Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[USE CASE] referencing resource descriptions in a registry #6

Open
2 tasks
philbarker opened this issue Feb 10, 2021 · 4 comments
Open
2 tasks

[USE CASE] referencing resource descriptions in a registry #6

philbarker opened this issue Feb 10, 2021 · 4 comments

Comments

@philbarker
Copy link

philbarker commented Feb 10, 2021
edited
Loading

Actor

The issuer of a verifiable credential (Note, this may be the owner of the achievement being referenced, but could also be a third party providing a verification or notarizing service)

Submitter

Phil Barker, for Credential Engine

User Story

The actor wishes to create a Verifiable Credential to assert that someone has achieved something such as mastered a competence, earned an educational/occupational credential or has a number of years experience in a Job role. The thing achieved, e.g. the competence, credential or job role, is fully described in a registry such as the Credential Engine’s Credential Registry that can deliver an RDF description of it through the resolution of a URI. The actor wishes to use this data about the thing achieved in the verifiable credential in a way that embeds enough information into the VC to be resilient in a diverse and changing ecosystem of services but avoids unnecessary data duplication.

Data Concepts

How much data needs to be embedded in the VC? The URI alone is enough to retrieve all the information held, but perhaps some more information should be included for systems that do not or cannot retrieve external data or cannot interpret the data supplied by the registry, but is it necessary to embed all the information that the registry holds about the thing achieved in the VC. 

An added complication is that registries for the same type of thing may use different schema to describe them. Does the VC need to use a fixed vocabulary, can it use any vocabulary, should there be some information about mapping between the vocabularies?

Restrictions

Verifiable Credentials

Registries for things that holders have achieved

URI resolution or API to retrieve data from the registry. It is assumed that the registry uses RDF / linked data principles and that resolving the URI for the achievement results in RDF data being returned. (Example credential from the Credential Engine Registry:

Tags

  • [ x ] issuer-to-subject
  • subject-to-relying-party
  • [ x ] system-to-system
  • [ x ] peer-to-peer
  • subject-initiated
  • [ x ] workforce
  • [ x ] k-12
  • [ x ] post-secondary
  • [ x ] informal
  • [ x ] e2e (i.e. issuer-to-subject-to-relying-party)
  • [ x ] multiple-issuers (i.e. multiple parties involved in credential issuance)

Tag Details

Seems to be relevant to pretty much any scenario where data is transfered, but who initiates the transfer doesn't seem relevant.
@kayaelle
Copy link
Collaborator

This is a good use case to include in verifiable credential & verifiable presentation discussion.

@philbarker - could you please add some verification/consumption examples below for this user story?

@philbarker
Copy link
Author

Sorry @kayaelle I don't know the details of how verification and/or consumption work for VCs, and I don't know how the scenario I outline would affect them. But I guess it's something like:

The subject sends their VC to someone who can hopefully get the information they need about the acheivement either from the data in the VC itself or by reference to the registry. The verifier can verify that what is in the VC itself has not changed since the credential was issued, however what is in the registry may have changed. Depending on the registry policy, these changes may just be a better representation of what the acheivement was when the VC was issued, or they may represent changes to the requirements of the acheivement.

Aside: hopefully significant changes to the acheivement would result in a new record in the registry (that is Credential Engine policy). However with complex acheivements (e.g. attainment of a Bachelor degree) it could be argued that one component being swapped for another while maintaining the overall objectives does not constitute a significant change: is the degree different because one optional course is removed and another put in? or if two courses are merged? Over time this may lead to a Ship of Theseus (or Trigger's broom) problem. The degree program that I took 35 years ago has been offered continuously since then, I doubt that at any time during the period was a change made that would suggest it lead to a different degree award, but I doubt any of it is the same as when I took it. (Again, describing the degree requirements in detail & with versioning can avoid this.)

@kayaelle
Copy link
Collaborator

Thank you @philbarker. I appreciate the mention of Ship of Theseus and Trigger's Broom (Hah! please watch the video Phil provided)

@philbarker
Copy link
Author

I would like to let people know that I have written an open discussion document for Credential Engine about how this might be handled: if you're interested please see this Google doc and feel free to leave any comments, questions or suggestions.

@kayaelle kayaelle mentioned this issue Feb 4, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kayaelle @philbarker