- From: Steven Rowat <steven_rowat@sunshine.net>
- Date: Sat, 12 Mar 2016 15:27:15 -0800
- To: public-credentials@w3.org
RE: "Identity fragility" I flagged this a few days ago and got no comments, but on re-reading the Charter draft it still stands out for me, and this time I have a suggested improvement. Currently, the Problem Statement includes: "In existing attribute exchange architectures (like SAML, OpenID Connect, Login with SuperProviderX, etc.), users, and their verifiable claims, do not independently exist from service providers. This means users can't easily change their service provider without losing their digital identity. This leads to vendor lock-in, identity fragility, reduced competition in the marketplace, and reduced privacy for all stakeholders. " As this stands, the main direct problem for the credential holder -- besides privacy -- is 'identity fragility'. I'd suggest that: a) that's vague b) there are other things happening: IMO the vendor lock-in leads to identity duplication, confusion, loss, and inaccuracy. Perhaps all those things together could be characterised as 'fragility', but since the vendor lock-in issue is a major reason why verifiable claims are needed, IMO it's best to spell it out. I suggest the last sentence be amended to: "This leads to: vendor lock-in, identity fragility (duplication, confusion, loss, and inaccuracy), reduced competition in the marketplace, and reduced privacy for all stakeholders." And of course we could also fight about (I mean discuss) which of those four descriptors are accurate, and/or add others. Steven
Received on Saturday, 12 March 2016 23:27:41 UTC