Re: [Agenda] W3C CCG 2024-02-20 - VC Bitstring Status List from Bob Wyman on 2024-02-20 (public-credentials@w3.org from February 2024)

From: Bob Wyman <bob@wyman.us>
Date: Tue, 20 Feb 2024 12:11:21 -0500
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: ステファニータン（SBIホールディングス） <tstefan@sbigroup.co.jp>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAA1s49VVzVe4d6VQG9fam=ME5sWwMWqheK04eJvB2mvie1Qbdg@mail.gmail.com>

>
> I'm struggling to think
> of a real world use case where they wouldn't just run it all through
> the same authority.

Imagine that Bob and Alice are married in a jurisdiction that doesn't issue
VCs. So, they independently assert that they are married to each other.
However, they agree to use the same revocation bit. So, if either disclaims
the marriage (e.g. effective divorce), the validity of the other's
assertion is automatically revoked. Another case might be an endorsement of
one's candidacy for political office. The endorsement might be
automatically revoked if the candidate drops out of the race.

Thanks for the answers. Yes, I realize that such schemes can lead to all
sorts of unfortunate and unintended consequences.

bob wyman


On Tue, Feb 20, 2024 at 11:42 AM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On Tue, Feb 20, 2024 at 11:10 AM Bob Wyman <bob@wyman.us> wrote:
> > Can a single bit be used to do more than one revocation?
>
> In theory, yes.
>
> In practice, make sure you understand all of the ramifications to your
> use case if you go down that path. :)
>
> > If I signed 100 claims as part of a single transaction, or while
> performing some role, could I revoke them all by flipping a single-bit?
>
> I'm going to be pedantic about the language you're using to make sure
> we're not miscommunicating. :)
>
> If you signed 100 claims as part of a single transaction... that
> sounds like a "Verifiable Credential containing 100 claims", so you
> could associate one revocation status list bit for that one VC.
>
> If you meant "I signed 100 VCs", then you could  associate ONE
> revocation status list bit for all 100 VCs. If you flip that one bit,
> all 100 VCs become revoked.
>
> > Could I produce a "conditional signature" that depends on a bit which is
> controlled by someone else? (i.e. My claim is valid unless Alice revokes
> her claim.)
>
> Let's not use the word "conditional signature", because that's a
> different branch of computer science (cryptographic circuits,
> multi-signatures, chained proofs, etc.) that I don't want to get
> confused with the status list stuff.
>
> I think I know what you're asking, which is "Can I make the validity
> of the VC conditional on something that Alice controls?"... and the
> answer is "yes".
>
> You could digitally sign the VC while giving Alice change control over
> the revocation bit. This  can happen when the issuing authority for a
> license is not the same authority that is responsible for the
> continued validity of that license... though, I'm struggling to think
> of a real world use case where they wouldn't just run it all through
> the same authority.
>
> Did that answer your questions, Bob?
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> https://www.digitalbazaar.com/
>

Received on Tuesday, 20 February 2024 17:11:39 UTC