> On 24 Sep 2015, at 22:02, Dave Longley <dlongley@digitalbazaar.com> wrote: > > We also need to be careful about the privacy implications here. To > explain this I'm going to lay out some quick terminology for a > user-centric system. > > In the Credentials CG work, we have four main parties that are involved > in a "credentials ecosystem". Here's a brief overview: > > 1. Users - entities about which claims are made > 2. Issuers - services that make claims > 3. IdPs - services that aggregate claims on behalf of Users > 4. Consumers - services that request and make use of claims > > Now, regarding privacy, it would be ideal if a User could interact with > Consumers without Issuers or IdPs being made aware of this fact. If > information is going to be transferred "server-to-server", this property > should be preserved. A further desirable property would be that the identifiers used between the User and Consumer are short lived (i.e. session based), to minimise loss of privacy across sessions or across Consumers. — Dave Raggett <dsr@w3.org <mailto:dsr@w3.org>>
Received on Friday, 25 September 2015 09:39:07 UTC