Re: "Web Identity" -> "Web Credentials"

On 03/05/2014 05:38 AM, Anders Rundgren wrote:
> My concern is really on a more fundamental level: Who is the actual
> consumer of these identities?

Generally speaking, any entity (person or organization) that needs to
verify a piece of information about you. These entities include websites
you're logging into (verify email address), merchants and stores
(preferred payment processor), banks (KYC information such as government
issued ID), employers (certifications, licenses), and governments
(address information, birth certificates).

> In the conventional payment world (which I know more about than 
> WebPayments), you identify yourself (in some way...) to a payment 
> provider _once_.  After that you get access to a payment resource 
> which does not necessarily expose your identity.

These identities are used to expose the payment resource to the
merchant. So, for example, when you login to a website, that login
process may certify your email address and mobile number (so the
merchant can get in touch with you if there is an issue), your payment
provider (so a payment can be initiated), and your shipping address (so
the merchant can ship the good to you).

> It is IMHO rather the opposite, the _less_ identity you have to 
> provide during a payment operation the better.

Yes, for certain goods. At a minimum, most people provide their email
address, shipping address, and payment provider for physical good
purchases over the Web. The goal is to only expose as much as is
absolutely necessary, and there is certainly a plan to support low-value
pseudo-anonymous digital transactions.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Worlds First Web Payments Workshop
http://www.w3.org/2013/10/payments/

Received on Thursday, 6 March 2014 05:27:28 UTC