W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: Proof of possession

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Wed, 15 Jun 2016 13:53:24 +0000
Message-ID: <CAM1Sok0m1bS32TCJ4Kuz+4HpHnZJHVbbzJGL7u6znKfprPqRkw@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>, public-credentials@w3.org
with some embarrassment, i left school a year prior to finishing
high-school to in-part care for my family (and parent) in difficult
circumstances.

later i was admitted to a masters qualification for innovation and
entrepreneurship based on evidence, yet another family issue beset me.

doesn't mean i qualify for a great many jobs who require degrees...

proof of possession for what?

It's important we're not producing additional lock-in's / lock-outs.
educational qualifications have successfully made themselves more and more
important, yet in 2000-2 - no courses did anything to do with VOD when i
was working with a 1Mbps nDVD codec for pre movielink/moviefly stuff.  I
can go on and on and on about it - but that won't help me with a
traditional job...

these things should help people provide proof of 'knowledge' they possess.
  Doesn't matter where someone comes from - it matters what they do.

Tim.h.


On Wed, 15 Jun 2016 at 23:16 Manu Sporny <msporny@digitalbazaar.com> wrote:

> On 06/15/2016 06:00 AM, David Chadwick wrote:
> >> Surely the community college had a data propagation strategy! Not
> >> all of them do, and even if they do, some of them still let
> >> students slip through the cracks.
> >
> > Point taken, but one would hope that in the intervening period
> > between getting a qualification and the college going out of
> > business, the student would have gained some practical skills that
> > would trump the certificate.
>
> That is not guaranteed to happen, especially for people of limited
> economic means. Sometimes a community college degree is all you have to
> prove that you're capable of doing advanced secretarial work,
> maintenance work, or other such activities. Given the choice between
> someone that has a questionable past, and someone that doesn't, all
> things being more or less equal employers will probably go with the set
> of people whose background checks panned out.
>
> > Here is another example. I get a 10 year guarantee for some building
> > work I have done on my house, and then next year the builder goes
> > out of business. My guarantee is now worthless. This happens all the
> > time in the UK unfortunately.
>
> That's not the issue we were discussing. The issue was "what happens
> when someone loses their private key"... not "the issuer of the
> certificate issued a useless piece of paper".
>
> >> ... and we can avoid all of this by using identifiers that are not
> >>  cryptographic in nature (e.g. DIDs).
> >
> > But one still has to prove possession of the DID. Sure, it can be
> > shown that the DID was created at some point in the past, but
>
> A set of one or more public keys under your control that are associated
> with the DID entry. See "publicKey" in the following for an example:
>
> https://authorization.io/dids/did:76d0cdb7-9c75-4be5-8e5a-e2d7a35ce907
>
> > what proves that it was you who created it, and not some imposter
> > saying that they created it?
>
> DIDs are first-come, first-serve. Entries are created by signing the DID
> object (the thing at the URL above). The signature proves you have
> control of the private key. Claims are tied to the DID, not the key
> fingerprint. It's a simple, but important distinction.
>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The Web Browser API Incubation Anti-Pattern
> http://manu.sporny.org/2016/browser-api-incubation-antipattern/
>
>
Received on Wednesday, 15 June 2016 13:54:02 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC