- From: Joe Andrieu <joe@legreq.com>
- Date: Mon, 11 Aug 2025 14:20:44 -0700
- To: David Chadwick <d.w.chadwick@truetrust.co.uk>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Received on Monday, 11 August 2025 21:21:00 UTC
Hardware is incapable of fulfilling the role of issuer. This remains an area where the VC spec incorrectly states that any "entity" can fulfill a role. The role fundamentally gives in the legal culpability for the issuance. A device cannot have legal culpability. A legal person (human or incorporated) can. Joe Andrieu President joe@legreq.com +1(805)705-8651 ------------------------------ Legendary Requirements https://legreq.com On Mon, Aug 11, 2025, 1:06 PM David Chadwick <d.w.chadwick@truetrust.co.uk> wrote: > > On 11/08/2025 20:32, Daniel Hardman wrote: > > I think the issuer of this verifiable data must be one or more individual > human beings. > > I think the issuer could be a tamperproof piece of hardware with its own > private key that could read a biometric of a human, along with liveness > testing, and assert that the entity that just provided the biometric to it, > is a live human being. > > Kind regards > > David >
Received on Monday, 11 August 2025 21:21:00 UTC