Re: Plugfest 3 Proposal from Kayode Ezike on 2023-02-21 (public-vc-edu@w3.org from February 2023)

From: Kayode Ezike <kezike13@gmail.com>
Date: Tue, 21 Feb 2023 14:46:22 -0500
To: David Chadwick <d.w.chadwick@truetrust.co.uk>
Cc: Sharon Leu <sleu@jff.org>, dzagidulin@gmail.com, "public-vc-edu@w3.org" <public-vc-edu@w3.org>
Message-ID: <CAPXfD65yL5DQz5Vo-hQHf2OiWnApV0aar4obhCOP+d=gq3uQTg@mail.gmail.com>
Hi Sharon,

Thanks for this update. This is a great direction.

Question regarding this workflow: doesn’t it require the learner to know
precisely what set of credentials are acceptable for the verifier? In VPR,
we have the concept of a Mediated Presentation interaction, which enables a
human being to fulfill the request, but - to my knowledge - it is not as
common of a workflow.

For this to work, we need to design the request such that a human can
readily fulfill it, which has implications on UI/UX. For example, if we
want the user to send over a credential that was issued by an issuer in an
acceptable set, was issued within the last year, and has not yet expired,
such information needs to be visible in the wallet. Or do you anticipate
that the wallet would do as much automated filtering as it can before
allowing the user to select a subset of these?

Thanks,

Kayode

On Tue, Feb 14, 2023 at 3:42 PM David Chadwick <d.w.chadwick@truetrust.co.uk>
wrote:

> Hi Dmitri
>
> If the wallet does not trust the verifier then a strict wallet may not let
> the user send their personal information to an untrustworthy verifier who
> may abuse this PII (e.g. if the VC is a passport). A lax wallet may ask the
> user first, Do you really want to send your PII to this untrustworthy
> verifier?
>
> So the next question is How does the wallet learn that the verifier is
> trustworthy. Ans. This is the function of the trust infrastructure. But it
> might be asking too much to build trust infrastructures into Plugfest 3,
> which is why I suggested it could be Plugfest 4.
>
> Kind regards
>
> David
> On 15/02/2023 07:46, Dmitri Zagidulin wrote:
>
> Hi David,
>
> Can you clarify/expand the question? In the general VC ecosystem, there's
> no assumption that there's any trust relationship between the wallet and
> the verifier.
> (There is the assumption that the wallet will accurately convey to the
> user the verifier's identity, that is, WHO is asking for the credentials.
> But that's different from a trust relationship between wallet and verifier.)
>
> Dmitri
>
> On Thu, Feb 9, 2023 at 3:47 PM David Chadwick <
> d.w.chadwick@truetrust.co.uk> wrote:
>
>> Hi Sharon
>>
>> I am guessing that for this demo (please correct me if I am wrong) the
>> assumption will be that the wallet trusts the verifier and the verifier
>> trusts the wallet. Then plugfest 4 can determine how to integrate trust
>> infrastructures for the open world model where neither trust each other
>> initially.
>>
>> The next step will be for each protocol group to determine the profile
>> that they will use, because in the OIDC4VP case there are lots of different
>> possibilities and combinations to chose from.
>>
>> Kind regards
>>
>> David
>> On 10/02/2023 07:36, Sharon Leu wrote:
>>
>> Hi David,
>>
>> Thanks for your comment.  We are anticipating that wallets will generally
>> support one of VPR or OIDC4VP, similar to how the groups in the previous
>> plugfest.  Are there other potential details we should note?
>>
>> sharon
>>
>>
>>
>> *From: *David Chadwick <d.w.chadwick@truetrust.co.uk>
>> <d.w.chadwick@truetrust.co.uk>
>> *Date: *Monday, February 6, 2023 at 1:56 PM
>> *To: *public-vc-edu@w3.org <public-vc-edu@w3.org> <public-vc-edu@w3.org>
>> *Subject: *Re: Plugfest 3 Proposal
>>
>> Hi Sharon
>>
>> Thankyou for having this discussion at today's meeting. I am sorry I
>> could not attend, but it was at 4am New Zealand time and consequently I was
>> fast asleep in bed.
>>
>> I agree with the proposed workflow. The devil might be in the details
>> e.g. will it be DIF PEv1, PEv2 or W3C Presentation Request that wallets
>> should support? (FYI we have a solution for limited use cases of this);
>> which status methods should be supported etc.\
>>
>> I agree that this will need a longer timeline than either of the previous
>> plugfests
>>
>> Kind regards
>>
>> David
>>
>> On 07/02/2023 06:25, Sharon Leu wrote:
>>
>> Hello vc-edu,
>>
>>
>>
>> Thank you for your helpful feedback on plugfest 2 and sharing your ideas
>> for plugfest 3.  There are many important aspects of VC interop on which we
>> could focus, but as we considered our primary objective – creating
>> functional LERs, we think that the logical next step is to emphasize
>> presentation exchange.
>>
>>
>>
>> We propose the following workflow:
>>
>>    1. Verifier requests a set of credentials from holder
>>    2. Holder selects (3) relevant credentials from the wallet
>>    3. Holder presents to verifier in form of verifiable presentation
>>    4. Verifier verifies the authenticity of the VP (including DID auth
>>    on the VP) and individual VCs (including credential status check)
>>
>>
>>
>> We have noted several other considerations in our slides deck:
>> https://docs.google.com/presentation/d/1SuyKPLmb1KqLPEsfDnzaBtd1GpGjuHH9e04RoWDojC4/edit?usp=sharing
>> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fpresentation%2Fd%2F1SuyKPLmb1KqLPEsfDnzaBtd1GpGjuHH9e04RoWDojC4%2Fedit%3Fusp%3Dsharing&data=05%7C01%7Csleu%40jff.org%7C9d89b241116542f7061108db0873de33%7C3bddf584e8d746c49804a0f3cdf0b0ca%7C0%7C0%7C638113065970339086%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=qC5YcXrm%2FheIhokBrBOLK0GKHqGo3O0sw2oxbyRMurE%3D&reserved=0>
>> (proposed workflow is on slide 5).
>>
>>
>>
>> Please let us know what you think about this approach – concerns,
>> questions, etc.
>>
>>
>>
>> Look forward to Plugfest 3, coming soon!
>>
>>
>>
>> Sharon
>>
>> --
Kayode Ezike
Principal at I/O by Ayo
Received on Tuesday, 21 February 2023 19:46:46 UTC