Re: Multi-signature Verifiable Credentials from Snorre Lothar von Gohren Edwin on 2022-10-18 (public-credentials@w3.org from October 2022)

From: Snorre Lothar von Gohren Edwin <snorre@diwala.io>
Date: Tue, 18 Oct 2022 15:51:43 +0200
To: Jack Tanner <jack@tonomy.foundation>
Cc: Manu Sporny <msporny@digitalbazaar.com>, public-credentials@w3.org, rebal@tonomy.foundation, Suneet Bendre <bendre.android@gmail.com>
Message-ID: <CAE8zwO1_vEcnT-YM=PgrR7ZMMvh0+J0Aj0C7fg75DCxtEHELPA@mail.gmail.com>
I would love to understand what customers are asking for to translate this
logic into human needs.

Because we are facing a situation where credentials have had the Presidents
signature on them(physically) and that was a verification mechanism in this
ecosystem. But in reality, adding this signature together with the
institute signature inside the VC, will add a potential future dissonance.
Because the President might have quit, and it might not make sense any
more. Unless you mix in timestamps and so on.

What I have been reasoning about is the question, does this signature need
external auditability? Yes? Put it in the VC. No? Leave it.
While for most cases, the institute signature is enough, and if one ever
wants to dispute a credential, there is an internal audit that has to make
sure it was not a bad actor move or something else.

What are your thoughts on this?

Also why Im trying to learn what real live customers are asking for and
what mental model I can wrap around what we are discussing here.
ᐧ

On Mon, Oct 3, 2022 at 12:18 PM Jack Tanner <jack@tonomy.foundation> wrote:

> For the cases that we are looking at
> * Using multiple proofs to perform set-based multi-signature. (we want to
> be able to asynchronous sign the VC)
> * Using multiple proofs to perform chain-based multi-signature.
> * Using multiple proofs to perform multi-level/enveloped multi-signature.
> * Using a single proof to perform set-based multi-signature. (sign a VC
> with a number of keys at once)
> * Using a single proof to perform chain-based multi-signature.
> * Using a single proof to perform M of N threshold multi-signature. (we
> are using W3C's Verifiable Condition to express this condition in the DID
> Document)
> * Using a single proof to perform privacy-preserving M of N  threshold
> multi-signature.
>
> Food for thought, the implementation we just finished with JWT's is a kind
> of chain proof in the end to make it comply to the JWT standard - we nested
> each JWS as the payload for the next JWS inside the JWT.
>
> Proof sets for JSON-LD format is also a great approach.
>
> Cheers,
> Jack
>
> On Sat, 1 Oct 2022 at 20:52, Manu Sporny <msporny@digitalbazaar.com>
> wrote:
>
>> On Wed, Sep 28, 2022 at 4:08 AM Jack Tanner <jack@tonomy.foundation>
>> wrote:
>> > What should the proof look like?
>>
>> We're trying to lock this down over the next couple of weeks in the
>> VCWG. The specific sections of the Data Integrity spec (with examples)
>> are here:
>>
>>
>> https://pr-preview.s3.amazonaws.com/w3c/vc-data-integrity/pull/59.html#proof-sets
>>
>> and here:
>>
>>
>> https://pr-preview.s3.amazonaws.com/w3c/vc-data-integrity/pull/59.html#proof-chains
>>
>> > Which VC library would make the most sense for the initial
>> implementation?
>>
>> Digital Bazaar's open source vc-js library will support proof sets and
>> chains (as specified in the Data Integrity spec by the VCWG) in
>> production. There is strong customer pull for proof sets. There is not
>> strong customer pull for proof chains, but given that we have the
>> opportunity to define a global standard for doing that AND because
>> there are use cases like notarization that are important, we plan to
>> add full support for that as well.
>>
>> Regarding the concept of multi-signature, I am a bit concerned that
>> people are talking past each other as there are a number of categories
>> there and it's possible that not everyone is talking about the same
>> categories of multisig. There are at least these categories:
>>
>> * Using multiple proofs to perform set-based multi-signature.
>> * Using multiple proofs to perform chain-based multi-signature.
>> * Using multiple proofs to perform multi-level/enveloped multi-signature.
>> * Using a single proof to perform set-based multi-signature.
>> * Using a single proof to perform chain-based multi-signature.
>> * Using a single proof to perform M of N threshold multi-signature.
>> * Using a single proof to perform privacy-preserving M of N  threshold
>> multi-signature.
>>
>> So, when you say "multi-signature" -- which one of these things are
>> you talking about?
>>
>> -- manu
>>
>> --
>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>> Founder/CEO - Digital Bazaar, Inc.
>> News: Digital Bazaar Announces New Case Studies (2021)
>> https://www.digitalbazaar.com/
>>
>
>
> --
> _________________________________________
>
> Jack Tanner
> Founder and Architect | Tonomy Foundation
> p: (+31) 6 2216 5433
> w: tonomy.foundation e: jack@tonomy.foundation
> <https://twitter.com/@theblockstalk>
> <https://www.linkedin.com/in/jack-tanner/>
>


-- 

*Snorre Lothar von Gohren Edwin*
Co-Founder & CTO, Diwala
+47 411 611 94
www.diwala.io
<http://www.diwala.io/>
*Stay on top of Diwala news on social media! **Facebook
<https://www.facebook.com/diwalaorg>** / **LinkedIn
<https://www.linkedin.com/company/diwala>** / **Instagram
<https://www.instagram.com/diwala_/>** / **Twitter
<https://twitter.com/Diwala>*
Received on Tuesday, 18 October 2022 13:52:07 UTC