4D/ VC Revocations: On & Off Ledger

From IIW

VC Revocations, On and Off Ledger


Tuesday 4D

Convener: Gabe Cohen, Rory Martin, Lio Lunesu -- Workday

Notes-taker(s):

Tags for the session - technology discussed/ideas considered:

VC, Revocation


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Spec draft hosted at https://workdaycredentials.github.io/specifications/

Other relevant specs:

https://hyperledger-indy.readthedocs.io/projects/hipe/en/latest/text/0011-cred-revocation/README.html

https://w3c-ccg.github.io/vc-status-rl-2020/


Zoom Chat:


From bsuichies : #security

From Lio Lunesu : Spec’s at https://workdaycredentials.github.io/specifications/ (draft)

From Kyle Den Hartog : Gotcha thanks

From Paul Bastian : not with anoncreds

From Oliver Terbu : Anoncreds are not w3c compliant

From Dmitri Zagidulin : sorry forgot was muted!! :)

From Stephen Curran : ZKPs are W3C compliant.

From Oliver Terbu : Looking forward to see bbs+-based w3c-compliant creds with domain proofs :)  ; @Stephen: is there a implementation of anoncreds that use the w3c vc data model?

From Denys Popov : list  : 2020

From Dmitri Zagidulin : bitmapped list

From Stephen Curran : Evernym did a hack using anoncreds, but I expect that it will be BBS+ ZKPs that will get us to W3C

From Dmitri Zagidulin : +1 oliver

From Oliver Terbu : BBS+ will unite all communities :)

From David Huseby : Oliver is onto something ; )

From Dmitri Zagidulin : stephen - possibly a misunderstanding

From Oliver Terbu : Agree with stephen

From Oliver Terbu : I am wondering how we could use credentialStatus with non-membership proofs generated by the prover

From Oliver Terbu : (Which I guess is the right way of doing this)

From Mahesh Balan : IS this an alternate scheme to Hyperledger Indy revocation using cryptographic accumulators ?. Sorry, I am new to this, forgive me if it is a stupid question - https://hyperledger-indy.readthedocs.io/projects/hipe/en/latest/text/0011-cred-revocation/README.html

From Kyle Den Hartog : Yup, this takes a different approach with different tradeoffs.

From Oliver Terbu : Is it possible to define a credentialStatus method (for revocation) that requires additional info from the domain proof to be verified?

From Oliver Terbu : (The domain proof would get provided by the VP)

From Paul Dunphy : encrypted data counts as pseudonymisation under GDPR

From Oliver Terbu : Pseudonyms are PII

From Paul Dunphy : Yep

From Michael X Shea : agree

Retrieved from "https://iiw.idcommons.net/index.php?title=4D/_VC_Revocations:_On_%26_Off_Ledger&oldid=23265"