Re: Outcome of Credentials presentation at Web Payments IG / W3C TPAC from John Tibbetts on 2015-10-28 (public-credentials@w3.org from October 2015)

From: John Tibbetts <john.tibbetts@kinexis.com>
Date: Wed, 28 Oct 2015 07:28:00 -0700
To: Manu Sporny <msporny@digitalbazaar.com>, Melvin Carvalho <melvincarvalho@gmail.com>
Cc: W3C Credentials Community Group <public-credentials@w3.org>
Message-Id: <95B214E2-A40B-4501-BB3D-A6DB35CBF8A2@kinexis.com>

Congratulations Manu.  This is great news and you deserve great credit for your vision and energy.

I would like to comment on the response by Melvin:

> 
> Congrats!
> 
> In a nutshell, OpenID Connect and SAML dont fully support HTTP identifiers and the most recent W3C web standards.  They have been useful in many scenarios, but the web needs something more.  

I think Melvin’s exactly on the right track.  We now need to articulate the ‘unfair advantage’ that OpenCreds has over OpenID Connect and SAML.  I would put Melvin’s first point a bit differently: it’s more than just fully supporting HTTP identifiers it’s that OpenCreds is fully Linked-Data aware from the get-go.  I think that has broad implications—but I grant that argument is strongest with people that are already LD conversant.

But I think there's a major unfair advantage we are not talking about.  At the risk of putting this badly let me try to articulate it and let others in our group refine my vocabulary.  

OpenCreds views web identity from a credentials perspective not a protocols-and-flows perspective.  If we’re talking about web login, e.g., the OpenID Connect response is something like: well you go to the Auth server and get an auth token and an id token, then you use the auth token for talking with protected tokens, and the id token…etc. etc.  In the OpenCreds view web login is a petitioning party proferring an Email Certificate.  Full-stop.  And purchasing the case of wine is the petitioner proferring a Proof-of-Majority and a (whatever) Credit-Card credential.  (I’m sure the web payment folks have better words).

Credentials do for web identity what databases do over filesystems and objects do over procedures.  They provide a more semantically rich way of discussing the endeavor and they ontologize a procedural discussion into a discussion about things that even naive users can understand.

Of course under the hood there are protocols-and-flows.  But the point is that there is a ‘hood’ there to separate concerns.

If others agree I think that this argument could be strengthened by digging further—what about OpenCreds allows us to talk this way, etc.

John

(BTW is OpenCreds the name we use for our initiative?)

Received on Wednesday, 28 October 2015 14:28:32 UTC