- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sat, 11 Jun 2016 12:46:25 -0400
- To: public-credentials@w3.org
On 06/11/2016 07:27 AM, David Chadwick wrote: > By using a common ID for two different identity profiles we produce > a correlation handle for the relying parties. Yes, correlation handles are REQUIRED for a number of use cases. Pseudo-anonymity is REQUIRED for others. We need both. For example: You get a driver's license from Entity A. You get a proof of employment from Entity B. A bank asks you to submit both to open a new account. In a non-common ID scenario, how does an automated software program determine that the driver's license and the proof of employment are talking about the same identifier? I'm not arguing against non-correlation. It's an important requirement. Correlatability is an important requirement as well. Proof of age should be non-correlatable. Passport is correlatable. Email is correlatable (and how many systems that you use on a regular basis have your email address?) I'm strongly asserting that anyone claiming that they have a solution that actually provides non-correlatability in non-trivial use cases has either not thought deeply about the problem or is selling snake oil. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. JSON-LD Best Practice: Context Caching https://manu.sporny.org/2016/json-ld-context-caching/
Received on Saturday, 11 June 2016 16:46:50 UTC