- From: Adrian Hope-Bailie <adrian@hopebailie.com>
- Date: Thu, 8 Dec 2016 23:18:23 +0200
- To: Tantek Çelik <tantek@cs.stanford.edu>
- Cc: "Varn, Richard J" <rvarn@ets.org>, Gray Taylor <gtaylor@conexxus.org>, "singer@apple.com" <singer@apple.com>, David Ezell <David_E3@verifone.com>, Michael Champion <Michael.Champion@microsoft.com>, Manu Sporny <msporny@digitalbazaar.com>, Nate Otto <nate@badgealliance.org>, "Stone, Matthew K" <matt.stone@pearson.com>, Chris Wilson <cwilso@google.com>, Mark Nottingham <mnotting@akamai.com>, "w3c-ac-forum@w3.org" <w3c-ac-forum@w3.org>, "public-webpayments-comments@w3.org" <public-webpayments-comments@w3.org>, Drummond Reed <drummond@respectnetwork.com>, Nathan George <nathan.george@evernym.com>, Kerri Lemoie <kerri@openworksgrp.com>, David Chadwick <d.w.chadwick@kent.ac.uk>, Eric Korb <Eric.Korb@accreditrust.com>, Christopher Allen <ChristopherA@blockstream.com>, Phil Archer <phila@w3.org>, Linda Toth <ltoth@conexxus.org>, Jay Johnson <jay@qples.com>, Bob Burke <bburke@kou.pn>
- Message-ID: <CA+eFz_KVByiDiNJjLyCp-K2q4FpLq3A+_KrQS8iYUTcOKRO3bw@mail.gmail.com>
What I am still waiting for is a citation (or anything more than anecdotal evidence) for the following statement which seems to be the crux of all arguments I have heard against this work to date: "long experience has shown in W3C that "if we standardize it, they will come as needed" is a generally false assertion." On 8 December 2016 at 23:01, Tantek Çelik <tantek@cs.stanford.edu> wrote: > On Thu, Dec 8, 2016 at 12:51 PM, Varn, Richard J <rvarn@ets.org> wrote: > > I cannot say I much appreciate your discourteous tone. > > Please don't misinterpret directness as discourteousness. I will > interpret tone-policing of content criticisms as insecurity. > > > Attached is the information on state of digital driver's licenses I got > from the Internet in 3 minutes and 25 seconds. > > Thanks I will take a look. > > > So there should be some greater use of citations by us > > By everyone. > > > > and some basic research by you > > No. > > This is part of the problem that Chris, Mike, David have pointed out. > Any expectation from advocates that critics are supposed to do their > own research is an unreasonable attitude of time-entitlement. > > This is such a fundamentally flawed attitude that it further undercuts > any faith in verifiable claims efforts. > > Imagine if a recipient of a claim was told to "do some basic research" > in order to verify it. It would be totally unacceptable as a protocol. > > Tantek > > > > -----Original Message----- > > From: Tantek Çelik [mailto:tantek@cs.stanford.edu] > > Sent: Thursday, December 08, 2016 3:28 PM > > To: Gray Taylor <gtaylor@conexxus.org> > > Cc: singer@apple.com; David Ezell <David_E3@verifone.com>; Michael > Champion <Michael.Champion@microsoft.com>; Manu Sporny < > msporny@digitalbazaar.com>; Nate Otto <nate@badgealliance.org>; Stone, > Matthew K <matt.stone@pearson.com>; Chris Wilson <cwilso@google.com>; > Tantek Çelik <tantek@cs.stanford.edu>; Mark Nottingham < > mnotting@akamai.com>; w3c-ac-forum@w3.org; public-webpayments-comments@ > w3.org; Varn, Richard J <rvarn@ets.org>; Drummond Reed < > drummond@respectnetwork.com>; Nathan George <nathan.george@evernym.com>; > Kerri Lemoie <kerri@openworksgrp.com>; David Chadwick < > d.w.chadwick@kent.ac.uk>; Eric Korb <Eric.Korb@accreditrust.com>; > Christopher Allen <ChristopherA@blockstream.com>; Phil Archer < > phila@w3.org>; Linda Toth <ltoth@conexxus.org>; Jay Johnson <jay@qples.com>; > Bob Burke <bburke@kou.pn> > > Subject: Re: Voluntary (and non-) Standards (was: Support for Verifiable > Claims) > > > > tl;dr: Who verifies the claims of the Verified Claims advocates? > > > > (motivation) If Verified Claims advocates can't be bothered to provide > simple URL citations to verify their claims, why would anyone bother with > anything more complex? > > > > (dogfooding) If you're not living breathing the behaviors