhCcgu_-BgxOm55JHfg@mail.gmail.com>
What is to be the difference between a registry of issuers and the Apple
App Store? Are client credentials somehow different from other verifiable
credentials?

- Adrian

On Sun, Aug 14, 2022 at 6:44 PM Steve Capell <steve.capell@gmail.com> wrote:

> Very true that trust comes both from
> - “de-jure” authorities that have the legal authority to make certain
> statements - and
> - evidence of trustworthy participation such as good ratings from peers
> that I trust
>
> Two different things and both valid.  However my current focus is the
> first one - the formal / legal accreditations and how to express and verify
> them as a linked credential graph
>
> The solution to the second one in a decentralised architecture also
> probably has something to do with trust graphs as well.  If I’ve got a 5
> star rating from Amazon as a seller that is based on 1000 reviews over 10
> years then I’d love to get a VC from Amazon attesting to that so I can
> leverage that reputation on other channels - but I can’t see why Amazon
> would be motivated to give it to me.  Might need some GDPR style regulation
> that entitles me to demand it from the walled garden networks
>
> Cheers
>
> Steven Capell
> Mob: 0410 437854
>
> On 15 Aug 2022, at 8:26 am, Tobias Looker <tobias.looker@mattr.global>
> wrote:
>
> 
>
> This is a great and much needed initiative for the credential space. I
> would note that I think language like "authorized issuer lists" does tend
> to setup the possible misconception that there is a singular arbiter around
> who to trust for a particular credential type when in reality trust is
> contextual. Therefore, I think "trust lists" or "trust registries" are
> perhaps a better language framing of what we are looking for an
> interoperable solution to.
>
> Thanks,
>
> [image: Mattr website]
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>
>
>
>
> *Tobias Looker*
>
> MATTR
> CTO
>
> +64 (0) 27 378 0461
> tobias.looker@mattr.global
>
> [image: Mattr website]
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>
>
> [image: Mattr on LinkedIn]
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1SbN9fvNg%26u%3Dhttps%253a%252f%252fwww.linkedin.com%252fcompany%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076719975%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t%2BidOI32oaKuTJf1AkcG%2B%2FirIJwbrgzXVZnjOAC52Hs%3D&reserved=0>
>
> [image: Mattr on Twitter]
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WdMte6ZA%26u%3Dhttps%253a%252f%252ftwitter.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BD9WWyXEjVGlbpbCja93yW%2FzLJZpe%2Ff8lGooe8V6i7w%3D&reserved=0>
>
> [image: Mattr on Github]
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiWwGdMoDtMw%26u%3Dhttps%253a%252f%252fgithub.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4AhRuXZCnU5i3hcngo4H3UiNayYUtXpRcImV4slS1mw%3D&reserved=0>
>
>
> This communication, including any attachments, is confidential. If you are
> not the intended recipient, you should not read it - please contact me
> immediately, destroy it, and do not copy or use any part of this
> communication or disclose anything about it. Thank you. Please note that
> this communication does not designate an information system for the
> purposes of the Electronic Transactions Act 2002.
>
> ------------------------------
> *From:* Steve Capell <steve.capell@gmail.com>
> *Sent:* 15 August 2022 09:39
> *To:* Kyano Kashi <kyanokashi2@gmail.com>
> *Cc:* Manu Sporny <msporny@digitalbazaar.com>; W3C Credentials CG <
> public-credentials@w3.org>
> *Subject:* Re: Authorized Issuer Lists
>
> EXTERNAL EMAIL: This email originated outside of our organisation. Do not
> click links or open attachments unless you recognise the sender and know
> the content is safe.
>
> Yes!
>
> And then the school includes the accreditation vc in their student
> credential vc
>
> Steven Capell
> Mob: 0410 437854
>
> On 15 Aug 2022, at 7:28 am, Kyano Kashi <kyanokashi2@gmail.com> wrote:
>
> 
> Hi Manu,
>
> Forgive my ignorance, but couldn’t we simply have the American Bar
> Association issue VCs to the schools it wishes to accredit for issuing law
> VCs?
>
> Best,
>
> Kyano
>
> On Sun, Aug 14, 2022 at 6:19 PM Manu Sporny <msporny@digitalbazaar.com>
> wrote:
>
> Hi all,
>
> The topic of "lists of authorized issuers for certain types of
> credentials" has been floating around the VC community for a few years
> now. We don't seem to have hit a point where implementers and
> customers feel they absolutely need the feature, but there has been
> enough curiosity around it to perhaps have some exploratory technical
> discussions at some of the upcoming conferences.
>
> The basic concept here is: Can a verifier lean on established trust it
> has in some authority, such as an accreditation body, to get a list of
> issuers for particular types of credentials? To focus on a use case in
> education, how would the American Bar Association publish a list of
> all law schools that it has accredited to issue law degree VCs?
>
> The following paper calls for the exploration of the topic, starting
> at the upcoming RWoT in The Hague (end of September):
>
>
> https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/advance-readings/authorized-issuer-lists.md
>
> Thoughts, concerns, and identification of similar work, are all welcome.
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021)
> https://www.digitalbazaar.com/
>
>
Received on Sunday, 14 August 2022 23:31:41 UTC