- From: Oliver Terbu <oliver.terbu@spruceid.com>
- Date: Tue, 21 Feb 2023 13:48:47 +0100
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: public-credentials@w3.org
- Message-ID: <CAP7TzjB2vG8U7RaL_adDZnPk4PFV-02MaeasLQHGRvZBnvRGKw@mail.gmail.com>
See comments below... On Mon, Feb 20, 2023 at 8:59 PM Manu Sporny <msporny@digitalbazaar.com> wrote: > On Mon, Feb 20, 2023 at 2:51 PM David Chadwick > <d.w.chadwick@truetrust.co.uk> wrote: > > This requires the following questions (at least) to be answered > > > > Can the former not be used for confirmation by the verifier or can it be > used? > > Yes, also good questions, David. It wasn't clear (to me, at least) > during the meeting when a Verifier should use one over the other. It > seems as if what's being proposed is that the Verifier should prefer > the confirmation methods to identity attributes. It's also not clear > what should be done when the information differs... portrait on > confirmationMethod is different from a property of the credential > subject. I expect confirmationMethod takes precedence, but that was > the slippery slope some voiced during the call about why this stuff > might not belong in credentialSubject. > > > Does the former need to be duplicated in confirmationMethod before it > can be used for confirmation? > > Yes, also a good question. I guess we'll see what the answer to that > is when the PR is raised. :) > IMO, the goal should be to reuse those properties. There is also an example above that does that. > > > What are the reasons (if any) that any subject attribute cannot be used > for confirmation by a verifier regardless of whether a confirmationMethod > for it exists or not. > > Oliver, Paul, correct me if I'm wrong here, but the answer during the > meeting seemed to be "you put it in the confirmation method so that > verifiers have one place to check wrt. confirming that the identifier > binding is the same as the one that the issuer used"? Though, I was a > bit shaky on what happens from a liability perspective if you do/don't > use the property. My expectation was "nothing, a verifier's liability > doesn't shift wrt. the issuer when this property is or is not used"... > though I can't say I'm confident about that matching what other WG > Members took away from the session. > I don't think that a technical feature in the VCDM spec can answer the liability question or shift liability without a legal framework or trust framework in place. > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > News: Digital Bazaar Announces New Case Studies (2021) > https://www.digitalbazaar.com/ > >
Received on Tuesday, 21 February 2023 12:49:11 UTC