W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: Request for terminology input - consumer/inspector/TBD Credential

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Fri, 10 Jun 2016 01:08:01 +0000
Message-ID: <CAM1Sok3DkoR_y_UHkZ68Y5vT5Eake5Xd_KtrWard16ysWBdQMA@mail.gmail.com>
To: Dave Longley <dlongley@digitalbazaar.com>, Eric Korb <eric.korb@truecred.com>, Credentials Community Group <public-credentials@w3.org>
Hi Dave,


On Fri, 10 Jun 2016 at 01:25 Dave Longley <dlongley@digitalbazaar.com>
wrote:

> On 06/09/2016 08:09 AM, Timothy Holborn wrote:
> > Dave, I know that's been the focus, but is that the entire scope of
> > application for this standardised technology solution?
>
> What more would it be that couldn't be considered "identity"? We're just
> talking about claims about people/things in order to distinguish them
> from other people/things. That's pretty generic already -- and it speaks
> directly to "identity".
>

Yes - it does 'speak to identity' - helps distinguish the difference
between someone who is making honest representations, and those who
diminish that quality by having the opportunity to make things up and cast
doubt upon all.

Yet - issues IMHO - pertain to philosophy of identity - something i've been
working on writing up, but haven't had time to get the document to a level
that i'm happy with...

Henry Story is very good in this area too...

So; who are you?  "Are you who you think you are or who others think you
are?"

I left school early.  I've done a little education here and their, but
regardless of my works / focus / flaws - someone who has very little
experience in this field may be considered an expert long before i am;
because i don't have a technical means in-which to establish
'credentials'.  That's not a technology problem - it's an application of
technology problem.  As we're developing standards, the underlying
capability should in-theory support innovation.

People learn, institutions have never really supported computer science
related fields well - let alone web-science (still not offered as a course)
due to the rapid development of it.  They don't teach graph-databases in
most courses today, their still teaching RDBMS systems - which over a 3
year full-time course period from today - wouldn't result in focus on new
things, but rather, the ability to obtain a credential, that would relate
to a debt of many thousands of dollars; to be 'ranked' as an 'intern' once
it's been done.

I use this as an example to say - we've got societal issues and their not
going away. The issue with scientifically understanding the 'true' answer
to identity characteristics is a question that relates to a number of
predicates;

1. Who's asking / Who are they asking - People know you in different ways.
Whether it be your partner, your ex.partner, your mother, the policeman
who's wondering why your drunk - all sorts of situations.

People ask me what i'm doing - i'll give them a variety of responses.
People with a public profile - dearly wish they were anonymous whilst
having a coffee with a friend. they don't want the general public desiring
to get involved so they can say whatever it is for 30 seconds of fame.

Furthermore, who knows whether they're going to tell the truth or not,
particularly where money may get involved...

Equally; the same person in a position of influence - may distrust people
due to how they've been treated by others, disabling the way they do help
others.

the situation of homeless people is one example of this.  It is not as
though San Francisco is a place without funds; yet, as noted in a paper -
we give oxygen to relatively wealthy people saying 'just get rid of them'
and it's impossible to find funding to deliver an alternative that would
help people donate things (ie: baby formula, clothing, digital coupons for
a meal or accommodation, access to a lawyer or healthcare, etc.).

These are elements of our 'identity' as a race of people with some
use-cases of people who live in particular areas.

Not all people in SanFrancisco are selfish in a way that means they
contribute to the problem outlined above; but they are all stained with the
same inflection due to the press release.

This is similar in many realms.
other related facets include;
- What context are they asking the question for
- Does everyone need to know everything?

If a former homeless person is doing something meaningful - are they still
deemed 'useless'.

what if someone was wronged by other agents which negatively impacts their
'persona'?  How can the notion of 'identity' in-turn be 'hacked' for
commercial gain or other nefarious purpose?

http://www.theage.com.au/articles/2004/06/16/1087244973657.html

I was working on this 'decentralisation' stuff from 2000.  Yet, after that
article was published - (which related to my work in turning an incubator
for homeless youth operating from two desks into a place that had desks for
more than 30 people) no recruitment person who have anything to do with
me.  No-One.  The people involved in that had connections to my former
business partner and well - this 'decentralised web' thing, even years
later, still isn't well understood - people thought i was crazy then...

2. temporal awareness

If claims are made, they can be found later to be untrue.  This can
associate with the concept of damages and indeed defence.  People do their
best, but still mistakes are made.

IMHO; it shouldn't be more beneficial to knowingly make mistakes / wrong
others; because it's better than the alternatives.   This is commonly
understood in the media-cycle.  A person who is wronging another will goto
press and control the story. By the time the truth is found - the press
have covered the story, people all think they know what its about - and
no-one cares about the correction / outcome relating to the person who has
been attacked in that way (often for commercial gain). to compound issues
often legal pathways are prohibitively expensive and 'evidence' difficult
to find / discover / have available.

So again - these societal issues impact the notion of identity at every
level including the medical field.  Some diseases are difficult to
diagnose, but mistakes made may  diminish your quality of life / kill you.

6. persona and rights of person.

'who are you, are you who you think you are or who others think you are'...

IMHO - it is you who are primarily in-control of your life and what you can
make of it.  That means you need the liberty to make your own decisions, to
be responsible for yourself.  the alternative is that you are not
responsible for yourself and that the 'system' has a mandate, which is
unthinkable IMHO.

I note:

Nuance
1. no known species has created a communication networking platform that
has ever attempted to store and make accessible (meaning, search,
interoperable action on a ubiquitous level with any other agent, based on
ACL's, etc.) via a global communications framework.

2. As we have previously discussed, we have a known differentiator between
'user centric' and 'service centric'.  ATM, we don't have a universal,
open-licensed solution for identity.  Without getting into self-sovereign
vs. rule of law related architectural design decisions; nor the notion of
'one world government' vs. support for our systems of citizenship and
related participatory factors (inc. human rights considerations) ATM most
services / systems are service-centric right down to the 'choice of law'
[1] for obtaining an identifier that's in-turn being used in relation to
access to bank-accounts, health records, etc.

3. This group is not specifically dealing with the storage layer.  I've
previously highlighted some ideas about how to deal with the
root-identifiers using a socially-aware RAID like Web-DHT Chain, that i've
considered may be better incubated via the WebID group (ie: WebID-DHT).

I note also TimBL has been related to a block-chain alternative[2] i
haven't got a full awareness of how it works [3] nor how it defends against
a 51% attack[4][5], as in my opinion - whilst it is humans that operate
governments - it is only governments who have the financial and economic
means to build data-centres with technology that is not available generally
- that might be capable of building a computational 'weapon' that could be
used, whether known or otherwise, in a way that makes me uncomfortable.

IMHO:  this is the difference between the ideological concept of building a
'human centric web' where it is humans/social relations that provides
security with the TOOLSET of technology; rather than using technology for a
toolset of living things.  ATM: the money is in the tools, not really the
people.  Some people have been able to build a life that has both money and
the control over how to use it, but not as many as those who work as an
agent for a 'thing' (company) that has the money to do things stuff with
other humans towards the progress of STEM.

Furthermore; their is a lack of accountability - noted in this map[6]

[1] https://www.google.com/maps/d/edit?mid=1bHmB8_f7ASRHm97TwhZmmEQnTKU
[2]
http://www.livebitcoinnews.com/inventor-of-the-web-creates-identity-on-bitcoin-blockchain/
[3] https://blockstack.org/docs/how-blockstack-works
[4] https://www.youtube.com/watch?v=bi2thGzzNSs
[5] https://www.youtube.com/watch?v=Kjtgp5h-jEY
[6] https://twitter.com/WebCivics/status/492707794760392704



>
> I don't think we want to expand the scope beyond that to encompass, for
> example, payment or other security/authorization tokens because that
> only causes the work to bleed into other areas where work is already
> being done and is appropriately decoupled from identity.
>
>
Still thinking.  IMHO - what the credentials work has done is not really
about the core identity notation / access control stuff; the thing it has
done very well is form a relatively simple means in which to notate things
that relate to social-affirmations or statements made by a plurality of
parties in relation to a person for the means of providing a real-time
mechanism that enables verification of a representation made by that person
in connection to some fact.

This does not mean in anyway it is not a significant enhancement to
identity support related technologies - but i don't think we've solved the
identity crisis.

I also think the scope of 'verifiable claims' is massive in its own doing;
yet, as we keep questioning the terminology - I've been putting some
thought into where we are at with it, and what the work is shaping up to
look like.

I think the Web-DHT stuff is really, very good.  But i haven't seen
sufficient support by stakeholders (with particular regard to what is now
reflected on Manu's footer via link and my memory of it having been
involved a little) and as such, being considerate of the next steps and how
to effectively support the growth-chart we've been accomplishing
successfully, whilst looking for avenues to solve the outstanding / out of
scope factors.

>From a tech. point of view.  It's a multi-party cryptographically signed
machine-readable document that can be networked with knowledge using
RDF/Linked-Data.

What i cannot figure out what to do with it; is log into my machine or
integrate with SoLiD[7] as to make my front-page[8] work in the way i want
it to; ensuring the data underneath that service - is portable between
providers if i don't like the deal being provided by my current provider.

[7] https://github.com/solid/solid
[8] http://webcivics.org/dev/


> >
> > HTML has evolved.  Should we plan for this to evolve too?
>
> In what way?
>
> https://www.w3.org/People/Raggett/book4/ch02.html

https://blog.rackspace.com/internet-history-html-evolution/

It's early days.  The work is - i tell people that manu and yourself are
like the TimBL or VintCerf of your subject area, your just younger...

I like to kill as many birds with as fewer stones as possible; but i'm not
sure what can be done here for addressing the nature of IDENTITY as it is
needed to be addressed holistically by humans.   This does not mean in
anyway, that the work here will not support identity in a bunch of ways
that we've never considered; but,

I also think we can use it to create 'stamps'.  I think the application of
'credentialing technology' is rather vast, and without upsetting people -
maybe we need to think about that, and communicate it - before someone in
some other group suggests they've invented it simply because we never
communicated it...

W3C licensing is amongst the very best options for a complex set of
reasons.  I think we're in the right place to do it, well, most of the time
i do, but i think challenges always exist when dealing with the array of
stakeholders involved in doing this kinda stuff.

Nonetheless; every one of them are at a foundational level - human.  They
may like their role, they may believe it is important and they may know
that they benefit from the contributions of others - whether or not they
can say it.

Therein; a summary of thoughts, without writing 'too much' (i think i've
exhausted my request for bandwidth ;) ) about Identity.

I am writing a longer paper about it, but it's not nearly finished yet.

Hope that helps.

Tim.H.


> --
> Dave Longley
> CTO
> Digital Bazaar, Inc.
> http://digitalbazaar.com
>
Received on Friday, 10 June 2016 01:08:40 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC