RE: About credential transfer mechanisms

Hi Markus,

We are working on a document that compares the alternatives. The option you mentioned has already been discussed and we think it is a good option, although we believe it presents a number of problems.

The main problem is that the GTIN is already widely used for product identification, and adding a DID to also identify the product seems to us to add an unnecessary layer of redirection. For example, to check the owner of a product from a GTIN, it would be necessary to read the blockchain by reading each transaction until the GTIN you are looking for is found, and this could be very slow.

Ismael.
________________________________
De: Markus Sabadello <markus@danubetech.com>
Enviado: lunes, 13 de mayo de 2024 21:07
Para: public-credentials@w3.org <public-credentials@w3.org>
Asunto: Re: About credential transfer mechanisms

No suele recibir correos electrónicos de markus@danubetech.com. Por qué esto es importante<https://aka.ms/LearnAboutSenderIdentification>

Another idea:


Don't use credentials at all, just create a DID that identifies the product, and whoever holds the DID's private key is considered the owner.

You can "transfer" the product by updating the DID's controller keys to keys belonging to the new owner.


You can still have additional properties (like a GTIN) inside the DID document, or you could even have credentials about the product.


The DID doesn't change if the owner changes, i.e. the product's identifier is persistent.


You can reference earlier versions of the DID document using versionId and versionTime parameters.


Of course you'd need a DID method other than did:web (since that isn't controlled by keys) and other than did:key or did:jwk (since those can't be updated).


Markus


On 4/24/24 10:11, Ismael Illán García wrote:
  *   Greetings CCG,
  *   I would like to get your opinion on the transfer/cession of credentials. Assuming, for example, that a credential issued by a store represents product ownership similar to a purchase receipt. The credential would contain information to identify the product (e.g., GTIN) and the owner's DID. In the event of a resale, what mechanisms could be established? In my group, we have raised the following options:

  *   1. Utilizing the extensibility property of credentials: The current holder could issue a new transfer credential with their signature, which would reference the first credential. The new owner could then present the chain of credentials from them to the store that sold the product. The main problem with this approach is that previous owners could continue to present their ownership credentials as if they were still the owners.

  *   2. The other option would require the participation of the store: Once the first sale of the product has been made (store -> customer). The current owner could request the store to issue the credential again, but for the new owner's DID. To ensure that the current owner does not keep their credential and continue to use it, the store could have a published list of credential statuses, allowing them to revoke it.

  *
  *
Thanks
  *
Ismael.
  *
  *
  *
  *
  *
  *
  *

Received on Tuesday, 14 May 2024 11:19:42 UTC