Comments (6)
David-Chadwick
commented on May 22, 2024
They are simply self-asserted claims. A user can always make whatever claims he wants to. It is up to the inspector to decide what trust or value he places in self-asserted claims.
from vc-data-model.
agropper
commented on May 22, 2024
Self-asserted claims can still be signed by the user. Given self-sovereign (blockchain) identifiers, the reputation linked to any particular signature can be highly variable and it's up to the inspector to decide what trust or value he places on the identity associated with a signature.
from vc-data-model.
David-Chadwick
commented on May 22, 2024
True. But practically speaking, if the holder has a secure connection to the inspector, and sends an unsigned credential in a signed message, or sends a self-signed credential in an unsigned message, this makes little difference from a trust perspective. It is still a self asserted claim that the inspector has to decide how much to trust it.
from vc-data-model.
agropper
commented on May 22, 2024
Practically speaking, it's preferred (from the perspective of driving adoption of our work) to have all claims handled the same way, regardless of the degree of trust in the signature.
from vc-data-model.
msporny
commented on May 22, 2024
if the holder has a secure connection to the inspector, and sends an unsigned credential in a signed message, or sends a self-signed credential in an unsigned message,
Those are both effectively signed claims.
This particular issue is about claims that have absolutely no digital signature associated with them. For example, Verifiable Claims can be used to assert product information like so:
http://schema.org/Product#eg-10 (See JSON-LD example)
That information can be shoved into any website. You can argue that if served over HTTPS, that it's effectively the site self-asserting the claim in a digitally verifiable way, but that's not always the case. For example, it could be served over HTTP... or it could be a blogging site that allows that sort of markup anywhere, asserted by any user of the site. In those particular cases, we fall back into the "No, or effectively no useful digital signature" scenario. Which is what this issue is attempting to call attention to.
from vc-data-model.
David-Chadwick
commented on May 22, 2024
In which case I return to my initial comment. Simply say "These are self-asserted claims that provide no technical means of verification. The inspector will need to use other out of band means to ascertain the veracity of the claim."
from vc-data-model.
Related Issues (20)
- Rewrite Proofs (Signatures) Section
- How should we refer to the Securing specifications? HOT 8
- Handle predicate for confidenceMethod in JSON-LD context HOT 4
- VC Vocabulary v2.0 does not have any term definitions HOT 3
- Media Types and HTTP HOT 4
- Update diagrams to use latest `proof` representations HOT 1
- Update diagrams to not use RSA, and generally be accurate HOT 2
- Remove reference to OdrlPolicy2017 HOT 2
- Remove reference to DocumentVerification2018 HOT 3
- Remove reference toCredentialManagerPresentation HOT 2
- Address "Credential" vs "VerifiableCredential" HOT 18
- Change `credentialSubject` to `subject` HOT 15
- Pull out `id` from `credentialSubject`. Change `credentialSubject` to `claims`. HOT 35
- Arrays of Arrays are problematic in VCDM HOT 5
- Make `validFrom` optional HOT 8
- Should we bundle contexts for credentialSchema and credentialStatus int he v2 core context? HOT 7
- Add VC-JWT diagrams to core specification HOT 6
- Collusion, i.e. collaboration, between Alice and Bob HOT 23
- Missing security considerations on MITM, cloning etc. HOT 3
- Respec VC plugin is breaking the build HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vc-data-model.