W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: Proof of possession

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Wed, 15 Jun 2016 15:52:04 +0000
Message-ID: <CAM1Sok3Ph7h5Uqd=y_3XP0itR1dku7kFEUdE9JNJa77Qnpf-hA@mail.gmail.com>
To: Steven Rowat <steven_rowat@sunshine.net>, public-credentials@w3.org
On Thu, 16 Jun 2016 at 01:02 Steven Rowat <steven_rowat@sunshine.net> wrote:

> On 6/15/16 6:53 AM, Timothy Holborn wrote:
> > these things should help people provide proof of 'knowledge' they
> > possess.   Doesn't matter where someone comes from - it matters what
> > they do.
>
> Good point, but both matter. Academic and other qualifications rely on
> the certified reputation system that you're accurately criticizing as
> not always accurate. But it's accurate sometimes, to some degree. It's
> also useful.
>
> I'm hoping that the Credentials system being developed here will add
> the capability to accrue reputation to the documents themselves that
> you produce -- the work that you do -- via the opinions of the people
> who buy it, -- which is what I think you're describing (or one way
> that can happen).
>
> But 'where someone comes from' also can contain what they did in the
> past, often repeatedly, often under great stress (Medical degree), and
> is also a good indicator to what they might do in the future.
>
> family helped start and still work at a very large medical organisation.
I think sadly, for many people, they may see a doctor on a multitude of
occassions and still not get information as good as if i make a
phone-call...

Medical services in Australia are paid for by GOV and doctors are
encouraged to keep their sessions short, with quick-turnover, by 'practice
managers' who in-turn help make the 'business successful'...

i think an array of changes can happen with credentials including the means
in which fluid / tissue samples are analysed and how those services are
billed.  why only do one test if the computers can do a bunch simply using
additional algorithms?

If you check that out - you'll find that even without a medical degree -
those sorts of 'ideas' if implemented - can positively impact the lives of
many...

Yet, thats not how the businesses work today and i sometimes the reasons
around how technology is applied and areas for which it is not applied,
confuses me...

but as noted - medical family...  'do no harm'...
Tim.H.

Steven
>
>
> >
> > Tim.h.
> >
> >
> > On Wed, 15 Jun 2016 at 23:16 Manu Sporny <msporny@digitalbazaar.com
> > <mailto:msporny@digitalbazaar.com>> wrote:
> >
> >     On 06/15/2016 06:00 AM, David Chadwick wrote:
> >     >> Surely the community college had a data propagation strategy! Not
> >     >> all of them do, and even if they do, some of them still let
> >     >> students slip through the cracks.
> >     >
> >     > Point taken, but one would hope that in the intervening period
> >     > between getting a qualification and the college going out of
> >     > business, the student would have gained some practical skills that
> >     > would trump the certificate.
> >
> >     That is not guaranteed to happen, especially for people of limited
> >     economic means. Sometimes a community college degree is all you
> >     have to
> >     prove that you're capable of doing advanced secretarial work,
> >     maintenance work, or other such activities. Given the choice between
> >     someone that has a questionable past, and someone that doesn't, all
> >     things being more or less equal employers will probably go with
> >     the set
> >     of people whose background checks panned out.
> >
> >     > Here is another example. I get a 10 year guarantee for some
> building
> >     > work I have done on my house, and then next year the builder goes
> >     > out of business. My guarantee is now worthless. This happens all
> the
> >     > time in the UK unfortunately.
> >
> >     That's not the issue we were discussing. The issue was "what happens
> >     when someone loses their private key"... not "the issuer of the
> >     certificate issued a useless piece of paper".
> >
> >     >> ... and we can avoid all of this by using identifiers that are not
> >     >>  cryptographic in nature (e.g. DIDs).
> >     >
> >     > But one still has to prove possession of the DID. Sure, it can be
> >     > shown that the DID was created at some point in the past, but
> >
> >     A set of one or more public keys under your control that are
> >     associated
> >     with the DID entry. See "publicKey" in the following for an example:
> >
> >
> https://authorization.io/dids/did:76d0cdb7-9c75-4be5-8e5a-e2d7a35ce907
> >
> >     > what proves that it was you who created it, and not some imposter
> >     > saying that they created it?
> >
> >     DIDs are first-come, first-serve. Entries are created by signing
> >     the DID
> >     object (the thing at the URL above). The signature proves you have
> >     control of the private key. Claims are tied to the DID, not the key
> >     fingerprint. It's a simple, but important distinction.
> >
> >     -- manu
> >
> >     --
> >     Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> >     Founder/CEO - Digital Bazaar, Inc.
> >     blog: The Web Browser API Incubation Anti-Pattern
> >     http://manu.sporny.org/2016/browser-api-incubation-antipattern/
> >
>
>
Received on Wednesday, 15 June 2016 15:52:47 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC