W3C home > Mailing lists > Public > public-credentials@w3.org > February 2015

Re: State, not Identity-based Credential Use Cases?

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 22 Feb 2015 13:09:00 -0500
Message-ID: <54EA1B3C.8090107@digitalbazaar.com>
To: public-credentials@w3.org
On 02/19/2015 05:00 AM, Joerg.Heuer@telekom.de wrote:
> Generating a credential for this sounds good, but I don't think that 
> it requires a short lifespan. The information 'I was exactly at that 
> position on that date and time' requires a timestamp in the first 
> place, but it would be true forever, essentially, right?

Yes, you're exactly right, Joerg.

I guess the trick is related to a best practice on how to interpret
these sorts of credentials. While it's true forever, there are a couple
of options on how to issue the credential:

1. The consuming system decides how long the credential is valid for.
   For example, an ecommerce tax assessment platform would probably
   accept the credential as valid for an hour or two (which
   tax jurisdiction were you in when you bought this item), while a
   proximity ecoupons offer site would limit it to 15-30 minutes, or
2. The issuer of the credential would set the validity of the
   credential.

I think #1 is more powerful and, as you said, is what we'd go with...
however, that means we are saying that #2 is probably not a best
practice. It's not a hard decision to make, but we will most likely have
to say /something/ about this in a spec about proximity credentials.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Sunday, 22 February 2015 18:09:26 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:22 UTC