[VC Security & Trust Document] Does a presentation require holder binding? #12
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Imported from AB/Connect bitbucket: https://bitbucket.org/openid/connect/issues/2014
Original Reporter: danielfett
Regarding this open question: “Should a "presentation" always mean/require cryptographic holder binding? Should these use cases where it is not required covered by the protocol?”
Giuseppe De Marco
2023-03-06
it may depends by use cases.
presenting personal identification data, for authentication purpose, or verifiable attestation of attributes, for instance: diploma use cases and any other attestation, like mDL. In these cases the binding of the owner and the proof of it’s willing during the presentation is a mandatory requirement.
there are other cases where the VC is a cinema ticket, a parking ticket, laundry ticket and other cases where the credentials may be shared between different holders. In this cases there would not be the security requirement of the binding and that’s up to the nature of the credentials and service it is required to be used on.
usually, these VC/services, should be like disposable tickets, to be used only once.
Different cases are subscriptions or VCs which, by their very nature, must be resubmitted from time to time.
The text was updated successfully, but these errors were encountered: