W3C home > Mailing lists > Public > public-credentials@w3.org > February 2016

Re: Verifiable Claims Telecon Minutes for 2016-02-09

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Mon, 15 Feb 2016 19:47:23 +0000
Message-ID: <CAM1Sok1CDHBaOHp6oNSbiGVxvrTaoxOmWy+ttzWWr6X4pfKrmw@mail.gmail.com>
To: John Tibbetts <john.tibbetts@kinexis.com>, Shane McCarron <shane@halindrome.com>
Cc: Credentials Community Group <public-credentials@w3.org>, Steven Rowat <steven_rowat@sunshine.net>
Usually the issuer owns the identity piece. Passport, DL, birth
certificate. In AU. It's illegal to steal it from someone, but that is made
enforceable by maintaining ownership of the instrument by the issuer.

However.

If a document was authored and signed, it may be owned by you. It then may
be countersigned by say, the postal service or a syndication of services to
improve the reliability of the document.

Also, we carry our passports, documents, etc.

The other thing is the nebulous concept of identity and indeed how these
things interact with security.

Combined with other identifiers, improvements to safety are amongst my
envisaged benefits.

Often people are described by facts, what people say about them, and what
they say themselves. Yet reliability is always determined via a mix of
those ingredients. Therein identity isn't a certificate or card, but rather
verifiable links, statements, and community of identifiers which can be
organised by the subject in a manner that suits them. Therein also, support
for persona.

IMHO.

Tim.h

On Tue, 16 Feb 2016 at 6:33 AM, Shane McCarron <shane@halindrome.com> wrote:

> While I sympathize with Steven's position, I am forced to agree with John
> - we don't want to start stepping on toes with our terminology.  We are
> stepping on enough toes as it is!
>
> On Mon, Feb 15, 2016 at 12:06 PM, John Tibbetts <john.tibbetts@kinexis.com
> > wrote:
>
>> Hi Steven,
>>
>> I think you’d get a lot of push-back from registrars if you asserted that
>> the student is the owner of the student record.  In their view, and this is
>> the traditionalist view but the dominant view, the university owns the
>> degree certification but is obligated to release it at the wishes of the
>> student and further constrained by FERPA.  (Lots google-able about FERPA).
>>
>> For example, it’s common practice to only release transcripts if the
>> student is paid up on their tuition.  That’s not a good indicator that the
>> student owns the transcript.
>>
>> Note however that there is a growing counter-trend driven by
>> distance-learning, MOOCs, competency-based education that is building a
>> case for a meta-owner of the student record.  But I think it’s important
>> that our nomenclature stays out of this controversy.
>>
>> John
>>
>>
>>
>> > On Feb 15, 2016, at 9:41 AM, Steven Rowat <steven_rowat@sunshine.net>
>> wrote:
>> >
>> > On 2/15/16 6:54 AM, Dave Longley wrote:
>> >> We could do something new with the entire
>> >> terminology like "issuing party", "holding party",
>> >> "storage/aggregator/curator/agent party", "interested party", where
>> >> "interested party" takes over for "consumer".
>> >
>> > Maybe this too radical to be useful here, but it occurs to me that
>> there's a philosophical argument (at least) that the 'holder' is actually
>> the 'owner'. As follows:
>> >
>> > If Jane has a university degree, let's say a BSc, issued by let's say
>> MIT, and let's say it was issued ten years ago (just to give a context) --
>> >
>> > Jane says, in normal human speech with other people:
>> > "I have a BSc. It's from MIT."
>> >
>> > Jane is then the owner of the BSc, in normal, non-specialized human
>> understanding. It's her BSc. The fact that it came from MIT is merely an
>> attribute of her BSc. In fact, usually she wouldn't even mention it. "I
>> have a BSc" would be the more common usage.
>> >
>> > And in normal human speech, we wouldn't say MIT 'has' or 'owns' Jane's
>> BSc. This is logical, because MIT can only issue a BSc if it's further
>> accredited by a government, or by an association of universities. So MIT is
>> only partially responsible for its power to issue the BSc.
>> >
>> > But, before this *specific* BSc was issued, it didn't even exist. It
>> was issued so that Jane and only Jane could have it. So, in effect, it
>> wouldn't be surprising to say she owns it, IMO.
>> >
>> > I see that there are other ways to interpret this, but it has a major
>> advantage of being part of the everyday usage in our society.
>> >
>> > And if we started from that -- with 'owner' as the central word -- then
>> it might make the privacy implications much clearer also. She also owns
>> what can be done with it, to at least some distance from herself.
>> >
>> > ?
>> >
>> > Steven
>> >
>> >>
>> >> The "consumer" is the party that needs trust in the credential holder
>> in
>> >> order for it to do something. They are a "relying party", an
>> "interested
>> >> party", and sometimes a "service provider" (but not always). They are
>> >> the party that wants to know (and be able to trust) something about
>> >> another entity (for some reason). I don't know if any of that helps
>> >> anyone think of a better name.
>> >>
>> >>> Requestor is more accurate in the case where we are talking about the
>> >>> entity that is asking the holder for the claim.
>> >>
>> >> Unfortunately, "requestor" or "recipient" can be confused with the
>> >> "holder" because the holder must request a credential be issued to them
>> >> from the issuer.
>> >>
>> >>>
>> >>> On Mon, Feb 15, 2016 at 2:20 AM, Adrian Hope-Bailie
>> >>> <adrian@hopebailie.com <mailto:adrian@hopebailie.com>> wrote:
>> >>>
>> >>>     Verifier seems appropriate given that these are "verifiable"
>> claims
>> >>>
>> >>>     On 15 February 2016 at 00:59, Steven Rowat
>> >>>     <steven_rowat@sunshine.net <mailto:steven_rowat@sunshine.net>>
>> wrote:
>> >>>
>> >>>         On 2/14/16 1:44 PM, Manu Sporny wrote:
>> >>>
>> >>>             I'm happy with 'evaluators', but wonder what our
>> colleagues
>> >>>             in the
>> >>>             education industry think? ...[snip]
>> >>>
>> >>>             Credential/Claim Requestor and Credential/Claim Verifier
>> >>>             could also work?
>> >>>
>> >>>
>> >>>         IMO any of Requestor, Verifier, or Evaluator would be
>> preferable
>> >>>         to Consumer.
>> >>>
>> >>>         Except, Requestor could be confused with 'holder', the
>> >>>         person/entity asking for the original issuing, since at the
>> >>>         start they are 'requesting' that a credential be issued for
>> them
>> >>>         -- which they then take elsewhere to be Evaluated or Verified
>> >>>         (or, currently, Consumed).
>> >>>
>> >>>         But as you noted, with multiple possible systems in play --
>> >>>         finance, education, payments, government -- it's going to be
>> >>>         hard not to cause at least some confusion somewhere.
>> >>>
>> >>>
>> >>>         Steven
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> -Shane
>> >>
>> >>
>> >
>>
>>
>>
>
>
> --
> -Shane
>
Received on Monday, 15 February 2016 19:48:04 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:27 UTC