Can we trust metadata? Why? (was: SVG? really? And metadata more broadly) #282
Comments
|
The title of this issue is not helpful. What is the problem with SVG? And there are no SVG logos for individual fields, just for the whole type. Display metadata is already in use in a couple of wallet implementations and I just yesterday spoke to a team implementing an EUDI wallet and they plan to use the display metadata mechanism. |
|
So how do you deal with people copying logos?
…On Wed, Dec 4, 2024, 12:00 AM Daniel Fett ***@***.***> wrote:
The title of this issue is not helpful. What is the problem with SVG?
And there are no SVG logos for individual fields, just for the whole type.
Display metadata is already in use in a couple of wallet implementations
and I just yesterday spoke to a team implementing an EUDI wallet and they
plan to use the display metadata mechanism.
—
Reply to this email directly, view it on GitHub
<#282 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAISLY74GR3K2WW5WYYWL5T2D2ZCBAVCNFSM6AAAAABS66CKC6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKMJWGQ3DGMJTGA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Sorry, is this still related to SVGs? |
|
Yes. By putting in an element that's intended (and there's not a lot of
text about this) to be displayed directly to the user you raise the issue
of Issuer A using a logo associated with Issuer B. Do verifiers need to not
display the logos to users?
…On Wed, Dec 4, 2024, 5:18 AM Daniel Fett ***@***.***> wrote:
Sorry, is this still related to SVGs?
—
Reply to this email directly, view it on GitHub
<#282 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAISLY243R7IFB565LEHMKL2D36KXAVCNFSM6AAAAABS66CKC6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKMJXGMZDINZTGQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
I think the real question here is - why should anyone trust metadata in general? How can a wallet know that the content is fine to display to the user? This is what must be addressed in the specification. I'll change the title accordingly. If there are any issues specific to the format of the logo, please file a separate issue. |
danielfett
changed the title
danielfett
changed the title
|
Metadata is information asserted by the issuer (hence, should be integrity protected, which I believe it is). Issuer must be trusted for the information (credential or the metadata) to be trusted. |
|
I can trust Alice Co to produce its corporate ids. I can't trust them to create Bob co's corporate ids. Trust is not an absolute, and the text indicating anything about this is not in the security considerations sections and would need to be. |
|
This is why usually accreditations are introduced (they limit the scope of attestations - e.g., you can only attest information about own employees). Authors will know whether that's in scope or not. |
|
Once again, that's not in the Security Considerations section. If we wanted it in there we should say "verifiers MUST NOT trust issuers that cannot be trusted to assert anything they please". We should be explicit this is for a very closed system. That's not compatible with a DID world. Secondly, the accredation is by definition reactive: it looks at policies that existed in the past and are in place. That's not as good as preventing the issue. We've been through these issues with X509 and browser UI and certificates. We learned a lot. And logos are I think very powerful ways to misdirect users. People will learn to look for them, and then get fooled. |
|
If I understand correctly, there are two topics to cover
|
|
That's a different issue, which also should be raised or discussed somewhere. Metadata isn't claims per se. But if you e.g. have a logo that gets displayed, that can be interpreted by a user as a claim. |
|
Today (at least in eIDAS) signer/issuer information is always expressed in an x509 certificate issued by a trusted authority (issuer/signer information is never self-asserted); Logo could be one of the 'issuer' claims, which brings us to the question: which metadata claims can be made by the issuer. In governed ecosystems, probably only few, if any, as regulation defines what claims an issuer can make about the user. |
|
And once again, that is not in the four corners of the text here. I think this is something that also needs to go on the list. |
I really don't get why SVG logos for individual fields is supported. Also I'm not sure about the value of this display metadata. Are people going to use it?
The text was updated successfully, but these errors were encountered: