Distinguish between BadgeClass Creator and Assertion Issuer

[timothyfcook]

Per #50 we have to make some decisions about how to resolve this once and for all.

There are a number of issues at play here:

1. Identity: Differentiating the identities of the Creator versus the Issuer of the badge; this introduces the new concept of Creator as the owner of a badge (also could be called author). 2. Authorization-to-Issue: Allowing the Creator to authorize (or "endorse") additional parties to allow the additional party to issue the badgeClass originated by the Creator.

Possible options for addressing this:

[timothyfcook]

Discussion from the Standards call:

• How does platform B tell that an issuer on it has been granted the ability to issue assertions based on a badgeclass defined on platform A?
• By checking that the issuer has a specific badge? We would need an extension related to conditions and issuing platforms would need a policy enforcement point (PEP). After all, badges are credentials, and we should be able to use such credentials to make decisions... +1000
• Could the badge creator force the issuing process take place in specific platforms that have PEP?
• How does a consumer using a badge validator determine that an assertion created on platform B is authorized to be issued by platform A (the creator of the badgeclass)
• Kerri: Maybe the url should point to the original badgeclass (which references its issuer), not point to the original issuer directly.
• Maybe an endorsement/authorization link provided in the new assertion that points to an assertion of the relevant authorization
• Tim: +1 to Kerri. Copying badgeclasses does seem to be a messy process

[ottonomy]

You're right to split this into two questions, @timothyfcook.

1. How can we denote that an issuer other than an Assertion's BadgeClass's issuer has created the Assertion?
2. How can we determine whether the BadgeClass's creator has authorized the Assertion's issuer to award that BadgeClass to extend our trust in the creator to the issuer. Or, how could we decide whether or not to trust the issuer absent this kind of authorization?

[timothyfcook]

User stories

• As a badge issuer, I want the ability to issue a badge that was created by a different entity so that I can issue any badge if I receive proper authorization to issue that badge.
• As a badge issuing platform, when I receive a request to create an Assertion to be issued by an entity that is not the associated BadgeClass's creator, I want the ability to understand that the requesting entity is authorized to award Assertions of this BadgeClass.
• As an inspector, I want to be able to tell that an Assertion was awarded by an entity other than the one that defined the associated BadgeClass.
• As an inspector, I want to be able to tell that the issuer of an Assertion is authorized to award badges of that associated BadgeClass.

Noted as a priority in the use-case document created by the community.

[timothyfcook]

Relates to #75

[szerge]

One simple way to authorise an issuer to use a badge class could be to check that the issuer has earned that badge. This could be a default mechanism.

That means that issuing platforms need to check the credentials of the issuer. If this is achieved, then we could have more complex rules regarding credentials, e.g. using logical connectors.

[kayaelle]

More Use Case Stories:

An international organization has a certified training program. Local chapters deliver the program and award badges recognizing the successful completion of the certification program. Badges are recognized locally and internationally as pertaining to both the local chapters and international organization.

An organization offers Open Educational Resources (OER) that have associated badges. Anyone is free to use these resources and issue the badges.

A company creates and encourages an employee culture program that cultivates better working relationships and teamwork. Employees are encouraged to award badges to their fellow employees. Within the company, employees like to see who issued which badges to who.

A peer review platform awards badges for content created that aligns to established standards. Peers review the content and award badges. The badges are from the platform but the issuers are the peers. Both the platform and the issuer name is necessary for the inspector.