- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Mon, 24 Feb 2025 10:00:06 -0500
- To: "public-credentials@w3.org" <public-credentials@w3.org>
- Cc: Calvin Cheng <Calvin_cheng@hive.tech.gov.sg>, Steve Capell <steve.capell@gmail.com>, Leonard Rosenthol <lrosenth@adobe.com>, "Andrea D'Intino" <andrea@dyne.org>, Shannon Appelcline <shannon.appelcline@gmail.com>, Wolf McNally <wolf@wolfmcnally.com>, Christopher Allen <ChristopherA@lifewithalacrity.com>, Daniel Hardman <daniel.hardman@gmail.com>, "Deventer, M.O. (Oskar) van" <oskar.vandeventer@tno.nl>
On Mon, Feb 24, 2025 at 9:50 AM Deventer, M.O. (Oskar) van <oskar.vandeventer@tno.nl> wrote: > “Redaction” applies to the holder blacking-out parts of the information. Take redacted government responses for Freedom-of-Information-Act requests, for example. Yes, and I think that's kinda what's happening here... except that you can't see what was "blacked out". The term isn't perfect, sure, and elision might be more accurate. > In case of Verifiable Credentials, it is the verifier who determines what information is needed. An overzealous verifier may decide to requests the full credential: cf hotels or Facebook requesting a full (non-redacted) copy of your passport. The holder has only two options: coerced compliance or walk away. “Selective redaction” is not an option. Hmm, not really, not in trade documents. The Verifier is going to ask for a bill of lading or a document that is similar in functionality... they're not going to ask for very specific line items. It's true that they might, but I'll also note that it'll be up to the trade community that is participating in the UN, WCO, CCG, and other bodies to establish expected norms... and I doubt the norm will be to be overly specific beyond what the Verifier needs to progress the transaction. It's true that you have to give the Verifier what they need to progress the transaction, but some Verifiers that are too demanding might find that supply chain participants might take their business elsewhere if they're asking for information that the Holder feels they don't need to convey. > Technically, a benevolent verifier would be making a “VC-fragment request”. Perhaps less sexy than “selective redaction”, but also less misleading ... but isn't that what Verifiers always do? At least in the VP Request case, the Verifier is always asking for a specific set of claims made by the Issuer... they're always asking for a "VC fragment". -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. https://www.digitalbazaar.com/
Received on Monday, 24 February 2025 15:00:57 UTC