W3C home > Mailing lists > Public > public-credentials@w3.org > March 2016

Re: Use-Cases - pseudo-anonymity examples

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Wed, 2 Mar 2016 15:27:59 -0500
To: Steven Rowat <steven_rowat@sunshine.net>, public-credentials@w3.org
Message-ID: <56D74CCF.7060806@digitalbazaar.com>
On 03/02/2016 02:46 PM, Steven Rowat wrote:
> On 3/2/16 11:18 AM, Dave Longley wrote:
>>> It isn't necessarily true that the same mechanism used to
>> provide pseudo-anonymity in low-risk scenarios would be the same
>> as the one used in high-risk scenarios.
> Thank you, I understand better now.
>> People reviewing the charter and use cases may look at high-risk
>> scenarios and reason that the problem is too difficult to solve
>> and decide to vote against the work proceeding.
> [snip]
>> I think [these high-risk scenarios] could be a distraction and harm
>> our chances to get work started.
> Yes, I see: this seems pragmatically sound,--from a group-politics
> perspective.
> But there may be people for whom the high-risk pseudo-anonymity
> use-case is the most important reason for having Web Payments and
> Credentials at all. (Due to the nature of the problem, I feel no need
> to give specific examples of who those people might be. LOL.)

I'd rather have those people be disinterested in the work or comment and
say "Oh, hey, could another user story here be something like a
whistleblower thing?" That's much better than someone else saying: "This
work is too hard. We file an formal objection to starting it."

I think the latter's more likely than someone filing a formal objection
because we don't call it out. Usually when people want you to add
something it's because they are interested in the work and would support
it. When people are against the work, their interest lies in
highlighting reasons why you may fail. Trying to remedy by taking away
those reasons may not assuage their desire to object, rather, the
objection becomes that the work is now worthless. It's better to avoid
that entirely to begin with.

Just because we don't have something in the user stories doesn't mean we
can't consider it in the work. We mention pseudo-anonymity in the use
cases, we just don't require the group to try to solve high-risk
scenarios. I think that gives us a happy middle ground where the group
can pursue it if they think they can handle it, but they don't incur the
overhead of having it as a requirement.

> I believe such people might be well-warned that the omission of this
>  type of use-case from the core use-cases accompanying the Charter
> Vote might lead to a higher chance of them never being resolved by
> the proposed technical work.
> And as you've pointed out, there may be unavoidable technical reasons
>  for this, at the current level of the technology.
> To speculate a little: maybe this is one of those things that will
> only be solved by a major leap in the technology, such as to the
> blockchain. Or something of that magnitude.

We'll leave that to a WG to figure out. I think if we proceed without
calling it out, a WG is more likely to exist to have that opportunity.

Dave Longley
Digital Bazaar, Inc.
Received on Wednesday, 2 March 2016 20:28:24 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 2 March 2016 20:28:24 UTC