- From: Alan Karp <alanhkarp@gmail.com>
- Date: Mon, 11 Aug 2025 19:05:46 -0700
- To: Joe Andrieu <joe@legreq.com>
- Cc: Pryvit NZ <kyle@pryvit.tech>, David Chadwick <d.w.chadwick@truetrust.co.uk>, "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
- Message-ID: <CANpA1Z2KEmqaRgByP+8S4Ws7ybnLpsaAq5QeKAK80iCu33Zjpw@mail.gmail.com>
Unless the person is attesting with pen and paper, a device IS doing the attestation. It's under the direction of a person, of course, but that indirection adds a level of uncertainty that doesn't exist in person to person interactions. -------------- Alan Karp On Mon, Aug 11, 2025 at 5:56 PM Joe Andrieu <joe@legreq.com> wrote: > I'm trying to say that, in a Verifiable Credential situation, we have > attestations by a party capable of making attestations. That the issuer > attests to the statement is core to the semantic model. Devices cannot > attest. > > While it may be useful to have a device sign a thing, so you can have > some notion of authenticity, it would be misleading to say that the device > is claiming or attesting. That's anthropomorphizing a technical result as > if a human did it. > > What's far more interesting to me is how we can establish legal > accountability through digital records. > > So I'm not so much as making an assumption about your use case as I am > asserting that device made claims are about a useful as a server log. > > In contrast, a claim tied to a legal person as issuer? Now that I can use! > > > Joe Andrieu > President > joe@legreq.com > +1(805)705-8651 > ------------------------------ > Legendary Requirements > https://legreq.com > > > On Mon, Aug 11, 2025, 3:16 PM Pryvit NZ <kyle@pryvit.tech> wrote: > >> Joe, I think you may be making an assumption I’m not. I’m not assuming >> the sites are relying on the legal assurances, but rather on the technical >> assurances as a means of fingerprinting the user. >> >> Explaining the impact of this in a consent screen to the user in the >> wallet or browser isn’t easy either because it’s a technical side effect, >> not intended for the original purpose of the metadata claim. >> >> -Kyle >> >> >> On Tue, Aug 12, 2025 at 9:21 AM, Joe Andrieu <joe@legreq.com >> <On+Tue,+Aug+12,+2025+at+9:21+AM,+Joe+Andrieu+%3C%3Ca+href=>> wrote: >> >> Hardware is incapable of fulfilling the role of issuer. >> >> This remains an area where the VC spec incorrectly states that any >> "entity" can fulfill a role. >> >> The role fundamentally gives in the legal culpability for the issuance. A >> device cannot have legal culpability. A legal person (human or >> incorporated) can. >> >> Joe Andrieu >> President >> joe@legreq.com >> +1(805)705-8651 >> ------------------------------ >> Legendary Requirements >> https://legreq.com >> >> >> On Mon, Aug 11, 2025, 1:06 PM David Chadwick < >> d.w.chadwick@truetrust.co.uk> wrote: >> >>> >>> On 11/08/2025 20:32, Daniel Hardman wrote: >>> >>> I think the issuer of this verifiable data must be one or more >>> individual human beings. >>> >>> I think the issuer could be a tamperproof piece of hardware with its own >>> private key that could read a biometric of a human, along with liveness >>> testing, and assert that the entity that just provided the biometric to it, >>> is a live human being. >>> >>> Kind regards >>> >>> David >>> >>
Received on Tuesday, 12 August 2025 02:06:03 UTC