W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: Updated Verifiable Claims Use Cases document

From: Shane McCarron <shane@spec-ops.io>
Date: Wed, 22 Jun 2016 10:49:46 -0500
Message-ID: <CAJdbnODucUqjm89varPenGd==JxOUeJFxeWeJxC9wXgZm9NT7A@mail.gmail.com>
To: Steven Rowat <steven_rowat@sunshine.net>
Cc: Credentials Community Group <public-credentials@w3.org>
Comments inline:

On Wed, Jun 22, 2016 at 10:17 AM, Steven Rowat <steven_rowat@sunshine.net>
wrote:

> On 6/22/16 5:21 AM, Shane McCarron wrote:
>
>> Thanks to a bunch of people for chiming in on the use cases.  Most
>> people agreed that the use case scenarios we had were sufficient
>> (although we were missing a few - added now).  The biggest set of
>> comments was about presentation and organization.  So I, with the help
>> of many others, have reorganized the document to be more about users
>> and how they will benefit.
>>
>> You can see the latest (and hopefully stable) version
>> at http://w3c.github.io/webpayments-ig/VCTF/use-cases/
>>
>> I do not plan to make any further edits to this document prior to the
>> meeting on 1 July (unless someone points out an embarrassing typo!).
>>
>> I look forward to your feedback.  Feel free to use the github issue
>> tracker.
>>
>
> The new organization seems to improve it greatly, IMO.
>
> Except: I'm puzzled to see that the interesting
> whistleblowing/pseudonymity use-case in the previous version of the
> document has been removed. It was listed under "Social Authority", about
> the journalist who wanted to publish information without revealing their
> real name.
>
> I'm curious whether this was a policy decision? And if so, was it more
> that 'it's not important enough', or that 'it's important but we won't
> mention it for X reason'? If the former, I disagree; if the latter, I'd
> like to know the reason.
>

Hmm.   Neither.  In fact, I didn't know I dropped any scenarios from the
document.  I just did a complete walk through of the document.  There were
two scenarios that fell through the cracks:

"Freedom?" is an online forum that encourages free discussion about issues
controversial in Freedonia. The forum allows users to register anonymous
accounts, but it also allows users to obtain badges based upon real world
certifications. Paula has been certified as an aid worker, and wishes that
information to be marked on her posts. She shares her certificate with the
forum, but limits it to only verifying that she is the holder of the
certificate, that she is the subject of it, and that she is an aid worker.
In this way she maintains her anonymity in this controversial forum while
still being able to assist her fellow countrymen.


and

Anna is opening an account at a bank in Finland. As part of that process,
the bank asks her to provide two from a variety of possible sources to
confirm her identity - a so called "Know Your Customer" check. She selects
claims that confirm she receives postal mail at a certain address and that
she has a national ID card. Confirming these allows the bank to open her
account and be confident in her identity when she conducts transactions.



Both of these have value... I will see where I can slot them (back) in.
While this is a substantive change, it is not introducing new material (or
at least not material that wasn't there yesterday) so I am going to call it
editorial+.



>
> Also, I'd like to know if this pseudonymity capability is still envisioned
> to exist in the data model as a whole? Specifically, is there anything that
> would prevent a holder from registering an "Identity Profile" under a name
> that was not their legal name, and yet associating verifiable credentials
> such as professional credentials, proof that they've published certain
> public documents in the past, etc.  Or, to put it in the positive: does it
> still appear possible to do this? (I've assumed to this point that it was).
>

Of course.  Anyone can create anything they want.  That's sort of the whole
point.  Now when you get down to trust... obviously there are a number of
problems with attempting to use an "identity profile" that is not
legitimate for any sort of official purpose.  For example. my profile that
describes me as Elmer Fudd will get me into a local Anime convention, but
is unlikely to allow me to open a bank account.


>
> Two other points about the document as a whole.
>
> One -- too late to change probably, but I'll note -- one type of important
> User Need overall category that I believe could have been provided in
> section 3 is Publishing, which is a large industry that is undergoing a
> revolution as it moves online. To some degree it's included under
> "Professional Credentials -> Social Authority"  (or it used to be, in the
> previous version), but I think this doesn't give it enough status relative
> to its  social prominence. Publishing would include professionals writing
> books, journalists, fiction authors, music publishers, bloggers, and so on.
> I guess it's sort of a cross between the categories you have of "Retail"
> and "Social Authority", and IMO it's something that could explosively
> expand -- particularly if the combination of Web Payments and Credentials
> are worked out as a universal standard that supports it.
>

Thanks - that's good input.  It is unlikely that I can do anything
significant about it for this version, but I expect a revision or two
before handing off to a potential Working Group later this year.  So that's
the right time to increase the profile of other verticals.


>
> Second, it would be nice if there could be prominent links in the document
> to the other documents in the suite. For example, I wanted to jump to the
> data model to check something (from the Use Cases), and couldn't find a way
> and ended up searching through emails for the last announcement, and found:
> w3c.github.io/webpayments-ig/VCTF/
> and got there that way. Perhaps that address could be given at the top of
> each of the documents, so they can be navigated-between easily?


Hmm.  That's an interesting idea.  Normally it would be handled through
informative references at the end, with links from obvious places in the
text.  But maybe there is room for some boilerplate.... Manu?

-- 
Shane McCarron
Projects Manager, Spec-Ops
Received on Wednesday, 22 June 2016 15:50:49 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC