Versions Compared

Old Version 10

changes.mady.by.user Darrell O'Donnell

Saved on

compared with

New Version 11

changes.mady.by.user Darrell O'Donnell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
absoluteUrltrue

...

  • Is this Issuer Authoritative to issue a particular credential type under a governance framework.?
  • Is a Verifier Authorized to request a presentation under a governance framework.?
  • Does the answering Trust Registry acknowledge another Trust Registry under a governance framework.? 

The v2 efforts are exploring the following areas to be included in a new version of the protocol:

  • Approved Wallets - defining the wallet (applications) approved for use in a particular ecosystem.
  • Key Parameters Required (early candidate list):
    • DID Methods - listing the DID Methods supported by a governed ecosystem.
    • Credential Types - List the types of credentials that are in use. This includes:
      • Credential Formats - what formats (W3C JWT/JSON-LD/BBS+/etc/., AnonCreds, etc.)
      • Credential Schema - provides the data structure expected in the credentials.
      • Credential Definitions - provides information about each credential type.
      • Revocation Information - provides information about the approach to revocation, where relevant.
    • Roles - lists, in a simple string array, the formal roles that are active in an ecosystem.
    • EGFURI - URI for the Ecosystem Governance Framework, nominally a DID.
    • Assurance Levels - list the assurance levels defined in the EGF for a governed ecosystem.
    • more to come...
  • Requirements Capture - a loose capture: Trust Registry Protocol v2 - Loose Capture
  • Early input deck: https://docs.google.com/presentation/d/1qQiYTzFrLE4xMFQmgTMM_K6Op-cD6TsjDvUtiDqVmr8/edit?usp=sharing 

...

In the same W3C CCG thread, Daniel Hardman made this point:

I feel like decentralization is running into a difficult tension here: we want to democratize issuance (anyone can do it), but we want to trust a limited set of issuers (or at least, a limited set on any given topic). Anybody can create a COVID test result credential, but we only want to accept them if they were issued by a lab that we have reason to trust. Etc...

One solution to this problem is registries: list trusted sources and have your software check whether the issuer is on approved/accredited list by querying. Of course this re-centralizes around the oracle.

...