Add validation section regarding holder #1199
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4853,6 +4853,73 @@ <h3>Issuer</h3> | |
| </p> | ||
| </section> | ||
|
|
||
| <section class="informative"> | ||
| <h4>Holder</h4> | ||
| <p> | ||
| The value associated with the <code>holder</code> <a>property</a> is expected | ||
| to be usable to identify the <a>holder</a> to the <a>verifier</a>. | ||
| </p> | ||
| <p> | ||
| Relevant metadata about the <code>holder</code> <a>property</a> is expected | ||
| to be available to the <a>verifier</a>. For example, a <a>holder</a> can | ||
| publish information containing the verification material used to secure | ||
| <a>verifiable presentations</a>. This metadata is relevant when | ||
| checking proofs on <a>verifiable presentations</a>. | ||
|
There was a problem hiding this comment. This section presumes far too much on behalf of the verifier. VCs are most useful when, in fact, the verifier knows nothing about holder except what is presented by VCs and VPs. It may be that you are thinking in terms of a specific securing mechanism, but to be clear, if I have a DID from a method I'm willing to accept, there is no meta-data required to verify. The DID provides the data I need. There was a problem hiding this comment.
...which implies that there is no relevant metadata to be available, which satisfies the first sentence. What would you change? There was a problem hiding this comment. If there is no metadata, then I would not expect it to be available. Perhaps more importantly, this notion that a holder is going to publish anything is confusing. Holders don't "publish". I think this is trying to explain that if the holder property is not a DID, you can do magic, but if it's not, you need a bunch of extra metadata. But its trying to say this without mentioning DIDs. However, this is not correct. It could be a simple URL with a type someone knows how to use to do the verification. There was a problem hiding this comment. This is copy pasted from the issuer section on security... IMO it either applies to issuers and holders consistently (meta data related to keys is required to check proofs), or holders don't have keys / presentations don't have security. There was a problem hiding this comment.
I'm confused by
Why is anything being said identically in two sections?
I think issuers (who will be issuing MANY VCs) are expected to have substantially more VC-related infrastructure than holders (who will be issuing relatively small numbers of VCs/VPs, probably via wallets in most if not all cases), so I don't think much will |
||
| </p> | ||
| <p> | ||
| See the <a data-cite="VC-IMP-GUIDE/#subject-holder-relationships"></a> and | ||
| <a data-cite="VC-USE-CASES#user-tasks"></a> for additional examples related to <a>subject</a> and <a>holder</a>. | ||
| </p> | ||
|
|
||
| <p class="note"> | ||
| `Issuer`, `subject`, and `holder` are graph nodes which support multiple representations, | ||
OR13 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| potentially making it complex to evaluate whether these roles are being filled | ||
| by appropriate entities. Validation is the process by which verifiers apply business rules to | ||
OR13 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| evaluate the appropriateness of a particular use of a Verifiable Credential. | ||
OR13 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| </p> | ||
| <ul> | ||
| <li> | ||
| <a href="#issuer">Issuers</a> define expressions of an `issuer` in <a>credentials</a> | ||
| </li> | ||
| <li> | ||
| <a href="#presentations-0">Presentations</a> define expressions of a `holder` in <a>presentations</a> | ||
| </li> | ||
| <li> | ||
| <a href="#credential-subject">Credential subjects</a> define expressions of a `credentialSubject` in <a>credentials</a> | ||
OR13 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| </li> | ||
| </ul> | ||
| <p> | ||
| A <a>verifier</a> might need to validate a given <a>verifiable presentation</a> | ||
msporny marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| against complex business rules; for example, the verifier might need confidence | ||
| that the <a>holder</a> is the same entity as a <a>subject</a> of a <a>verifiable | ||
| credential</a>. In that situation, the following factors can provide | ||
| reasonable confidence that the holder presenting a given | ||
| <a>verifiable credential</a> is, in fact, a subject of that | ||
| <a>verifiable credential</a>: | ||
OR13 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| </p> | ||
| <ul> | ||
| <li> | ||
| The <a>verifiable presentation</a> is secured, | ||
| using a mechanism the <a>verifier</a> trusts to protect the integrity of the content. | ||
| </li> | ||
| <li> | ||
| The <a>verifiable presentation</a> includes one or more <a>verifiable credentials</a> that are secured, | ||
| using a mechanism the <a>verifier</a> trusts to protect the integrity of the content. | ||
| </li> | ||
| <li> | ||
| <p> | ||
| When the identifiers for `holder` and `subject` are the same. | ||
awoie marked this conversation as resolved.
Show resolved
Hide resolved
OR13 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| </p> | ||
| </li> | ||
| <li> | ||
| <p> | ||
| When the verification material used to secure a <a>verifiable presentation</a> | ||
| is also present in the claims about the credential <a>subject</a>, either by value or by reference. | ||
OR13 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| </p> | ||
OR13 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| </li> | ||
| </ul> | ||
| </section> | ||
|
|
||
| <section class="informative"> | ||
| <h3>Issuance Date</h3> | ||
|
|
||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.