W3C home > Mailing lists > Public > public-credentials@w3.org > March 2016

Re: Comments on draft charter [Was: Agenda: Verifiable Claims Teleconference - Tuesday, March 8th 2016]

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Mon, 14 Mar 2016 03:37:16 +0000
Message-ID: <CAM1Sok0CmVEazk+7Eq_cP-zVnkVPCDmARvT4YbU4xWvKWUttJg@mail.gmail.com>
To: Steven Rowat <steven_rowat@sunshine.net>, public-credentials@w3.org
Re: Scope - can we insert 'browser independent' somewhere?  or is that
impractical?

On Mon, 14 Mar 2016 at 12:06 Timothy Holborn <timothy.holborn@gmail.com>
wrote:

> An important part of this requirement also relates to URI's and means in
> which to ensure accounts may be portable.
>
> therein, some sort of 'update' mechanic.
>
>
> On Mon, 14 Mar 2016 at 10:20 Steven Rowat <steven_rowat@sunshine.net>
> wrote:
>
>> On 3/13/16 3:44 PM, Dave Longley wrote:
>> > On 03/12/2016 06:27 PM, Steven Rowat wrote:
>> >> RE: "Identity fragility"
>> >>
>> >> I flagged this a few days ago and got no comments, but on re-reading
>> the
>> >> Charter draft it still stands out for me, and this time I have a
>> >> suggested improvement.
>> >>
>> >> Currently, the Problem Statement includes:
>> >>
>> >> "In existing attribute exchange architectures (like SAML, OpenID
>> >> Connect, Login with SuperProviderX, etc.), users, and their verifiable
>> >> claims, do not independently exist from service providers. This means
>> >> users can't easily change their service provider without losing their
>> >> digital identity. This leads to vendor lock-in, identity fragility,
>> >> reduced competition in the marketplace, and reduced privacy for all
>> >> stakeholders. "
>> >>
>> >> As this stands, the main direct problem for the credential holder --
>> >> besides privacy -- is 'identity fragility'. I'd suggest that:
>> >> a) that's vague
>> >> b) there are other things happening: IMO the vendor lock-in leads to
>> >> identity duplication, confusion, loss, and inaccuracy.
>> >>
>> >> Perhaps all those things together could be characterised as
>> 'fragility',
>> >> but since the vendor lock-in issue is a major reason why verifiable
>> >> claims are needed, IMO it's best to spell it out. I suggest the last
>> >> sentence be amended to:
>> >>
>> >> "This leads to: vendor lock-in, identity fragility (duplication,
>> >> confusion, loss, and inaccuracy), reduced competition in the
>> >> marketplace, and reduced privacy for all stakeholders."
>> >>
>> >> And of course we could also fight about (I mean discuss) which of those
>> >> four descriptors are accurate, and/or add others.
>> >
>> > "Undue/undesirable fragmentation" is another.
>>
>> Yes, but now on reconsidering the whole paragraph, I think there's
>> another problem (and possible improvement) in the previous sentence,
>> where it states "without losing their digital identity". Because if we
>> agree that 'identity fragility' contains several things (like
>> fragmentation, duplication, confusion, inaccuracy, loss), then
>> 'losing' their identity isn't always the most accurate way to view
>> what's happening. What's happening sometimes is that the identity gets
>> vague and hard to use or verify; not 'lost'. As you say, it fragments.
>>
>> So maybe adding 'fragmenting' to that previous sentence would work
>> (and removing 'loss' from the next one, because it's already used):
>> something like as follows :
>>
>> "In existing attribute exchange architectures (like SAML, OpenID
>> Connect, Login with SuperProviderX, etc.), users, and their verifiable
>> claims, do not independently exist from service providers. This means
>> users can't easily change their service provider without losing or
>> fragmenting their digital identity. This leads to vendor lock-in,
>> identity fragility (duplication, confusion, and inaccuracy), reduced
>> competition in the marketplace, and reduced privacy for all
>> stakeholders. "
>>
>> Steven Rowat
>>
>>
Received on Monday, 14 March 2016 03:37:55 UTC

This archive was generated by hypermail 2.3.1 : Monday, 14 March 2016 03:37:56 UTC