Suggestion for a new User-task 4.7: Trust claim from Joosten, H.J.M. (Rieks) on 2019-04-23 (public-vc-comments@w3.org from April to June 2019)

From: Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl>
Date: Tue, 23 Apr 2019 13:42:45 +0000
To: "public-vc-comments@w3.org" <public-vc-comments@w3.org>
Message-ID: <4683ccbca90441f69d2378a27bc9b9d1@tno.nl>

The Motivation section in 4.1 Issue claim<https://www.w3.org/TR/verifiable-claims-use-cases/#issue-claim> says "Individuals and organizations need a way to issue claims about themselves or others that can be verified and trusted.". While there is a user task Verify claim<https://www.w3.org/TR/verifiable-claims-use-cases/#verify-claim>, there is no such thing for trusting claims. Here is a proposal for a section that fills in this omission:

4.7 Trust claim<https://www.w3.org/TR/verifiable-claims-use-cases/#trust-claim>
Requirement: it must be possible for an inspector to determine what pairs of (credential type, issuer) it accepts as valid, i.e. trusts to be valid. Consequently, it must also be possible an issuer to advertise (publish) the credentials that it is willing and capable of issuing. Such advertisements must contain all information that typical inspectors would need to make their trust decision. This would typically include syntax and semantics of the claims in the credential, an endpoint at which the issuer issues these credentials, and (optionally) other meta-data, such as liability that the issuer takes, compensations for issue/use of such credentials, procedures that the issuer has followed to verify the truthfulness of issued claims, etc.
Motivation: Whenever a holder requests an inspector to provide a product or service, the inspector must return a query for the claims (from issuers that the inspector trusts) that it needs to determine whether or not to provide that product or service. In order for the inspector to decide whether or not it trusts some credential that is issued by some issuer, it needs information about the claims in the credential, the way that the issuer has verified them, and more. This requirement becomes increasingly important as the transaction that the inspector must decide on, comes with a higher value (and hence a higher risk).
Needs: every use-case

Rieks Joosten T: +31 622 901 317 TNO Groningen<https://www.tno.nl/en/about-tno/locations/locatie-groningen/lid2327/>
Sr. Researcher E: rieks.joosten@tno.nl<mailto:rieks.joosten@tno.nl> Disclaimer<https://www.tno.nl/emaildisclaimer/>

Decentralized Information Security
[TNO bar voor mail]

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages.

Attachments

image/png attachment: image002.png

Received on Tuesday, 23 April 2019 14:47:36 UTC