Hacker News new | ask | show | jobs
by brabel 1326 days ago
That's not how it works. You would just request a VC that states personal information about you from the government, including age (like an ID card which most countries have)... then, when you're required to prove you're a certain age, you can create a presentation object which only contains your age, nothing else. You can present that as many times as you want without the government knowing you did that (unless the receiver of the presentation decides it wants to inform the government about that! In which case there's nothing technology can do to help).
1 comments
askldfjaliwejf 1326 days ago
It very much can be.

Gov might require that on each sale, company re-verify identity (just like they demand you check ID on each sale).

That results in a network request to `proof.verificationMethod` on each sale, which contain a URL to the age verification for that one user.

Done. Gov now have records on how many times you bought beer. They might also request that the number/description of items be included on the verification request. but that is not necessary since credit cards are already being replaced with central bank issued payment systems (see india, brazil, etc)

link
brabel 1326 days ago
No, the system just isn't designed like that, the whole point of VCs is that the system becomes decentralized. To check a credential is valid you absolutely don't need to hit the Government, you need to trust its public key, which you can easily get once (or keep updating using things like DID)... you are arguing about a different system design that just doesn't exist and has no reason to exist.
link
0x6c6f6c 1325 days ago
> the whole point of VCs is that the system becomes decentralized.

You say decentralized, yet that Verifiable Data Registry seems like a central component to checking whether you are you. How is that not able to see that you checked your ID?

link
brabel 1325 days ago
That's not a centralized registry. In fact, it's usually a distributed ledger, normally a blockchain but any distributed database of public keys and IDs will do.

Also, the ID in the VC is not something that can easily be used to identify you. It may be in basic implementations, but it shouldn't. The W3C spec recommends using DID[1]... A DID is a random ID, basically, which is stored in the "distributed ledger" where others can find your current keys and other metadata (none of which containing personal data)... you can have as many DIDs as you want, e.g. one for each usage you make of your VCs, making it impossible to track you around... you should look at the W3C spec if you really want to understand how DIDs and VCs are supposed to work, the Auth0 website is a much lighter , pre-digested and somewhat more centralized version of things that make it much easier to get started (Which is a great thing, but hopefully you shouldn't judge VCs from only what they're pushing).

[1] https://www.w3.org/TR/vc-data-model/#dfn-decentralized-ident...

link