- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Wed, 8 Mar 2023 12:43:39 -0500
- To: steve.e.magennis@gmail.com
- Cc: W3C Credentials CG <public-credentials@w3.org>
On Wed, Mar 8, 2023 at 11:11 AM <steve.e.magennis@gmail.com> wrote: > However, my understanding is that there is an explicit intended purpose for these lists and that is to help people make trust decisions without having to perform full due-diligence themselves (enables the scaling of due-diligence if you will). I don't think the intent of the spec is really to just be a generic list primitive without expectation for how or why it will be used. There may be utility in that but I don't see that nearly as interesting. Yes, agree completely w/ the above. > This being the case, the question shouldn't be 'why should I trust your list' (messy conversation with no good procedural answer) but rather the statement: for the list to be useful in helping make a trust decision one must trust the party (in the appropriate context) that manages the list to do what they say they will do. How one comes to trust the manager of the list is a different topic. How a list is managed and how large it is directly impacts the utility of the list in helping make trust decisions and puts boundaries on the ability to scale due-diligence (to whatever level of detail required). I'm not advocating that any of this should be baked into the spec, but when considering using lists I think these are important considerations. Very well said, Steve. Yes, they are important considerations. Perhaps what we should do is state that in the spec and then very clearly say that those things are out of scope for the specification. Opened an issue to track your (and Bob's) feedback here: https://github.com/w3c-ccg/verifiable-issuers-verifiers/issues/4 -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Wednesday, 8 March 2023 17:44:28 UTC