W3C home > Mailing lists > Public > public-credentials@w3.org > October 2015

Reputational Ontologies

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Wed, 14 Oct 2015 03:52:32 +1100
Message-ID: <CAM1Sok2puVrPEwx-iVH2_uu60Vn1QXb9iHo4f_uKDbvOZDGe8Q@mail.gmail.com>
To: W3C Credentials Community Group <public-credentials@w3.org>
Hi All,

theory with reputation - is similar to the 'green lock' function in a
web-browser.

If a site is defined as a site that is for users over a certain age (ie:
18, 21, etc.) or from a certain location (ie: country) then it is
reasonable that the site to ask for that information specifically.

Yet, it is quite possible that some website / application providers might
ask for far more information than is needed.

CONCEPT 1
An ontology exists that makes it easier for developers to make a simple
request for standard claims.

CONCEPT 2
An ontology exists that allows end-users to understand whether the
information being requested is reasonable for the type of service
requesting the info.

CONCEPT 3
The reputation of a credential provider may reasonably be questioned. If i
issue myself a credential with claims about my name, DOB, etc. (Critical
claims) it's not going to be as trusted as one issued by a known bank.

therein; whitelist / blacklist functionality around 'approved credentials'
likely to evolve.

Yet equally, how does someone know whether they're providing their info to
a real bank, rather than say - from a phishing email purporting to be a
bank, from somewhere in the world 'claim your millions of dollars left to
you by someone' styled approaches.

CONCEPT 4
Is it possible to create Credential Packages.  A credential package, in
theory, might be issued by a single provider or they may inter-relate with
other providers.

Therein,

A drivers license has a DL number, which relates to an image, age claim,
address claim, etc.

The issuance of a Drivers License in-turn has a form of digital provenance,
upon which the license itself is issued upon the merits or inclusions of
the underlying claims. (in that example).

If each of these claims were contained in separate credentials, which could
then be referenced by a 'packaging credential' (bad name, but i hope it
makes sufficient sense), then a few things might happen.

1. If the underlying assumptions changed, the higher level credentials
would need to be reissued?
2. the demo would need to show how a package of credentials could then be
used
3. the theory being, that if someone wanted to solely present their proof
of age as is listed on their Drivers License - they might be able to do so
(because the age constituent of the drivers license becomes, in-effect, a
separate signed document that inter-relates with the DL); perhaps either
via a UI Checkbox (therein, the DL itself almost becomes like a wallet or
container of claims issued by the road traffic authority) or, depending on
who's asking, provide the entire set of claims embedded in the DL (which
then includes the rest of the underlying 'child' credentials).

CONCEPT 5
Specified Use (the data rights stuff from some time ago) might also in-turn
relate to ontology support.

Therein, when an end-user presents their credential - how might they
specify for what purpose the information in that credential may be used
specifically?

I understand that the capacity to enforce this type of request is a very
separate matter, however being able to communicate specified use is IMHO, a
first step.

Perhaps relating to that; is the potential capacity to have the user issue
a credential that's counter-signed with the supplied credential, that
in-turn declares specified use...

cheers.

Timothy Holborn
Received on Tuesday, 13 October 2015 16:53:39 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:25 UTC