W3C home > Mailing lists > Public > public-credentials@w3.org > March 2016

Re: Review of Verifiable Claims Working Group Charter

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Fri, 11 Mar 2016 07:56:14 +0000
Message-ID: <CAM1Sok1VnK=Z3sLe=hfFx0bpGoTvwDFWTx+ukRiTSViqkOoUKA@mail.gmail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>, John Tibbetts <john.tibbetts@kinexis.com>
Cc: Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials Community Group <public-credentials@w3.org>
I think additionally, the manifest concepts embedded within RDBMS solutions
are no longer the sole methods available.

We create insecurity by failling to acknowledge participants in a
decentralised and manifestly socially representable way as has happened and
continues to happen beyond the web.

The web required centralised data-stores and database schemas that were not
compatible.  Linked-data or Graph Database technology offers an array of
opportunities beyond improving the funnel, which in-turn produces security
floors due to singular hierarchical management schemas.

By decentralising, enabling people to have their 'verified' say and
allowing others to depend upon those 'verified' statements in
self-organising structures, root-cause analysis is far easier and therefore
far more economically efficient.

Furthermore, systems should be defined in such a way that the ledger be
'tamper evident' at a minimum.

USECASE

Two persons separate from a family union.  The mother (with infant child)
is left in the house and obtains legal aid (family law lawyer funding) and
is able to / advised to, immediately demand child-support.

The Father is unable to form an agreement with respect to access to the
child, until a court date which is many months in waiting, not much can be
done.  As such the child-support requirement is for full-time care by the
mother.

The Father is told they're not eligible for legal aid (lawyer funding)
unless they earn a nominal amount for a period of several months.  This
demand is made over the phone and the call is not recorded.

Forced to earn a nominal amount and with an erroneous calculation for
child-support, the father is made homeless and in doing so, incapacitated
to care for the child.

court arrives. access is granted, but the means to support the on-going
hostility is made incapable by financial circumstances.

The father later reads the relevant act and finds the requirement for legal
aid was contrary to the act.  tax returns are filed and child-support
believe it to 'punitive' to consider the over-payment issue further.

The child forgets the father (attachment relationship) and human rights of
the child have been varied by political means without consideration. Father
is left with nothing but child-support obligations.

Healthcare for parties are thereby required.  Healthcare providers are
required to understand the context of any health (including psychological
health) problems and address them, subject to available funds being made
available in-order to do so in cooperation with any parties who may have
been poorly affected throughout the predicates for anysuch use-case.
____________________________________________________

Credentials should both provide means for statistical resources to
universities as to support their production of sociology related thesis /
studies, and the means for those who engage in professional neglect and/or
erroneous acts on behalf of their employer to be easily identified and
addressed.

Tim.H.



On Fri, 11 Mar 2016 at 16:31 Melvin Carvalho <melvincarvalho@gmail.com>
wrote:

> On 11 March 2016 at 02:40, John Tibbetts <john.tibbetts@kinexis.com>
> wrote:
>
>> I’ve reviewed the Working Group Charter and, with a couple of minor
>> exceptions, think it’s a very creditable document.  It’s amazing to me how
>> quickly this group’s deliverables have evolved even with half the troupe
>> out sick.
>>
>> I have two comments:
>>
>> Section 2. Goals
>>
>> I was skeptical at first about Ian’s suggestion of making these points
>> more goal-like.  But I now realize that was a failure of imagination on my
>> part.  I now see that they are a big improvement.  (Manu says he’ll do some
>> word-smoothing over the weekend, but with that it’s an impressive set).
>>
>> However there’s one other point that might strengthen the goals.  Since
>> the Problem Statement explicitly includes the point about cross-industry
>> interoperability shouldn’t there be a goal that makes some assertion like:
>> Supporting extensible vocabularies that can serve the need of a variety of
>> industries.
>>
>> My wording here is somewhat anemic but the sense of this is that this
>> goal would address the capabilities that earlier on, in the ‘Retrospective'
>> blog post, we categorized as ‘Extensible Data Model’, or slightly
>> differently, ‘Decentralized Vocabulary’.  It seems that we ought to have
>> some goal in this section that addresses these issues.
>>
>>
>> Section 3.2. Security and Privacy Considerations
>>
>> I wonder if we shouldn’t slightly soften this sentence: "Protection of
>> the privacy of all participants in a credentials ecosystem is essential to
>> maintaining the trust that credential systems are dependent upon to
>> function.”.  I’m saying we should tone this down a mite for W3C political
>> reasons.  Think of it this way: there are a lot of folks out there who put
>> a lot of trust in OpenID Connect even though it’s a basic premise of this
>> group that we can do a lot better with Privacy.  So an OIDC advocate might
>> read this sentence as saying: if you can’t provide privacy of all
>> participants your credential system isn't trustworthy.  I’ll leave it to
>> those in our group who are more politically astute to judge whether this is
>> a vulnerability or just my imagination.
>>
>
> +1 soften.  It is slightly political but it shouldnt be political, it
> should be more balanced and technical -- I was chatting with a
> distinguished engineer at the IETF meet and the feeling is that we can do
> better here in the standards world.
>
> In general, much like the TSA in airports, we've gone a bit too far with
> security paranoia in some areas, identity being the main one.  And not far
> enough with other security items such as privacy, encryption and tracking.
>
>
>>
>>
>> Very nice job gang.
>>
>> John
>>
>>
>>
>>
>>
>
Received on Friday, 11 March 2016 07:56:58 UTC

This archive was generated by hypermail 2.3.1 : Friday, 11 March 2016 07:56:59 UTC