Re: Multi-signature Verifiable Credentials from Harrison on 2022-12-11 (public-credentials@w3.org from December 2022)

From: Harrison <harrison@spokeo.com>
Date: Sun, 11 Dec 2022 08:50:05 -0800
To: Gabe Cohen <gabe@tbd.email>
Cc: Jack Tanner <jack@tonomy.foundation>, Snorre Lothar von Gohren Edwin <snorre@diwala.io>, Manu Sporny <msporny@digitalbazaar.com>, public-credentials@w3.org, rebal@tonomy.foundation, Suneet Bendre <bendre.android@gmail.com>, steve.e.magennis@gmail.com
Message-ID: <CAFYh=41_Jtcs_ibpPGXtZbw7ELq7UdpjNLRWErzjCAHAiXYNiw@mail.gmail.com>
We've invited Jack and the Tonomy team to present and lead the discussion
on this topic of "Multi-Signature Verifiable Credentials and Conditional
Proofs" on *2/14/2023*.  Please continue this great discussion!

You can see the latest W3C CCG calendar here:
https://www.w3.org/groups/cg/credentials/calendar.

Sincerely,
Harrison


On Tue, Dec 6, 2022 at 12:30 PM Gabe Cohen <gabe@tbd.email> wrote:

> Jack, awesome work!
>
> It would be great for you to add to this issue:
> https://github.com/w3c/vc-data-model/issues/932 which attempts to address
> “multiple issuers” in the VCDM.
>
> Perhaps your work could make it into the spec as a reference to VC-JWT or
> similar.
>
> Gabe
>
> On Dec 5, 2022 at 1:59:05 AM, Jack Tanner <jack@tonomy.foundation> wrote:
>
>> We have now completed an implementation of the multi-signature and
>> delegated VCs up and running using the DIF did-jwt(-vc) libraries!
>>
>>
>> https://blog.tonomy.foundation/verifiable-credentials-with-provable-delegated-and-multi-sig-signatures-e46ca74d7d87
>> The above article explains what we've done and links the various works.
>>
>> I'd like to add this as a discussion agenda point on tomorrow's weeks W3C
>> CCG call. Eventually, we'd like to get this change approved and added to
>> the upstream repos as well.
>>
>> As part of this, we renamed "Verifiable Conditions" to "Conditional
>> Proofs" as suggested in our call, and would like to see upstream
>> change approved to the W3C CCG repo
>> <https://github.com/w3c-ccg/verifiable-conditions/pull/10> as well.
>>
>> Cheers,
>> Jack
>>
>> On Tue, 18 Oct 2022 at 16:44, <steve.e.magennis@gmail.com> wrote:
>>
>>> Snorree, the scenario you describe regarding potential future dissonance
>>> highlights an important consideration. VC’s are great for preserving
>>> *the* *intent* of one or more parties **at a given point in time** if
>>> that intent later changes then you need to think in terms of
>>> revocation/re-issuance or modification of a VC. Multi-sig can potentially
>>> give you a little flexibility by allowing some issuers to change their
>>> intent while others do not, but I don’t think M of N is the best way to
>>> deal with it.
>>>
>>>
>>>
>>> -S
>>>
>>>
>>>
>>> *From:* Snorre Lothar von Gohren Edwin <snorre@diwala.io>
>>> *Sent:* Tuesday, October 18, 2022 6:52 AM
>>> *To:* Jack Tanner <jack@tonomy.foundation>
>>> *Cc:* Manu Sporny <msporny@digitalbazaar.com>; public-credentials@w3.org;
>>> rebal@tonomy.foundation; Suneet Bendre <bendre.android@gmail.com>
>>> *Subject:* Re: Multi-signature Verifiable Credentials
>>>
>>>
>>>
>>> I would love to understand what customers are asking for to translate
>>> this logic into human needs.
>>>
>>> Because we are facing a situation where credentials have had the
>>> Presidents signature on them(physically) and that was a verification
>>> mechanism in this ecosystem. But in reality, adding this signature together
>>> with the institute signature inside the VC, will add a potential
>>> future dissonance. Because the President might have quit, and it might not
>>> make sense any more. Unless you mix in timestamps and so on.
>>>
>>> What I have been reasoning about is the question, does this signature
>>> need external auditability? Yes? Put it in the VC. No? Leave it.
>>> While for most cases, the institute signature is enough, and if one ever
>>> wants to dispute a credential, there is an internal audit that has to make
>>> sure it was not a bad actor move or something else..
>>>
>>> What are your thoughts on this?
>>>
>>> Also why Im trying to learn what real live customers are asking for and
>>> what mental model I can wrap around what we are discussing here.
>>>
>>> ᐧ
>>>
>>>
>>>
>>> On Mon, Oct 3, 2022 at 12:18 PM Jack Tanner <jack@tonomy.foundation>
>>> wrote:
>>>
>>> For the cases that we are looking at
>>>
>>> * Using multiple proofs to perform set-based multi-signature. (we want
>>> to be able to asynchronous sign the VC)
>>> * Using multiple proofs to perform chain-based multi-signature.
>>> * Using multiple proofs to perform multi-level/enveloped multi-signature.
>>> * Using a single proof to perform set-based multi-signature. (sign a VC
>>> with a number of keys at once)
>>> * Using a single proof to perform chain-based multi-signature.
>>> * Using a single proof to perform M of N threshold multi-signature. (we
>>> are using W3C's Verifiable Condition to express this condition in the DID
>>> Document)
>>> * Using a single proof to perform privacy-preserving M of N  threshold
>>> multi-signature.
>>>
>>>
>>>
>>> Food for thought, the implementation we just finished with JWT's is a
>>> kind of chain proof in the end to make it comply to the JWT standard - we
>>> nested each JWS as the payload for the next JWS inside the JWT.
>>>
>>>
>>>
>>> Proof sets for JSON-LD format is also a great approach.
>>>
>>>
>>>
>>> Cheers,
>>>
>>> Jack
>>>
>>>
>>>
>>> On Sat, 1 Oct 2022 at 20:52, Manu Sporny <msporny@digitalbazaar.com>
>>> wrote:
>>>
>>> On Wed, Sep 28, 2022 at 4:08 AM Jack Tanner <jack@tonomy.foundation>
>>> wrote:
>>> > What should the proof look like?
>>>
>>> We're trying to lock this down over the next couple of weeks in the
>>> VCWG. The specific sections of the Data Integrity spec (with examples)
>>> are here:
>>>
>>>
>>> https://pr-preview.s3.amazonaws.com/w3c/vc-data-integrity/pull/59.html#proof-sets
>>>
>>> and here:
>>>
>>>
>>> https://pr-preview.s3.amazonaws.com/w3c/vc-data-integrity/pull/59.html#proof-chains
>>>
>>> > Which VC library would make the most sense for the initial
>>> implementation?
>>>
>>> Digital Bazaar's open source vc-js library will support proof sets and
>>> chains (as specified in the Data Integrity spec by the VCWG) in
>>> production. There is strong customer pull for proof sets. There is not
>>> strong customer pull for proof chains, but given that we have the
>>> opportunity to define a global standard for doing that AND because
>>> there are use cases like notarization that are important, we plan to
>>> add full support for that as well.
>>>
>>> Regarding the concept of multi-signature, I am a bit concerned that
>>> people are talking past each other as there are a number of categories
>>> there and it's possible that not everyone is talking about the same
>>> categories of multisig. There are at least these categories:
>>>
>>> * Using multiple proofs to perform set-based multi-signature.
>>> * Using multiple proofs to perform chain-based multi-signature.
>>> * Using multiple proofs to perform multi-level/enveloped multi-signature.
>>> * Using a single proof to perform set-based multi-signature.
>>> * Using a single proof to perform chain-based multi-signature.
>>> * Using a single proof to perform M of N threshold multi-signature.
>>> * Using a single proof to perform privacy-preserving M of N  threshold
>>> multi-signature.
>>>
>>> So, when you say "multi-signature" -- which one of these things are
>>> you talking about?
>>>
>>> -- manu
>>>
>>> --
>>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>>> Founder/CEO - Digital Bazaar, Inc.
>>> News: Digital Bazaar Announces New Case Studies (2021)
>>> https://www.digitalbazaar.com/
>>>
>>>
>>>
>>>
>>> --
>>>
>>> _________________________________________
>>>
>>> Jack Tanner
>>>
>>> Founder and Architect | Tonomy Foundation
>>>
>>> p: (+31) 6 2216 5433
>>>
>>> w: tonomy.foundation e: jack@tonomy.foundation
>>>
>>> <https://twitter.com/@theblockstalk>
>>> <https://www.linkedin.com/in/jack-tanner/>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> *Snorre Lothar von Gohren Edwin*
>>>
>>> Co-Founder & CTO, Diwala
>>>
>>> +47 411 611 94
>>> www.diwala.io
>>> <http://www.diwala.io/>
>>>
>>> *Stay on top of Diwala news on social media! Facebook
>>> <https://www.facebook.com/diwalaorg> / LinkedIn
>>> <https://www.linkedin.com/company/diwala> / Instagram
>>> <https://www.instagram.com/diwala_/> / Twitter <https://twitter.com/Diwala>*
>>>
>>
>>
>> --
>> _________________________________________
>>
>> Jack Tanner
>> Founder and Architect | Tonomy Foundation
>> p: (+31) 6 2216 5433
>> w: tonomy.foundation e: jack@tonomy.foundation
>> <https://twitter.com/@theblockstalk>
>> <https://www.linkedin.com/in/jack-tanner/>
>>
>

-- 
*Harrison Tang*
CEO
  <https://www.linkedin.com/in/theceodad/>LinkedIn
<https://www.linkedin.com/in/theceodad/>
<https://www.linkedin.com/in/theceodad/> •
<https://twitter.com/TheCEODad>Twitter <https://twitter.com/TheCEODad>  •
<https://www.tiktok.com/@tang_toks> Tiktok
<https://www.tiktok.com/@tang_toks>  •
<https://www.facebook.com/TheCEODad> Facebook
<https://www.facebook.com/TheCEODad/>
Received on Sunday, 11 December 2022 16:50:36 UTC