W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: VOTE: Verifiable Claims Terminology

From: David Chadwick <d.w.chadwick@kent.ac.uk>
Date: Sat, 11 Jun 2016 18:37:56 +0100
To: Steven Rowat <steven_rowat@sunshine.net>, Credentials CG <public-credentials@w3.org>, Dave Longley <dlongley@digitalbazaar.com>, Manu Sporny <msporny@digitalbazaar.com>
Message-ID: <52a3b09b-6ac7-8909-660b-8e549edf738a@kent.ac.uk>


On 11/06/2016 18:20, Steven Rowat wrote:
> On 6/11/16 4:27 AM, David Chadwick wrote:
>> It would appear to be so from the cat example that Dave gave (that
>> unfortunately has been cut out of your reply), in which the cat has
>> two different profiles but the same ID (because it refers to the
>> same cat). I think this is the wrong design, because we have now
>> created linkability between two separate profiles (or pseudonyms)
>> that I might have sent to two different relying parties. By using a
>> common ID for two different identity profiles we produce a
>> correlation handle for the relying parties.
>>
>> Your later conclusion that the IDs should be different seems to be
>> right approach to me, but this conflicts with Dave's approach
> 
> Agreed. I hope Dave will comment further.
> 
> But also needed is a way for the government and police to find out who
> the ultimate source entity of the pseudonymous profiles is, for
> crime/terrorism/tax monitoring (with the appropriate warrant from a
> judge, of course). So to refer again to my later version of the John,
> Alfred, Bob example:
> 
>>> What actually happens is that [John's pseudonyms] Alfred and Bob are
> *pre-registered*
>>> with ids, before anything else can happen. Then:
>>>
>>> Alfred Identity Profile contains:
>>>>>> "id": "<id [of Alfred] from the identifier registry>",
>>>>>> "type": "Identity",
>>>
>>> Bob Identity Profile contains:
>>>>>> "id": "<id [of Bob] from the identifier registry>", "type":
>>>>>> "Identity",
> 
> But in addition to these two unique ids of Alfred and Bob there needs to
> pre-exist a separate and unique id registry of John and of the fact that
> the id registries of Alfred and Bob are aliases of the John id.

It is better if this registry is distributed rather than centralised.

> 
> In other words, in some (secure) registry the code for John might
> already include something like:
> 
> John Profile contains:
> "id" : "<id [of John] from the identifier registry>"
> type: 'Identity'
> "id": "<id [of Alfred] from the identifier registry>"
> type: "pseudonym"
> name: Alfred
> "id": "<id [of Bob] from the identifier registry>"
> type: type: "pseudonym"
> name: Bob
> 
> Or, perhaps the connection could be made within the 'Alfred' and 'Bob'
> profiles, rather than the John one, which would not contain them. Then
> finding out that, say, Alfred = John would not also entail finding out
> that Bob = John. I'm not sure which way the legal requirements would fit
> best.
> 
> Yet this alias connection must remain hidden unless accessed by a warrant.
> 
> How that can be carried out securely in code I have no idea.  ;-)

If the information is distributed and held by several different sources,
e.g. each credential issuer knows the pseudonymous ID it has issued, as
well as one of the user's actual or government issued IDs, then it would
need law enforcement to contact them all in order to link them together.
I dont think we need to have one unique ID for each user. Today I have
several e.g. passport number, driving licence number, social security
number. Each are unique, and each identifies me in the respective
government database. But they are not necessarily linked together by any
one of them.

