W3C home > Mailing lists > Public > public-credentials@w3.org > October 2014

Use Cases for 2014-10-07 Credentials Call

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 07 Oct 2014 07:42:55 -0400
Message-ID: <5433D1BF.3080904@digitalbazaar.com>
To: Credentials Community Group <public-credentials@w3.org>
What follows below are a set of simplified use cases from the remaining
list of use cases that Tim submitted, as well as some extra ones that
have come up during the calls and in side discussions. I've tried to
split them into atomic pieces to try and make it easier for us to go
through all of them tomorrow.

> EXISTING I have a patent or trademark.  I offer the use of this 
> patent or trademark subject to “this” agreement.

We should probably add the following use case:

An entity would like to prove that they have a particular qualification,
achievement, or quality that has been vouched for and digitally signed
by a 3rd party.

> CREATIVE COMMONS (MEDIA) I offer this content freely for civic use. 
> If you seek to print this photo, then i charge you $2 amount /
> Value. (take to printer, printer software sees credential  / claim,
> charges customer for print + fee / cost).

Addressed by Proof use case above plus Web Payments use cases. Already

> DATA RIGHTS / PRIVACY Before i send you these credentials
> - I need to receive a credential from a trusted authority that you 
> keep to your data agreements. ie: anti-malware company xyz actively 
> scans websites to identify what tracking data they’re using on the 
> relevant pages, generating RDF about these website behaviours as a 
> means to provide arbitration capabilities surrounding the use of 
> credentials for payments or other purpose.

This is the Proof + Verifiability use cases.

> If the website claims a type of pseudo-anonymity is provided by the 
> site; this is verified by the anti-malware organisation, who 
> counter-signs the credential at the time of transmission; therein 
> reinforcing a position of trust for the merchant through a trusted 
> 3rd party.

Again, Proof + Verifiability use cases.

> - I agree to providing you this information on the following terms 
> Terms are stipulated using RDF (some form of linked-data) and that 
> these terms be agreed to prior to transmission of payload data.

Covered by Data Rights design criteria in general, but the agreement
happens at the time of transmission, not before it. We'd need to figure
out if we want to have a protocol that requires an organization to agree
to rights before receiving data.


> - I have reason to believe you’ve broken your terms and i seek to 
> rescind access

Add a use case:

Access Revocation
Pre-authorized access to credentials may be revoked at any time by the

> - I have the right to change my mind (in certain instances)

Same as above.

> - I have the right to revokation of access to my data

Covered by pre-authorization use case.


> - I would like to audit who has access to what data

This is a facility that doesn't need to be standardized, the identity
provider could expose this feature in interesting ways as a competitive

> - I want to store a copy of any data relating to me with respect to 
> the use of this credential, on a service that is available to me.

Too vague.

> - Provider of these services declares it will not be providing you a 
> copy of this information pertaining to you.   I would therefore like 
> a record of this declaration as a constituent of providing my 
> details.

I don't understand what the first sentence is driving at.

The rest of these use cases are from Mark Leuba:

> Louisa is a college student who has completed her first two years at
>  Central Community College and wants to transfer to a four year 
> university to continue her bachelor’s degree in accounting.  Louisa 
> is also in the job market and wants her future employers to see the 
> types of courses and skills she has learned.

Great setup.

> Louisa has applied to two colleges and she wants to provide access to
> her transcripts from CCC to these new colleges to satisfy their 
> prerequisite requirements.

Covered either by Pre-authorization or Transmission use cases, but we
should probably make those use case more generic (and not payment specific).


> Louisa also recently applied for a job as a billing analyst at NewCo
>  and she wants to share her transcript and some of her school 
> projects with the interview team members to showcase her accounting,
>  leadership and communication skills.

Covered by Pre-authorization or Transmission use cases.


> Rather than send paper or physical copies via email, Louisa provides
>  secure, limited access to her transcript and online portfolio to the
>  college admissions department and to the NewCo HR department.

Covered by Pre-authorization use case.


> Louisa got the job at NewCo and is doing very well, taking advantage
>  of NewCo’s well-known professional development program by taking 
> several “learn at lunch” courses and receiving continuing education 
> units toward a certificate in accounting.

Covered by Storage, Proof, and Verifiability use cases. Again, we should
probably make those use cases more generic and not so payment specific.


> In the fall, Louisa started at Achievement University and begins 
> taking courses.  As Louisa finishes courses the credit is accumulated
> on her AU transcript.

Doesn't fall into a use case because a credential hasn't been issued by
AU? AU could issue a "local" credential for each course, which would
fall into the Storage use case:


> When finally Louisa receives her bachelor’s degree, she has 
> accumulated academic credentials at two accredited colleges and 
> professional credits at her employer.    Her college and work 
> experience have really complemented each other and now Louisa has the
> confidence to pursue her Certified Public Accountancy.   As part of
> Louisa’s application to the CPA program in Exemplar University’s 
> School of International Business, she grants secure, limited access 
> to her transcripts and portfolio at CCC, AU and NewCo to the Exemplar
> admissions officer for consideration.

Covered either by Pre-authorization or Transmission use cases.


After going through all of these use cases, it would be a shame to lose
the details. So we may have generic use cases and then specifics about
how the generic use case could be applied to different situations. That
would allow us to save all this really good text above and in Tim's
original emails.

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
Received on Tuesday, 7 October 2014 11:43:27 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:38 UTC