search

w3c / identity-web-impact

This document proposes an overview of Digital Identities on the Web and an analysis through different use cases of the systemic impact on both the market side and the human side, as well as the role that Web standardization may play in managing that impact
https://www.w3.org/reports/identity-web-impact/
1 stars 4 forks source link

Consider chain of trust and that cryptographic trust also involves verifying the issuer #34

Closed verocri closed 2 months ago

verocri commented 2 months ago

In the terminology of Cryptographic and Human trust, consider also the case of a chain of trust and that cryptographic trust involves not only ensuring that the credential hasn't been tampered with, but also that it was issued by an issuer you trust.

So,

Cryptographic methods ensure that the credentials haven’t been tampered with. Human trust involves trusting the entity that issued the credential and that the issuer provided the credential to the legitimate user.

could be modified as "Cryptographic methods ensure that the credentials haven’t been tampered with and that they have been issued by a trusted issuer. Human trust involves trusting the entity that issued the credential or, in the case of an issuer chain, trusting the root, and that the issuer provided the credential to the legitimate user."

simoneonofri commented 2 months ago

https://github.com/w3c/identity-web-impact/pull/35 for your review