- From: Adrian Gropper <agropper@healthurl.com>
- Date: Mon, 3 Jan 2022 16:03:17 -0500
- To: "John, Anil" <anil.john@hq.dhs.gov>
- Cc: W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CANYRo8jObQmdEpeX_i6v1nr=h8mFbKgpxfY62b_PH5ehG9Dh_g@mail.gmail.com>
Anil, I agree with you that control and consent should remain with the subject of a verifiable credential but possession of the credential is not the same as control. The issuer, by definition, controls the VC and has the root relationship with the subject. The subject is, more or less, forced to trust the issuer in order for the subject to exercise control and consent. There is a highly asymmetric power relationship in most cases of issue with DHS examples as the most extreme. In cases where the subject does not sufficiently trust the issuer the subject has the option of taking possession of the VC as a means of control over presentation. This adds a burden to the subject and exposes them to various risks and costs we typically mitigate by separating possession from consent. (Banks don't make money management decisions and money managers do not possess our funds.) This separation of concerns through delegation is arguably a fundamental human right. I hope DHS policy acknowledges the importance of separation of possession from consent and does not take away a subject's right to decide whether control of a VC can be exercised independently of possession. Even if DHS disagrees, it's still imperative that their reasoning and the conversation about this be carried out in a thorough and public fashion in order to build public confidence in digital credentials at scale. Adrian On Mon, Jan 3, 2022 at 3:41 PM John, Anil <anil.john@hq.dhs.gov> wrote: > >Verifiable Credentials can expire. > >It is useful to provide instructions on refreshing the credential for the > times when expiration is imminent or has already occurred. > >The refresh can be performed manually or, with the prior consent of the > credential holder, automatically. > > Happy New Year! > > Good to see more work and thought being put into this so that this can be > standardized! > > Manu -- could you provide a perspective on the > flexibility/optionality/signaling of support for these capabilities by the > issuer? > > Context -- In the work we (U.S. Citizenship and Immigration Services which > is a DHS Operational Component) are doing in the issuance of digital > personal/immigration credentials (U.S. Permanent Resident Card, U.S. > Employment Authorization Document etc.), we made a concrete/explicit > decision that our Issuer infrastructure *WILL NOT* support a refresh > request coming directly from the Verifier as it removes "... control and > consent from the holder and allow the verifiable credential to be issued > directly to the verifier, thereby bypassing the holder" (as per VC Data > Model Section 5.5 Note). We explicitly require the Holder to be in the > loop for such a request for privacy, accountability and business process > reasons. > > Is there some manner of an indicator/signal that is part of this refresh > request that can be implemented by the Issuer to notify the a caller of > what we support and what we do not? > > Best Regards, > > Anil > > Anil John > Technical Director, Silicon Valley Innovation Program > Science and Technology Directorate > US Department of Homeland Security > Washington, DC, USA > > Email Response Time – 24 Hours >
Received on Monday, 3 January 2022 21:03:41 UTC