- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sat, 10 May 2025 16:59:38 -0400
- To: W3C Credentials CG <public-credentials@w3.org>
On Thu, May 8, 2025 at 1:34 PM Kim Hamilton <kimdhamilton@gmail.com> wrote: > Joining back from some side discussions, I think it's clear that "phone home" needs a clearer definition. We all agree that the issuer is authoritative for the status of credentials they issue — the difference is on how status checks occur, and what sort of tracking it enables. Yes, I think the above is one of the things we need to do. It's somewhat analogous to the question of "Exactly what does 'decentralized' mean, and why do we keep arguing about it?" we had to answer several years ago with the DID Rubric. Turns out there are many dimensions of "decentralization" and the word was far more nuanced than we thought it was at first. "Phone home" seems to have the same problem. The discussion so far has been excellent; deeply insightful, which is no surprise given the folks involved in this community. I'm going to try to go back and engage directly with each email, but here are the themes I'm picking up based on what many people have said so far: * The "digital wallet" (or the app acting on behalf of the individual) MUST serve that individual first and foremost. This is similar to the trust we have in browsers today to not expose our information to bad actors. It breaks down a bit with browsers, though, as some of them passively aid in massive data collection in order to provide us with a "free" Web. So, we want better assurances with wallets because they really do deal with highly personal and sensitive information. * "Phone home" has multiple interpretations and nuances. There is acceptable phone home, such as when a verifier retrieves a Bitstring Status List in a way that provides good anonymity for a particular holder in the list. There is also unacceptable phone home, such as a verifier contacting the issuer and reporting in on specific holder behaviour that was never consented to by the holder. * Real-time tracking is being asserted as strongly out of scope for VCs and wallets. * Pingbacks for an individual acting in an official government capacity, which might require auditing, is debatably ok if done by a verifier that is configured to do so. There are good arguments for and against, and I hope to explore this particular point in a future email... but the core point seems to be: auditing is a separate process that happens after verification, and we should keep it layered in that way. * These systems need to work offline in emergency situations, so building anything that requires a network connection to provide base functionality is asking for trouble (a broken system). * During verification, there is only "good enough" freshness for a particular use case. The "good enough" timeframe can be different per use case. Those are all great insights, and I am still going through Carsten's excellent write up on the different expectations between credentials issued to individuals vs. credentials issued to employees. We need to capture all of this -- it's important guidance to others building credentials and wallets for different ecosystems. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. https://www.digitalbazaar.com/
Received on Saturday, 10 May 2025 21:00:19 UTC