W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: VOTE: Verifiable Claims Terminology

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Sat, 11 Jun 2016 11:44:27 +0000
Message-ID: <CAM1Sok3iyaOFDq8ZLcibSBP8o427R6WxyoW72uFn8CvafQxi6A@mail.gmail.com>
To: David Chadwick <d.w.chadwick@kent.ac.uk>, public-credentials@w3.org
The use-case for verifiable claims would make more sense if it were about
one credential that said someone has a passport with the name of joe smith
on it, and another with the name frank n. beans

a verifiable claim needs to link to an identity.  we haven't figured the
identity piece out yet, from memory, it was out of scope when establishing
the cred's. CG.

Tim.H.

On Sat, 11 Jun 2016 at 21:29 David Chadwick <d.w.chadwick@kent.ac.uk> wrote:

>
>
> On 11/06/2016 01:01, Steven Rowat wrote:
> > Dave,
> > Interesting reply. My responses throughout.
> >
> > On 6/10/16 12:54 PM, Dave Longley wrote:
> >> On 06/10/2016 12:57 PM, Steven Rowat wrote:
> >>> On 6/10/16 8:54 AM, Dave Longley wrote:
> >>>
> >>>> This is an "Identity Profile":
> >>>>
> >>>> {
> >>>>   "id": "<id from the identifier registry>",
> >>>>   "type": "Identity",
> >>>>   /* ...attributes asserted in this particular profile */
> >>>> }
> >>>>
> >>>> Note that the document above is referred to as an "Identity Profile",
> >>>> but the "type" associated with the "id" is "Identity". You can have
> >>>> many
> >>>> "Identity Profiles" for any particular "id", but the thing the
> >>>> attributes therein are talking about is of type "Identity".
> >>>>
> >>>>
> >>>
> >>> I don't think I understand this difference yet, unless there also exist
> >>> instances that are not "Identity Profiles", yet also have an 'id',
> >>> and a
> >>> type: 'Identity'. Otherwise, why not just call the "type" for "Identity
> >>> Profile"..."Identity Profile" ?
> >>>
> >>> If this is true, can you give an example of one -- something that isn't
> >>> an Identity Profile, but would use the type: "Identity"?
> >>
> >> I think that's the wrong question. This is about what the identifier
> >> identifies. In my opinion, it does not identify a Profile, it identifies
> >> an Identity.
> >
> > Ah, that's what I'm getting at. I need an example that shows me how this
> > works; and having read your whole answer (below, where I comment more),
> > I'm still fuzzy on whether this is true.
> >
> > Let me try an example another way: if it's true...then, if I make two
> > profiles for real-life person John, both pseudonyms:
> >
> > The Alfred Identity Profile
> > The Bob Identity Profile
> >
> > then, according to what you've said, the Alfred Profile and the Bob
> > Profile will both have exactly the same id; that is, in the same part of
> > the code, each of the Alfred and Bob Profile will actually have the id
> > of John from the identifier registry:
> >
> > Alfred Identity Profile contains:
> >>>>   "id": "<id [of John] from the identifier registry>",
> >>>>   "type": "Identity",
> >
> > Bob Identity Profile contains:
> >>>>   "id": "<id [of John] from the identifier registry>",
> >>>>   "type": "Identity",
> >
> > Is this true?
>
> It would appear to be so from the cat example that Dave gave (that
> unfortunately has been cut out of your reply), in which the cat has two
> different profiles but the same ID (because it refers to the same cat).
> I think this is the wrong design, because we have now created
> linkability between two separate profiles (or pseudonyms) that I might
> have sent to two different relying parties. By using a common ID for two
> different identity profiles we produce a correlation handle for the
> relying parties.
>
> Your later conclusion that the IDs should be different seems to be right
> approach to me, but this conflicts with Dave's approach
>
> regards
>
> David
>
> >
> > If so, yes, I did misunderstand that. I thought the id was identifying
> > the "Alfred Identity Profile" or the "Bob Identity Profile". So they
> > could be distinguished from each other, and thus pretend to be separate
> > people (as far as the rest of the world knows).
> >
> > But...then, where does the id for the "Alfred Identity Profile" sit? An
> > id that distinguishes it as a separate thing in the universe? And
> > especially that distinguishes it from the Bob Identity Profile. Those
> > two ids must be somewhere, right?
> >
> >
> >> It always takes something else (e.g. a document) to be able to talk
> >> about an actual thing. A thing itself is the thing, it is not the
> >> description of the thing.
> >
> > Yes, I don't think that was the source of my confusion. I may be wrong,
> > but I think the source of the confusion -- in addition to what I
> > described above -- is the unfortunate coincidence (to the degree that
> > it's a true coincidence, which is debatable I believe) of using
> > identifiers, called "id" in the code, to identify everything including
> > this thing human beings like to call "identity". Any statement that
> > attempts to identify identity using identifiers is ripe for a descent in
> > to infinite loops at the least misstep. ;-)
> >
> > Maybe that's a strong argument for using 'entity' throughout rather than
> > 'identity', and I think I'd change my voting if I'd realized this
> > earlier. Then we could be talking about 'id' and 'identifiers' of
> > entities, not of identities. Which I, for one, would find a lot easier
> > to follow. :-)
> >
> >
> >> The statements within a profile associate information with an Identity,
> >> such as what it is, its "type". So the "type" does not refer to the
> >> profile document, it refers to the thing you're talking about.
> >
> > I'm having trouble here. What is the referent for the first 'it', in
> > 'what it is'? Is it 'Identity' or is it 'information'?
> >
> > What you seem to be saying is that the 'type' attribute doesn't refer to
> > the profile document, it refers to the 'Identity'. But the example you
> > gave literally says type: "identity". So you're saying the identity, the
> > thing you're talking about, has a type which is 'identity'. But this is
> > tautological.
> >
> > I.e., how can there possibly be an Identity that has another type? An
> > Identity that has a type...--oh, wait. Could there be an identity that
> > has a type "pseudonym"? Hmm...
> >
> >
> >> The profile document is just a collection of statements *about* the
> >> thing.
> >> It is a (typically incomplete) description of the thing.
> >
> > Right, but as above, where is the id that identifies the profile
> > document, which represents a (possibly) pseudonymous identity?
> >
> >
> >> Let's talk about "profiles" using something other than "Identity".
> >
> > Yes!!! :-)
> >
> > Or, alternatively, change the code so it uses something instead of
> > 'identifier'.
> >
> > Like 'la' =  'label', instead of 'id' = 'identifier'. That would also
> > remove the confusion with Identity as it is commonly used. This may seem
> > like a long way around, but maybe not. Since the core reason for the VC
> > to exist is to nail down 'Identity' as it is known globally and in the
> > UN, then, using a term internally in the code that refers to everything
> > that can possibly exist in the world, real or virtual, with a code term
> > using a word, 'id' = 'identifier', that can be easily confused with the
> > word 'identity' (and probably will be by all the naive developers and
> > users of the final system) seems to be asking for trouble.
> >
> >
> >> And that would be a different "profile" of the same cat. If you wanted
> >> to give these "profiles" their own identifiers, you could do that as
> >> well, but they would each get their own -- because they are different
> >> things -- and because they are different from the cat itself.
> >
> > Agreed, see above. I was expecting this.
> >
> >> Similarly, people may create "identities" for themselves. You may have
> >> one that you use for work, one for home life, one for your medical
> >> records, whatever.
> >
> > Yes, I was expecting this also, and, ah, now I think I finally see:
> >
> > In my example earlier of John's two pseudonyms, Alfred and Bob, I was
> > not right.
> >
> > What actually happens is that Alfred and Bob are *pre-registered* with
> > ids, before anything else can happen. Then:
> >
> > Alfred Identity Profile contains:
> >>>>   "id": "<id [of Alfred] from the identifier registry>",
> >>>>   "type": "Identity",
> >
> > Bob Identity Profile contains:
> >>>>   "id": "<id [of Bob] from the identifier registry>",
> >>>>   "type": "Identity",
> >
> > So:
> > 1. Neither contain a John id.
> > 2. And the id they do contain doesn't refer to the Profile document
> itself.
> > 3. And the Alfred Identity Profile, as a document, can have its own
> > id...somewhere. Which you've probably already told me about in your
> > reply by this time. :-)
> >
> > What fun language is.  :-)
> >
> > Steven
> >
> >
> >
> >
>
>
Received on Saturday, 11 June 2016 11:45:05 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC