Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add section on delegation. #359

Merged
merged 3 commits into from
Jan 23, 2024
Merged

Add section on delegation. #359

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
acc402a
Add section on delegation.
agropper Jan 7, 2024
ff729a1
Fix grammar in delegation section.
msporny Jan 23, 2024
098da50
Add note that delegation isn't always initiated by the subject.
David-Chadwick Jan 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1022,6 +1022,50 @@ <h2>Privacy Considerations</h2>
<p>
</p>

<section>
<h3>Delegation</h3>

<p>
<a>Verifiable credentials</a> [[VC-DATA-MODEL-2.0]] are a standard data model
designed to mitigate risks of misuse and fraud. As a data model, <a>verifiable
credentials</a> are protocol-neutral and consider at least two types of
entities: <a>issuer</a> and <a>subject</a>. When the subject of a <a>verifiable
credential</a> is a natural person or linked to a natural person, privacy and
human rights can be impacted by the vastly more efficient processing of
standardized <a>verifiable credentials</a> as compared to their analog
ancestors.
</p>

<p>
Technology, in the form of standardized APIs and protocols for issuing
<a>verifiable credentials</a>, further enhances the efficiency of processing
<a>verifiable credentials</a> and adds to the risks of unforeseen privacy and
human rights consequences.
</p>

<p>
<a>Verifiable credentials</a> issuance has a request phase and a delivery phase.
The request might be made by the <a>subject</a> or another role, and delivery
can be to a client that might or might not be controlled by the subject.
Delegation is highly relevant for both phases. The <a>issuer</a> might delegate
processing of the request to a separate entity. The subject, for their part,
might also delegate the ability to request a <a>verifiable credential</a> to a
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that the subject may not always have the capability or ability to perform delegation. Examples include: a new born baby, a pet, and a person with dementia. So the request might be performed by a third party who was not delegated by the subject.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, excellent point, I'll work that into the text in the next revision.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in 098da50.

separate entity. Note that the subject might not always have the capability or
ability to perform delegation. Examples include: a new born baby, a pet, and a
person with dementia. So the request might be performed by a third party who was
not delegated by the subject. The ability to delegate is a third dimension in
the enhanced efficiency of processing <a>verifiable credentials</a> and has
impact on privacy and human rights.
</p>

<p>
The architecture described in this specification is designed for market acceptance through a combination of
efficiency and respect for privacy and human rights. APIs and protocols for
processing <a>verifiable credentials</a> do not favor delegation by the issuer
role over delegation by the subject role.
</p>
</section>

<section>
<h3>"Phoning Home" Considered Harmful</h3>

Expand Down