regards

David

> 
> Steven
> 
>>
>> regards
>>
>> David
>>
>>>
>>> If so, yes, I did misunderstand that. I thought the id was
>>> identifying the "Alfred Identity Profile" or the "Bob Identity
>>> Profile". So they could be distinguished from each other, and
>>> thus pretend to be separate people (as far as the rest of the
>>> world knows).
>>>
>>> But...then, where does the id for the "Alfred Identity Profile"
>>> sit? An id that distinguishes it as a separate thing in the
>>> universe? And especially that distinguishes it from the Bob
>>> Identity Profile. Those two ids must be somewhere, right?
>>>
>>>
>>>> It always takes something else (e.g. a document) to be able to
>>>> talk about an actual thing. A thing itself is the thing, it is
>>>> not the description of the thing.
>>>
>>> Yes, I don't think that was the source of my confusion. I may be
>>> wrong, but I think the source of the confusion -- in addition to
>>> what I described above -- is the unfortunate coincidence (to the
>>> degree that it's a true coincidence, which is debatable I
>>> believe) of using identifiers, called "id" in the code, to
>>> identify everything including this thing human beings like to
>>> call "identity". Any statement that attempts to identify identity
>>> using identifiers is ripe for a descent in to infinite loops at
>>> the least misstep. ;-)
>>>
>>> Maybe that's a strong argument for using 'entity' throughout
>>> rather than 'identity', and I think I'd change my voting if I'd
>>> realized this earlier. Then we could be talking about 'id' and
>>> 'identifiers' of entities, not of identities. Which I, for one,
>>> would find a lot easier to follow. :-)
>>>
>>>
>>>> The statements within a profile associate information with an
>>>> Identity, such as what it is, its "type". So the "type" does
>>>> not refer to the profile document, it refers to the thing
>>>> you're talking about.
>>>
>>> I'm having trouble here. What is the referent for the first 'it',
>>> in 'what it is'? Is it 'Identity' or is it 'information'?
>>>
>>> What you seem to be saying is that the 'type' attribute doesn't
>>> refer to the profile document, it refers to the 'Identity'. But
>>> the example you gave literally says type: "identity". So you're
>>> saying the identity, the thing you're talking about, has a type
>>> which is 'identity'. But this is tautological.
>>>
>>> I.e., how can there possibly be an Identity that has another
>>> type? An Identity that has a type...--oh, wait. Could there be an
>>> identity that has a type "pseudonym"? Hmm...
>>>
>>>
>>>> The profile document is just a collection of statements *about*
>>>> the thing. It is a (typically incomplete) description of the
>>>> thing.
>>>
>>> Right, but as above, where is the id that identifies the profile
>>> document, which represents a (possibly) pseudonymous identity?
>>>
>>>
>>>> Let's talk about "profiles" using something other than
>>>> "Identity".
>>>
>>> Yes!!! :-)
>>>
>>> Or, alternatively, change the code so it uses something instead
>>> of 'identifier'.
>>>
>>> Like 'la' =  'label', instead of 'id' = 'identifier'. That would
>>> also remove the confusion with Identity as it is commonly used.
>>> This may seem like a long way around, but maybe not. Since the
>>> core reason for the VC to exist is to nail down 'Identity' as it
>>> is known globally and in the UN, then, using a term internally in
>>> the code that refers to everything that can possibly exist in the
>>> world, real or virtual, with a code term using a word, 'id' =
>>> 'identifier', that can be easily confused with the word
>>> 'identity' (and probably will be by all the naive developers and
>>> users of the final system) seems to be asking for trouble.
>>>
>>>
>>>> And that would be a different "profile" of the same cat. If you
>>>> wanted to give these "profiles" their own identifiers, you
>>>> could do that as well, but they would each get their own --
>>>> because they are different things -- and because they are
>>>> different from the cat itself.
>>>
>>> Agreed, see above. I was expecting this.
>>>
>>>> Similarly, people may create "identities" for themselves. You
>>>> may have one that you use for work, one for home life, one for
>>>> your medical records, whatever.
>>>
>>> Yes, I was expecting this also, and, ah, now I think I finally
>>> see:
>>>
>>> In my example earlier of John's two pseudonyms, Alfred and Bob, I
>>> was not right.
>>>
>>> What actually happens is that Alfred and Bob are *pre-registered*
>>> with ids, before anything else can happen. Then:
>>>
>>> Alfred Identity Profile contains:
>>>>>> "id": "<id [of Alfred] from the identifier registry>",
>>>>>> "type": "Identity",
>>>
>>> Bob Identity Profile contains:
>>>>>> "id": "<id [of Bob] from the identifier registry>", "type":
>>>>>> "Identity",
>>>
>>> So: 1. Neither contain a John id. 2. And the id they do contain
>>> doesn't refer to the Profile document itself. 3. And the Alfred
>>> Identity Profile, as a document, can have its own id...somewhere.
>>> Which you've probably already told me about in your reply by this
>>> time. :-)
>>>
>>> What fun language is.  :-)
>>>
>>> Steven
>>>
>>>
>>>
>>>
>>
>>
> 
Received on Saturday, 11 June 2016 17:38:24 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC