Re: Call for Focal DID Use Cases

« Correlation » is essential when fighting against financial crime, that’s why OECD has defined the concept of TIN (http://www.oecd.org/tax/automatic-exchange/crs-implementation-and-assistance/tax-identification-numbers/#d.en.347759 <http://www.oecd.org/tax/automatic-exchange/crs-implementation-and-assistance/tax-identification-numbers/#d.en.347759>) and imposes reporting to banks (CRS), thanks to « Panama Papers » and similar initiatives. 

Most discussions are taking the perspective of « me and and my service provider ». A condition of trust in the digital economy is however to know/discover your potential partners and apply some « due diligence ». This means that the potential counterpart must be identified and also the « beneficial owners ». 

To fight efficiently against financial crime, there should no limit, honest people have nothing to hide. The financial ecosystem should be organized in such a way that some trusted parties have access to « a lot » of information and can issue some VCs to be used by those who have restricted access. 
When making a transaction, the originating party must identify unambiguously the beneficiary. The originating party could establish a relationship with the beneficiary, verify the claims and instruct the transaction.

The problem is to organise such an ecosystem, much more than inventing the technology. In the meantime, Unique identifiers remain the best solution to improve financial security. A DID is nothing else than a unique identifier but it will take time and all side effects must be analysed: do it make sense to write a DID on a pallet and then, what’s the difference with a GLN? 
One could say there is a risk of correlating information with global IDs, but that’s exactly what the controllers in an ecosystem must do. 

Note that with DIDs, the problem of data management is just the same: the parties can move, merge,… You might be dealing with DID that no longer correspond to real identities.

Stephane

> Le 2 juin 2018 à 20:29, Manu Sporny <msporny@digitalbazaar.com> a écrit :
> 
> On 06/01/2018 03:37 PM, Jordan, John CITZ:EX wrote:
>> I don’t think we need a single identifier like we have been trying to
>> unsuccessfully have in some places for years. I feel like those 
>> numbers are a bad side effect of centralized database primary keys.
> 
> Agreed.
> 
>> I think the reason I am quite resistant to a single identifier (if 
>> that is what is being contemplated) for an organization is that in 
>> the real world stuff happens.
> 
> It was not what was being contemplated nor proposed, but I can see how
> one could interpret the use case as such, so we should make it clear
> that organizations/entities are expected to have more than one DID.
> 
> I said an "Organization gets a DID"... that doesn't mean its the /only
> DID/ the organization has.
> 
> This group has identified the "single long lived identifier / single
> entity" (e.g. SSN, DUNS, email address for identification) design as a
> privacy concern in the VC spec here:
> 
> https://w3c.github.io/vc-data-model/#identifier-based-correlation
> 
> and here:
> 
> https://w3c.github.io/vc-data-model/#long-lived-identifier-based-correlation
> 
> We list the "desirable ecosystem characteristics" that we want here:
> 
> https://w3c.github.io/vc-data-model/#use-cases-and-requirements
> 
> So the change that needs to be made to the Decentralized Corporate
> Identifiers use case is:
> 
> Clarify that organizations will have more than one DID, typically scoped
> appropriately to the interactions that they will perform using the DID.
> 
> -- manu
> 
> -- 
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The State of W3C Web Payments in 2017
> http://manu.sporny.org/2017/w3c-web-payments/
>