diff --git a/index.html b/index.html index 84aa4dab6..5e538599f 100644 --- a/index.html +++ b/index.html @@ -793,6 +793,26 @@

Types

specification that want to support extensibility in an interoperable fashion do.

+
+

+ It is important to note that the Verifiable Credentials data model is + intended to convey information about who said what about whom. + Credentials are not themselves an authority mechanism, but are + intended to convey information that can be useful in evaluating + whether to grant additional authority. +

+ +

+ For example, a Verifiable Credential can be used so that Alice (a + verifier) can verify that Bob (an issuer) said that + Carol (a subject) was an experienced programmer. + Based on this information, Alice might hire Carol and from there + use another authorization mechanism to permit Carol to administer + her computers, but Bob saying that Carol was an experienced + programmer does not itself grant her the authority to do so. +

+
+
@@ -1251,35 +1271,94 @@

Semantic Interoperability

Terms of Use

-

Terms of use can be utilized by an issuer, a subject, or a - holder to constrain the use of information expressed by the Verifiable - Credentials Data Model. The issuer places their terms of use inside - the credential before it is converted into a verifiable credential. - The holder places holder terms of use inside a presentation. +

+ Terms of use describe policy describing how a + verifiable credential or presentation + should be used or distributed. + For example, terms of use can be added to declare that a credential + or profile should not be stored in a database or shared by a holder + with another entity. +

+ +

+ From an information copying perspective, once information is shared + with a holder in an unconfined environment, it will always be + technically possible for that entity to share information, even + contrary to the intent expressed in the terms of use policy. + However, terms of use are still useful as an expression of what + policy participating parties are consenting to. + Well-behaving entities can use terms of use information to inform + their own behavior in regard to the information found in the + verifiable credential. + Enforcement can happen externally to an entity found in violation + of the terms of use: relationships or contracts could be severed, + trust could be lost, and in some cases legal action could be taken. +

+ +

+ A profile which wraps credentials must be interpreted of having + its terms of use through aggregation of the respective credential + plus the wrapping profile.

-

it is for further study how a subject who is not a - holder places terms of - use on his or her verifiable credentials. One way could be for the subject to - request the issuer to place them inside the issued verifiable credentials. Another - way could be by the subject delegating a verifiable credential to a holder and - placing terms of use restrictions on the delegated verifiable credential. -

-

The expression of - terms of use may be performed via the following property: +

+

+ As an example, consider a patient named Alice enrolling with a new + primary care provider, Carol. + She provides a presentation that aggregates proof of her insurance, + proof of her state identity, and her prior patient records from + her former primary care provider Bob. + On the presentation she sets the terms of use prohibiting third party + correlation for any of the data provided, and on her state identity + she prohibits archival of that information, since it is only needed + during initial enrollment. + This is useful because the issuers of the respective claims do not + personally require that this information not be correlated by a + third party, but this requirement is important to Alice. + Thus the terms of use require that Carol not correlate any of the + information provided with third parties for any of the information + provided in the presentation, but the state identity information must + additionally must not be archived. +

+

+ This example also provides a clear demonstration of why terms of + use are policy that an issuer must rely on external means for + enforcement. + Nothing about the transmission of this information with these terms + of use guarantees to Alice that their restrictions will be carried + out. + Under some schemes, if Carol were a malicious entity, she could + potentially unwrap the individual credentials from the presentation + and distribute them independently; receiving holders and + verifiers of those claims might never know that Alice did not want + Carol to distribute them further. + But if Carol were found to not be in compliance there may still be + consequences. + For example, if Alice presented evidence to the medical board that + Carol violated these terms, Carol's medical license might be + revoked. +

+
+ +

+ The expression of terms of use may be performed via the following + property:

termsOfUse
-
The value of this property MUST be one or more terms of use - that tell the verifier what actions it MUST perform if it is to - accept the verifiable credential or verifiable presentation. - If the verifier is not willing to accept these terms of use then it MUST reject - the verifiable credential or verifiable presentation. - Each termsOfUse comprises its type, - for example, IssuerPolicy, and - optionally its instance id. The precise contents of each term of use is - determined by the specific TermsOfUse type definition. +
+ The value of this property is one or more terms of use that tell + the holder or verifier what policy it should comply + with if it is to accept the verifiable credential or verifiable + presentation. + If the verifier is not willing to accept or does not understand + these terms of use then it SHOULD reject the verifiable + credential or verifiable presentation. + Each termsOfUse value MUST have a type (for example, + IssuerPolicy). + The precise contents of each term of use is determined by the + specific type definition.