Re: Use-Cases - pseudo-anonymity examples from Dave Longley on 2016-03-02 (public-credentials@w3.org from March 2016)

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Wed, 2 Mar 2016 14:18:58 -0500
To: Steven Rowat <steven_rowat@sunshine.net>, public-credentials@w3.org
Message-ID: <56D73CA2.6070807@digitalbazaar.com>

On 03/02/2016 12:26 PM, Steven Rowat wrote:
> On 3/1/16 9:41 PM, Anders Rundgren wrote:
>> Pardon the naive question (I haven't followed the credentials work in
>> detail), but how is link between the credential and the documents it is
>> supposed to be associated with?
>
> I don't know. I was assuming in the new examples I provided (anonymous
> Journalist, Scientist whistle-blower, pseudonymous Novelist) that:
>    a)  it would turn out to be more or less the same code mechanism as
> the existing "June and the bottle" example would need;
>    b)  some mechanisms for doing this have been discussed in the past; and
>    c)  the current goal is to get the Charter accepted (work protocol
> time-lines and use-case goals), not specific data structures.
>
> So IMO the answer to your question lies in the work that would be done
> after the Credentials technical group is underway.
>
> But I may misunderstand the process. Can anyone else comment?

You understand the process correctly, but there is an element of this 
that is important in what user stories we tell in the use cases we're 
submitting for review.

As you have pointed out, scenarios that involve the use of 
pseudo-anonymous credentials may differ quite differently in terms of 
risk. It isn't necessarily true that the same mechanism used to provide 
pseudo-anonymity in low-risk scenarios would be the same as the one used 
in high-risk scenarios.

People reviewing the charter and use cases may look at high-risk 
scenarios and reason that the problem is too difficult to solve and 
decide to vote against the work proceeding. I myself think that there 
are high-risk pseudo-anonymity use cases that are not solved nearly as 
easily or via the same mechanisms as low-risk scenarios.

I think it's a good idea to keep high-risk scenarios around as targets 
for future work, but I don't think we should say we need to solve them 
in our first attempt to get work started. I would prefer to keep such 
use cases in our community group's "vision document" or "larger set of 
use cases for the future". I think they could be a distraction and harm 
our chances to get work started.

-- 
Dave Longley
CTO
Digital Bazaar, Inc.
http://digitalbazaar.com

Received on Wednesday, 2 March 2016 19:19:23 UTC