You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to see DID Documents support the notion of keys/proofs being reliant on a combination of keys/proofs to be valid. Some attestations and auth requirements are what I would call 'mission critical', for example:
Say a government adopts decentralized identity systems, and integrates it into their court system. There may be many things that take just one signature from one key linked to the court entity to be authoritative, but some attestations may be so sensitive, with such a severe impact, that the court entity would want to put extra measures in place to up the ante on what it takes to be a valid attestation.
One such case: criminal conviction proofs.
In this case, a court entity may want to exclude any chance that a criminal conviction data object is ever created/signed with just a single key. They may want to specify that a set of three keys are reliant factors that must all sign something for it to be valid.
To do this, we could add a property on key descriptors that allowed the specification of another key in the owning entity's DID Document (or an external key ref, e.g. another DID's keys) that must be included for the key's use to be valid.
Another application specific factor approach could be a smart signature script rather than defining the multisig in JSON. This allows for more kinds of factors, such as non-accountable threshold secrets, timelocks, AND OR operands, etc.
Please see my comment elsewhere (I’ll look for it and append later) to not limit yourself to only accountable multisig like the above. A threshold signature allows the multisig to be confirmed as valid but not reveal (or correlate) which signers did the signing, which in addition to supporting privacy also is needed in multisig scenarios where coercion or threats to signers are possible.
@csuwilcat wrote:
I would like to see DID Documents support the notion of keys/proofs being reliant on a combination of keys/proofs to be valid. Some attestations and auth requirements are what I would call 'mission critical', for example:
Say a government adopts decentralized identity systems, and integrates it into their court system. There may be many things that take just one signature from one key linked to the court entity to be authoritative, but some attestations may be so sensitive, with such a severe impact, that the court entity would want to put extra measures in place to up the ante on what it takes to be a valid attestation.
One such case: criminal conviction proofs.
In this case, a court entity may want to exclude any chance that a criminal conviction data object is ever created/signed with just a single key. They may want to specify that a set of three keys are reliant factors that must all sign something for it to be valid.
To do this, we could add a property on key descriptors that allowed the specification of another key in the owning entity's DID Document (or an external key ref, e.g. another DID's keys) that must be included for the key's use to be valid.
Pseudo code:
The text was updated successfully, but these errors were encountered: