New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disputed credentials #227
Disputed credentials #227
Conversation
Rebasing (I hope!)
index.html
Outdated
a subject disputes a claim made by the issuer, e.g. the address property is out | ||
of date, or an entity disputes a (false) claim made by the issuer about a different subject, e.g. an imposter is claiming the entity's social security number. | ||
Only the subject of a verifiable credential, or its authorised | ||
agent, is entitled to issue a "DisputeCredential". A "DisputeCredential" issued by anyone other than the subject, or its authorised agent, SHOULD be disregarded by the verifier, unless the verifier has some out of band means of ascertaining the truth of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps instead of saying who is entitled to issue a "DisputeCredential" we should say that verifiers should only accept those issued by the subject? We say this in the next sentence, so perhaps just drop the one about entitlement?
Also, w3c specs use American English spelling so "authorised" => "authorized".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. I think we get in trouble when talking about "authorized agent" because we then have to explain what one is. Also, yes... W3C specs are in American English (for better or worse).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have removed authorized agent as requested.
for the <a>claim</a> in the "DisputeCredential" is the identifier of the disputed credential. For example, if a credential with an identifier of | ||
<code>https://example.org/credentials/245</code> | ||
is disputed, an entity may issue one of the following credentials. In the former case | ||
the subject might present this to the verifier along with the disputed credential. In |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
comma: In the former case,
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
index.html
Outdated
<code>https://example.org/credentials/245</code> | ||
is disputed, an entity may issue one of the following credentials. In the former case | ||
the subject might present this to the verifier along with the disputed credential. In | ||
the later case, the entity might publish the "DisputeCredential" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
later
=> latter
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
index.html
Outdated
"id": "http://example.com/credentials/245", | ||
"currentStatus": "Disputed", | ||
"statusReason": "Address is out of date", | ||
"address": "10 Some Street, Anytown, ThisLocal, Country X" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should probably use something like schema.org for these sorts of examples. Also, the address should be that of the subject... not that of the credential as is suggested here. I'm also not clear on whether what's being modeled here is the disputed address or the proper address. Maybe we just want to strike it and keep these dispute credentials simple for now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, strike it, keep dispute credentials simple for now. Only include currentStatus and statusReason. Strike address
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Address has been deleted.
index.html
Outdated
a subject disputes a claim made by the issuer, e.g. the address property is out | ||
of date, or an entity disputes a (false) claim made by the issuer about a different subject, e.g. an imposter is claiming the entity's social security number. | ||
Only the subject of a verifiable credential, or its authorised | ||
agent, is entitled to issue a "DisputeCredential". A "DisputeCredential" issued by anyone other than the subject, or its authorised agent, SHOULD be disregarded by the verifier, unless the verifier has some out of band means of ascertaining the truth of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. I think we get in trouble when talking about "authorized agent" because we then have to explain what one is. Also, yes... W3C specs are in American English (for better or worse).
index.html
Outdated
"id": "http://example.com/credentials/245", | ||
"currentStatus": "Disputed", | ||
"statusReason": "Address is out of date", | ||
"address": "10 Some Street, Anytown, ThisLocal, Country X" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, strike it, keep dispute credentials simple for now. Only include currentStatus and statusReason. Strike address
.
|
||
<pre class="example nohighlight" title="Expressing a disputed credential"> | ||
<pre class="example nohighlight" title="Another entity disputes a credential"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand what is meant by "Another".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is to cover the case where an imposter has managed to get my SS number in his VC. In this case, I am not the subject of the VC, as the imposter is the subject. So I am 'Another entity' who is publishing the dispute in a public place. We cannot replace 'another entity' by 'subject' or 'real subject' because it might be a DOS attack. So in reality, we have no idea who this other entity is, except by some OOB unspecified means.
Ping @David-Chadwick -- finally reviewed this PR -- @gannan reminded me to do this as it had once again fallen off of my radar. |
Closing in favor of #259, which rebases this one. This one was based on a version of the spec that was around 5 months old. |
Thanks Dave |
Added clarifying text and a second example.
Preview | Diff