RE: [identity-credentials] Clarity of definitions: Credentials, unbound identity, identity hardening, and bound identity from David Jackson on 2015-05-27 (public-webpayments-ig@w3.org from May 2015)

From: David Jackson <david.dj.jackson@oracle.com>
Date: Wed, 27 May 2015 11:25:26 -0700 (PDT)
To: Dave Raggett <dsr@w3.org>, Adrian Hope-Bailie <adrian@hopebailie.com>
Cc: Erik Anderson <eanders@pobox.com>, Web Payments IG <public-webpayments-ig@w3.org>
Message-ID: <eec9a726-c5f0-4b70-94e0-a88c8d73f61c@default>

Team,

In this discussion we are focused on proving identity. There are cases (privacy or for true cash transaction replacements, e.g. less traceable) where buyer and seller do not need to know each other, but identity is needed to be known by a trusted entity.  Just going back to Adrian’s comments:  

2.            Identify the parties to this transaction? (KYC, AML etc)

 

I’d like to offer that there are cases where we don’t want to force all parties to be known – just that the transaction will close. Besides the usual position people give about crime – there are legitimate reasons and situations where cash is delivered because the person wanted to complete a transaction and not be known to the other party. This donations, yes – gambling, auctions, merchants where the purchaser does not want to be known until trust is established (for example not wanting millions of “offers”), gifts, and other ideas.  These are simple examples but consider if the marketplace could accommodate truly anonymous payments – then cash could, in fact, be nearly eliminated.  Just a thought that maybe we have to be identified to a trusted entity but not to all of the other parties of the transaction.

-- 
HYPERLINK "http://www.oracle.com/"Oracle
David Jackson | Senior Director Financial Services
Mobile: HYPERLINK "tel:+16145601237"+1.614.560.1237 | VOIP: HYPERLINK "tel:+16144656654"+1.614.465.6654 
Oracle Industry Solutions Group
New York City | Columbus 

HYPERLINK "http://www.oracle.com/commitment"Green Oracle

Oracle is committed to developing practices and products that help protect the environment

 

 

From: Dave Raggett [mailto:dsr@w3.org] 
Sent: Wednesday, May 27, 2015 2:15 PM
To: Adrian Hope-Bailie
Cc: Erik Anderson; Web Payments IG
Subject: Re: [identity-credentials] Clarity of definitions: Credentials, unbound identity, identity hardening, and bound identity

 

 

On 27 May 2015, at 15:28, Adrian Hope-Bailie <HYPERLINK "mailto:adrian@hopebailie.com"adrian@hopebailie.com> wrote:

 

To harden this identity we must "tie it to reality". The problem is, anyone with the document in Example3 can present it and claim to be the subject of that document. In order to harden this identity we require a way for the holder to prove they are also the subject.

This can be achieved through technology by having biometric data in the document that can be verified by the consumer or the presenter must be able to sign a challenge with one of the keys used to sign the document or.... some other mechanism.

 

The requirement to embed biometric data isn’t obvious to me.  I would instead expect that we would have assertions about identities, e.g. a web identity used in a transaction and based upon an ecliptic curve key pair that applies to the {user, device, account} combo. This could be tied to a real world identity with attributes such as full name, address, data of birth, financial institution, account number etc.  

 

Essentially, KYC is addressed through a certificate that ties a web identity to a real world identity. Privacy considerations might weaken this to allow for a deferred binding that is only revealed upon a court order / legal proceedings. 

 

—

   Dave Raggett <HYPERLINK "mailto:dsr@w3.org"dsr@w3.org>

Received on Wednesday, 27 May 2015 18:25:59 UTC