W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: VOTE: Verifiable Claims Terminology

From: David Chadwick <d.w.chadwick@kent.ac.uk>
Date: Sat, 11 Jun 2016 16:58:09 +0100
To: public-credentials@w3.org
Message-ID: <8fee9e96-fc76-b888-6345-c45459a8b3c5@kent.ac.uk>


On 11/06/2016 12:44, Timothy Holborn wrote:
> The use-case for verifiable claims would make more sense if it were
> about one credential that said someone has a passport with the name of
> joe smith on it, and another with the name frank n. beans 
> 
> a verifiable claim needs to link to an identity.

I would rather say that a verifiable claim identifies an entity (as
maybe belonging to a group) but it does not necessarily identify a
single unique individual. e.g. a ginger hair credential identifies the
holder as a ginger haired person.

regards

David

  we haven't figured the
> identity piece out yet, from memory, it was out of scope when
> establishing the cred's. CG. 
> 
> Tim.H.
> 
> On Sat, 11 Jun 2016 at 21:29 David Chadwick <d.w.chadwick@kent.ac.uk
> <mailto:d.w.chadwick@kent.ac.uk>> wrote:
> 
> 
> 
>     On 11/06/2016 01:01, Steven Rowat wrote:
>     > Dave,
>     > Interesting reply. My responses throughout.
>     >
>     > On 6/10/16 12:54 PM, Dave Longley wrote:
>     >> On 06/10/2016 12:57 PM, Steven Rowat wrote:
>     >>> On 6/10/16 8:54 AM, Dave Longley wrote:
>     >>>
>     >>>> This is an "Identity Profile":
>     >>>>
>     >>>> {
>     >>>>   "id": "<id from the identifier registry>",
>     >>>>   "type": "Identity",
>     >>>>   /* ...attributes asserted in this particular profile */
>     >>>> }
>     >>>>
>     >>>> Note that the document above is referred to as an "Identity
>     Profile",
>     >>>> but the "type" associated with the "id" is "Identity". You can have
>     >>>> many
>     >>>> "Identity Profiles" for any particular "id", but the thing the
>     >>>> attributes therein are talking about is of type "Identity".
>     >>>>
>     >>>>
>     >>>
>     >>> I don't think I understand this difference yet, unless there
>     also exist
>     >>> instances that are not "Identity Profiles", yet also have an 'id',
>     >>> and a
>     >>> type: 'Identity'. Otherwise, why not just call the "type" for
>     "Identity
>     >>> Profile"..."Identity Profile" ?
>     >>>
>     >>> If this is true, can you give an example of one -- something
>     that isn't
>     >>> an Identity Profile, but would use the type: "Identity"?
>     >>
>     >> I think that's the wrong question. This is about what the identifier
>     >> identifies. In my opinion, it does not identify a Profile, it
>     identifies
>     >> an Identity.
>     >
>     > Ah, that's what I'm getting at. I need an example that shows me
>     how this
>     > works; and having read your whole answer (below, where I comment
>     more),
>     > I'm still fuzzy on whether this is true.
>     >
>     > Let me try an example another way: if it's true...then, if I make two
>     > profiles for real-life person John, both pseudonyms:
>     >
>     > The Alfred Identity Profile
>     > The Bob Identity Profile
>     >
>     > then, according to what you've said, the Alfred Profile and the Bob
>     > Profile will both have exactly the same id; that is, in the same
>     part of
>     > the code, each of the Alfred and Bob Profile will actually have the id
>     > of John from the identifier registry:
>     >
>     > Alfred Identity Profile contains:
>     >>>>   "id": "<id [of John] from the identifier registry>",
>     >>>>   "type": "Identity",
>     >
>     > Bob Identity Profile contains:
>     >>>>   "id": "<id [of John] from the identifier registry>",
>     >>>>   "type": "Identity",
>     >
>     > Is this true?
> 
>     It would appear to be so from the cat example that Dave gave (that
>     unfortunately has been cut out of your reply), in which the cat has two
>     different profiles but the same ID (because it refers to the same cat).
>     I think this is the wrong design, because we have now created
>     linkability between two separate profiles (or pseudonyms) that I might
>     have sent to two different relying parties. By using a common ID for two
>     different identity profiles we produce a correlation handle for the
>     relying parties.
> 
>     Your later conclusion that the IDs should be different seems to be right
>     approach to me, but this conflicts with Dave's approach
> 
>     regards
> 
>     David
> 
>     >
>     > If so, yes, I did misunderstand that. I thought the id was identifying
>     > the "Alfred Identity Profile" or the "Bob Identity Profile". So they
>     > could be distinguished from each other, and thus pretend to be
>     separate
>     > people (as far as the rest of the world knows).
>     >
>     > But...then, where does the id for the "Alfred Identity Profile"
>     sit? An
>     > id that distinguishes it as a separate thing in the universe? And
>     > especially that distinguishes it from the Bob Identity Profile. Those
>     > two ids must be somewhere, right?
>     >
>     >
