W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: Proof of possession

From: Kerri Lemoie <kerri@openworksgrp.com>
Date: Wed, 15 Jun 2016 10:05:09 -0400
Cc: Manu Sporny <msporny@digitalbazaar.com>, public-credentials@w3.org
Message-Id: <ACFE2895-11FF-479A-AF5C-10523D9BF63F@openworksgrp.com>
To: Timothy Holborn <timothy.holborn@gmail.com>
+1 to the problem with losing keys. Also, we shouldn’t assume that everyone is using a computer where their keys are stored. 

With Open Badges, it is more than who the credential came from. Open Badges contain evidence and other data that can prove what you can do.





> On Jun 15, 2016, at 9:53 AM, Timothy Holborn <timothy.holborn@gmail.com> wrote:
> 
> with some embarrassment, i left school a year prior to finishing high-school to in-part care for my family (and parent) in difficult circumstances.
> 
> later i was admitted to a masters qualification for innovation and entrepreneurship based on evidence, yet another family issue beset me. 
> 
> doesn't mean i qualify for a great many jobs who require degrees...   
> 
> proof of possession for what?  
> 
> It's important we're not producing additional lock-in's / lock-outs. educational qualifications have successfully made themselves more and more important, yet in 2000-2 - no courses did anything to do with VOD when i was working with a 1Mbps nDVD codec for pre movielink/moviefly stuff.  I can go on and on and on about it - but that won't help me with a traditional job...
> 
> these things should help people provide proof of 'knowledge' they possess.   Doesn't matter where someone comes from - it matters what they do.
> 
> Tim.h.
> 
>  
> On Wed, 15 Jun 2016 at 23:16 Manu Sporny <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com>> wrote:
> On 06/15/2016 06:00 AM, David Chadwick wrote:
> >> Surely the community college had a data propagation strategy! Not
> >> all of them do, and even if they do, some of them still let
> >> students slip through the cracks.
> >
> > Point taken, but one would hope that in the intervening period
> > between getting a qualification and the college going out of
> > business, the student would have gained some practical skills that
> > would trump the certificate.
> 
> That is not guaranteed to happen, especially for people of limited
> economic means. Sometimes a community college degree is all you have to
> prove that you're capable of doing advanced secretarial work,
> maintenance work, or other such activities. Given the choice between
> someone that has a questionable past, and someone that doesn't, all
> things being more or less equal employers will probably go with the set
> of people whose background checks panned out.
> 
> > Here is another example. I get a 10 year guarantee for some building
> > work I have done on my house, and then next year the builder goes
> > out of business. My guarantee is now worthless. This happens all the
> > time in the UK unfortunately.
> 
> That's not the issue we were discussing. The issue was "what happens
> when someone loses their private key"... not "the issuer of the
> certificate issued a useless piece of paper".
> 
> >> ... and we can avoid all of this by using identifiers that are not
> >>  cryptographic in nature (e.g. DIDs).
> >
> > But one still has to prove possession of the DID. Sure, it can be
> > shown that the DID was created at some point in the past, but
> 
> A set of one or more public keys under your control that are associated
> with the DID entry. See "publicKey" in the following for an example:
> 
> https://authorization.io/dids/did:76d0cdb7-9c75-4be5-8e5a-e2d7a35ce907 <https://authorization.io/dids/did:76d0cdb7-9c75-4be5-8e5a-e2d7a35ce907>
> 
> > what proves that it was you who created it, and not some imposter
> > saying that they created it?
> 
> DIDs are first-come, first-serve. Entries are created by signing the DID
> object (the thing at the URL above). The signature proves you have
> control of the private key. Claims are tied to the DID, not the key
> fingerprint. It's a simple, but important distinction.
> 
> -- manu
> 
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The Web Browser API Incubation Anti-Pattern
> http://manu.sporny.org/2016/browser-api-incubation-antipattern/ <http://manu.sporny.org/2016/browser-api-incubation-antipattern/>
> 
Received on Wednesday, 15 June 2016 14:05:47 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC