Re: [PROPOSED WORK ITEM] Verifiable Issuers and Verifiers

On Sat, Dec 17, 2022 at 11:28 AM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On Fri, Dec 16, 2022 at 4:42 PM Alan Karp <alanhkarp@gmail.com> wrote:
> > I think an equally important question is "In what ways am I vulnerable
> if I ask X to do Y?"
>
> Alan, your comment is too meta for me. Please help me understand your
> point with a concrete use case or example.


To stick with your university degree example, say that Alice asks her
school to send her transcript
to a prospective employer.  Your question is, "Can Alice trust the
university to send the transcript
to that company?"  The implied risk is that the university won't or perhaps
will send it to the wrong
company, what I referred to as mis-performance or mal-performance.  My
question also considers
the risk that her university will inform her current employer of her
request.  In other words, she is
vulnerable to actions that are independent of her request itself.

You could say that the word "trust" encompasses all of that, but I've found
that using "vulnerable"
leads people to think more broadly about risks.

--------------
Alan Karp


On Sat, Dec 17, 2022 at 11:28 AM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On Fri, Dec 16, 2022 at 4:42 PM Alan Karp <alanhkarp@gmail.com> wrote:
> > I think an equally important question is "In what ways am I vulnerable
> if I ask X to do Y?"
>
> Alan, your comment is too meta for me. Please help me understand your
> point with a concrete use case or example.
>
> Also, please forgive me if we haven't considered what you're
> raising... we're early days here, so not everything is going to have a
> well trodden rationale. :)
>
> In an attempt to interpret your statement through a use case -- there
> are around 3,982 degree-granting postsecondary institutions in the
> U.S. The U.S. Department of Education's Office of Postsecondary
> Education (OPE) maintains ONE of the accreditation databases and
> provides it as a public service (without warranty). That database
> could be published as a Verifiable Issuer List on a web page.
>
> If you run a Verifier that checks if someone has a university degree
> as a part of some business process, it would be helpful for you to
> consume an up to date list of those 3,982 issuers... presumably by
> reading that Verifiable Issuer List from a website.
>
> So, given that use case, your question can be construed as: "In what
> ways am I vulnerable if I ask this university registrar to issue a
> university degree to me?... or "In what ways am I vulnerable if I ask
> this employer to check to see if my university degree is valid?" --
> see why I'm confused? The answer could be: "You're not?" to "You're
> always vulnerable in some way?".
>
> What the work is attempting to do is address 80% of the use cases, not
> be a 100% solution. It focuses just on the data model and verifiable
> credential, not on the surrounding ecossytem, or APIs, or any of the
> other higher order management/governance processes that make
> addressing "the problem" nearly intractable.
>
> The work focuses on ensuring that anyone can create and share these
> lists, you don't have to be special to do it. Anyone can use someone
> else's list, or combine lists for their own use.
>
> We tried to stay away from the word "trust" because it's over used,
> loaded, and tends toward meaninglessness. That I trust a particular
> list doesn't mean that you trust that same list. A trust in a list
> might wax and wane depending on who is maintaining that list over
> time. So, it's important that we don't put too much faith into these
> lists or suggest that they're infallible or there must be ONE list for
> any particular ecosystem.
>
> All that to say -- I'm afraid I've misinterpreted what you were saying
> and need you to be more concrete and blunt. :)
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021)
> https://www.digitalbazaar.com/
>

Received on Saturday, 17 December 2022 20:14:25 UTC