you're > advocating, why should anyone take advocations of (formalized versions > > of) those behaviors seriously? > > > > > > Longer: > > > > > > Not picking on you in particular Gray, because this is an endemic > problem that I have seen in pretty much all Verified Claims (CG/WG) > discussions. > > > > Lots of claims made in the prose of such messages/emails, usually zero > citations to verify those claims. Manu is the notable exception, he usually > provides quite a few citations for his points in his emails. > > > > So just as an example: > > > > > > On Wed, Dec 7, 2016 at 8:35 AM, Gray Taylor <gtaylor@conexxus.org> > wrote: > >> Interesting thread on legal standing. Right now, 9 states are > wrestling with putting verifiable drivers licenses on mobile devices (the > paper artifacts we use today are eminently fraud prone - just ask any > college student). > > > > Which 9 states? Citations to .gov sites that can be used to verify this > "9 states" claim? Or a citation to a summary thereof itself with citations > for the specific states? > > > > > >> In today's case, US State Department, DMV, Social Security > Administration, County records, etc. all act as trusted service providers > of the "paper and static ID" world; with great peril to the citizen as > these artifacts can be stolen easily. Their role won't change anytime soon. > > > > Presumably you're referring to passports, drivers licenses, social > security cards, etc. and expecting (likely) that these examples are > physically self-evident. > > > > > >> Conexxus' feeling is that we don't proscribe legal purview of > verifiable claims, but create an eco-system by which the "watchers" in > today's existential data world can choose reliable new technologies to > continue their mandated mission; and on a basis of NOT conveying > unnecessary and static PII, which is the Achilles heel of our online > existence. So the intent is to provide control over our own identities as > a first order. > > > > Could you provide a public Conexxus URL that describes this "eco-system" > goal in more detail? > > > > > >> If W3C creates a trusted environment framework, then the agencies will > adopt them as a matter of public demand (IMHO this will be an escalating > societal trend). > > > > This is a very shaky hypothesis, on multiple counts. > > > > First, agencies presumably adopt things without W3C involvement (e.g. > > whatever they have adopted today). > > > > Second, what successful examples can you cite of W3C created standards > involving trust (or anything else) that "agencies" subsequently adopted? > Whether from public demand or other motivation. I have seen no evidence to > support this "if ... then" hypothesis. > > > > > >> Each (global) jurisdiction will make its decision based on available > technology and political aims v. the will of their people. > >> > >> Our retail industry does not want to know anything about you beyond > "are you old enough to buy beer?" and can I capture the signature (read > legal verification) of the TSP saying you are? Certainly no business will > stake their liquor license on a semi-trusted service provider, so the > framework needs to authenticate the TSP as well. > > > > Presumably this is orthogonal or unrelated, as such businesses today > seem to (anecdotally) only accept government issued IDs for "are you old > enough". I would assume they will continue to do so, regardless of what > tech happens to be in such IDs, and I'd doubt they'd accept non-govt issued > IDs. > > > > > >> So long opinion, short, if we build it, they will come as needed ... > > > > build yes, just standardize no. And this discussion is about creating a > working group to create a standard. > > > > Specifically, long experience has shown in W3C that "if we standardize > it, they will come as needed" is a generally false assertion. > > > > More TR RECs (https://www.w3.org/TR/) than not have failed to gain any > serious broad