-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: remove ambiguity and asymmetry as it relates to subject identifiers #1445
Comments
This comment suggests that you (@decentralgabe & @mistermoe) believe most verifiable credentials will contain claims about only one subject. I do not believe that is borne out by the use cases that drove VCDMv1 nor those that drove the updates to produce VCDMv2. Even if only a minority of VCs will contain claims about multiple subjects, your suggested handling of those multiple subjects appears to break the association of each claim with its specific subject, which is vital.
How do you know whether This forces us back to something like the following, which does not appear to me to be much if any improvement on the status quo --
Further, the question of subject identifier optionality. We originally decided to allow this because claims might be made about a pronoun a/k/a a blank node, identified indirectly by some subset of its attributes which are found among the claims in the VC. I've seen no argument that rebuts this justification. This optionality does not mean that subject identifiers should never be included; it only allows for use cases where it is better to be omitted. |
I am wondering if this is something that should be handled by securing specifications. We could write language that requires a |
Does this pose a security concern? I'm sympathetic to the point that identification via a subset of attribution enables a more expressive & rich space for creation, but it may come at the cost of interop. Interop is only reasonable achievable with sufficient security guarantees, and we can't have standardized security over an amorphous set of identity attributes. I think @mistermoe articulates this well in the description:
@TallTed thanks for the response, I found that helpful! TIL what a pronoun is in the context of RDF! Perhaps I am still missing something? |
@KendallWeihe — Whether letting issuers "say anything about anything" (which was and remains a base design goal), including using blank nodes to identify the subject of any given VC, and whether a verifier relying on such statements, is a (problematic) security risk can only be evaluated by the issuers and verifiers in a given sphere of interaction. In other words, it falls into the verifier's "business logic," which is explicitly out of scope for the VCWG. |
Thanks @TallTed I appreciate the clarity |
marking as pending closed, as I do not see this change reaching consensus in the group. what is possible is language adding to securing specifications. I have opened one such issue in vc-jose-cose here w3c/vc-jose-cose#242. |
No objections raised since being marked |
i'd like to resurface a proposal @decentralgabe surfaced in #1130. He describes the issue at hand perfectly:
In addition to what @decentralgabe highlights, I see two primary issues:
Making subject identifier optional leaves too much room for ambiguity with respect to cryptographic verification of verifiable presentations. Ambiguity within such a crucial facet of Verifiable Credentials and Verifiable Presentations reduces the likelihood of interoperability which is in contradiction with the intent of standardization
There is asymmetry between
issuer
andcredentialSubject
specifically with respect to the fact thatid
is required forissuer
but notcredentialSubject
.this is especially confusing because the intent of an issuer identifier as described in the screenshot above is to provide a reliable means to access what's needed to verify the information presented in a credential. The same need exists when a subject presents a credential yet subject identifier remains optional
The text was updated successfully, but these errors were encountered: