search

w3c / vc-data-model

W3C Verifiable Credentials v2.0 Specification
https://w3c.github.io/vc-data-model/
Other
290 stars 106 forks source link

Truth (or falsity) is not part of VCDM ecosystem #1472

Closed TallTed closed 5 months ago

TallTed commented 5 months ago

_Originally posted by @TallTed in https://github.com/w3c/vc-data-model/pull/1469#discussion_r1543582681_

https://github.com/w3c/vc-data-model/blob/1ab385f1e4daf04a6d6bca44f019d7fe7bc3bda0/index.html#L3030-L3032

Truth (or falsity) is not part of our remit. It is entirely possible that a holder and/or verifier might trust that everything issued by a given issuer is false. All that a verifier can trust is that the issuer made the claims contained in a properly secured verifiable credential.

msporny commented 5 months ago

Yes, I see your point. Want to raise a PR to address this, or I can? If you want to, can you re-assign yourself to address the issue?

iherman commented 5 months ago

The issue was discussed in a meeting on 2024-04-10

View the transcript #### 2.3. Truth (or falsity) is not part of VCDM ecosystem (issue vc-data-model#1472) _See github issue [vc-data-model#1472](https://github.com/w3c/vc-data-model/issues/1472)._ **Brent Zundel:** Ted, it's your issue, do you want to walk us through. **Ted Thibodeau Jr.:** possibly just deleting that paragraph. … the problem with "trust" at all is, it's outside the bounds of what we can really do. … we're cryptographically assuring that contents are the statements of the issuer, that's it. … there's nothing about the truth of them, or anything else. … just "this issuer said these things at this time". > *Ivan Herman:* +1 to TallTed. **Ted Thibodeau Jr.:** so talking about truth in the context of revocation doesn't make sense. > *Dave Longley:* +1 to TallTed. **Manu Sporny:** +1 to that, Ted. > *Dave Longley:* +1 to just remove the paragraph. **Manu Sporny:** I think we do have, in some other part of the spec, exactly what you said. > *Dmitri Zagidulin:* +1 to remove paragraph. **Manu Sporny:** I think it is generally presumed that you're going to listen to the issuer, but of course there are cases where you might not trust em. … or just a subset of what they're saying. I reacted strongly to "lets just delete it", but now that I'm reading it, if we have that language elsewhere,. … do you want to take this issue? **Ted Thibodeau Jr.:** yeah, I'll take it,. **Joe Andrieu:** this is a really good catch, Ted. I agree we don't have to depend on the trust. might be useful to say something about trusting that the issuer is using the mechanism correctly. **Brent Zundel:** sounds like we have a path forward, look forward to the PR.
TallTed commented 5 months ago

PR #1474 has been created to fix this.

msporny commented 5 months ago

PR #1474 has been merged, closing.