agropper
commented
5 years ago I have a related use-case in UMA where the Authorization Server is separate from the Resource Server and could be a holder for the subject, Alice. This is Alice-to-Bob authorization as opposed to Alice-to-Alice of typical Oauth.
In the UMA case, (1) The developer of Bob's client issues a software statement which could be a VC, to Bob as holder (2) Bob issues a Dynamic Client Registration credential to Alice's Authorization server as holder (3) Alice's Authorization Server issues a credential to the Resource Server (Identity Hub?) that results in the connection between the RS (where Alice is the Subject) and Bob's client.
The benefit here is that the RS as verifier bears little risk of breach as long as the trust between the RS and Alice is adequate. In a previous step not listed above, the RS registers as a Client with Alice's AS. This is an Alice-to-Alice flow because Alice has separate credentials at both the RS and the AS. This is the root of trust between RS and AS and allows the AS to be self-sovereign to Alice under HIPAA, GDPR and similar "right of access" domains.
Adrian
On Thu, May 9, 2019 at 8:54 AM anthonycamilleri notifications@github.com wrote:
Dear all,
I am working on an extension of the Verifiable Claims Data Model for the European Commission's Europass Project, which is creating a framework for digitally-signed credentials. More information available from the project website https://ec.europa.eu/futurium/en/europass/digitally-signed-credentials.
One of our use/cases involves creating credentials which are made up of other credentials.
Example:
- Student does a semester at the University X for which they are issued a credential with claims describing learning done at the University X (their home university)
- Student does a second semester as an exchange student at the University of Y for which they are issued a credential with claims describing learning done at the University of Y.
- Student then does an internship with Company Z, for which they are issued a credential with claims describing the learning done at the apprenticeship for University Z
Based on the achievements outlined in the claims above, University X now issues a new credential, in the form of a degree, which includes:
- claims related to the degree as a whole
- the credentials already issued above embedded within the degree credential.
Under this use-case should the embedded credentials be embedded as (a) credentials, or (b) presentations? Are their any guidelines for how to format them under credentialsubject?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/w3c/vc-use-cases/issues/99, or mute the thread https://github.com/notifications/unsubscribe-auth/AABB4YIQEPTYKUTVIAB6RNLPUQNIJANCNFSM4HL2HBPQ .
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: https://patientprivacyrights.org/donate-3/
David-Chadwick
jandrieu
Dear all,
I am working on an extension of the Verifiable Claims Data Model for the European Commission's Europass Project, which is creating a framework for digitally-signed credentials. More information available from the project website.
One of our use/cases involves creating credentials which are made up of other credentials.
Example:
Based on the achievements outlined in the claims above, University X now issues a new credential, in the form of a degree, which includes:
Under this use-case should the embedded credentials be embedded as (a) credentials, or (b) presentations? Are their any guidelines for how to format them under credentialsubject?