-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorized Presenters #1359
Comments
SD-JWT uses If Data Integrity wants to do it differently, that seems like something for the data integrity spec to specify. |
Doing this at the securing mechanism layer is probably the wrong thing to do. Additional semantics are useful when building confidence on alternate parties that might present a credential. |
It would be helpful if you could to link to the SD-JWT RFC section that covers this. |
Marking as post-CR, open to |
The issue was discussed in a meeting on 2023-12-06
View the transcript2.3. Authorized Presenters (issue vc-data-model#1359)See github issue vc-data-model#1359. Gabe Cohen: I would like to explore the question of who is authorized to present a credential. I recollect that we discussed this in the past but did not come up with a solution. I would be interested to know what others are doing in this regard.
Manu Sporny: Digital Bazaar aren't doing this. I imagine that ConfidenceMethod would meet this requirement. Orie Steele: SD-JWT currently requires you to do this in a special way: you are required to implement support for Confirmation Method, which is the IETF way of doing this.
Dmitri Zagidulin: The CNF property used to identify the current presenter in SD-JWT, not to list authorized presenters - is this correct ?
Orie Steele: We've updated the specification so that won't be up to date any longer.
David Chadwick: I think it's probably a bit different with SD-JWT, because the issuer is given unblinded data to a specific entry. Anyone else who gets the credential will be blind to who is presenting it. What the SD-JWT does is 'blind' data, but makes disclosures in the clear. The holder is getting the information in the clear.
Brent Zundel: Did that help, decentralgabe? Gabe Cohen: A little; I'm happy for it to be closed now. Brent Zundel: I'll leave this to you decentralgabe. |
The issuee property partially solves this issue, because it is highly improbable that an issuer would issue a VC to an entity (the issuee) who was not entitled to present it. So by defining the issuee property you already have a partial solution. |
there are cases like a parent presenting on behalf of their child, or even an individual who has migrated to a new identifier that wishes to present their credential
I agree this is simplest and while not ideal (it will cause friction and assumes interoperable protocols) we should probably add some text like this |
Issue #942 suggested adding the issuee property, so that it is standardised and will minimise interoperability problems (which would happen if each issuer defined its own issuee property). |
@David-Chadwick personally I think there is value in doing that, but given the long discussion, and pushback in #942 I am not sure we will end up with a different result. May be worth briefly discussing this on an upcoming call (cc: @brentzundel). |
Related to w3c/vc-jose-cose#242 |
I'm curious what the PR will be. My general disposition is that VCs should not present an information control system, aka DRM, which is what we get if we allow issuers to dictate who is allowed to share a VC. I missed the chance to mention this on the call today, but I would strongly oppose changes to the spec, normative or otherwise, that suggests issuers have any legitimate authority to restrict what information a holder shares, including the VCs that they have in their position. IMO, the right nuance of this is addressed with the confidence method, in which issuers indicate how a verifier might establish confidence that the subject of a claim in a VC is interacting with them in some way. |
I agree in theory @jandrieu but with confidence method in its current (lackluster) state I view this as a gap worth adding some language to. I welcome your suggestions and wordsmithing help. I do not want to suggest that an issuer can restrict, but instead, allow certain authorized presenters explicitly. |
The issue was discussed in a meeting on 2024-03-06
View the transcript2.3. Authorized Presenters (issue vc-data-model#1359)See github issue vc-data-model#1359. Brent Zundel: 1359. Gabe Cohen: I still think it'd be helpful for this to be described in the spec. Manu Sporny: +1. I do think we can point to the confidence method spec.
Manu Sporny: we could talk about matching DIDs and comparing crypto related to those at each layer. Brent Zundel: a full treatment of this seems too much to handle right now.
Brent Zundel: what aspect of this would fit right now, is my question to decentralgabe. Gabe Cohen: I'd like to see non-normative text about it that could later be made normative. Brent Zundel: is this something you can do? Gabe Cohen: yes, but it's lower priority. Brent Zundel: I will note you assigned it to yourself in December, and it's still yours to do. Ted Thibodeau Jr.: I'm still very unclear how confidence method applies to who's presenting.
Michael Jones: how do you see this list interacting with proof of possession binding? Gabe Cohen: that's one option, but there be situations where that's not present. Michael Jones: just wanted to note they were related. |
Sorry I missed the meeting on 6 March, but I was travelling.
Adding an issuee property to a VC is not saying anything about who is allowed to share a VC. It is simply stating a fact about who the issuer issued the VC to. The current holder or verifier can process this data is whatever way they wish to. |
@decentralgabe I agree with you that the confidence method is not likely to solve your problem anytime soon. |
Note that this issue (#1359) is about adding a property for "authorized presenters", which is not an "issuee" property. |
Correct, but it can double up for that if the verifier wants to do so |
The issue was discussed in a meeting on 2024-03-27
View the transcript3.2. Authorized Presenters (issue vc-data-model#1359)See github issue vc-data-model#1359. David Chadwick: The
Manu Sporny: I dont disagree with what DavidC and TallTed said. Ted Thibodeau Jr.: I suggested that someone create a new issue for this along with appropriate PRs where it should be inserted.
David Chadwick: I dont think that adding a definition for issuee is a normative change for implementations. |
I think I think an implementation extension (i.e., not directly handled within our spec) might be the best way to handle |
Yes I agree. We said at our WG meeting that introducing the definition of issuee should not make any normative changes to VCDM. So any use of the issuee role should be done in an extension document and added to the directory of extensions. |
There is not consensus to add an authorized presenter role or capability to the VCDM at this point. The conversation around whether to add an Issuee role and the extent to which there may be consensus to do so is being discussed in #1467 I am closing this issue. |
We are running into a use case where require a credential to be presented by an issuer, or other set of parties known at issuance time. Currently, we do not have a way to express this in the VC a list of "authorized presenters."
I know this is related to confidence method and binding work.
I am not sure if there's enough demand to get a spec change in (unless there is - chime in!), so I'm mostly curious how others are solving this problem. Solutions that involve additional "relationship credentials" seem too complex.
The text was updated successfully, but these errors were encountered: