W3C home > Mailing lists > Public > public-credentials@w3.org > October 2014

Re: Slides: High-level intro to Credentials (W3C TPAC)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Fri, 24 Oct 2014 22:20:28 -0400
Message-ID: <544B08EC.5010200@digitalbazaar.com>
To: public-credentials@w3.org
On 10/24/2014 12:32 AM, Anders Rundgren wrote:
> Being "authorized" for a merchant may be only be an opaque token like
> in Apple Pay. I don't really see this in the current documents.

It's not documented clearly in the Identity Credentials spec, but the
intent is to support pseudo-anonymous identifiers/tokens:


Here's an example of a pseudo-anonymous credential:

  "@context": "https://w3id.org/openbadges/v1",
  "id": "http://ssa.us.gov/credentials/3f72a342bd55c2",
  "type": "ProofOfAgeCredential",
  "claim": {
    "id": "https://idp.example.org/id/f892joiuds092qhfwh98f3",
    "age": "18"
  "expires": "2018-01-01",
  "signature": {
     "type": "GraphSignature2012",
     "creator": "https://ssa.us.gov/keys/27",
     "signature": "3780eyfh3q0fhhfiq3q9f8ahsidfhf29rhaish"

The above isn't implemented yet, but if you look at the "id" associated
with the claim:


That identifier, when dereferenced, wouldn't contain much information
other than a public key associated with it (which can be used to prove
that the person transmitting the credential above is also in control of
the private key associated with the identity that the credential is
assigned to).

We're also working out a mechanism where the pseudo-anonymous identifier
would be portable via the use of a decentralized hashtable-like system
(e.g. Bitcoin blockchain, Telehash, etc.). So, instead of this:


You'd have something like this:


-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
Received on Saturday, 25 October 2014 02:20:57 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:38 UTC