Re: Authorized Issuer Lists from Tomislav Markovski on 2022-08-15 (public-credentials@w3.org from August 2022)

From: Tomislav Markovski <tomislav@trinsic.id>
Date: Mon, 15 Aug 2022 08:24:33 -0400
To: Tobias Looker <tobias.looker@mattr.global>
Cc: Steve Capell <steve.capell@gmail.com>, Kyano Kashi <kyanokashi2@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org>
Message-ID: <CAMJx-oAe=KuxJJDA3OP8U+M22nWQCgrghx7VN4c976eE2YgYxA@mail.gmail.com>
Naming is fun. I would even take this a step further and move away from the
loaded word "trust" to something more generic like "membership list" or
"membership registry" or simply just "registry". You can then have a
"registry" named "authorized issuers" or "trusted verifiers" to reflect the
specific use case.

In addition, and on topic, registries can also have privacy-preserving
features and can be implemented using technologies like cryptographic
accumulators. Accumulators support use-cases where registry or list
membership is sensitive and shouldn't reveal information about everyone in
the registry. For example a registry of authorized debt collection
agencies, or list of obgyn licensed providers.
We've done some POC work in this area and I would love to have these
privacy use cases supported by the subject of our topic.

On Sun, Aug 14, 2022 at 6:29 PM Tobias Looker <tobias.looker@mattr.global>
wrote:

> This is a great and much needed initiative for the credential space. I
> would note that I think language like "authorized issuer lists" does tend
> to setup the possible misconception that there is a singular arbiter around
> who to trust for a particular credential type when in reality trust is
> contextual. Therefore, I think "trust lists" or "trust registries" are
> perhaps a better language framing of what we are looking for an
> interoperable solution to.
>
> Thanks,
>
> [image: Mattr website]
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>
>
>
>
> *Tobias Looker*
>
> MATTR
> CTO
>
> +64 (0) 27 378 0461
> tobias.looker@mattr.global
>
> [image: Mattr website]
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>
>
> [image: Mattr on LinkedIn]
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1SbN9fvNg%26u%3Dhttps%253a%252f%252fwww.linkedin.com%252fcompany%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076719975%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t%2BidOI32oaKuTJf1AkcG%2B%2FirIJwbrgzXVZnjOAC52Hs%3D&reserved=0>
>
> [image: Mattr on Twitter]
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WdMte6ZA%26u%3Dhttps%253a%252f%252ftwitter.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BD9WWyXEjVGlbpbCja93yW%2FzLJZpe%2Ff8lGooe8V6i7w%3D&reserved=0>
>
> [image: Mattr on Github]
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiWwGdMoDtMw%26u%3Dhttps%253a%252f%252fgithub.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4AhRuXZCnU5i3hcngo4H3UiNayYUtXpRcImV4slS1mw%3D&reserved=0>
>
>
> This communication, including any attachments, is confidential. If you are
> not the intended recipient, you should not read it - please contact me
> immediately, destroy it, and do not copy or use any part of this
> communication or disclose anything about it. Thank you. Please note that
> this communication does not designate an information system for the
> purposes of the Electronic Transactions Act 2002.
>
> ------------------------------
> *From:* Steve Capell <steve.capell@gmail.com>
> *Sent:* 15 August 2022 09:39
> *To:* Kyano Kashi <kyanokashi2@gmail.com>
> *Cc:* Manu Sporny <msporny@digitalbazaar.com>; W3C Credentials CG <
> public-credentials@w3.org>
> *Subject:* Re: Authorized Issuer Lists
>
> EXTERNAL EMAIL: This email originated outside of our organisation. Do not
> click links or open attachments unless you recognise the sender and know
> the content is safe.
>
> Yes!
>
> And then the school includes the accreditation vc in their student
> credential vc
>
> Steven Capell
> Mob: 0410 437854
>
> On 15 Aug 2022, at 7:28 am, Kyano Kashi <kyanokashi2@gmail.com> wrote:
>
> 
> Hi Manu,
>
> Forgive my ignorance, but couldn’t we simply have the American Bar
> Association issue VCs to the schools it wishes to accredit for issuing law
> VCs?
>
> Best,
>
> Kyano
>
> On Sun, Aug 14, 2022 at 6:19 PM Manu Sporny <msporny@digitalbazaar.com>
> wrote:
>
> Hi all,
>
> The topic of "lists of authorized issuers for certain types of
> credentials" has been floating around the VC community for a few years
> now. We don't seem to have hit a point where implementers and
> customers feel they absolutely need the feature, but there has been
> enough curiosity around it to perhaps have some exploratory technical
> discussions at some of the upcoming conferences.
>
> The basic concept here is: Can a verifier lean on established trust it
> has in some authority, such as an accreditation body, to get a list of
> issuers for particular types of credentials? To focus on a use case in
> education, how would the American Bar Association publish a list of
> all law schools that it has accredited to issue law degree VCs?
>
> The following paper calls for the exploration of the topic, starting
> at the upcoming RWoT in The Hague (end of September):
>
>
> https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/advance-readings/authorized-issuer-lists.md
>
> Thoughts, concerns, and identification of similar work, are all welcome.
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021)
> https://www.digitalbazaar.com/
>
>
Received on Monday, 15 August 2022 12:24:58 UTC