W3C home > Mailing lists > Public > public-credentials@w3.org > June 2017

Re: "Identity" - is a modal notion and the matrix

From: Joe Andrieu <joe@joeandrieu.com>
Date: Sat, 03 Jun 2017 18:46:47 -0700
Message-Id: <1496540807.1493703.997893896.3889E8DD@webmail.messagingengine.com>
To: public-credentials@w3.org
On Sat, Jun 3, 2017, at 12:32 AM, David Chadwick wrote:
> On 02/06/2017 19:17, Joe Andrieu wrote:
>> For example, I may learn of a serial killer in my neighborhood and
>> without identifying that as a reason, reschedule an event that was to>> occur locally to a far away location. While I am acting on the
>> information associated with a given identity, I'm not authorizing
>> anything with respect to the serial killer. He/she remains completely>> unidentified in my subsequent actions and communications and I
>> haven't>> authorized any actions directly related impacting them.
> Thinking about this again overnight, I would say that it is a spurious> example. What is the VC, who is the holder, who is the issuer, and who> is the inspector? Which role does the serial killer play?
> It seems to me, that you are the inspector, who receives the VC from a> trusted issuer (maybe the police or the newspaper), and then
> decide how> to act as a result of this. But your subsequent actions are not part
> of> the VC model as far as I am aware, and are therefore out of scope.

The original question wasn't about VCs. It was about "authorization"
being a suitable explanation for every purpose of identity.
I wrote:
> On Fri, Jun 2, 2017, at 05:37 AM, David Chadwick wrote:
>> So I strongly believe that we identify entities in order to authorise>> actions by them or on them (depending upon whether they are the
>> subject>> or object of the action).
>> I would be pleased to hear from anyone who can specify a purpose of
>> identity/identification that does not involve authorisation.
> I think your notion of "authorize" would be more commonly regarded as
> acting on. I would go further and use the term apply.
My point was that identity--as used in relationship to the serial killer--
was used for something other than authorization with them as the object
or subject.
So, yes, it was spurious if you wanted to define a use case for VC. We
could torture one out of it by generating an alert from the police in a
verifiable claim, but that really wouldn't serve much.
More importantly, we know identity is out of scope. Any use cases based
on identity are out of scope.  But our conversations about privacy--a
major concern--need a grounded understanding of how privacy and
identity work.

Joe Andrieu, PMP
joe@legendaryrequirements.comLEGENDARY REQUIREMENTS
+1(805)705-8651Do what matters.


  1. http://www.legendaryrequirements.com
Received on Sunday, 4 June 2017 01:47:15 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:38 UTC