RE: Cross border identity use case - which did methods? from Nick Meyne on 2022-03-09 (public-credentials@w3.org from March 2022)

From: Nick Meyne <nick@resonate.coop>
Date: Wed, 09 Mar 2022 11:41:06 +0000
To: "rieks.joosten" <rieks.joosten@tno.nl>
Cc: "steve.capell" <steve.capell@gmail.com>, "joe" <joe@legreq.com>, "public-credentials" <public-credentials@w3.org>
Message-Id: <17f6e7b9415.10e078f632524622.8104635224256719668@resonate.coop>

Steve,

Thanks for the thread!



Is it possible to separate out the requirement for reliable identification and authentication of actors ('nodes') from the sharing of the data about the supply/service chain itself  ('links')?



As you say, VC's and underlying trust anchors might otherwise become 'overloaded' with chains of transactional data.



If I have understood it correctly, if we followed Rieks' suggestion we might have an 'ecosystem' resource of more value, especially if it were structured to be accessible in a more navigable form, with an ontology of some kind.  Example: https://www.valueflo.ws/





Rieks,

Thanks for the slides!  Do you have any information about the scalability of such an approach...  at say, supply chain or retail ecosystem volumes?



Joe,



"In general, firms don't want competitors to see the movement of  goods through the firm's channels"



There are some ecosystems (e.g. co-operatively governed ones) where this isn't necessarily required... in fact the opposite is sometimes encouraged.  However, I guess fine-grained privacy controls are of course necessary if the ecosystem is to be comprehensive.



Nick





---- On Wed, 09 Mar 2022 07:24:55 +0000 rieks.joosten@tno.nl  wrote ----


Perhaps the ideas behind https://www.semanticscholar.org/paper/Polymorphic-Encryption-and-Pseudonymisation-for-Verheul-Jacobs/a5ecb2f8a3b57bbfe310edabc01f435238a5c929 may be relevant here. They have some https://redasci.org/wp-content/uploads/2017/02/pep-informal.pdf.

Rieks

 

From: Steve Capell <mailto:steve.capell@gmail.com> 
 Sent: woensdag 9 maart 2022 08:11
 To: Joe Andrieu <mailto:joe@legreq.com>
 Cc: Credentials Community Group <mailto:public-credentials@w3.org>
 Subject: Re: Cross border identity use case - which did methods?


 

“If you need correlatable identifiers for particular points in the transaction, put that in a VC (with a unique nonce), put a hash of the VC on chain, and send the
 VC separately.”





Could you unpack that a bit?






It’s the exporter (did) that needs to prove their identity using a VC issued by a trusted authority (eg a trust anchor such a government) that confirms the DID ==
 public identity. Then the exporter DID issues a trae document such as an invoice 






If the exporter DID is ephemeral then the authority issued VC is equally ephemeral because you need a new one for every ephemeral DID.  I’m not sure that the trust
 anchor will be keen to support that volume of VCs.  






Or am I missing something in your flow ?


 

Steven Capell

Mob: 0410 437854






On 9 Mar 2022, at 1:26 pm, Joe Andrieu <mailto:joe@legreq.com> wrote:



.. If you need correlatable identifiers for particular points in the transaction, put that in a VC (with a unique nonce), put a hash of the VC on chain, and send the VC separately.





 

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages.

Received on Wednesday, 9 March 2022 15:56:31 UTC