W3C home > Mailing lists > Public > public-credentials@w3.org > February 2015

Re: State, not Identity-based Credential Use Cases?

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Fri, 13 Feb 2015 13:12:14 -0500
Message-ID: <54DE3E7E.6060005@digitalbazaar.com>
To: public-credentials@w3.org
On 02/12/2015 03:05 PM, Brian Sletten wrote:
> We generally are thinking about long-term, identity-based
> credentials (clearly the dominant use), but I am wondering if the
> group thinks it would be useful to also consider shorter term,
> state-based credentials not necessarily tied to an identity.

I think the spec is badly named (others disagree). I think that this
group is about credentials, for humans and machines. Which means that it
doesn't matter if an ID is associated with an "identity" (as in the
human sense) or an "entity" (as in, the 'could be a machine or virtual
software agent') sense. Also, remember that IDs can be blank nodes
(although we haven't really had a use case for it until you sent this

> 1) Demonstrating that you are within a particular geographic area.

This is a digitally signed credential issued to you by a machine that is
trusted by the receiver. The "@id" could be a blank node, and these
sorts of credentials might only be provided as 'tokens of proof' (which
is what I think you're saying).

The credential would effectively state: "The bearer of this credential
is at latitude x.xx, longitude y.yyy, and height z.zz."

> 2) Demonstrating that you own a token.

I think this is just an identity credential. You could do it in the same
way as above.

> I don't think this necessarily changes anything about the existing 
> focus, I just wonder if there is value in considering some less 
> conventional uses of machine-processable credential standards for 
> scenarios like this. Basically, might we consider state-based 
> credentials rather than only identity-based credentials?

There is certainly value in doing that. If I squint hard enough at the
spec, I think we already support this sort of thing at the data model
layer. The trick would be to formalize it in a part of the spec called
"Pseudo-anonymous Claims" or something in a similar vein. Will have to
think about it a bit more, but seems like something we'd want to support.

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
Received on Friday, 13 February 2015 18:12:38 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:22 UTC