- From: Bob Wyman <bob@wyman.us>
- Date: Tue, 20 Feb 2024 12:11:21 -0500
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: ステファニー タン(SBIホールディングス) <tstefan@sbigroup.co.jp>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CAA1s49VVzVe4d6VQG9fam=ME5sWwMWqheK04eJvB2mvie1Qbdg@mail.gmail.com>
> > I'm struggling to think > of a real world use case where they wouldn't just run it all through > the same authority. Imagine that Bob and Alice are married in a jurisdiction that doesn't issue VCs. So, they independently assert that they are married to each other. However, they agree to use the same revocation bit. So, if either disclaims the marriage (e.g. effective divorce), the validity of the other's assertion is automatically revoked. Another case might be an endorsement of one's candidacy for political office. The endorsement might be automatically revoked if the candidate drops out of the race. Thanks for the answers. Yes, I realize that such schemes can lead to all sorts of unfortunate and unintended consequences. bob wyman On Tue, Feb 20, 2024 at 11:42 AM Manu Sporny <msporny@digitalbazaar.com> wrote: > On Tue, Feb 20, 2024 at 11:10 AM Bob Wyman <bob@wyman.us> wrote: > > Can a single bit be used to do more than one revocation? > > In theory, yes. > > In practice, make sure you understand all of the ramifications to your > use case if you go down that path. :) > > > If I signed 100 claims as part of a single transaction, or while > performing some role, could I revoke them all by flipping a single-bit? > > I'm going to be pedantic about the language you're using to make sure > we're not miscommunicating. :) > > If you signed 100 claims as part of a single transaction... that > sounds like a "Verifiable Credential containing 100 claims", so you > could associate one revocation status list bit for that one VC. > > If you meant "I signed 100 VCs", then you could associate ONE > revocation status list bit for all 100 VCs. If you flip that one bit, > all 100 VCs become revoked. > > > Could I produce a "conditional signature" that depends on a bit which is > controlled by someone else? (i.e. My claim is valid unless Alice revokes > her claim.) > > Let's not use the word "conditional signature", because that's a > different branch of computer science (cryptographic circuits, > multi-signatures, chained proofs, etc.) that I don't want to get > confused with the status list stuff. > > I think I know what you're asking, which is "Can I make the validity > of the VC conditional on something that Alice controls?"... and the > answer is "yes". > > You could digitally sign the VC while giving Alice change control over > the revocation bit. This can happen when the issuing authority for a > license is not the same authority that is responsible for the > continued validity of that license... though, I'm struggling to think > of a real world use case where they wouldn't just run it all through > the same authority. > > Did that answer your questions, Bob? > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > https://www.digitalbazaar.com/ >
Received on Tuesday, 20 February 2024 17:11:39 UTC