W3C home > Mailing lists > Public > public-credentials@w3.org > March 2016

Re: Comments on draft charter [Was: Agenda: Verifiable Claims Teleconference - Tuesday, March 8th 2016]

From: Steven Rowat <steven_rowat@sunshine.net>
Date: Sat, 12 Mar 2016 15:27:15 -0800
To: public-credentials@w3.org
Message-ID: <56E4A5D3.9080603@sunshine.net>
RE: "Identity fragility"

I flagged this a few days ago and got no comments, but on re-reading 
the Charter draft it still stands out for me, and this time I have a 
suggested improvement.

Currently, the Problem Statement includes:

"In existing attribute exchange architectures (like SAML, OpenID 
Connect, Login with SuperProviderX, etc.), users, and their verifiable 
claims, do not independently exist from service providers. This means 
users can't easily change their service provider without losing their 
digital identity. This leads to vendor lock-in, identity fragility, 
reduced competition in the marketplace, and reduced privacy for all 
stakeholders. "

As this stands, the main direct problem for the credential holder -- 
besides privacy -- is 'identity fragility'. I'd suggest that:
a) that's vague
b) there are other things happening: IMO the vendor lock-in leads to 
identity duplication, confusion, loss, and inaccuracy.

Perhaps all those things together could be characterised as 
'fragility', but since the vendor lock-in issue is a major reason why 
verifiable claims are needed, IMO it's best to spell it out. I suggest 
the last sentence be amended to:

"This leads to: vendor lock-in, identity fragility (duplication, 
confusion, loss, and inaccuracy), reduced competition in the 
marketplace, and reduced privacy for all stakeholders."

And of course we could also fight about (I mean discuss) which of 
those four descriptors are accurate, and/or add others.

Steven
Received on Saturday, 12 March 2016 23:27:41 UTC

This archive was generated by hypermail 2.3.1 : Saturday, 12 March 2016 23:27:41 UTC