Remove delegation #283
Remove delegation #283
Conversation
Rebasing (I hope!)
update my fork
| second verifiable credential is likely to be application specific, and therefore | ||
| this specification does not standardise the contents of this second verifiable | ||
| credential. Nevertheless a non-normative example is given in Appendix A.2 | ||
| </p> |
index.html
Outdated
| The Subject Only Terms of Use states that a verifiable credential MUST only be | ||
| presented to a verifier by the subject. If a verifier is presented with a | ||
| verifiable credential containing the Subject Only Terms of Use, by anyone other | ||
| than the subject, it MUST refuse to accept it. |
There was a problem hiding this comment.
With selective disclosure, there is no way to ensure that a verifier ever sees the Subject Only Terms of Use.
There was a problem hiding this comment.
Please see the question here about this issue: #282 (comment)
There was a problem hiding this comment.
Post ZKP discussion: The selective disclosure schemes being implemented do indicate that a ToU is present in a credential definition, allowing for a verifier to request it (and thereby require it). The presenter can also prove if their particular credential happens to not possess a ToU should it be requested but not present.
There was a problem hiding this comment.
Great. So I will update the PR to remove conflicts with the latest version of the spec
|
Merge conflicts are preventing the merge of this PR. |
|
I believe I have now resolved the conflicts, and I have also replaced the subjectOnly ToU with subjecOnly property. @msporny. I already posses two physical plastic cards that are marked subjectOnly by the issuer. So I am quite sure that this property will be a common use case for VCs. |
There was a problem hiding this comment.
A file called index.text has been added to this PR. Please remove it so I can pull the PR in. All the other changes seem good to me.
@msporny I dont know how this happended or what it contains. I also dont know how to remove it. Can you advise me please
It's not the use case that I'm concerned about. It's the data modeling aspect of it, which I haven't been able to think about deeply. At present, almost all VCs our company is issuing are "subjectOnly" credentials, which are implicit and which the verifier determines whether or not to allow anyone except for the subject to use them... the rules are often complex and we are concerned about issuers placing "subjectOnly" on every credential and hobbling the ecosytem by doing so. Like, for example, due to regulatory pressures, prescription issuing software may mark those VCs as "subjectOnly" when quite often people pick up prescriptions for other people. Marking those things as "subjectOnly" may force implementations to break conformance to make complex determinations... |
|
@msporny. I think you are introducing red herrings in your discussion above. In one of my plastic cards, the local council is the issuer of my free bus pass, and it has EXPLICITLY stipulated Subject Only on it, to all the verifiers (buses) in the country. i.e. only I am entitled to free travel on buses with this VC. So |
|
@msporny I don't know how the index.text file got there and I don't know how to delete it. Could you help please |
Yes, agreed. I don't think the current way it's being expressed in the data model is the right way to do it... but don't have an alternate suggestion at this point (I will in time, but haven't been able to think about it deeply). In other words, not suggesting how to do it is better than suggesting the wrong way to do it. I think the right way to do it is probably by putting it in termsOfUse that the issuer provides. |
Fixed. |
|
@msporny Thanks for fixing the index.text file problem. |
Preview | Diff