Difference between revisions of "Verifiable Credential"

From MgmtWiki
Jump to: navigation, search
(The Verifiable Credential is a Swiss Army knife)
(Solutions)
 
(5 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
The [https://www.w3.org/TR/vc-data-model/ Verifiable Credentials Data Model 1.0] is a standard means fro create a collection of claims to move between trust domains or federations. But since is it a data model and not a data format or protocol, it cannot deliver on that goal.
 
The [https://www.w3.org/TR/vc-data-model/ Verifiable Credentials Data Model 1.0] is a standard means fro create a collection of claims to move between trust domains or federations. But since is it a data model and not a data format or protocol, it cannot deliver on that goal.
  
==Contest==
+
==Context==
 
* The [[Verifiable Credential]] was the first of a series of proposed standards to enable [[Self-Sovereign Identity]] by enabling the packaging of user identity information that can be verified by the receiver.
 
* The [[Verifiable Credential]] was the first of a series of proposed standards to enable [[Self-Sovereign Identity]] by enabling the packaging of user identity information that can be verified by the receiver.
 
* The Verifiable [[Presentation]] is created in response to a request from a [[Verifier]] which is known here as a [[Relying Party]].
 
* The Verifiable [[Presentation]] is created in response to a request from a [[Verifier]] which is known here as a [[Relying Party]].
 +
===Taxonomy===
 +
The current behaviors of SameSite are:
 +
{|border="1" padding="2" width="799px"
 +
| Term || Meaning or Behavior
 +
|-
 +
| claim || An assertion made about a subject. (This can only be considered true if the term subject is interpreted very broadly.)
 +
|-
 +
|subject ||  A thing about which claims are made.(Complete circulate - no real meaning at all.)
 +
|-
 +
| user agent || A program, such as a browser or other Web client, that mediates the communication between holders, issuers, and verifiers. (This does not match DID core well at all.)
 +
|-
 +
|validation||  The assurance that a verifiable credential or a verifiable presentation meets the needs of a verifier and other dependent stakeholders.
 +
|}
  
 
==Problems==
 
==Problems==
Line 14: Line 27:
 
The [[Verifiable Credential]] spec was created to allow [[Verifiable Credential]]s to fill any identify function.
 
The [[Verifiable Credential]] spec was created to allow [[Verifiable Credential]]s to fill any identify function.
 
* It is wildly popular among hackers who want to be able to create quick-and-dirly soltuions.
 
* It is wildly popular among hackers who want to be able to create quick-and-dirly soltuions.
* It is not designed to architect or build industrial scale identifier solutions.
+
* It is not designed to architect or build industrial scale identifier/attribute solutions.
 +
 
 +
===User Control===
 +
User control is mentioned non normatively in the VC spec.  It is not required, in fact this appears in the VC Spec. “Placing a refreshService property in a verifiable credential so that it is available to verifiers can remove control and consent from the holder and allow the verifiable credential to be issued directly to the verifier, thereby bypassing the holder.”  The DID Core spec specifically declaims any definition of control leaving it up to the user and the method.  For example this quote “Each DID document can express cryptographic material, verification methods, or services, which provide a set of mechanisms enabling a DID controller to prove control of the DID.”
  
 
==Solutions==
 
==Solutions==
 
===interoperability===
 
===interoperability===
* This [https://www.evernym.com/blog/getting-to-practical-interop-with-verifiable-credentials/ Evernym atricle] seems to be saying both that it does not exist and it is right around the corner. (2020-12-21)
+
* This [https://www.evernym.com/blog/getting-to-practical-interop-with-verifiable-credentials/ Evernym atricle] seems to be saying both that it does not exist and it is right around the corner. (2020-12-21) [https://www.w3.org/TR/vc-data-model/ The W3C recommendation] is dated 2019-11-19.
  
 
==References==
 
==References==

Latest revision as of 10:06, 11 July 2021

Full Title or Meme

The Verifiable Credentials Data Model 1.0 is a standard means fro create a collection of claims to move between trust domains or federations. But since is it a data model and not a data format or protocol, it cannot deliver on that goal.

Context

  • The Verifiable Credential was the first of a series of proposed standards to enable Self-Sovereign Identity by enabling the packaging of user identity information that can be verified by the receiver.
  • The Verifiable Presentation is created in response to a request from a Verifier which is known here as a Relying Party.

Taxonomy

The current behaviors of SameSite are:

Term Meaning or Behavior
claim An assertion made about a subject. (This can only be considered true if the term subject is interpreted very broadly.)
subject A thing about which claims are made.(Complete circulate - no real meaning at all.)
user agent A program, such as a browser or other Web client, that mediates the communication between holders, issuers, and verifiers. (This does not match DID core well at all.)
validation The assurance that a verifiable credential or a verifiable presentation meets the needs of a verifier and other dependent stakeholders.

Problems

The Verifiable Credential is a Swiss Army knife

The Swiss Army knife was designed for survival in the wild if it were the only tool available to you.

  • It was wildly popular and sold or copied throughout the world.
  • The Swiss Army knife is not used to fix a car our build a house if there are purpose-built tools available.

The Verifiable Credential spec was created to allow Verifiable Credentials to fill any identify function.

  • It is wildly popular among hackers who want to be able to create quick-and-dirly soltuions.
  • It is not designed to architect or build industrial scale identifier/attribute solutions.

User Control

User control is mentioned non normatively in the VC spec. It is not required, in fact this appears in the VC Spec. “Placing a refreshService property in a verifiable credential so that it is available to verifiers can remove control and consent from the holder and allow the verifiable credential to be issued directly to the verifier, thereby bypassing the holder.” The DID Core spec specifically declaims any definition of control leaving it up to the user and the method. For example this quote “Each DID document can express cryptographic material, verification methods, or services, which provide a set of mechanisms enabling a DID controller to prove control of the DID.”

Solutions

interoperability

References

  • This was one of the highlights from XXXI Internet Identity workshop:(IIW) presentation by Timothy Ruff (https://lnkd.in/gXDRGMy).