- From: Joe Andrieu <joe@legreq.com>
- Date: Mon, 11 Aug 2025 17:53:15 -0700
- To: Pryvit NZ <kyle@pryvit.tech>
- Cc: David Chadwick <d.w.chadwick@truetrust.co.uk>, "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
- Message-ID: <CAEOiD0GmPMLeu2Cug-_21T6Vn+nxqjyM-=GoPcVbWNY5-+c39Q@mail.gmail.com>
I'm trying to say that, in a Verifiable Credential situation, we have attestations by a party capable of making attestations. That the issuer attests to the statement is core to the semantic model. Devices cannot attest. While it may be useful to have a device sign a thing, so you can have some notion of authenticity, it would be misleading to say that the device is claiming or attesting. That's anthropomorphizing a technical result as if a human did it. What's far more interesting to me is how we can establish legal accountability through digital records. So I'm not so much as making an assumption about your use case as I am asserting that device made claims are about a useful as a server log. In contrast, a claim tied to a legal person as issuer? Now that I can use! Joe Andrieu President joe@legreq.com +1(805)705-8651 ------------------------------ Legendary Requirements https://legreq.com On Mon, Aug 11, 2025, 3:16 PM Pryvit NZ <kyle@pryvit.tech> wrote: > Joe, I think you may be making an assumption I’m not. I’m not assuming the > sites are relying on the legal assurances, but rather on the technical > assurances as a means of fingerprinting the user. > > Explaining the impact of this in a consent screen to the user in the > wallet or browser isn’t easy either because it’s a technical side effect, > not intended for the original purpose of the metadata claim. > > -Kyle > > > On Tue, Aug 12, 2025 at 9:21 AM, Joe Andrieu <joe@legreq.com > <On+Tue,+Aug+12,+2025+at+9:21+AM,+Joe+Andrieu+%3C%3Ca+href=>> wrote: > > Hardware is incapable of fulfilling the role of issuer. > > This remains an area where the VC spec incorrectly states that any > "entity" can fulfill a role. > > The role fundamentally gives in the legal culpability for the issuance. A > device cannot have legal culpability. A legal person (human or > incorporated) can. > > Joe Andrieu > President > joe@legreq.com > +1(805)705-8651 > ------------------------------ > Legendary Requirements > https://legreq.com > > > On Mon, Aug 11, 2025, 1:06 PM David Chadwick < > d.w.chadwick@truetrust.co.uk> wrote: > >> >> On 11/08/2025 20:32, Daniel Hardman wrote: >> >> I think the issuer of this verifiable data must be one or more individual >> human beings. >> >> I think the issuer could be a tamperproof piece of hardware with its own >> private key that could read a biometric of a human, along with liveness >> testing, and assert that the entity that just provided the biometric to it, >> is a live human being. >> >> Kind regards >> >> David >> >
Received on Tuesday, 12 August 2025 00:53:32 UTC