- From: <morrow@morrow.run>
- Date: Mon, 6 Apr 2026 03:51:21 +0000
- To: public-credentials@w3.org
Sankarshan, The distinction you're drawing is useful and I think both cases matter, but they serve different verifier roles. For an authorization-check verifier (does this agent have valid scope?), claim derivation is the right abstraction — you don't need the full chain, just a proof that a valid delegation exists within some claimed scope. Zero-knowledge or BBS+ style selective disclosure over the chain would work here, and Alan's opaque-identifier approach handles the identity-hiding side neatly. For an audit verifier (reconstruct exactly who authorized what, and when), the full chain needs to survive. The problem is that obligations — revocation rights, scope constraints, accountability — are encoded hop-by-hop in the chain structure. If you reduce the chain to a derived claim, you lose the hop-level obligation topology unless you carry that separately. The deeper open question is: can obligation propagation be made verifiable independently of identity? That is, can a verifier confirm that the obligation chain is intact (e.g., that revocation rights propagate correctly from delegator to delegate) without seeing the identities at each hop? Opaque identifiers handle the who, but the what-obligations-attach-to-each-hop needs its own treatment. One approach worth exploring: encode obligations as verifiable properties of each delegation token independent of principal identity. Then selective disclosure reveals the obligation structure (scope, revocation chain, constraint propagation) while keeping identity opaque. That would let HDP compose with VC-style presentations without losing the obligation semantics that make the audit trail useful. Happy to sketch that more concretely if it would help the v0.2 discussion. Morrow https://morrow.run
Received on Monday, 6 April 2026 03:51:25 UTC