- From: David Chadwick <d.w.chadwick@truetrust.co.uk>
- Date: Tue, 12 Aug 2025 22:27:17 +0100
- To: public-credentials@w3.org
- Message-ID: <f10fec6b-2d3d-4945-9cb0-45e66e80f5e4@truetrust.co.uk>
On 11/08/2025 22:20, Joe Andrieu wrote: > Hardware is incapable of fulfilling the role of issuer. > > This remains an area where the VC spec incorrectly states that any > "entity" can fulfill a role. The organisation that developed the hardware could put its name on the issued VCs if legal culpability is a pre-requisite. But legal culpability is a separate topic for debate. If a VC is purely a statement made by an entity, then hardware can fulfil this role as the VC spec indicates. I can imagine various use cases where legal culpability is not a requirement. E.g. a householder installs an entrance gate with a device that reads the fingerprints of visitors, and is designed to keep out wild animals. When the gate operating machinery receives a VC from the fingerprint device indicating that a human is at the gate, then it opens the gate to let the human enter. Kind regards David > > The role fundamentally gives in the legal culpability for the > issuance. A device cannot have legal culpability. A legal person > (human or incorporated) can. > > Joe Andrieu > President > joe@legreq.com > +1(805)705-8651 > ------------------------------------------------------------------------ > Legendary Requirements > https://legreq.com > > On Mon, Aug 11, 2025, 1:06 PM David Chadwick > <d.w.chadwick@truetrust.co.uk> wrote: > > > On 11/08/2025 20:32, Daniel Hardman wrote: >> I think the issuer of this verifiable data must be one or more >> individual human beings. > > I think the issuer could be a tamperproof piece of hardware with > its own private key that could read a biometric of a human, along > with liveness testing, and assert that the entity that just > provided the biometric to it, is a live human being. > > Kind regards > > David >
Received on Tuesday, 12 August 2025 21:27:25 UTC