Holder, Control, Owner Terminology, and consistency w/ DIDs and in Verifiable Claims from Christopher Allen on 2017-06-23 (public-vc-wg@w3.org from June 2017)

From: Christopher Allen <ChristopherA@blockstream.com>
Date: Fri, 23 Jun 2017 11:08:00 -0700
To: Manu Sporny <msporny@digitalbazaar.com>, Joe Andrieu <joe@andrieu.net>, Kim Hamilton <kimdhamilton@gmail.com>, Drummond Reed <Drummond@respect.network>, Ryan Grant <bitcoin@rgrant.org>, Verifiable Claims Working Group <public-vc-wg@w3.org>
Message-ID: <CA+HTxFee0Q_m70wsxoPAdovX6DKs+vG3GZ_oxXDsfHwFx-mO0A@mail.gmail.com>

(I am CC’ing above some people who are not part of the VCWG thus can’t see
discussions on the VCWG list, but are actively involved in the DID
(decentralized identifier) spec — please include them)

I notice that the topic of control or controller has come up in the
terminology definitions aspects of the VCWG, which we are trying to wrap up
soon. I don’t want to put a wrench in the works, but if VCWG can come up
with good terminology for the below, it can help DIDs as well.

The recent discussion in VCWG has made me realize that the functional
differences of coming up generic terms sometimes conflict with what is
actually going on from a cryptographic perspective.

This came to me in particular with the term Holder last week, as for some
reason I had in my head that it was the holder of the keys (i.e. the holder
could be proven by someone else that they have them), rather than the
definition that it was someone who was holding the data who was not
necessarily have possession of the keys.

We have a similar problem in DIDs, where we use the term Owner and
Controller. I’m guilty of creating this distinction, and as I’m often
confused myself between which one is which, that means they are probably
not the best words.

>From the DID spec:

* Proof of Ownership is the mechanism by which an identity owner can
cryptographically prove ownership of a DID.

* Proof of Control is the mechanism by which an identity owner can give
itself or other entities permission to update the DDO

I’m hoping that we can be consistent with whatever VCWG terminology will be.

>From a cryptographic perspective, we need role name & verb for:

* An entity (singular or plural) that can on request prove that it has
possession of a private key corresponding to a pubic key (currently owner
and own).

* An entity that can prove that it has the right to be able to rotate a
public key to a new value (currently controller and control)

* An entity that can prove that it has a right to share information (or
maybe right to share read access?), which it may not own or control (in VC
world, the holder).

Any ideas?

— Christopher Allen

Received on Friday, 23 June 2017 18:09:03 UTC