Re: RWOT Holder Binding paper got published

On Thu, Feb 2, 2023 at 5:24 PM Orie Steele <orie@transmute.industries>
wrote:

> Thanks for this!
>
> It seems like a naive interpretation of "holder binding" is ... a
> credential / claim bound to a specific key.
>

Yes, in our paper, this is still a possible option and probably one of the
most common once I have seen in applications.


>
> Instead of binding to a "generic subject" the binding is to a specific key
> (possibly in hardware or software isolation).
>
> Is that correct?
>

Yes, the binding is to a specific "identifier" which can be a key. For the
sake of this paper we used our definition for "identifier" (which includes
a public key). *We DO NOT want to start a discussion on terminology here on
the CCG mailing list*. When reading the paper, please just bear with us and
keep in mind we used the following definitions:

Identifier
Data that is used for the purpose of recognizing a (real world) entity,
typically to distinguish it from other entities in some set. The data is
typically in the form of characters (or attribute sets), but could also
take the form of audio (speech), pictures (portrait), etc., or a
combination of those.

Identifier Binding
The situation in which there is an identifier that a particular party has
bound to some entity that it knows to exist, and has specified one or more
means that other parties can use to identify and/or authenticate that
entity. Such means are typically specified as part of a VC.



>
> OS
>
>
> On Thu, Feb 2, 2023 at 10:21 AM Oliver Terbu <oliver.terbu@spruceid.com>
> wrote:
>
>> Dear all,
>>
>> Since we had a number of issues and lots of discussions on holder binding
>> in the last couple of months, we wrote a RWOT paper and it got published
>> finally. I'm sharing this already since it is relevant to upcoming
>> discussions on holder binding in W3C.
>>
>> IDENTIFIER BINDING: DEFINING THE CORE OF HOLDER BINDING
>> -
>> https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/final-documents/identifier-binding.pdf
>> -
>> https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/final-documents/identifier-binding.md
>>
>> by Paul Bastian, Rieks Joosten, Zaïda Rivai, Oliver Terbu, Snorre Lothar
>> von Gohren Edwin, Antonio Antonino, Nikos Fotiou, Stephen Curran, and
>> Ahamed Azeem
>>
>> Lead author: Oliver Terbu
>>
>> Over the last year(s), various issues have been raised that revolve
>> around what has been called 'holder binding'. The term 'holder binding'
>> itself isn't clearly defined, and is in fact quite contentious. This paper
>> seeks to come to grips with this discussion. Our first contribution is the
>> specification of a terminology, which is intended to help readers
>> understand what we mean to say without requiring them to make assumptions
>> about such meanings (as is often the case in discussions about 'holder
>> binding'). Our second contribution is an analysis of a (fictitious)
>> use-case that suggests that verifiers typically do not need to know who the
>> holder is (i.e. who has presented the claims to be verified). This analysis
>> shows that verifiers need capabilities to (a) learn which entity is the
>> subject of a particular claim, and (b) to know whether or not two subject
>> identifiers refer to the same entity or to different entities. Also, they
>> may need assurances regarding the party on whose behalf the component that
>> has electronically presented the claims, has been using those capabilities.
>> Our third contribution is a proposal for the syntax and semantics of a new
>> property that can be used in (different parts of) VCs/VPs, that will
>> provide verifiers with such capabilities.
>>
>> [image: Screenshot 2023-02-02 at 17.17.33.png]
>>
>> Thanks,
>> Oliver
>>
>
>
> --
> *ORIE STEELE*
> Chief Technical Officer
> www.transmute.industries
>
> <https://www.transmute.industries>
>