Re: Authorized Issuer Lists from Leah Houston, MD on 2022-08-15 (public-credentials@w3.org from August 2022)

From: Leah Houston, MD <leah@hpec.io>
Date: Mon, 15 Aug 2022 07:39:37 -0400
To: Adrian Gropper <agropper@healthurl.com>
Cc: Kyano Kashi <kyanokashi2@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>, Steve Capell <steve.capell@gmail.com>, Tobias Looker <tobias.looker@mattr.global>, W3C Credentials CG <public-credentials@w3.org>
Message-ID: <CAMWC-kirEPBsyxZV3ZT1DC2h-ByaFsPg2wFVPybtu=US=WcSzA@mail.gmail.com>
I think in order to avoid a dystopian situation there needs to be a way to
self register on these lists… Anyone should be able to register as an
issuer, and the volume of usage of those issues credentials by verifiers
can be tracked so that people can infer how trusted it is by the volume and
diversity of who is using those verifiers.

For the medical industry I give the example of ABMS - The American Board of
medical specialties vs NBPAS - The the national board of physicians and
surgeons.

ABMS Was trusted for many many years, and only recently over the last 5 or
10 years has come under extreme scrutiny because they started moving the
goal post on Practicing physicians and raising the cost and effort needed
to stay accredited. (They have actually been brought up on charges for of
racketeering)

NBPAS - has recently started to be accepted by the physician community and
hospitals alike. Insurance companies will soon start to recognize it as as
well.

In this example the instant that A new accreding body like NBPAS becomes
available the founders of the accrediting body could add that body to the
list. Initially it would go un-utilized, however as verifying bodies start
accepting the new credentials the usage can be automatically tracked and
registered under that particular accrediting body. As time went on and
usage went up but accrediting body will gain more notoriety based on its
actual usage.

I feel a governance structure like this is absolutely necessary because at
minimum it gives a mechanism for the people to regulate the regulators.

Do any of the specifications support this kind of governance? I’d be
curious to hear peoples thoughts on this.



On Sun, Aug 14, 2022 at 7:34 PM Adrian Gropper <agropper@healthurl.com>
wrote:

> What is to be the difference between a registry of issuers and the Apple
> App Store? Are client credentials somehow different from other verifiable
> credentials?
>
> - Adrian
>
> On Sun, Aug 14, 2022 at 6:44 PM Steve Capell <steve.capell@gmail.com>
> wrote:
>
>> Very true that trust comes both from
>> - “de-jure” authorities that have the legal authority to make certain
>> statements - and
>> - evidence of trustworthy participation such as good ratings from peers
>> that I trust
>>
>> Two different things and both valid.  However my current focus is the
>> first one - the formal / legal accreditations and how to express and verify
>> them as a linked credential graph
>>
>> The solution to the second one in a decentralised architecture also
>> probably has something to do with trust graphs as well.  If I’ve got a 5
>> star rating from Amazon as a seller that is based on 1000 reviews over 10
>> years then I’d love to get a VC from Amazon attesting to that so I can
>> leverage that reputation on other channels - but I can’t see why Amazon
>> would be motivated to give it to me.  Might need some GDPR style regulation
>> that entitles me to demand it from the walled garden networks
>>
>> Cheers
>>
>> Steven Capell
>> Mob: 0410 437854
>>
>> On 15 Aug 2022, at 8:26 am, Tobias Looker <tobias.looker@mattr.global>
>> wrote:
>>
>> 
>>
>> This is a great and much needed initiative for the credential space. I
>> would note that I think language like "authorized issuer lists" does tend
>> to setup the possible misconception that there is a singular arbiter around
>> who to trust for a particular credential type when in reality trust is
>> contextual. Therefore, I think "trust lists" or "trust registries" are
>> perhaps a better language framing of what we are looking for an
>> interoperable solution to.
>>
>> Thanks,
>>
>> [image: Mattr website]
>> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>
>>
>>
>>
>> *Tobias Looker*
>>
>> MATTR
>> CTO
>>
>> +64 (0) 27 378 0461
>> tobias.looker@mattr.global
>>
>> [image: Mattr website]
>> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>
>>
>> [image: Mattr on LinkedIn]
>> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1SbN9fvNg%26u%3Dhttps%253a%252f%252fwww.linkedin.com%252fcompany%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076719975%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t%2BidOI32oaKuTJf1AkcG%2B%2FirIJwbrgzXVZnjOAC52Hs%3D&reserved=0>
>>
>> [image: Mattr on Twitter]
>> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WdMte6ZA%26u%3Dhttps%253a%252f%252ftwitter.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BD9WWyXEjVGlbpbCja93yW%2FzLJZpe%2Ff8lGooe8V6i7w%3D&reserved=0>
>>
>> [image: Mattr on Github]
>> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiWwGdMoDtMw%26u%3Dhttps%253a%252f%252fgithub.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4AhRuXZCnU5i3hcngo4H3UiNayYUtXpRcImV4slS1mw%3D&reserved=0>
>>
>>
>> This communication, including any attachments, is confidential. If you
>> are not the intended recipient, you should not read it - please contact me
>> immediately, destroy it, and do not copy or use any part of this
>> communication or disclose anything about it. Thank you. Please note that
>> this communication does not designate an information system for the
>> purposes of the Electronic Transactions Act 2002.
>>
>> ------------------------------
>> *From:* Steve Capell <steve.capell@gmail.com>
>> *Sent:* 15 August 2022 09:39
>> *To:* Kyano Kashi <kyanokashi2@gmail.com>
>> *Cc:* Manu Sporny <msporny@digitalbazaar.com>; W3C Credentials CG <
>> public-credentials@w3.org>
>> *Subject:* Re: Authorized Issuer Lists
>>
>> EXTERNAL EMAIL: This email originated outside of our organisation. Do not
>> click links or open attachments unless you recognise the sender and know
>> the content is safe.
>>
>> Yes!
>>
>> And then the school includes the accreditation vc in their student
>> credential vc
>>
>> Steven Capell
>> Mob: 0410 437854
>>
>> On 15 Aug 2022, at 7:28 am, Kyano Kashi <kyanokashi2@gmail.com> wrote:
>>
>> 
>> Hi Manu,
>>
>> Forgive my ignorance, but couldn’t we simply have the American Bar
>> Association issue VCs to the schools it wishes to accredit for issuing law
>> VCs?
>>
>> Best,
>>
>> Kyano
>>
>> On Sun, Aug 14, 2022 at 6:19 PM Manu Sporny <msporny@digitalbazaar.com>
>> wrote:
>>
>> Hi all,
>>
>> The topic of "lists of authorized issuers for certain types of
>> credentials" has been floating around the VC community for a few years
>> now. We don't seem to have hit a point where implementers and
>> customers feel they absolutely need the feature, but there has been
>> enough curiosity around it to perhaps have some exploratory technical
>> discussions at some of the upcoming conferences.
>>
>> The basic concept here is: Can a verifier lean on established trust it
>> has in some authority, such as an accreditation body, to get a list of
>> issuers for particular types of credentials? To focus on a use case in
>> education, how would the American Bar Association publish a list of
>> all law schools that it has accredited to issue law degree VCs?
>>
>> The following paper calls for the exploration of the topic, starting
>> at the upcoming RWoT in The Hague (end of September):
>>
>>
>> https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/advance-readings/authorized-issuer-lists.md
>>
>> Thoughts, concerns, and identification of similar work, are all welcome.
>>
>> -- manu
>>
>> --
>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>> Founder/CEO - Digital Bazaar, Inc.
>> News: Digital Bazaar Announces New Case Studies (2021)
>> https://www.digitalbazaar.com/
>>
>> --
Leah Houston M.D.
President and Founding Partner
www.hpec.io
Humanitarian Physicians Empowerment Community
Humanitarian Physicians Empowerment Coin
Received on Monday, 15 August 2022 11:40:02 UTC