- From: Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl>
- Date: Tue, 23 Apr 2019 14:26:24 +0000
- To: "public-vc-comments@w3.org" <public-vc-comments@w3.org>
- Message-ID: <6beb0972773f43239ba684250f0842b3@tno.nl>
The VC Use-cases document<https://www.w3.org/TR/verifiable-claims-use-cases/> talks about the ability of issuers to revoke credentials that they issued, but it does not mention who should be able to check whether or not credentials are revoked. Here is a suggestion to fill in that gap 4.8 Check revocation<https://www.w3.org/TR/verifiable-claims-use-cases/#check-revocation> Requirement: at the point in time that the inspector decides whether or not to provide a holder with the product or service that the holder requested, the inspector must be able to determine for every credential that the holder has provided, whether or not the credential has been revoked by its issuer. Motivation: A considerable time may have elapsed between the holder applying for a product or service and providing credentials for that, and the inspector deciding whether to honour or reject the application. If the inspector can only rely on non-revocation proofs that were valid at the time the holder provided its credentials, the probability that any of them is revoked increases as time goes by. Consequently, the inspector's risk of making its decision with invalid (revoked) credentials increases in a similar fashion.. So, the inspector needs the ability to check for revocation at any point in time, which it can also do for checking the digital signature or the credential's non-expiration. Furthermore, this ability will allow the inspector to re-evaluate this decision on a regular basis, which is beneficial when provisioning continuous services (e.g. a parking permit for the disabled - see the use-case) Needs: (t.b.d.) Here is a use-case X.Y Parking Permit The city of Groningen issues at most one parking permit to any family whose members live at the same city address. Also, a parking permit is only issued if the applicant owns or leases the vehicle. In order to automatically issue and enforce the parking permit, the city of Groningen requests every applicant to provide two credentials: one that is issued by the municipality itself that states that the applicant resides at some address in the city, and another one that is issued by the car registration agency of the Netherlands that states the licence plate of the vehicle that the applicant owns or leases. Several months after Michiel has successfully applied for a parking permit in Groningen, he decides to sell his car, which implies a de-registration of him as owner, and the ownership credential to be revoked. When the city checks its parking permits (e.g. every week/month/year), it will detect that Michiel is no longer eligable for a parking permit, which it can subsequently revoke. Note that if Michiel did not decide to sell the car (and supposing that the credentials have not expired), he would not need to re-apply for such a permit every year, which saves on agony. Rieks Joosten T: +31 622 901 317 TNO Groningen<https://www.tno.nl/en/about-tno/locations/locatie-groningen/lid2327/> Sr. Researcher E: rieks.joosten@tno.nl<mailto:rieks.joosten@tno.nl> Disclaimer<https://www.tno.nl/emaildisclaimer/> Decentralized Information Security [TNO bar voor mail] This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages.
Attachments
- image/png attachment: image002.png
Received on Tuesday, 23 April 2019 14:47:36 UTC