Re: How much is it reasonable to generalize from the TruAge implementation?

The user has to be in control of derivative credentials and non-repudiable
signatures. This could be through attenuated delegation or control over
pre-issued tokens (as in TruAge). The user agent also has to be able to
sign challenges.

In GNAP, as in public blockchains, the user agent is identified by their
public key and control over the private key.

Adrian

On Wed, Nov 15, 2023 at 9:05 AM Filip Kolarik <filip26@gmail.com> wrote:

> On Wed, Nov 15, 2023 at 7:46 AM <detlef.huehnlein@ecsec.de> wrote:
>
>> Dear Collegues,
>>
>> >> I think, if we do our work right, wallets should be considered
>> trustless.
>> >> Issuers and verifiers should be able to have confidence that they *do
>> not >need to trust wallets* to get trust in the VCs and their associated
>> >presentations.
>> >
>> >Interesting. I need to think about this a lot more.
>>
>> there are private keys corresponding to Verified Credentials within the
>> wallet. How can a wallet considered to be "trustless"?
>>
>
> Hi,
> no private keys should be stored in your wallet, unless your "wallet" acts
> as an issuer.
>
> 1. an issuer issues/signs a credential for you with issuer's private key
> 2. a credential holder (you) stores the signed VC in a wallet, the VC
> includes verification method in a form of public key
>
> Having self-signed VCs is another topic, but the logic is the same. As has
> been pointed out in this thread a couple of times. If VC contains only
> information that can be publicly shared, e.g. a VC proving I've attended an
> event in person, then the VC can be publicly shared with no issue.
>
> Best,
> Filip
>
>
>
>> Best Regards,
>>    Detlef
>>
>>
>>

Received on Wednesday, 15 November 2023 15:26:25 UTC