- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Tue, 13 Jun 2017 20:57:33 +0000
- To: David Chadwick <D.W.Chadwick@kent.ac.uk>, public-credentials@w3.org
- Message-ID: <CAM1Sok0fizg11SmHR9DoE4hzGocNMXx=ODsvRrJ23wLR+ouyYQ@mail.gmail.com>
Does this bring about a series of modality considerations? On Wed., 14 Jun. 2017, 6:15 am David Chadwick, <D.W.Chadwick@kent.ac.uk> wrote: > The point I was making is that today, employees with security clearances > have access to documents that should not be revealed to the press or > foreign nationals, and the vast majority of employees comply. > Occasionally one employee might release information to Wikileaks or > similar and there is nothing that technology can do to stop this. So we > could adopt the same model for VCs. Employees are given VCs and told > they should not release them to inspectors outside the organisation (and > the VC could contain a policy statement to this effect), but once they > are home, the employee could release them if they wanted to. > > This is because the trust model of VCs is fundamentally different to > that of federated identity management systems - see my doc on VC > lifecycles for the trust model > > https://drive.google.com/file/d/0B2qPJBxhjfdqYmJGaE5HODFLZ3ROUFAxQ05yOG9uRTBaaDlr/view > > > regards > > David > > On 13/06/2017 19:15, msporny@digitalbazaar.com wrote: > > David Chadwick: Concept of high security credentials that should > > not be released to anyone outside the org. Nothing in the > > technology would stop stepping outside restrictions of employer > > (kimhd: not sure I captured this statement correctly) > >
Received on Tuesday, 13 June 2017 20:58:19 UTC