W3C home > Mailing lists > Public > public-credentials@w3.org > March 2016

Re: Comments on draft charter [Was: Agenda: Verifiable Claims Teleconference - Tuesday, March 8th 2016]

From: Steven Rowat <steven_rowat@sunshine.net>
Date: Sun, 13 Mar 2016 16:18:40 -0700
To: public-credentials@w3.org
Message-ID: <56E5F550.6000000@sunshine.net>
On 3/13/16 3:44 PM, Dave Longley wrote:
> On 03/12/2016 06:27 PM, Steven Rowat wrote:
>> RE: "Identity fragility"
>>
>> I flagged this a few days ago and got no comments, but on re-reading the
>> Charter draft it still stands out for me, and this time I have a
>> suggested improvement.
>>
>> Currently, the Problem Statement includes:
>>
>> "In existing attribute exchange architectures (like SAML, OpenID
>> Connect, Login with SuperProviderX, etc.), users, and their verifiable
>> claims, do not independently exist from service providers. This means
>> users can't easily change their service provider without losing their
>> digital identity. This leads to vendor lock-in, identity fragility,
>> reduced competition in the marketplace, and reduced privacy for all
>> stakeholders. "
>>
>> As this stands, the main direct problem for the credential holder --
>> besides privacy -- is 'identity fragility'. I'd suggest that:
>> a) that's vague
>> b) there are other things happening: IMO the vendor lock-in leads to
>> identity duplication, confusion, loss, and inaccuracy.
>>
>> Perhaps all those things together could be characterised as 'fragility',
>> but since the vendor lock-in issue is a major reason why verifiable
>> claims are needed, IMO it's best to spell it out. I suggest the last
>> sentence be amended to:
>>
>> "This leads to: vendor lock-in, identity fragility (duplication,
>> confusion, loss, and inaccuracy), reduced competition in the
>> marketplace, and reduced privacy for all stakeholders."
>>
>> And of course we could also fight about (I mean discuss) which of those
>> four descriptors are accurate, and/or add others.
>
> "Undue/undesirable fragmentation" is another.

Yes, but now on reconsidering the whole paragraph, I think there's 
another problem (and possible improvement) in the previous sentence, 
where it states "without losing their digital identity". Because if we 
agree that 'identity fragility' contains several things (like 
fragmentation, duplication, confusion, inaccuracy, loss), then 
'losing' their identity isn't always the most accurate way to view 
what's happening. What's happening sometimes is that the identity gets 
vague and hard to use or verify; not 'lost'. As you say, it fragments.

So maybe adding 'fragmenting' to that previous sentence would work 
(and removing 'loss' from the next one, because it's already used): 
something like as follows :

"In existing attribute exchange architectures (like SAML, OpenID 
Connect, Login with SuperProviderX, etc.), users, and their verifiable 
claims, do not independently exist from service providers. This means 
users can't easily change their service provider without losing or 
fragmenting their digital identity. This leads to vendor lock-in, 
identity fragility (duplication, confusion, and inaccuracy), reduced 
competition in the marketplace, and reduced privacy for all 
stakeholders. "

Steven Rowat
Received on Sunday, 13 March 2016 23:19:11 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 13 March 2016 23:19:12 UTC