W3C home > Mailing lists > Public > public-credentials@w3.org > August 2014

Re: Preliminary Credentials Use Cases

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 26 Aug 2014 21:17:18 -0400
Message-ID: <53FD319E.7010807@digitalbazaar.com>
To: Steven Rowat <steven_rowat@sunshine.net>, public-credentials@w3.org
On 08/26/2014 07:50 PM, Steven Rowat wrote:
> On 8/24/14 1:08 PM, Manu Sporny wrote:
>> Use Case: Given the permission of the participants (payer, payee, 
>> buyer, merchant) of a transaction, the transaction metadata can be
>>  used to discover additional attributes associated with those 
>> participants. For example, given the buyer's authorization, a 
>> merchant could query the identity URL for the buyer contained in a
>>  digital receipt and obtain an up-to-date email address.
> IMO, it would be best to add "opt-in" before "permission" in the 
> first sentence. If this isn't written into the spec then I believe 
> someone will abuse it and begin harvesting data about unsuspecting 
> users merely on the basis that they haven't opted-out, and explain it
> as 'assumed permission'.

Good point, done:


> "Discover additional attributes", later in that sentence, is, after 
> all, the Web's current honeypot. I think there needs to be clarity 
> about who the owner of this honeypot is, and 'opt-in' might help nail
> that down.


>> Use Case: Use an existing, widely deployed identity provider 
>> mechanism (i.e. OpenID Connect) to integrate with the digital 
>> credentials sharing and payments initiation process.
> As written, this could be interpreted as using *only* OpenID 
> Connect.

Hmm, you're right, and that wasn't the intent.

> Isn't that against the spirit of the open standard and W3C 
> expectations?

Yes, it's against the spirit.

> If the latter I think the wording needs to change.

I've tried re-wording the text to make it more clear that we should
consider a number of options. Changed the 'use case' to a 'design
criteria'. Does this address your concern?


-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
Received on Wednesday, 27 August 2014 01:17:49 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:38 UTC