>     >> It always takes something else (e.g. a document) to be able to talk
>     >> about an actual thing. A thing itself is the thing, it is not the
>     >> description of the thing.
>     >
>     > Yes, I don't think that was the source of my confusion. I may be
>     wrong,
>     > but I think the source of the confusion -- in addition to what I
>     > described above -- is the unfortunate coincidence (to the degree that
>     > it's a true coincidence, which is debatable I believe) of using
>     > identifiers, called "id" in the code, to identify everything including
>     > this thing human beings like to call "identity". Any statement that
>     > attempts to identify identity using identifiers is ripe for a
>     descent in
>     > to infinite loops at the least misstep. ;-)
>     >
>     > Maybe that's a strong argument for using 'entity' throughout
>     rather than
>     > 'identity', and I think I'd change my voting if I'd realized this
>     > earlier. Then we could be talking about 'id' and 'identifiers' of
>     > entities, not of identities. Which I, for one, would find a lot easier
>     > to follow. :-)
>     >
>     >
>     >> The statements within a profile associate information with an
>     Identity,
>     >> such as what it is, its "type". So the "type" does not refer to the
>     >> profile document, it refers to the thing you're talking about.
>     >
>     > I'm having trouble here. What is the referent for the first 'it', in
>     > 'what it is'? Is it 'Identity' or is it 'information'?
>     >
>     > What you seem to be saying is that the 'type' attribute doesn't
>     refer to
>     > the profile document, it refers to the 'Identity'. But the example you
>     > gave literally says type: "identity". So you're saying the
>     identity, the
>     > thing you're talking about, has a type which is 'identity'. But
>     this is
>     > tautological.
>     >
>     > I.e., how can there possibly be an Identity that has another type? An
>     > Identity that has a type...--oh, wait. Could there be an identity that
>     > has a type "pseudonym"? Hmm...
>     >
>     >
>     >> The profile document is just a collection of statements *about* the
>     >> thing.
>     >> It is a (typically incomplete) description of the thing.
>     >
>     > Right, but as above, where is the id that identifies the profile
>     > document, which represents a (possibly) pseudonymous identity?
>     >
>     >
>     >> Let's talk about "profiles" using something other than "Identity".
>     >
>     > Yes!!! :-)
>     >
>     > Or, alternatively, change the code so it uses something instead of
>     > 'identifier'.
>     >
>     > Like 'la' =  'label', instead of 'id' = 'identifier'. That would also
>     > remove the confusion with Identity as it is commonly used. This
>     may seem
>     > like a long way around, but maybe not. Since the core reason for
>     the VC
>     > to exist is to nail down 'Identity' as it is known globally and in the
>     > UN, then, using a term internally in the code that refers to
>     everything
>     > that can possibly exist in the world, real or virtual, with a code
>     term
>     > using a word, 'id' = 'identifier', that can be easily confused
>     with the
>     > word 'identity' (and probably will be by all the naive developers and
>     > users of the final system) seems to be asking for trouble.
>     >
>     >
>     >> And that would be a different "profile" of the same cat. If you
>     wanted
>     >> to give these "profiles" their own identifiers, you could do that as
>     >> well, but they would each get their own -- because they are different
>     >> things -- and because they are different from the cat itself.
>     >
>     > Agreed, see above. I was expecting this.
>     >
>     >> Similarly, people may create "identities" for themselves. You may
>     have
>     >> one that you use for work, one for home life, one for your medical
>     >> records, whatever.
>     >
>     > Yes, I was expecting this also, and, ah, now I think I finally see:
>     >
>     > In my example earlier of John's two pseudonyms, Alfred and Bob, I was
>     > not right.
>     >
>     > What actually happens is that Alfred and Bob are *pre-registered* with
>     > ids, before anything else can happen. Then:
>     >
>     > Alfred Identity Profile contains:
>     >>>>   "id": "<id [of Alfred] from the identifier registry>",
>     >>>>   "type": "Identity",
>     >
>     > Bob Identity Profile contains:
>     >>>>   "id": "<id [of Bob] from the identifier registry>",
>     >>>>   "type": "Identity",
>     >
>     > So:
>     > 1. Neither contain a John id.
>     > 2. And the id they do contain doesn't refer to the Profile
>     document itself.
>     > 3. And the Alfred Identity Profile, as a document, can have its own
>     > id...somewhere. Which you've probably already told me about in your
>     > reply by this time. :-)
>     >
>     > What fun language is.  :-)
>     >
>     > Steven
>     >
>     >
>     >
>     >
> 
Received on Saturday, 11 June 2016 15:58:37 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC