Re: Verifiable Credentials over Wireless (NFC and Bluetooth) from Manu Sporny on 2024-09-17 (public-credentials@w3.org from September 2024)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 17 Sep 2024 19:13:19 -0400
To: Przemek Praszczalek <Przemek.Praszczalek@mastercard.com>
Cc: W3C Credentials CG <public-credentials@w3.org>
Message-ID: <CAMBN2CRW_ZCD3OeBkWZ4wONqCmTR71evLZ0XEo2asMTfv7rVXw@mail.gmail.com>

On Tue, Sep 17, 2024 at 10:40 AM Przemek Praszczalek
<Przemek.Praszczalek@mastercard.com> wrote:
> Thank you Manu + Digital Bazaar team.  Verifiable Credentials over Wireless is a super interesting concept!

Thanks for those kind words, Przemek. :)

> A few thoughts (at a higher level), which can support multiple use cases:
> Phone-2-Phone Chain --- Passing a single VC via multiple smartphones (users) --> think of it as a much better version of the in-person “game of telephone” (but without mistakes)

Yes, this is effectively the "non-interactive presentation" use case:

https://digitalbazaar.github.io/vc-wireless/#non-interactive-presentation

The benefit (and drawback) there being that you can loss-lessly copy
trusted statements between devices in person without any network
involved. Effectively, a "sneaker net" for VCs.

There would always be an option to prove that you're the holder (via
something like a DID or confidenceMethod) vs. just moving data... but
for stuff like bearer tokens: "Here, I picked up your movie ticket
from the kiosk *tap* there, now you have it", it could be interesting
(as long as the verifiers have some sort of double-spend protection).

> Online-2-‘In Real Life’ (IRL) --- connecting the User between online and in-person experiences & interactions

Yep, benefit (and drawback) there being the correlation dangers. There
are some use cases where that's desirable (I got my citizenship card
online and now I want to cross a border with it), and some where it is
not (I'm over the age of 21). That said, you can do unlinkable proofs
using this technology, and especially when using BBS, the signature
sizes and VC is small enough (in CBOR-LD format) to have a good
tap-to-prove experience AND continue to be unlinkable.

Think of use cases like: "I'm an airline Travel Lounge member, let me
in" or "I'm a hotel guest, let me into the pool area." (but in an
unlinkable way).

> Links to Digital Proofs --- A secure way to share a tamper-evident link to another VC (e.g., a secondary VC, a much larger data packet, etc.)

Yes, possibly: Here's a link to my online resume and associated
education VCs, and a proof that I'm the holder of those VCs and that
I'm standing here in front of you because I got that proof to you via
NFC.

> Not to mention tons of identity, AI, payments and commerce-related use cases.

Yep, lots of use cases. Hope this helps others that have some
in-person use cases that they've wanted to do with VCs but have not
had the mechanism to do so (until now).

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
https://www.digitalbazaar.com/

Received on Tuesday, 17 September 2024 23:13:59 UTC