Re: Authorized Issuer Lists from Eduardo A. Chongkan Líos on 2022-08-15 (public-credentials@w3.org from August 2022)

From: Eduardo A. Chongkan Líos <e.chongkan@gmail.com>
Date: Sun, 14 Aug 2022 22:55:53 -0600
To: "Reed, Drummond" <drummond.reed@avast.com>
Cc: Tobias Looker <tobias.looker@mattr.global>, Steve Capell <steve.capell@gmail.com>, Kyano Kashi <kyanokashi2@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org>
Message-ID: <CAANnk0JmhWkMSgyFJbg6GNPHf0cusCtA7r0x46G-pyRKwSO_0A@mail.gmail.com>
Hi all,

I thought this was going to be handled based on the DID themselves as a
chain of DIDs and VCs. e.g.

A) An Issues must meet certain criteria to an Issues, like the GLEIF or
Bloomberg, they designed the standard, and this pretty much relies on data
integrity and accuracy. They authorize the L2 Agents. Similar to a SSL
Certificate Authority.

B) a VC Registered by L2 Agents, who submit the data to the L1 Issues and
so on.

Similar to how the LEI issuance is being handled.

Attached are a lot of use cases with Diagrams for VCs, DIDs and LEIs

--
Eduardo Chongkan



On Sun, Aug 14, 2022 at 6:47 PM Reed, Drummond <drummond.reed@avast.com>
wrote:

> +1 — this is why ToIP uses "trust registry". Also, to another point made
> on this thread, the ToIP Trust Registry Protocol Specification notes
> that trust registries and chained credentials are not mutually exclusive
> approaches to verifying the authority of an issuer. In fact they can be
> highly complementary; they are just different paths for navigating a trust
> chain.
>
>
> On Sun, Aug 14, 2022 at 3:29 PM Tobias Looker <tobias.looker@mattr.global>
> wrote:
>
>> This is a great and much needed initiative for the credential space. I
>> would note that I think language like "authorized issuer lists" does tend
>> to setup the possible misconception that there is a singular arbiter around
>> who to trust for a particular credential type when in reality trust is
>> contextual. Therefore, I think "trust lists" or "trust registries" are
>> perhaps a better language framing of what we are looking for an
>> interoperable solution to.
>>
>> Thanks,
>>
>> [image: Mattr website]
>> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve..Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>
>>
>>
>>
>> *Tobias Looker*
>>
>> MATTR
>> CTO
>>
>> +64 (0) 27 378 0461
>> tobias.looker@mattr.global
>>
>> [image: Mattr website]
>> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve..Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>
>>
>> [image: Mattr on LinkedIn]
>> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1SbN9fvNg%26u%3Dhttps%253a%252f%252fwww.linkedin.com%252fcompany%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076719975%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t%2BidOI32oaKuTJf1AkcG%2B%2FirIJwbrgzXVZnjOAC52Hs%3D&reserved=0>
>>
>> [image: Mattr on Twitter]
>> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WdMte6ZA%26u%3Dhttps%253a%252f%252ftwitter.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BD9WWyXEjVGlbpbCja93yW%2FzLJZpe%2Ff8lGooe8V6i7w%3D&reserved=0>
>>
>> [image: Mattr on Github]
>> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiWwGdMoDtMw%26u%3Dhttps%253a%252f%252fgithub.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4AhRuXZCnU5i3hcngo4H3UiNayYUtXpRcImV4slS1mw%3D&reserved=0>
>>
>>
>> This communication, including any attachments, is confidential. If you
>> are not the intended recipient, you should not read it - please contact me
>> immediately, destroy it, and do not copy or use any part of this
>> communication or disclose anything about it. Thank you. Please note that
>> this communication does not designate an information system for the
>> purposes of the Electronic Transactions Act 2002.
>>
>> ------------------------------
>> *From:* Steve Capell <steve.capell@gmail.com>
>> *Sent:* 15 August 2022 09:39
>> *To:* Kyano Kashi <kyanokashi2@gmail.com>
>> *Cc:* Manu Sporny <msporny@digitalbazaar.com>; W3C Credentials CG <
>> public-credentials@w3.org>
>> *Subject:* Re: Authorized Issuer Lists
>>
>> EXTERNAL EMAIL: This email originated outside of our organisation. Do not
>> click links or open attachments unless you recognise the sender and know
>> the content is safe.
>>
>> Yes!
>>
>> And then the school includes the accreditation vc in their student
>> credential vc
>>
>> Steven Capell
>> Mob: 0410 437854
>>
>> On 15 Aug 2022, at 7:28 am, Kyano Kashi <kyanokashi2@gmail.com> wrote:
>>
>> 
>> Hi Manu,
>>
>> Forgive my ignorance, but couldn’t we simply have the American Bar
>> Association issue VCs to the schools it wishes to accredit for issuing law
>> VCs?
>>
>> Best,
>>
>> Kyano
>>
>> On Sun, Aug 14, 2022 at 6:19 PM Manu Sporny <msporny@digitalbazaar.com>
>> wrote:
>>
>> Hi all,
>>
>> The topic of "lists of authorized issuers for certain types of
>> credentials" has been floating around the VC community for a few years
>> now. We don't seem to have hit a point where implementers and
>> customers feel they absolutely need the feature, but there has been
>> enough curiosity around it to perhaps have some exploratory technical
>> discussions at some of the upcoming conferences.
>>
>> The basic concept here is: Can a verifier lean on established trust it
>> has in some authority, such as an accreditation body, to get a list of
>> issuers for particular types of credentials? To focus on a use case in
>> education, how would the American Bar Association publish a list of
>> all law schools that it has accredited to issue law degree VCs?
>>
>> The following paper calls for the exploration of the topic, starting
>> at the upcoming RWoT in The Hague (end of September):
>>
>>
>> https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/advance-readings/authorized-issuer-lists.md
>>
>> Thoughts, concerns, and identification of similar work, are all welcome.
>>
>> -- manu
>>
>> --
>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>> Founder/CEO - Digital Bazaar, Inc.
>> News: Digital Bazaar Announces New Case Studies (2021)
>> https://www.digitalbazaar.com/
>>
>>
Attachments

application/pdf attachment: WhitePaper_VerifiableCredentials-CBT.pdf
Received on Monday, 15 August 2022 04:56:47 UTC