msporny
commented
2 weeks ago @jandrieu Can you provide a concrete replacement definition that the group could discuss?
Open jandrieu opened 2 weeks ago
msporny
commented
2 weeks ago @jandrieu Can you provide a concrete replacement definition that the group could discuss?
jandrieu
commented
2 weeks ago How about
Controller documents express how to verify interactions with a given identifier. Each document lists verification methods for that can be used to secure and verify various cryptographic proofs.
When a proof is communicated, it
- includes the id of the controller document,
- the verification method used, and
- the verification relationship used for the proof.
To evaluate a proof, verifiers retrieve the details necessary from the associated controller document, verify the verification relationship, and apply the algorithm specified for by the verification method to verify the proof.
In this manner, controller documents enable the verification of actions taken on behalf of an identifier, such as
- authenticating as login
- attestations as digital credentials
- delegation of capabilities
- invocation of capabilities
- encryption and decryption using agreed-upon keys
selfissued
commented
2 weeks ago I don't love "verify interactions with a given identifier". To unspecific. Can you take another stab at this phrase, Joe?
Other than that, this seems like a step in the right direction. Thanks.
jandrieu
commented
2 weeks ago I don't love "verify interactions with a given identifier". To unspecific. Can you take another stab at this phrase, Joe?
Yeah. It's a tough language challenge. FWIW, I think "verify" is the right verb, given "verification relationships" and "verification method".
That leaves the thing being verified and the source of the thing verified. I think I was trying to avoid naming the entity creating the source, but putting it in explicitly maybe clears up the nuance.
verify interactions with a given identifier
[original, but awkward]
verify actions taken by a given identifier
[the identifiers don't take actions, though]
verify proofs demonstrating actions taken by the identifier
[the identifiers don't take actions, though]
verify proofs created by the controller of an identifier.
[this is the most concrete, but also it loses the semantics of what is meant by the proof]
verify actions taken by the controller of an identifier
[This finally connects real world things (actions) with a real world entity (controller).]
Thoughts?
dlongley
commented
2 weeks ago I think I like this one the most: "verify proofs created by the controller of an identifier." It doesn't introduce an (arguably) new concept "actions" and focuses on the verification methods, proofs, and controller of the identifier.
EDIT: to make it flow into the bulleted list:
"In this manner, controller documents enable the verification of proofs created by the controller of an identifier, such as proofs for the purpose of"
selfissued
commented
2 weeks ago Once again, I like @dlongley's wording suggestion. Although this one is really good too:
verify actions taken by the controller of an identifier
iherman
commented
3 days ago The issue was discussed in a meeting on 2024-09-11
This framing suggests that controller documents relate a Controller, as in a specific entity, to a set of data.
I'd argue that this is a mistaken statement of what a controller document expresses.
Controller documents express the verification methods useful for verifying particular interactions with a given identifier. This is done by defining verification relationships which link the identifier to particular verification methods.
It is important to note that the actual Controller, i.e., the entity that actually controls the controller document, is NOT described by the controller document. That would be better expressed in a VC with the that identifier as a subject.
What is described in the controller document is how you verify particular interactions, not the entity involved. That is a question of identity assurance, which might be achievable once a controller document establishes certain verification methods as suitable to give a verifier confidence that the current action (attestation, authentication, delegation, invocation, or en/decription) was performed by a legitimate agent of the controller of the controller document.