Re: Credential Chaining from Harrison on 2022-07-03 (public-credentials@w3.org from July 2022)

From: Harrison <harrison@spokeo.com>
Date: Sun, 3 Jul 2022 14:35:53 -0700
To: Brent Shambaugh <brent.shambaugh@gmail.com>
Cc: Credentials Community Group <public-credentials@w3.org>, David Chadwick <d.w.chadwick@truetrust.co.uk>
Message-ID: <CAFYh=43d1RAmKzgGG+honWDS81cge2L48qNFkJ04oH-x5rCW0w@mail.gmail.com>

Just curious:  I can imagine that some Issuers would want to check the
authenticity of the Holder (i.e. making sure that the Holder is who they
say they are) before issuing a credential.  Otherwise, anyone can claim
that they are Tom Cruise and get his credentials.  What do we do in this
case?

In this scenario, I can imagine that the Holder has a special, "soulbound"
(i.e. non-transferable), and secure-enclave-like credential that includes
authentication factor information like SMS OTP and/or hashed biometric
tokens, and then the Issuer can check against this special authenticator
credential before deciding whether to issue a credential to the Holder or
not (i.e. credential chaining).  This problem has probably come up before,
and does the high-level concept above make sense?  Or is there a better
alternative?

Sincerely,
Harrison

On Sat, Jul 2, 2022 at 12:31 PM Brent Shambaugh <brent.shambaugh@gmail.com>
wrote:

> Thank you all. I believe this is what I had in mind. It is sort of like
> maintaining state with verifiable credentials. You cannot do this unless
> you've done this. Prerequisites. I'll chew on this like manna from heaven.
>
>
> -Brent Shambaugh
>
> GitHub: https://github.com/bshambaugh
> Website: http://bshambaugh.org/
> LinkedIN: https://www.linkedin.com/in/brent-shambaugh-9b91259
> Skype: brent.shambaugh
> Twitter: https://twitter.com/Brent_Shambaugh
> WebID: http://bshambaugh.org/foaf.rdf#me
>
>
> On Thu, Jun 30, 2022 at 3:43 AM David Chadwick <
> d.w.chadwick@truetrust.co.uk> wrote:
>
>> Yes. We have implemented this following the UK Power of Attorney model,
>> where one person (the attorney) can obtain the VC of another person (the
>> donor) who has become incapacitated. The attorney must possess a PoA VC
>> first and present it to the issuer of the donor's account.
>>
>> Kind regards
>>
>> David
>> On 29/06/2022 17:33, Brent Shambaugh wrote:
>>
>> Is there such a thing as credentials that can only be issued if the
>> holder already has a particular credential?
>>
>> --
>> -Brent Shambaugh
>>
>> GitHub: https://github.com/bshambaugh
>> Website: http://bshambaugh.org/
>> LinkedIN: https://www.linkedin.com/in/brent-shambaugh-9b91259
>> Skype: brent.shambaugh
>> Twitter: https://twitter.com/Brent_Shambaugh
>> WebID: http://bshambaugh.org/foaf.rdf#me
>>
>>

Received on Sunday, 3 July 2022 21:36:20 UTC