Clarification needed regarding "the subject of a VC"

[RieksJ]

In the VCDM, the term 'subject' is only defined in relation to claims, not in relation to credentials. Since a VC is a (non-empty) collection of claims, the phrase "subject of a VC" is generally indeterminate - it only makes sense if the VC contains a single claim.

I have witnessed many discussions in which people have assumed that every VC does have a subject, and it causes lots of confusion, for example between people that are attempting to author a paper in the context of RWOT on 'holder binding'.

It would really help if the VCDM were very clear in this respect, but it currently is not: the phrase "subject of the [verifiable] credential" appears multiple times (even in the definition of "holder"), and it causes various people to argue that it is ok to talk about "the subject of a VC".

I suggest to

• change the replace all occurrences of "subject of the credential" and "subject of the verifiable credential" by texts that state what actually is the case, e.g., "subject of a claim in the (verifiable) credential".
• replace the definition of 'subject' with something like "The (single) entity to which a given set of coherent data relates/pertains. In a VC, every claim has a subject (VCs themselves do not)."

[RieksJ]

The evidence section of VCDM is saying stuff like "In this evidence example, the issuer is asserting that they physically matched the subject of the credential to a physical copy of a driver's license with the stated license number."

While this note might seem reasonable, there is no specification whatsoever about the meaning of the contents of the evidence-claim. The reader can hallucinate that a driver's license with serial 123AB4567 has been verified by the issuer, where the subject of the driver's license as well as the physical document would have been physically present, but that does not mean that the subject of the driver's license is actually the same as the subject of the claim (that is identified by did:example:ebfeb1f712ebc6f1c276e12ec21).

I also suggest adding a line "subjectIdentifier": "did:example:ebfeb1f712ebc6f1c276e12ec21" to the evidence part, so that it becomes:

  "evidence": [{
    "id": "https://example.edu/evidence/f2aeec97-fc0d-42bf-8ca7-0548192d4231",
    "type": ["DocumentVerification"],
    "verifier": "https://example.edu/issuers/14",
    "evidenceDocument": "DriversLicense",
    "subjectIdentifier": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "subjectPresence": "Physical",
    "documentPresence": "Physical",
    "licenseNumber": "123AB4567"
  }],

This would imply that the verifier would ALSO have verified that the subject that presented the driver's license is actually identified by did:example:ebfeb1f712ebc6f1c276e12ec21. Rather than assuming that readers will infer this themselves, I would recommend to explicitly state this.

[awoie]

In the VCDM, the term 'subject' is only defined in relation to claims, not in relation to credentials. Since a VC is a (non-empty) collection of claims, the phrase "subject of a VC" is generally indeterminate - it only makes sense if the VC contains a single claim.

I have witnessed many discussions in which people have assumed that every VC does have a subject, and it causes lots of confusion, for example between people that are attempting to author a paper in the context of RWOT on 'holder binding'.

It would really help if the VCDM were very clear in this respect, but it currently is not: the phrase "subject of the [verifiable] credential" appears multiple times (even in the definition of "holder"), and it causes various people to argue that it is ok to talk about "the subject of a VC".

I suggest to

• change the replace all occurrences of "subject of the credential" and "subject of the verifiable credential" by texts that state what actually is the case, e.g., "subject of a claim in the (verifiable) credential".
• replace the definition of 'subject' with something like "The (single) entity to which a given set of coherent data relates/pertains. In a VC, every claim has a subject (VCs themselves do not)."

I agree that this text is confusing. We also had the discussion on whether a VC without a credentialSubject.id, i.e. an explicit identifier, has an implicit subject. This is for example important for people that don't use unique identifiers for identifying the subject -> e.g., anoncreds and potentially others such as BBS+.

[RieksJ]

VCDM says that a claim without a credentialSubject.id is a 'bearer-claim'.

[TallTed]

VCDM says that a claim without a credentialSubject.id is a 'bearer-claim'.

I would call that a bug. Such a claim might be a "bearer-claim", but I do not think the bearer is the only possible implicit subject. I can conceive of, for instance, a scenario where the VC says (in pseudo code) "the entity with value x for property y also has value q for property r" where each value of property y is only ever associated with a single individual.

[RieksJ]

I agree. The formal semantics for claims without a credentialSubject.id is that the claim is made about some (further unspecified) entity that the issuer knows to exist. Whether or not that would be the bearer is pure speculation.

[David-Chadwick]

I agree. There are many ways of binding a VC to a subject without needing a cryptographic ID. The issuer might include the name and address and passport number of the subject in the subject's properties, which might require the holder to present their passport to the verifier at the same time as the VC.

[awoie]

I agree that we should the Verifier perspective is important to Section C. However, the meta-question is if Section C should stay in the VCDM specification or will be part of the implementation guideline.

[OR13]

I am in favor of moving informative guidance to implementation guide.

If there is normative requirements on this, I suggest we start that from scratch given the assumptions might no longer hold.

[awoie]

Moved to implementation guide since Section C is now in the implementation guide.