Re: Authorized Issuer Lists from Lluís Alfons Ariño Martín on 2022-08-15 (public-credentials@w3.org from August 2022)

From: Lluís Alfons Ariño Martín <lluisalfons.arino@urv.cat>
Date: Mon, 15 Aug 2022 05:49:06 +0000
To: Eduardo A. Chongkan Líos <e.chongkan@gmail.com>, "Reed, Drummond" <drummond.reed@avast.com>
CC: Tobias Looker <tobias.looker@mattr.global>, Steve Capell <steve.capell@gmail.com>, Kyano Kashi <kyanokashi2@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org>
Message-ID: <DB9PR01MB900784E493E930BFA4199A1AF0689@DB9PR01MB9007.eurprd01.prod.exchangelabs>
<https://ec.europa.eu/digital-building-blocks/wikis/display/EBSIDOC/Verifiable+Credentials+Lifecycle><https://ec.europa.eu/digital-building-blocks/wikis/display/EBSIDOC/Issuers+trust+model+-+Accreditation+of+Issuers>Hi all,

If it can be helpful (the approach), to solve this point in EBSI we defined a "Generic framework for issuing and sharing credentials". We use per-business domain "verifiable accreditations" issued to entitled DIDs.

The EBSI model is described at: EBSI's Verifiable Credentials Lifecycle<https://ec.europa.eu/digital-building-blocks/wikis/display/EBSIDOC/Verifiable+Credentials+Lifecycle>

Specifically, the trust model can be found at: Issuers trust model - onboarding and accreditations<https://ec.europa.eu/digital-building-blocks/wikis/display/EBSIDOC/Issuers+trust+model+-+Accreditation+of+Issuers>


BR

  Lluís



Lluís Ariño
CIO at Universitat Rovira i Virgili
________________________________
From: Eduardo A. Chongkan Líos <e.chongkan@gmail.com>
Sent: Monday, August 15, 2022 6:55:53 AM
To: Reed, Drummond <drummond.reed@avast.com>
Cc: Tobias Looker <tobias.looker@mattr.global>; Steve Capell <steve.capell@gmail.com>; Kyano Kashi <kyanokashi2@gmail.com>; Manu Sporny <msporny@digitalbazaar.com>; W3C Credentials CG <public-credentials@w3.org>
Subject: Re: Authorized Issuer Lists

Hi all,

I thought this was going to be handled based on the DID themselves as a chain of DIDs and VCs. e.g.

A) An Issues must meet certain criteria to an Issues, like the GLEIF or Bloomberg, they designed the standard, and this pretty much relies on data integrity and accuracy. They authorize the L2 Agents. Similar to a SSL Certificate Authority.

B) a VC Registered by L2 Agents, who submit the data to the L1 Issues and so on.

Similar to how the LEI issuance is being handled.

Attached are a lot of use cases with Diagrams for VCs, DIDs and LEIs

--
Eduardo Chongkan



On Sun, Aug 14, 2022 at 6:47 PM Reed, Drummond <drummond.reed@avast.com<mailto:drummond.reed@avast.com>> wrote:
+1 — this is why ToIP uses "trust registry". Also, to another point made on this thread, the ToIP Trust Registry Protocol Specification notes that trust registries and chained credentials are not mutually exclusive approaches to verifying the authority of an issuer. In fact they can be highly complementary; they are just different paths for navigating a trust chain.


On Sun, Aug 14, 2022 at 3:29 PM Tobias Looker <tobias.looker@mattr.global> wrote:
This is a great and much needed initiative for the credential space. I would note that I think language like "authorized issuer lists" does tend to setup the possible misconception that there is a singular arbiter around who to trust for a particular credential type when in reality trust is contextual. Therefore, I think "trust lists" or "trust registries" are perhaps a better language framing of what we are looking for an interoperable solution to.


Thanks,

[Mattr website]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>



Tobias Looker

MATTR
CTO

+64 (0) 27 378 0461
tobias.looker@mattr.global<mailto:tobias.looker@mattr.global>

[Mattr website]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>

[Mattr on LinkedIn]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1SbN9fvNg%26u%3Dhttps%253a%252f%252fwww.linkedin.com%252fcompany%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076719975%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t%2BidOI32oaKuTJf1AkcG%2B%2FirIJwbrgzXVZnjOAC52Hs%3D&reserved=0>

[Mattr on Twitter]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WdMte6ZA%26u%3Dhttps%253a%252f%252ftwitter.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BD9WWyXEjVGlbpbCja93yW%2FzLJZpe%2Ff8lGooe8V6i7w%3D&reserved=0>

[Mattr on Github]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiWwGdMoDtMw%26u%3Dhttps%253a%252f%252fgithub.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4AhRuXZCnU5i3hcngo4H3UiNayYUtXpRcImV4slS1mw%3D&reserved=0>

This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.

________________________________
From: Steve Capell <steve.capell@gmail.com<mailto:steve.capell@gmail.com>>
Sent: 15 August 2022 09:39
To: Kyano Kashi <kyanokashi2@gmail.com<mailto:kyanokashi2@gmail.com>>
Cc: Manu Sporny <msporny@digitalbazaar.com<mailto:msporny@digitalbazaar.com>>; W3C Credentials CG <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: Re: Authorized Issuer Lists

EXTERNAL EMAIL: This email originated outside of our organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe.

Yes!

And then the school includes the accreditation vc in their student credential vc

Steven Capell
Mob: 0410 437854

On 15 Aug 2022, at 7:28 am, Kyano Kashi <kyanokashi2@gmail.com<mailto:kyanokashi2@gmail.com>> wrote:


Hi Manu,

Forgive my ignorance, but couldn’t we simply have the American Bar Association issue VCs to the schools it wishes to accredit for issuing law VCs?

Best,

Kyano

On Sun, Aug 14, 2022 at 6:19 PM Manu Sporny <msporny@digitalbazaar.com<mailto:msporny@digitalbazaar.com>> wrote:
Hi all,

The topic of "lists of authorized issuers for certain types of
credentials" has been floating around the VC community for a few years
now. We don't seem to have hit a point where implementers and
customers feel they absolutely need the feature, but there has been
enough curiosity around it to perhaps have some exploratory technical
discussions at some of the upcoming conferences.

The basic concept here is: Can a verifier lean on established trust it
has in some authority, such as an accreditation body, to get a list of
issuers for particular types of credentials? To focus on a use case in
education, how would the American Bar Association publish a list of
all law schools that it has accredited to issue law degree VCs?

The following paper calls for the exploration of the topic, starting
at the upcoming RWoT in The Hague (end of September):

https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/advance-readings/authorized-issuer-lists.md


Thoughts, concerns, and identification of similar work, are all welcome.

-- manu

--
Manu Sporny - https://www.linkedin.com/in/manusporny/

Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/
Received on Monday, 15 August 2022 05:49:24 UTC