Re: Credentials CG Telecon Minutes for 2015-08-04 from Dave Longley on 2015-08-04 (public-credentials@w3.org from August 2015)

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Tue, 04 Aug 2015 15:38:19 -0400
To: public-credentials@w3.org
Message-ID: <55C114AB.8020707@digitalbazaar.com>
On 08/04/2015 02:25 PM, Steven Rowat wrote:
> On 8/4/15 9:26 AM, msporny@digitalbazaar.com wrote:
>> Manu Sporny: http://opencreds.org/specs/source/vision/
> ...>    don't see that coming in over the next week we'll ask people
> to
>> take actions to do it.
>
> Vision statement (and Terminology) seems excellent --well written,
> clear, concise, IMO, except in Terminology:
>
> A. "Credential consumer" seems awkward. The word "consumer" has much
>  social baggage at the moment. "Credential User"? Possibly too
> general and could be confused with 'service'...
>
> I think "Credential requestor" would get around these issues. More
> specific, less baggage.

I actually think "requestor" is less specific. Someone who wants to be
issued a credential, for example, could be considered a "requestor" and 
this would be incorrect for our use. "Requestor" reminds me of when you 
send a certification request to obtain an SSL certificate.

A credential consumer, rather, is an entity that actually consumes 
(makes use of) the credential. They do need to request it from the 
recipient for that to happen, but the "consumer" terminology, at least 
to me, makes it more obvious that we're talking about a person who would 
like to see someone else's credentials.

"Credential verifier" could be another term, but that also isn't as 
specific, as these credentials can be independently verified by any 
party. We're really talking about someone who wants to see your 
credentials so they can do something useful with them. Hence, they want 
to "consume" them.

>
> B. Why does "issuer" not have "credentials" in front of it the same
> way "credential consumer [requestor]" and "credential service" do?
>
> I suggest "credential issuer" -- unless the "issuer" also issues
> things other than credentials.
>
> Either that, or remove "credential" from before the other two, and
> make them just "service" and "requestor" (or "consumer").

I think simply because the vernacular evolved organically -- and the 
term "issuer" was always specific enough on its own without the 
"credential" modifier. By contrast, "consumer" and "service", on their 
own, are not clear. So the methodology for term selection was more in 
line with "the fewest number of words required for clarity" vs. consistency.

This lack of consistency has bothered me as well, but I'm not convinced 
that consistency here is actually better than being concise.

>
> C. On first reading, the glossary definition for "Entity" puzzled me.
>  It's currently:
>
> "A thing with distinct and independent existence such as a person,
> organization, or instance of a software program."
>
> If a software program is an entity, then why isn't a book, or a
> movie? In other words, you're saying that certain collections of bits
> (digital files) can be entities, but not others?

It sounds like instead of "such as" we could say "examples include but 
are not limited to...". We didn't mean to imply that the clause 
following "such as" constituted all possible examples of entities. We 
don't say that a book or movie aren't entities, in fact, they are, just 
as you would expect. They are "things with distinct and independent 
existence".

>
> D. Related to the problem in C: by the end of reading the
> Terminology, I'd become slightly disoriented about several terms --
> how they apply to living beings as opposed to non-living beings, and
> a vague feeling that I may have entered an infinite loop in
> attempting to follow the connections between them.

Would a "but not limited to" clause when listing examples also alleviate 
this concern?

>
> Then on reading the Terminology again: apart from my concerns listed
>  above, most terms are clear to me, but perhaps something in the
> relation between 'creator', 'recipient', and 'entity' needs to be
> clarified? Is a given single person possibly all three of these at
> once?  If so, "creator" and "recipient" being the same person seems
> awkward.

A single person can be all of those things, but likely either not all at 
once in a particular context or in relation to the same thing. Both a 
"creator" and a "recipient" are always entities. A person that creates a 
particular resource and is also the recipient of it is possible, but may 
be unusual... or not.

A person may issue themselves a credential, for example. All that is is 
a self-signed set of claims about one's self. For example "My name is 
Dave Longley". I could create this credential for myself so I can share 
it with others via a standardized protocol. Others may elect to decide 
to trust statements I make about myself based on their relationship to 
me or based on what the statements imply -- but they would know that it 
was me who made them (I digitally signed them with a cryptographic key I 
possess). I don't see this scenario as awkward, yet I'm both a "creator" 
and a "recipient".

>
> Though if I create something I suppose I'm the recipient of it.

Yes.


-- 
Dave Longley
CTO
Digital Bazaar, Inc.
http://digitalbazaar.com
Received on Tuesday, 4 August 2015 19:38:43 UTC