W3C home > Mailing lists > Public > public-webpayments@w3.org > August 2011

Re: Web Payments and Identity Verification

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 28 Aug 2011 19:17:06 -0400
Message-ID: <4E5ACC72.6050407@digitalbazaar.com>
To: public-webpayments@w3.org
On 08/28/2011 02:20 PM, Steven Rowat wrote:
> On 8/27/11 1:49 PM, Manu Sporny wrote:
>
>> Those requirements seem diametrically opposed to one another. How can
>> you have a central authority that is required to check that ownership
>> claims for a particular piece of content is valid /and/ have anonymity
>> at the same time for whistle-blowers and political activists?
>
> Granted; it seems that having multiple authorities is better. And in my
> example of pseudonyms in the publishing industry, stretching back
> centuries, it would be a particular publisher (not, say, "The State")
> who would be trusted with the connection to the author who wished to
> remain anonymous.

Yes, exactly. In PaySwarm a buyer's identify can be anonymous to an 
"asset provider" (a person selling something). That is, you can get a 
"shadow financial account" and buy things anonymously using that 
account. With shadow accounts, those selling things to you don't know 
who you are, but your PaySwarm Authority always knows who you are. So, 
for example, if a buyer violates a license - an asset provider still has 
recourse to go after the person through the courts... but you will need 
a subpena to get their identity.

This mechanism is important for people that are purchasing things that 
they feel would embarrass them if it were to become public knowledge.

We have thought about doing fully anonymous buying/selling but have 
moved away from that approach as we have tried to balance privacy with 
monetary security. There are a few good use cases for fully anonymous 
buying/selling - but it increases the technical complexity of the whole 
system to the point that the added functionality is not worth the added 
complexity.

That said, both of these mechanisms are supported by PaySwarm:

Asset Providers (authors, artists, whistle-blowers, etc.) can remain 
anonymous by going through a proxy organization (such as a news paper 
publisher, gallery, WikiLeaks, etc.). Buyers can remain anonymous by 
using shadow financial accounts. Both mechanisms cannot withstand a subpena.

If one wants true anonymity, they may want to use a combination of 
BitCoin, a mixnet (such as Tor), and a public Internet connection in an 
airport. However, if they do that - neither buyers or Asset Providers 
have any recourse - the whole purpose behind a digital contract (having 
a certificate of authenticity) becomes null and void.

>> identity. We've been impressed with a sub-set of WebID to publish
>> identity (public keys, which are then used to verify digital signatures).
>
> Very interesting; thank you. Demo was clean and fast. This seems like an
> interesting step. I dislike having Flash but I understand that it was
> (is) necessary to make your point. Hopefully eventually WebID or
> something like it will function without Flash.

Flash was required in the beginning but it isn't required anymore. Our 
implementation of WebID works over HTML5 Web Sockets - there is nothing 
proprietary required to make it work and any browser supporting HTML5 
Web Sockets supports the protocol. Unfortunately, we have been unable to 
convince the WebID XG to take this approach, which is why we had to 
reject the login component of WebID and instead just use the identity 
portion of it (expressing the identity and the public key using RDFa).

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Uber Comparison of RDFa, Microformats and Microdata
http://manu.sporny.org/2011/uber-comparison-rdfa-md-uf/
Received on Sunday, 28 August 2011 23:17:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 28 August 2011 23:17:36 GMT