W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: Non-correlation / pseudo-anonymity (was Re: VOTE: Verifiable Claims Terminology)

From: Steven Rowat <steven_rowat@sunshine.net>
Date: Sun, 12 Jun 2016 08:24:40 -0700
To: David Chadwick <d.w.chadwick@kent.ac.uk>, public-credentials@w3.org, Manu Sporny <msporny@digitalbazaar.com>
Message-ID: <b6782b2b-118b-3e81-f6e7-5bc9bec94940@sunshine.net>
On 6/12/16 12:35 AM, David Chadwick wrote:
>
>
> On 12/06/2016 00:31, Steven Rowat wrote:
>> A. Pseudonymity (Alias) occurs at the issuer stage.
>> B. Pseudo-anonymity occurs at the Acceptor/Relaying Party/Checkpoint stage.
>>
>> For example, if we apply this to the Pseudo-anonymity use case in the
>> Editor's Draft June 11 VC use cases,
>> http://w3c.github.io/webpayments-ig/VCTF/use-cases/
>>
>> section 4.4.3, Pseudo-anonymity, and take the last example, of Paula:
>>
>> "...Paula has been certified as an aid worker, and wishes that
>> information to be marked on her posts. She shares her certificate with
>> the forum, but limits it to only verifying that she is the holder of the
>> certificate, that she is the subject of it, and that she is an aid
>> worker. In this way she maintains her anonymity..."
>>
>> This is scenario B, where at the Relaying Party stage of the credential,
>> Paula's name and other important data is withheld so as not to identity
>> her.
>>
>> Now, suppose Paula decides to write a book about her experiences, and
>> she is in danger of being killed if she tells the truth. She decides to
>> write the book anyway, call herself Norman, and publish it and have
>> "Norman" be paid for any sales.
>>
>> This is scenario A, Pseudonymity (Alias), and occurs at the issuer stage
>> of the credential.
>>
>> In Alias, scenario A, a government wanting to figure out if Norman and
>> Paula are the same person could do so, via the issuer. They will not
>> care particularly about scenario B.
>>
>> Thus Pseudonymity (Alias) and Pseudo-anonymity are substantially
>> different situations, and will require different levels of security and
>> different interfaces with the holder, the government, and the
>> credentials issuers and Relaying Parties.
>>
>> Does this make sense?
>>
>> If so, then it seems that only scenario B is covered in the VC use cases.
>>
>> If this is so, I suggest that scenario A, Alias (Pseudonymity), is just
>> as important in a social and even financial sense, and should be pursued
>> in parallel with Pseudo-anonymity.
>
> I think this can be catered for relatively easily in the existing use
> cases, by holders issuing credentials about themselves that only contain
> the name they want to be known by ie. their aliases. The use cases
> already state "It MUST be possible for any entity to issue a verifiable
> claim."

This sounds promising. Do you mean, to follow the Paula from VC use 
cases 4.4.3 example, that Paula can issue a verifiable credential 
saying that Norman is actually a professional journalist (Paula 
already has this credential, issued by a news corporation), and that 
now Norman (her Alias) will be able to use her journalist credential 
without revealing the name "Paula"?

In other words, that Paula will be able to issue a credential that 
authorizes the use of  her reputation credentials by her alias, 
without having to transfer the name 'Paula' as well?

And, possibly, if so, be able to authorize the "Norman" book income 
going to a bank account set up by Paula, by the same method?

In my opinion these two things, the ability of the alias to carry the 
credentials of the real person, and the ability of the real person to 
accept money earned by the alias, are core for full and effective use 
of an alias.

I'll go so far as to say that several hundred years of the traditional 
book publishing industry has honed this capability, pre-Internet. 
Publishers routinely issue books that give a blurb telling the 
author's credentials or capabilities, even when the author's name, 
like "Norman", is a pseudonym. The publisher knows the name is a 
pseudonym, but the public may or may not. And of course the publisher 
handles the flow of money to Paula that the public believes is being 
paid to "Norman".

I'd be very interested to know if both of these capabilities seem 
already provided for by the architecture of the VC model as currently 
described.

Steven
Received on Sunday, 12 June 2016 15:25:11 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC