Currently you are able to issue a credential if you have a VerifiedIdentityCredential issues by one of the trusted roots.
To prevent users of other systems we only want to consider users with such a credential issued by the current root identity. So we no more consider all trusted roots when being able to issue credentials.
Next to this we still can use RBAC to issue credentials. These were already adjusted.
Context:
User with a VC of type VerifiedIdentityCredential (VIC)
A user with a VC of type VerifiedIdentityCredential (VIC) is able to issue credentials to others. In this way, we can connect the system to other IS using VCs. For instance User1 of SystemA with a VIC can issue credentials on SystemB if SystemB has added SystemA as trusted root.
Problem:
Sometimes an instance operator might want to have trusted roots just to check whether it trusts a credential but don’t want external users to issue new credentials in their system.
Example: An e-commerce provider wants to add other banks as trusted roots to create a network of trust in order to attest whether a user is above a specific age. But he doesn’t want to allow the bank employees to issue credentials using their VIC in his name.
Solution: We can rely on RBAC but also on VCs to issue credentials. But we don’t consider the pool of trusted root identities but only the current server identity. So only users with a credential issued by the root identity can issue credentials or they can also based on their role issue credentials.
Currently you are able to issue a credential if you have a VerifiedIdentityCredential issues by one of the trusted roots.
To prevent users of other systems we only want to consider users with such a credential issued by the current root identity. So we no more consider all trusted roots when being able to issue credentials.
Next to this we still can use RBAC to issue credentials. These were already adjusted.
Context:
User with a VC of type VerifiedIdentityCredential (VIC) A user with a VC of type VerifiedIdentityCredential (VIC) is able to issue credentials to others. In this way, we can connect the system to other IS using VCs. For instance User1 of SystemA with a VIC can issue credentials on SystemB if SystemB has added SystemA as trusted root.
Problem: Sometimes an instance operator might want to have trusted roots just to check whether it trusts a credential but don’t want external users to issue new credentials in their system.
Example: An e-commerce provider wants to add other banks as trusted roots to create a network of trust in order to attest whether a user is above a specific age. But he doesn’t want to allow the bank employees to issue credentials using their VIC in his name.
Solution: We can rely on RBAC but also on VCs to issue credentials. But we don’t consider the pool of trusted root identities but only the current server identity. So only users with a credential issued by the root identity can issue credentials or they can also based on their role issue credentials.