Re: Expiry time in Data Model from Timothy Holborn on 2016-05-23 (public-credentials@w3.org from May 2016)

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Mon, 23 May 2016 22:17:00 +0000
To: David Chadwick <d.w.chadwick@kent.ac.uk>, public-credentials@w3.org
Message-ID: <CAM1Sok0qaS+WmccbEvj9a+Ppx608wempM13+uY=AngVKky-oTw@mail.gmail.com>
On Mon, 23 May 2016 at 00:08 David Chadwick <d.w.chadwick@kent.ac.uk> wrote:

>
>
> On 22/05/2016 14:56, Timothy Holborn wrote:
> >
> >
> > On Sun, 22 May 2016 at 23:30 David Chadwick <d.w.chadwick@kent.ac.uk
> > <mailto:d.w.chadwick@kent.ac.uk>> wrote:
> >
> >
> >
> >     On 22/05/2016 13:26, Timothy Holborn wrote:
> >     > What about version control and therein; 'get latest'...
> >
> >     I dont think this is needed when have an issuing time and expiry
> time.
> >     You can tell from the former which is the latest credential
> >
> >
> > If a new version is released, then the older version has expired?
>
> Not necessarily. It depends upon the expiry time. It is frequently the
> case that I have had two credit cards from the same bank that are both
> valid simultaneously, and I am asked to cut up the older one. But I can
> continue to use it for a week or two if I wish.
>
> Expiry on a credit card was established prior to electronic transactions
where those who wanted to be paid, had an obligation to check the signature
and expiry date of the financial instrument that was recorded using
something like:
http://fearlessmen.com/wp-content/uploads/2013/09/Old-Credit-Card-Swiper.jpg


In a 'web payments' or credentials model; the date-validation identifying
whether the instrument can still be used is a real-time function.  The main
question relating to expiry IMHO would be; has the status changed and if so
how.

You might have a credential (v1 issued on some-date) that gave you a $5k
limit.  that may be upgraded if you got trapped at an airport with no money
to $15k and that may happen in seconds (issuance of v2) which may have in
the notation of the model, that the valid credential instrument must be the
most recent one (ie: v2 not v1).

in other models i think you are kinda correct - you might be able to use
both.  In that way, you might only need to 'qualify' the claim stated in
the first place.  many qualifications grow overtime and as such the
'credential' may be 'upgraded' therein supporting the notion of 'version
control' as a means to express these changes in state.

Yet if fraud was detected; then the credential chain would be invalid,
therefore needing to be revoked and a new-one issued stating the facts of
the newly found circumstance that doesn't involve any fraudulent acts or
claims.

Yet; one of the flaws of this model may relate to privacy.  say you've got
a driver who's keeps needing a breath-testing thing on the car. they've got
it for a while, loose the requirement for it, then get it back again.

The assumption would be that the history is not necessarily discoverable by
anyone requesting the D/L document, subject to law in effect...


> regards
>
> David
>
>
> FWIW - their my thoughts.  I think expiry happens when the thing doesn't
work anymore and i also think their are two related functions that were
carried out by a traditional expiry function - but may be better-off split
into two aspects 1. version-control 2. optional expiry date.

Tim.H.

>
> >
> > Tim.H.
> >
> >
> >     regards
> >
> >     David
> >     >
> >     > On Sun, 22 May 2016 at 22:01 Victoriano Giralt <victoriano@uma.es
> >     <mailto:victoriano@uma.es>
> >     > <mailto:victoriano@uma.es <mailto:victoriano@uma.es>>> wrote:
> >     >
> >     >     On 21/05/16 20:44, David Chadwick wrote:
> >     >     > You are mixing up the attribute/claim, date of birth (or
> >     similar)
> >     >     which
> >     >     > lasts forever, and the credential, which is a cryptographic
> >     digital
> >     >     > representation of it. This has to have an expiry time due to
> the
> >     >     > inherent weakness of the crypto.
> >     >
> >     >     You are very right, David, it is possibly me being thick
> >     because of the
> >     >     cabin pressure. I should read threads twice before responding
> >     from a
> >     >     plane :-) You already noted that in the thread, and you are
> right,
> >     >     signatures should be refreshed because of crypto.
> >     >
> >     >     > regards
> >     >
> >     >     double those ;-)
> >     >
> >     >     --
> >     >     Victoriano Giralt                             CIO
> >     >                                                   University of
> Malaga
> >     >     +34952131415                                  SPAIN
> >     >
>  ==================================================================
> >     >     Note: signature.asc is the electronic signature of present
> message
> >     >     A: Yes.
> >     >     > Q: Are you sure ?
> >     >     >> A: Because it reverses the logical flow of conversation.
> >     >     >>> Q: Why is top posting annoying in email ?
> >     >
> >
>
Received on Monday, 23 May 2016 22:17:37 UTC