Difference between revisions of "Verifiable Claim"
(→Solution) |
(→Problem) |
||
| Line 9: | Line 9: | ||
Granting a benefit requires proof and verification. Some benefits demand a formal process that includes three parties. In this process, the holder asks for the benefit and the inspector-verifier grants or denies the benefit based on verification of the holder’s qualification from a trusted issuer. | Granting a benefit requires proof and verification. Some benefits demand a formal process that includes three parties. In this process, the holder asks for the benefit and the inspector-verifier grants or denies the benefit based on verification of the holder’s qualification from a trusted issuer. | ||
| + | |||
| + | ===False Claims=== | ||
| + | A [[Verifiable Claim]] can be perfectly constructed, totally verifiable, and still be completely false if it is not about a real attribute of the [[Subject]] that created the digital [[Identifier]] that is bound to the claim. This is a particularly knotty problem for a [[Decentralized ID]] that is not known to be bound to any particular human user by its very design. It may be that the [[Decentralized ID]] has protected the user against release of [[User Private Information]], but it does not meet the primary meaning of [[Privacy]], namely the right to be let alone. Now any can make a claim about any [[Identifier]] and if the [[Subject]] does not want to expose more of their [[User Private Information]] they cannot avail themselves of the right of [[Redress]] to false claims. | ||
| + | |||
| + | The science fiction writers Vernor Vinge<ref>Vernor Vinge, ''True Names and the Opening of the Cyberspace Frontier.'' (original 1981) ISBN 978-0312862077<ref> and Stanislaw Lem<ref>New Yorker</ref> | ||
==Solution == | ==Solution == | ||
Revision as of 12:26, 6 January 2019
Contents
Full Title or Meme
A Verifiable Claim is one that can be Validated by a signed statement from some recognized authority as to the nature of a linkage between Attributes and a Subject.
Context
- The Context in which a validation applies should be made clear by a policy statement from the validating authorities.
- The mission of the Verifiable Claims Working Group (VCWG) is to make expressing and exchanging credentials that have been verified by a third party easier and more secure on the Web.
Problem
Granting a benefit requires proof and verification. Some benefits demand a formal process that includes three parties. In this process, the holder asks for the benefit and the inspector-verifier grants or denies the benefit based on verification of the holder’s qualification from a trusted issuer.
False Claims
A Verifiable Claim can be perfectly constructed, totally verifiable, and still be completely false if it is not about a real attribute of the Subject that created the digital Identifier that is bound to the claim. This is a particularly knotty problem for a Decentralized ID that is not known to be bound to any particular human user by its very design. It may be that the Decentralized ID has protected the user against release of User Private Information, but it does not meet the primary meaning of Privacy, namely the right to be let alone. Now any can make a claim about any Identifier and if the Subject does not want to expose more of their User Private Information they cannot avail themselves of the right of Redress to false claims.
The science fiction writers Vernor VingeCite error: Closing </ref> missing for <ref> tag
Solution
- A Verifiable Claims Data Model and Representations document is under development by the W3C Verifiable Claims working group on this GitHub site.
- It is hard to determine exactly what a verified claim is. It seems that it might only be verfied at the moment that a revocation check is made and not for one instant later, although that is not stated anywhere.
- There appears to be no way to link a verified claim to a user, or to prevent replay. It is not clear if all the members of the WG agree if that is the correct view.
Taxonomy from the spec
| Name in spec | Name in this wiki | Definition |
| entity | in conflict | A thing with distinct and independent existence such as a person, organization, concept, or device. |
| subject | subject | An entity about which claims may be made. |
| claim | attribute | A statement made by an entity about a subject. |
| verifiable claim | Statement | claim that is effectively tamper-proof and whose authorship can be cryptographically verified, expressed in a standard, machine-readable data format which can also be extended with minimal coordination. |
| entity credential | in conflict | A set of one or more claims made by the same entity about a subject. (unclear how this is different from a verifiable claim) |
| issuer | issuer | An entity that creates a verifiable claim, associates it with a particular subject, and transmits it to a holder. Examples of issuers include corporations, governments, and individuals. |
| inspector-verifier | Attribute Provider | An entity that receives one or more verifiable claims for processing. Examples of inspector-verifiers include employers, security personnel, and websites. |
| identifier registry | Identifier Provider | Mediates the creation and verification of subject identifiers. Examples of identifier registries include corporate employee databases, government ID databases, and distributed ledgers. |
| Entity Profile | Trusted Identifier | information that, together with a subject identifier id, constitute an entity profile. The properties are not claims and are not intended to be verifiable. |
| Issued | Date | This is the date, in string format, when the claim was issued. (unclear - see example) |
| Type | Software in use | Determine the location's expected behavior |
| revocation | theoretically impossible | The value of this property must be a revocation scheme that provides enough information to determine whether or not the credential has been revoked. (this sounds like an OCSP) |
Note that the term Identifier or Attribute Provider is used in this wiki as the distinction between identifiers and attributes is arbitrary and subject to interpretation.
EXAMPLE - A simple verifiable claim
Note that it is unclear on which date the claim "over 21" is valid. It seems that the issued date applies to the original credential and not this derived credential. If it is the date on which the claim became true, then it is releasing too much information.
{
"@context": "https://w3id.org/security/v1",
"id": "http://example.gov/credentials/3732",
"type": ["Credential", "ProofOfAgeCredential"],
"issuer": "https://dmv.example.gov",
"issued": "2010-01-01",
"claim": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"ageOver": 21
},
"revocation": {
"id": "http://example.gov/revocations/738",
"type": "SimpleRevocationList2017"
},
"signature": {
"type": "LinkedDataSignature2015",
"created": "2016-06-18T21:19:10Z",
"creator": "https://example.com/jdoe/keys/1",
"domain": "json-ld.org",
"nonce": "598c63d6",
"signatureValue": "BavEll0/I1zpYw8XNi1bgVg/sCneO4Jugez8RwDg/+
MCRVpjOboDoe4SxxKjkCOvKiCHGDvc4krqi6Z1n0UfqzxGfmatCuFibcC1wps
PRdW+gGsutPTLzvueMWmFhwYmfIFpbBu95t501+rSLHIEuujM/+PXr9Cky6Ed
+W3JT24="
}
}
References
- Synonyms include: Assurance Attested Corroborated.
