W3C home > Mailing lists > Public > public-credentials@w3.org > October 2016

Re: Verifiable Claims Charter Proposal prepped for W3M

From: David Chadwick <D.W.Chadwick@kent.ac.uk>
Date: Thu, 6 Oct 2016 13:01:04 +0100
To: public-credentials@w3.org
Message-ID: <6fe1e51c-51bb-16ec-10b1-3867a3caf27d@kent.ac.uk>


On 02/10/2016 19:51, Manu Sporny wrote:
> On 10/01/2016 04:39 AM, David Chadwick wrote:
>> my immediate comment upon reading the new charter, is "why isn't a
>> SAML assertion a verifiable claim?".
> 
> That's a valid concern. I'm concerned about the same sort of push-back.
> I think we're covered because we now point to "charter motivations" in
> the intro to the charter:
> 
> """
> Readers that are new to this work should examine the motivations that
> led to this charter.
> """
> 
> Which points here:
> 
> http://w3c.github.io/webpayments-ig/VCTF/charter/charter-motivation.html
> 
> which outlines why using only SAML doesn't accomplish what motivated the
> charter in the first place (see "Problem Statement" second bullet item).

Note. The motivation document still does not contain the definition for
privacy-enhancing, even though it was agreed to add it in our email
discussions and telecon a couple of months ago.


> There is also a gap analysis that demonstrates the shortcomings of SAML:
> 
> http://manu.sporny.org/2015/credentials-retrospective/#saml
> 
> So, we have a fairly detailed response for the "why isn't a SAML
> assertion a verifiable claim?" question.

Agreed that it can be discovered by further reading, but the point I am
making is that this extra digging should not be necessary.


> 
>> When I read it with the SAML model in mind, it seems to me that it
>> fits the charter, and hence many (particularly new) readers might
>> argue that the work is not needed.
> 
> Based on a quick read of this:
> 
> http://manu.sporny.org/2015/credentials-retrospective/#saml
> 
> Do you still believe that to be true?

your document clearly shows why SAML is not suitable, but this is not
part of the charter proposal.


> 
>> Don't you think the charter ought to contain the definition for a 
>> verifiable claim in order to make it crystal clear to the reader what
>> we are talking about?
> 
> The charter does contain the definition of a "verifiable claim" here:
> 
> http://w3c.github.io/webpayments-ig/VCTF/charter/rc-3.html#terminology

I know, but this definition is too generic and non-specific, so that a
SAML assertion fits this definition. Is that the intention?

If not, then there should be something in the definition about the free
standing nature of the claim, that it is transportable, independent etc
(i.e. self-sovereign without using the term is it is deemed unacceptable)


> 
> However, that definition alone is not enough.

I agree, but I would say that a better definition is essential even
though on its own it does not convey the semantics of the entire VC
eco-system.

> One needs to understand
> the greater ecosystem we're trying to build and we endeavor to point
> people in that direction. It's true that a number of readers will not
> follow the link or string everything together, but in those cases, we
> can point to the reasons that they might object to the work.

Lets try to make it easier for people if we can, by having a more
precise definition

regards

David

> 
> -- manu
> 
Received on Thursday, 6 October 2016 12:02:31 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:32 UTC