traction (web browsers and servers implement a small subset > of W3C RECs, not to mention IETF RFCs). The number of obsolete, abandoned, > etc. W3C RECs and IETF RFCs greatly outnumbers those in modern use. I don't > have exact numbers, merely from personal analysis. > > > > > > <aside> > > > > The AB *is* working on a process for explicitly obsoleting abandoned > RECs to start cleaning this up, in the hopes that eventually the RECs > remaining are the ones that have actually be widely implemented, deployed, > and are in use. > > > > We've started with a few examples to help us drive the necessary process > changes: > > * https://www.w3.org/wiki/AB/2016_Priorities#Specifications_to_obsolete > > > > </aside> > > > > > >> who watches the watchers is the age-old question. > > > > who asks the claimers for citations for their claims? > > > > I'm going to keep asking for citations for claims until I see a cultural > shift towards people who want Verified Claims as a technology providing > URLs to substantiate their claims. > > > > I think everyone should adopt more of a [citation needed] practice, > especially in this community. > > > > Tantek > > > > > >> -----Original Message----- > >> From: singer@apple.com [mailto:singer@apple.com] > >> Sent: Tuesday, December 6, 2016 4:34 PM > >> To: David Ezell <David_E3@VERIFONE.com> > >> Cc: Michael Champion <Michael.Champion@microsoft.com>; Gray Taylor > >> <gtaylor@conexxus.org>; Manu Sporny <msporny@digitalbazaar.com>; Nate > >> Otto <nate@badgealliance.org>; Stone, Matthew K > >> <matt.stone@pearson.com>; Chris Wilson <cwilso@google.com>; Tantek > >> Çelik <tantek@cs.stanford.edu>; Mark Nottingham <mnotting@akamai.com>; > >> w3c-ac-forum@w3.org; public-webpayments-comments@w3.org; Richard Varn > >> <rvarn@ets.org>; Drummond Reed <drummond@respectnetwork.com>; Nathan > >> George <nathan.george@evernym.com>; Kerri Lemoie > >> <kerri@openworksgrp.com>; David Chadwick <d.w.chadwick@kent.ac.uk>; > >> Eric Korb <Eric.Korb@accreditrust.com>; Christopher Allen > >> <ChristopherA@blockstream.com>; Phil Archer <phila@w3.org>; Linda Toth > >> <ltoth@conexxus.org>; Jay Johnson <jay@qples.com>; Bob Burke > >> <bburke@kou.pn> > >> Subject: Re: Voluntary (and non-) Standards (was: Support for > >> Verifiable Claims) > >> > >> > >>> On Dec 6, 2016, at 14:15 , David Ezell <David_E3@VERIFONE.com> wrote: > >>> > >>> To the first point, I’m not sure what you mean by non-voluntary > standards organizations: ... I’m not sure this non-voluntary distinction > is worth fretting about. > >> > >> Some standards organizations (notably ITU) are the result of treaties, > and some (including ITU) produce standards that can later have the force of > law behind them. “X’s sold or made available in country Y must comply > with standard Z.” > >> > >> As you say, it’s not strongly relevant, except that in this field, some > of the use cases for verifiable claims also intersect with legal > requirements (e.g. being required to check the age of someone before > selling them certain products). We easily back into the ‘quis custodiet > custodies?’ problem if we’re not careful (who watches the watchers?) and > wonder “who is recognized legally as being able to prove the age of a > customer?”. > >> > >> > >> David Singer > >> Manager, Software Standards, Apple Inc. > >> > > > > ________________________________ > > > > This e-mail and any files transmitted with it may contain privileged or > confidential information. It is solely for use by the individual for whom > it is intended, even if addressed incorrectly. If you received this e-mail > in error, please notify the sender; do not disclose, copy, distribute, or > take any action in reliance on the contents of this information; and delete > it from your system. Any other use of this e-mail is prohibited. > > > > > > Thank you for your compliance. > > > > ________________________________ > >
Received on Thursday, 8 December 2016 21:19:01 UTC