[Openid-specs-digital-credentials-protocols] Security and Trust document

Joseph Heenan joseph at authlete.com
Tue Sep 12 19:53:55 UTC 2023 

Hi Tom

Focussing on this particular document, is your concern resolved if sentences like this:

"Identity of Holder: A Verifier can trust that the party presenting the claims in a session with the Verifier is (controlled by) the subject of the claims.”

(From https://github.com/vcstuff/oid4vc-security-and-trust/blob/main/draft-oid4vc-security-and-trust.md#trust-in-the-issuer-holder-verifier-model)

are replaced with something like this:

"Identity of Holder: A Verifier can trust that the party presenting the claims in a session with the Verifier is (controlled by) the party that the credential was intended to be issued to.”

?

Thanks

Joseph

> On 12 Sep 2023, at 16:06, Tom Jones via Openid-specs-digital-credentials-protocols <openid-specs-digital-credentials-protocols at lists.openid.net> wrote:
> 
> One major problem with the OAuth model and this contribution is the conflation of the subject and the holder.
> To be inclusive these two roles may be entirely different entities.
> It seems to be that this conflation must be excised if OAuth is to be acceptected as the digital credential model to be used for government supplied rights and privileges.
> 
> ..tom
> 
> 
> On Mon, Sep 11, 2023 at 8:14 AM Daniel Fett via Openid-specs-digital-credentials-protocols <openid-specs-digital-credentials-protocols at lists.openid.net <mailto:openid-specs-digital-credentials-protocols at lists.openid.net>> wrote:
>> Hi all,
>> 
>> I'd like to contribute the "Security and Trust" document to the DCP WG: https://github.com/vcstuff/oid4vc-security-and-trust
>> 
>> It has been discussed earlier, but had no official status so far. 
>> 
>> -Daniel
>> 
>> -- 
>> Openid-specs-digital-credentials-protocols mailing list
>> Openid-specs-digital-credentials-protocols at lists.openid.net <mailto:Openid-specs-digital-credentials-protocols at lists.openid.net>
>> https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols
> -- 
> Openid-specs-digital-credentials-protocols mailing list
> Openid-specs-digital-credentials-protocols at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20230912/adfe817e/attachment.html>

More information about the Openid-specs-digital-credentials-protocols mailing list