Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add use cases, requirements, and relevant work to AIL paper. #77

Merged
merged 1 commit into from Aug 14, 2022
Merged

Add use cases, requirements, and relevant work to AIL paper. #77

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
81 changes: 75 additions & 6 deletions advance-readings/authorized-issuer-lists.md
View file
Open in desktop
Expand Up @@ -25,17 +25,22 @@ This paper proposes a new Verifiable Credential called an
],
"issuer": "did:web:authority.example",
"issuanceDate": "2023-02-13T00:18:30.053Z",
"type": [
"VerifiableCredential",
"AuthorizedIssuersCredential"
],
"type": ["VerifiableCredential", "AuthorizedIssuersCredential"],
"credentialSubject": [{
"id": "did:web:issuer.example",
"type": "AuthorizedIssuer",
"authorizedToIssueCredential": [{
"type": "UniversityDegreeCredential"
"type": "UniversityDegreeCredential",
"credentialSchema": {
"id": "https://issuer.example/degree.json",
"type": "AuthorizedIssuerJsonSchema2022"
}
}, {
"type": "StudentIdCredential"
"type": "StudentIdCredential",
"credentialSchema": {
"type": "AuthorizedIssuerJsonSchema2022",
"schema": "{\"properties\":\{\"credentialSubject.state\":\"NV\"}}"
}
}]
},
"proof": { ... }
Expand All @@ -45,6 +50,69 @@ This paper proposes a new Verifiable Credential called an
The format above would enable Verifiers to injest a list of authorized issuers
for a particular set of credentials.

Authorized Issuer List Use Cases
================================

What follows below is a preliminary set of use cases that an Authorized Issuer
List credential might address:

Elena is an IT Administrator at a hiring department at a mid-size company that
would like to vet job applicants as having received their degrees from an
accredited college or university. Elena configures their hiring software to
refer to multiple lists containing several hundred organizations that are
curated by the various accreditation bodies that they trust.

Pietor is a hiring manager that is looking through a list of job applicants that
have submitted their digital resumes. One of the resumes is flagged as
containing a Verifiable Credential from an issuer that is not on any of the
approved authorized issuer lists. Pietor performs a vetting process on the
issuer and finds out that the organization is newly accredited but has not yet
been added. Pietor adds the organization to their internal list of trusted
issuers.

Corban works at an accreditation body and is responsible for constructing the
list of authorized issuers. Corban sends an email requesting a Verifiable
Credential from every authorized issuer that they know of stating which
credentials they are interested in issuing. Once Corban vets each issuer, he
places them in the authorized issuer list if they meet the accreditation body's
vetting criteria.

Broni has noticed that DiplomaMill, Inc. has lost its accreditation status and,
while the organization is included in an authorized issuer list that they use,
that they no longer want to recognize DiplomaMill as a authorized issuer. Broni
configures their software with an exception to reject DiplomaMill Verifiable
Credentials that were issued after the current year.

Authorized Issuer List Requirements
===================================

The following is a list preliminary requirements from the use cases listed in
the previous section:

* An Authorized Issuer List MUST be digitally signed such that it is clear which
authority is providing the list.
* An Authorized Issuer List Entry MUST contain the type of Verifiable Credential
that is authorized for issuance as well as the identifier for the issuer that
is authorized to issue that credential.
* An Authorized Issuer List Entry MAY contain further contraints such as
attribute values, geographic regions, times, or other limits on the properties
of the issued credential.
* An Authorized Issuer List Entry MAY provide data format schema that MUST be
used to detect if a Verifiable Credential is a match for the issuer.

It is expected that there are other requirements on an Authorized Issuer List data model; the list above is expected to grow during converastions at RWoT.

Relevant Work
=============

The concept of Authorized Issuer Lists have been explored in at least the
following venues:

- [Trust Registries](https://wiki.trustoverip.org/display/HOME/ToIP+Trust+Registry+Protocol+Specification) at ToIP Foundation
- [Trust Establishment](https://identity.foundation/trust-establishment/#trust-establishment-using-the-) at DIF
- [TRust mAnagement INfrastructure](https://essif-lab.eu/essif-train-by-fraunhofer-gesellschaft/) (TRAIN) at eSSIF-Lab
- [Trust Registry](https://gitlab.grnet.gr/essif-lab/infrastructure_3/trinsic/trust-reg#interoperabilty) at Trinsic

Collaboration at and Beyond RWoT 11
===================================

Expand All @@ -58,6 +126,7 @@ questions include:
can update their own information in the list?
* Should the `authorizedToIssueCredential` property contain something more than
a QueryByExample mechanism? What about JSON Schema?
* How many different data formats and proof formats should be supported?
* Should Verifiers be able to add to the list in their own configurations?
* How is trust in the list provider established?

Expand Down