W3C home > Mailing lists > Public > public-credentials@w3.org > November 2022

The Issuer Role and its system components (was: How VC API Really Works)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 27 Nov 2022 20:31:47 -0500
Message-ID: <CAMBN2CSiN7Wo6fzNKL3gg9anwY7xg_UjhU34-jZ8rVOYUiuO8w@mail.gmail.com>
To: W3C Credentials CG <public-credentials@w3.org>
On Wed, Nov 23, 2022 at 3:18 AM Tobias Looker
<tobias.looker@mattr.global> wrote:
> You argue that VC API has now introduced a new term that has divided the responsibility of the issuer into two parts, but that isn't agreed upon anywhere outside of the VC API, the VC data model has no notion of an "Issuer co-ordinator".

The three VC ecosystem roles have always been an imprecise
simplification to get the most important concepts across. We shouldn't
think that there aren't other roles or that those roles don't utilize
different system components to achieve their tasks. I was concerned
about this being where people might go, but still believe we made the
right decision by generalizing instead of trying to explain every
system component that might be utilized by the ecosystem.

The VC three party model has always been a generalization of a series
of more complex system components (and roles). Those discussions
happened in the early days of the discussion around the VC ecosystem.
At one point, we had a board filled with boxes and lines about all of
the things that a role might need to use to accomplish a task. In
fact, it was Dave Crocker who looked at the board and said: "Simplify!
You don't need to draw every box in the system to get the concept
across -- generalize them into more general roles and components and
see if that's close enough." That statement is what led to the 3 role
ecosystem we have today... but that doesn't mean that's all there was
(or is).

I went looking for those diagrams and found some of them in the
Rebooting the Web of Trust 2 meeting at the United Nations in ~2015.
Here's one of the diagrams where we started simplifying the Issuer to
just a single role... you can still see the Holder and Inspector
(which was renamed to "Verifier") boxes have subcomponents:


You can also see here that we wrote down "Want to get to fewest boxes
for each context" (we had called them "contexts" before we switched to


and we simplified further by drawing people on the roles and wrenches
on the system components:


All that to say, this stuff isn't new... the concept that there are
roles and components has existed for at least 6 years.

> OpenID 4 VCI focuses on the latter without any need for an "issuer co-ordinator", because that aligns to the VC data model and hey we should probably focus on getting interop between the defined parties in the VC data model, before we start inventing more roles right?

Coordinators aren't roles, they're components, as described in the VC API:


Conflating roles with components might be part of the reason you're
coming to different conclusions than the VC API group. It's important
to understand them for what they are -- roles achieve their goals by
configuring and using components.

This wasn't just arrived at overnight, it has been in the architecture
for years and it was only recently that we had to write it down, after
interviews across multiple implementers, because it became clear that
these things needed to be named in order for the group to understand
exactly where each API endpoint lived and which role(s) it was used

I just wanted to correct this critical misperception, specifically,
because it led to a variety of misunderstandings in your previous
post. I'll get around to responding to the rest of your email as I
have time... there's a lot to unpack there. :)

-- manu

Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
Received on Monday, 28 November 2022 01:32:37 UTC

This archive was generated by hypermail 2.4.0 : Monday, 28 November 2022 01:32:39 UTC