Re: State, not Identity-based Credential Use Cases? from Timothy Holborn on 2015-02-14 (public-credentials@w3.org from February 2015)

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Sat, 14 Feb 2015 23:39:56 +1100
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: "public-credentials@w3.org" <public-credentials@w3.org>
Message-Id: <5B4FE10C-EAD8-4D95-B9C8-FC0447085393@gmail.com>

Sent from my iPad

> On 14 Feb 2015, at 5:12 am, Manu Sporny <msporny@digitalbazaar.com> wrote:
> 
>> On 02/12/2015 03:05 PM, Brian Sletten wrote:
>> We generally are thinking about long-term, identity-based
>> credentials (clearly the dominant use), but I am wondering if the
>> group thinks it would be useful to also consider shorter term,
>> state-based credentials not necessarily tied to an identity.
> 
Foaf (which I think means, danbri, timbl, Libby miller, et.al?) say agent...  

I have debated the use of the term.  I feel I've learnt a lot in the process...

> I think the spec is badly named (others disagree). I think that this
> group is about credentials, for humans and machines. Which means that it
> doesn't matter if an ID is associated with an "identity" (as in the
> human sense) or an "entity" (as in, the 'could be a machine or virtual
> software agent') sense. Also, remember that IDs can be blank nodes
> (although we haven't really had a use case for it until you sent this
> email).
> 
>> 1) Demonstrating that you are within a particular geographic area.
> 
> This is a digitally signed credential issued to you by a machine that is
> trusted by the receiver. The "@id" could be a blank node, and these
> sorts of credentials might only be provided as 'tokens of proof' (which
> is what I think you're saying).
> 
> The credential would effectively state: "The bearer of this credential
> is at latitude x.xx, longitude y.yyy, and height z.zz."
> 
>> 2) Demonstrating that you own a token.
> 
> I think this is just an identity credential. You could do it in the same
> way as above.
> 
>> I don't think this necessarily changes anything about the existing 
>> focus, I just wonder if there is value in considering some less 
>> conventional uses of machine-processable credential standards for 
>> scenarios like this. Basically, might we consider state-based 
>> credentials rather than only identity-based credentials?
> 
> There is certainly value in doing that. If I squint hard enough at the
> spec, I think we already support this sort of thing at the data model
> layer. The trick would be to formalize it in a part of the spec called
> "Pseudo-anonymous Claims" or something in a similar vein. Will have to
> think about it a bit more, but seems like something we'd want to support.
> 
> -- manu
> 
> -- 
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The Marathonic Dawn of Web Payments
> http://manu.sporny.org/2014/dawn-of-web-payments/
>

Received on Saturday, 14 February 2015 23:32:34 UTC