Re: Authorized Issuer Lists

To add to the list of resources in this thread, here is a demonstration 
of how a DID resolver can verify if a DID's verification methods are 
bound to existing X.509 trust infrastructure:

Note: This doesn't say anything about what credentials an issuer is 
allowed to issue, it's only about linking DIDs to existing X.509-based PKI.


On 14.08.22 19:15, Manu Sporny wrote:
> Hi all,
> The topic of "lists of authorized issuers for certain types of
> credentials" has been floating around the VC community for a few years
> now. We don't seem to have hit a point where implementers and
> customers feel they absolutely need the feature, but there has been
> enough curiosity around it to perhaps have some exploratory technical
> discussions at some of the upcoming conferences.
> The basic concept here is: Can a verifier lean on established trust it
> has in some authority, such as an accreditation body, to get a list of
> issuers for particular types of credentials? To focus on a use case in
> education, how would the American Bar Association publish a list of
> all law schools that it has accredited to issue law degree VCs?
> The following paper calls for the exploration of the topic, starting
> at the upcoming RWoT in The Hague (end of September):
> Thoughts, concerns, and identification of similar work, are all welcome.
> -- manu

Received on Tuesday, 16 August 2022 07:29:24 UTC