RE: Voluntary (and non-) Standards (was: Support for Verifiable Claims)

Interesting thread on legal standing.  Right now, 9 states are wrestling with putting verifiable drivers licenses on mobile devices (the paper artifacts we use today are eminently fraud prone - just ask any college student).  In today's case, US State Department, DMV, Social Security Administration, County records, etc. all act as trusted service providers of the "paper and static ID" world; with great peril to the citizen as these artifacts can be stolen easily.  Their role won't change anytime soon.

Conexxus' feeling is that we don't proscribe legal purview of verifiable claims, but create an eco-system by which the "watchers" in today's existential data world can choose reliable new technologies to continue their mandated mission; and on a basis of NOT conveying unnecessary and static PII, which is the Achilles heel of our online existence.  So the intent is to provide control over our own identities as a first order.

If W3C creates a trusted environment framework, then the agencies will adopt them as a matter of public demand (IMHO this will be an escalating societal trend).  Each (global) jurisdiction will make its decision based on available technology and political aims v. the will of their people.

Our retail industry does not want to know anything about you beyond "are you old enough to buy beer?" and can I capture the signature (read legal verification) of the TSP saying you are?  Certainly no business will stake their liquor license on a semi-trusted service provider, so the framework needs to authenticate the TSP as well.

So long opinion, short, if we build it, they will come as needed ... who watches the watchers is the age-old question.

-----Original Message-----
From: singer@apple.com [mailto:singer@apple.com]
Sent: Tuesday, December 6, 2016 4:34 PM
To: David Ezell <David_E3@VERIFONE.com>
Cc: Michael Champion <Michael.Champion@microsoft.com>; Gray Taylor <gtaylor@conexxus.org>; Manu Sporny <msporny@digitalbazaar.com>; Nate Otto <nate@badgealliance.org>; Stone, Matthew K <matt.stone@pearson.com>; Chris Wilson <cwilso@google.com>; Tantek Çelik <tantek@cs.stanford.edu>; Mark Nottingham <mnotting@akamai.com>; w3c-ac-forum@w3.org; public-webpayments-comments@w3.org; Richard Varn <rvarn@ets.org>; Drummond Reed <drummond@respectnetwork.com>; Nathan George <nathan.george@evernym.com>; Kerri Lemoie <kerri@openworksgrp.com>; David Chadwick <d.w.chadwick@kent.ac.uk>; Eric Korb <Eric.Korb@accreditrust.com>; Christopher Allen <ChristopherA@blockstream.com>; Phil Archer <phila@w3.org>; Linda Toth <ltoth@conexxus.org>; Jay Johnson <jay@qples.com>; Bob Burke <bburke@kou.pn>
Subject: Re: Voluntary (and non-) Standards (was: Support for Verifiable Claims)


> On Dec 6, 2016, at 14:15 , David Ezell <David_E3@VERIFONE.com> wrote:
> 
> To the first point, I’m not sure what you mean by non-voluntary standards organizations:  ... I’m not sure this non-voluntary distinction is worth fretting about.

Some standards organizations (notably ITU) are the result of treaties, and some (including ITU) produce standards that can later have the force of law behind them.   “X’s sold or made available in country Y must comply with standard Z.”

As you say, it’s not strongly relevant, except that in this field, some of the use cases for verifiable claims also intersect with legal requirements (e.g. being required to check the age of someone before selling them certain products). We easily back into the ‘quis custodiet custodies?’ problem if we’re not careful (who watches the watchers?) and wonder “who is recognized legally as being able to prove the age of a customer?”.


David Singer
Manager, Software Standards, Apple Inc.