Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add "author" and "party" to terminology, rewrite "claim" terminology #1172
Add "author" and "party" to terminology, rewrite "claim" terminology #1172
Changes from 11 commits
a215692
6008f7f
96c7d2d
40129a3
dbab47d
08a4972
ea91405
da030bb
4221fe4
bb780b8
17c4421
06ce351
a9d8bb9
5b9597c
1b213b1
8b61aa4
31077c6
a09a793
f1ec45c
f900903
abf21e3
ec89f9e
e287f14
d22da0a
571ae86
a4fb1a4
3f4448c
788fb36
af626d8
16572a9
9172267
653c80d
246efc4
fdecac0
c78aeb4
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why does an implementer need to understand the difference between an
author
and anissuer
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An implementer may not need to understand the difference between an author and an issuer. However, in my opinion, standards such as these should not limit their audience to implementers. They should also enable non-implementers to learn (precisely) what they're talking about.
I am not an implementer, but I do contribute to architectures, systems designs, etc., so I need to know what I'm talking about to help projects make the right decisions. Texts that 'sort of' say what VCs are do not help me. I need texts that precisely state the facts of the matter, in order to avoind making mistakes. That particular characteristic determines the effectiveness of specifications as a vehicle for briding the gap between implementers and non-implementers.
Regarding the terms 'author' and 'issuer': as (I think) @dlongley pointed out, there is no such thing as the issuer of a claim, because they can exist without there being a credential that contains them. Having 'author' for a claim allows us to talk about the source of the claim. This is also helpful when talking about claims that are part of presentations. It makes it easier (for non-implementers) to understand the necessity of having proofs of authorship of claims therein. Also, it makes it easier to explain (to non-implementers) what the difference is between credentials (a (signed) set of claims, where the issuer is the author of each of them) and presentations (a (signed) set of claims, where the claims can have different authors and there is no implied link between the party that created (and signed) the presentation and the authorship of the claims).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm curious where @dlongley pointed out that there is no such this as an issuer of a claim. I would argue that such a distinction is a distinction without a difference.
I would argue that the issuer is the author.
Full stop.
Signing the claim means that the authority who is signing it is attesting to that truth of the claims. They are the author of those claims in that they are making that statement and attesting to their veracity. Whether or not they are the only author or the original author is irrelevant.
You could define an author that is different from the issuer, but that would have no impact on the meaning of the VC. Perhaps if the VC is itself a statement of authorship by someone other than the issuer of the VC.
In that case, you're just adding another claim asserted by the issuer, which verifiers will interpret in some way. That is, a VC issued by BobCo (using a DID we believe is associated with BobCo for attestations) could say "AuthorDan wrote that the sky is blue", i.e., "AuthorDan is the author of the claim that the sky is blue"
However, the VC can only validate that BobCo says "AuthorDan is the author of the claim that the sky is blue". Whether or not AuthorDan is, in fact, the author of those claims is opaque to the VC data model.
In contrast, the fact that the DID known to be associated with BobCo has an attestationMethod that can cryptographically verify the message is not tampered with is concrete evidence that the statement is made/authored/attested by BobCo.
In short, the only meaning of "author" that applies to a VC is the issuer. While that doesn't preclude the issuer making claims about authorship, we do not have any mechanism to deal with "author" of a VC as anything other than the Issuer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right. I thought I remembered what @dlongley said, but didn't.
I agree with you that its author is its issuer, but only in the context of VCs.
In the context of VPs, it's another matter. It is possible that a VP contains claims that are authored by the party that performs the role of the holder that creates the VP. Since such claims were never part of a VC, there is no issuer for them, but there is authorship. In fact, the very definition of 'verifiable presentation' talks about authorship, saying: "A verifiable presentation is a tamper-evident presentation encoded in such a way that authorship of the data can be trusted after a process of cryptographic verification."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jandrieu, @OR13: given the explanations above, is there anything concrete that you would like me to address so that the PR can proceed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@brentzundel: I cannot understand your argument because the terms you use do not seem to mean what the VCDM says they do. The term 'issuer', for example, is defined by the VCDM specifically in relation to the creation of a VC. So, your thinking that a holder could create a VP that includes claims that were never part of a VC is inconsistent with how VCDM defines 'issuer, so such a holder would not be acting as an issuer.
This may seem nit-picking, but it is an example of how many discussions/issues that we have get lengthy and aren't resolved in a satisfactory way. It would help so much if we could get ourselves to use terms that are defined only in the way in which they are defined, which is the start of having/creating a single understanding of what it is we're talking about, that we then all all share/commit to use.
The current set of terms does not allow us to properly describe the situation you refer to, in which a holder creates a VP which includes claims that were never part of a VC. This is a relevant use-case. In order to be able to talk about this, we might, e.g., modify the term 'issuer' to accommodate for that, introduce 4 roles rather than the current 3 by splitting up the 'holder' role, and I wouldn't be surprised if there are more ways to do this. I remember various discussions/issues about this which didn't lead anywhere.
The term 'author' is really nothing very special. It is just a generic way to refer to the party that created some data (and might be held accountable for its truth, trustworthiness, or the fact that it has created it). It is a simple concept that can be used to refer to the party that has created an individual claim, VC, VP, presentation request, etc. The roles of issuer, holder and verifier are specializations, where an issuer authors VCs for the purpose of sending them to a holder, a holder authors VPs (that includes VCs and/or claims authored by itself or other parties), and a verifier authors presentation requests (in which it seeks to obtain VPs that contain VCs and/or claims that are authored by particular parties). The term 'author' makes it much simpler to say these things than if I had to use the terminology as currently defined, and it is also easier to understand for those that use VCDM terminology rather than their own).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@RieksJ,
My understanding is that some people are objecting to this PR because
author
is being introduced as a separate and explicit role at the same level ofissuer
,holder
, andverifier
. I wonder if you could make the clarifications in terminology you'd like to see by not making it an explicit separate role, but by still talking about the existing roles performingauthoring
actions, etc. This would be my suggestion to try and move this PR toward consensus.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @dlongley for the suggestion. I am confused about people objecting to a term they also use in daily life. In the context of books, there is an author, and you have publishers (issuers if you will), stores, libraries and other roles that can be performed and from where you can request for and obtain books. People tend to be interested to learn who the author of a book is, and not so much the path that the book went to end up with the reader/user. I have made some changes to the definition to clarify this aspect.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the re-wording of author makes me dislike it less.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@brentzundel That sounds as an improvement. Unless there are concrete suggestions for changes, I guess it is acceptable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.