- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 24 Oct 2014 22:20:28 -0400
- To: public-credentials@w3.org
On 10/24/2014 12:32 AM, Anders Rundgren wrote:
> Being "authorized" for a merchant may be only be an opaque token like
> in Apple Pay. I don't really see this in the current documents.
It's not documented clearly in the Identity Credentials spec, but the
intent is to support pseudo-anonymous identifiers/tokens:
http://opencreds.org/specs/source/use-cases/#pseudo-anonymity
Here's an example of a pseudo-anonymous credential:
{
"@context": "https://w3id.org/openbadges/v1",
"id": "http://ssa.us.gov/credentials/3f72a342bd55c2",
"type": "ProofOfAgeCredential",
"claim": {
"id": "https://idp.example.org/id/f892joiuds092qhfwh98f3",
"age": "18"
},
"expires": "2018-01-01",
"signature": {
"type": "GraphSignature2012",
"creator": "https://ssa.us.gov/keys/27",
"signature": "3780eyfh3q0fhhfiq3q9f8ahsidfhf29rhaish"
}
}
The above isn't implemented yet, but if you look at the "id" associated
with the claim:
https://idp.example.org/id/f892joiuds092qhfwh98f3
That identifier, when dereferenced, wouldn't contain much information
other than a public key associated with it (which can be used to prove
that the person transmitting the credential above is also in control of
the private key associated with the identity that the credential is
assigned to).
We're also working out a mechanism where the pseudo-anonymous identifier
would be portable via the use of a decentralized hashtable-like system
(e.g. Bitcoin blockchain, Telehash, etc.). So, instead of this:
https://idp.example.org/id/f892joiuds092qhfwh98f3
You'd have something like this:
dht:uuid:50d56ff7-d097-483c-8ccb-82ca9723470c
-- manu
--
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Saturday, 25 October 2014 02:20:57 UTC