RE: Multi-signature Verifiable Credentials

Snorree, the scenario you describe regarding potential future dissonance highlights an important consideration. VC’s are great for preserving the intent of one or more parties *at a given point in time* if that intent later changes then you need to think in terms of revocation/re-issuance or modification of a VC. Multi-sig can potentially give you a little flexibility by allowing some issuers to change their intent while others do not, but I don’t think M of N is the best way to deal with it.

 

-S

 

From: Snorre Lothar von Gohren Edwin <snorre@diwala.io> 
Sent: Tuesday, October 18, 2022 6:52 AM
To: Jack Tanner <jack@tonomy.foundation>
Cc: Manu Sporny <msporny@digitalbazaar.com>; public-credentials@w3.org; rebal@tonomy.foundation; Suneet Bendre <bendre.android@gmail.com>
Subject: Re: Multi-signature Verifiable Credentials

 

I would love to understand what customers are asking for to translate this logic into human needs.

Because we are facing a situation where credentials have had the Presidents signature on them(physically) and that was a verification mechanism in this ecosystem. But in reality, adding this signature together with the institute signature inside the VC, will add a potential future dissonance. Because the President might have quit, and it might not make sense any more. Unless you mix in timestamps and so on.

What I have been reasoning about is the question, does this signature need external auditability? Yes? Put it in the VC. No? Leave it.
While for most cases, the institute signature is enough, and if one ever wants to dispute a credential, there is an internal audit that has to make sure it was not a bad actor move or something else.

What are your thoughts on this?

Also why Im trying to learn what real live customers are asking for and what mental model I can wrap around what we are discussing here.

  <https://mailfoogae.appspot.com/t?sender=ac25vcnJlQGRpd2FsYS5pbw%3D%3D&type=zerocontent&guid=508c1915-979d-4e0e-948f-196909b9be3f> ᐧ

 

On Mon, Oct 3, 2022 at 12:18 PM Jack Tanner <jack@tonomy.foundation <mailto:jack@tonomy.foundation> > wrote:

For the cases that we are looking at

* Using multiple proofs to perform set-based multi-signature. (we want to be able to asynchronous sign the VC)
* Using multiple proofs to perform chain-based multi-signature.
* Using multiple proofs to perform multi-level/enveloped multi-signature.
* Using a single proof to perform set-based multi-signature. (sign a VC with a number of keys at once)
* Using a single proof to perform chain-based multi-signature.
* Using a single proof to perform M of N threshold multi-signature. (we are using W3C's Verifiable Condition to express this condition in the DID Document)
* Using a single proof to perform privacy-preserving M of N  threshold
multi-signature.

 

Food for thought, the implementation we just finished with JWT's is a kind of chain proof in the end to make it comply to the JWT standard - we nested each JWS as the payload for the next JWS inside the JWT.

 

Proof sets for JSON-LD format is also a great approach.

 

Cheers,

Jack

 

On Sat, 1 Oct 2022 at 20:52, Manu Sporny <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com> > wrote:

On Wed, Sep 28, 2022 at 4:08 AM Jack Tanner <jack@tonomy.foundation <mailto:jack@tonomy.foundation> > wrote:
> What should the proof look like?

We're trying to lock this down over the next couple of weeks in the
VCWG. The specific sections of the Data Integrity spec (with examples)
are here:

https://pr-preview.s3.amazonaws.com/w3c/vc-data-integrity/pull/59.html#proof-sets

and here:

https://pr-preview.s3.amazonaws.com/w3c/vc-data-integrity/pull/59.html#proof-chains

> Which VC library would make the most sense for the initial implementation?

Digital Bazaar's open source vc-js library will support proof sets and
chains (as specified in the Data Integrity spec by the VCWG) in
production. There is strong customer pull for proof sets. There is not
strong customer pull for proof chains, but given that we have the
opportunity to define a global standard for doing that AND because
there are use cases like notarization that are important, we plan to
add full support for that as well.

Regarding the concept of multi-signature, I am a bit concerned that
people are talking past each other as there are a number of categories
there and it's possible that not everyone is talking about the same
categories of multisig. There are at least these categories:

* Using multiple proofs to perform set-based multi-signature.
* Using multiple proofs to perform chain-based multi-signature.
* Using multiple proofs to perform multi-level/enveloped multi-signature.
* Using a single proof to perform set-based multi-signature.
* Using a single proof to perform chain-based multi-signature.
* Using a single proof to perform M of N threshold multi-signature.
* Using a single proof to perform privacy-preserving M of N  threshold
multi-signature.

So, when you say "multi-signature" -- which one of these things are
you talking about?

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/




 

-- 

_________________________________________


  <https://image.ibb.co/gEfyRz/profile.jpg> 

Jack Tanner

Founder and Architect | Tonomy Foundation

p: (+31) 6 2216 5433

w:  <https://tonomy.foundation/> tonomy.foundation e: jack@tonomy.foundation <mailto:jack@tonomy.foundation> 

 <https://twitter.com/@theblockstalk>   <https://www.linkedin.com/in/jack-tanner/> 




 

-- 

Snorre Lothar von Gohren Edwin

Co-Founder & CTO, Diwala

+47 411 611 94
www.diwala.io <http://www.diwala.io/>  <http://www.diwala.io/> 


Stay on top of Diwala news on social media! Facebook <https://www.facebook.com/diwalaorg>  / LinkedIn <https://www.linkedin.com/company/diwala>  / Instagram <https://www.instagram.com/diwala_/>  / Twitter <https://twitter.com/Diwala>