W3C home > Mailing lists > Public > public-credentials@w3.org > June 2015

Re: Thoughts on Communication and Framing (was: Re: Privacy enhancing/protecting credentials)

From: Nate Otto <nate@ottonomy.net>
Date: Fri, 05 Jun 2015 06:34:54 +0000
Message-ID: <CAPk0ugkKgQQMf9g+_UCv+jp+Wcfn7nn4WFd34mVJG+NvgK56AQ@mail.gmail.com>
To: Timothy Holborn <timothy.holborn@gmail.com>, Credentials Community Group <public-credentials@w3.org>
Cc: Manu Sporny <msporny@digitalbazaar.com>
Timothy and Manu, thanks for writing these messages. I'm looking forward to
being able to enjoy some bite sized pieces.

Nate Otto, Developer

On Thu, Jun 4, 2015, 9:59 PM Timothy Holborn <timothy.holborn@gmail.com>

> I think privacy credentials are a great use-case; being mindful that
> perhaps other terms not traditionally covered by privacy principles -
> likely apply to elements of the derivative use-cases for credentials.
> I recently reviewed the somewhat outdated 'identity credentials' spec:
> http://opencreds.org/specs/source/identity-credentials/ and felt that
> we've got a broader communications support problem, which is likely not
> helping our case.
> We're all time-poor; yet for the uninvolved to read a 'draft report' dated
> '26th may 2015' for 'identity credentials' that poorly conformed to the
> more recent outline: https://www.w3.org/community/credentials/
> Well, i'm sure it's confusing for some who may be interested, but want to
> understand what exactly we're doing...   This is an enormous job, and my
> comments should not be interpreted in anyway as a poor reflection upon
> those who are dedicated to its development to date.
> As noted previously; I've started drafting a framing paper in an attempt
> to structure the core-concepts that can be referenced and simplified to
> better understand how to author related formal documentation, or perhaps
> rather, how to get my head around how to best contribute to it:
> https://docs.google.com/document/d/1pRtTu9EssjhyyK3qkQymZepIUkqCwvMo6imnr4fqsrg/edit?usp=sharing
> Whilst some of these considerations may be deemed 'too broad', i still
> consider that the project seeks to provide an option in the marketplace,
> that will have some particular qualities not shared with market-based
> alternatives.
> It also sounds like the use-case documentation needs more work; and that
> this work, should support improved documentation for the use-cases that
> specifically support payments; and in relation to the broader field. So,
> in-turn I've been thinking about the methodology.
> is the design process effectively structured as to support the needs of
> the standards project and was the issues of use-cases not being documented
> possibly due to a process related issue.
> to test this hypothesis; i'm putting forward some ideas around a perceived
> modelling issue that rather than simply documenting in an iterative
> fashion, credentials use-cases; may inturn look more introspectively as the
> essence of the undertaking, form a method to express that effectively; and
> in-turn describe, using user-cases, etc.
> Inherently; perhaps the idea of completing an exhaustive list of use-cases
> would be a mission that we'd fail by design simply due to the flexibility
> of the design and how linked-data may be used to support enumerator
> use-cases; and that in an attempt to deal with this problem, we may be led
> to describing business applications of a standard; rather than useful
> documentation surrounding the standard itself, as part of our cooperative
> collaboration and work, towards the W3C Community (and related) work
> specifically.
> So, when thinking about it; i tried to find other precedents.
> *(Perhaps i'm misguided, but the thinking also considers that the W3C
> process is about defining the open-standards technology itself and that the
> role of W3C is particular, inter-operating with other 'standards' bodies
> where undertakings fall outside of W3C workflow, et.al <http://et.al>. )*
> So, how could HTML or Linked-Data be described from a 'top level' point of
> view?  Perhaps the iterative example would be to describe describe the
> use-cases of;
> - HTML to declare it is a method to author documents.
> - Linked-Data; a method to create documents that are machine and human
> readable.
> Implicit to Linked Data or RDF; are an array of qualities,
> For Example: Documents authored using Linked-Data enable the document to
> become an entry of any 'web-scale database (graphDB)' that has been
> authored to query the web for accessible documents; of which the authored
> linked-data document inter-operable through available permissions and
> shared linked-data definitions - regardless of where the document is stored
> on a WWW accessible machine/s.
> *(not suggesting these examples above are perfect, more illustrative about
> the form-factor of documentation process, surrounding communication
> strategies for project definitions, et.al <http://et.al>.) *
> RE: Inter-operable dependencies between Credentials / WebPayments (if/when
> seeking the best possible outcome...)
> Does the the "best possible outcome" mandate (or mandate as an option...)
> Credentials for Payments in relation to the delivery of a solution for
> KYC/AML & Payments?
> These use-cases obviously set a particular level of security for the
> output; as to ensure the outcome is compliant with relevant fiduciary
> responsibilities, incumbent upon proposed users of the work; save failure
> of the apparatus.
> In other similarly areas: I wanted to acknowledge the Good Questions that
> were posed,
> - Can we use it for health, what are the use-cases.
> - We have demand in academia.
> Yet; in the developed documentation since Credentials workflow was split
> out of WebPayments; Why have we missed the Payments Use-cases?
> In-Turn more / new use-cases such as the use of credentials for privacy
> emerge.  Really very important; but perhaps, we're in-turn working on
> solving business problems that relate to the USE of proposed standards
> technologies; rather than communicating effectively what the proposed
> standards technology actually is; and what particular function is uniquely
> carries out.
> In some ways, it feels a bit like trying to describe the possible
> use-cases for HTML or a Web-Browser; I think the first web-browser
> supported read/write, a function later dropped - as memory serves.  Herein;
> if we go about it without an optimized pathway; we might end-up loosing a
> critical function and/or end-up with a result that is encumbered by
> unintended consequences.
> *SO THEREFORE: *what's the best, most extensible method to describe the
> project; and what it is attempting to achieve, How and Why...?
>  (intended for Illustrative purposes only) **By: Timothy Holborn :)*
> W3 Credentials CG seek to deliver a means in which a secured container of
> information can be provided to a recipient; by providing a method in which
> a relation containing private and/or sensitive information may be digitally
> 'minted'[1] in a format that is compatible with HTTP for the purpose of
> providing digitally verifiable representation of a declared relation by an
> agent[2] (sameas:user-agent[3]?) to other agents in a manner that supports
> linked-data as a means to describe fiduciary[4] terms[5] minted into the
> credential used by the agents.  This proposed open, verifiable credential
> format supports both machine and human read/write interoperability, in a
> manner that that is designed to support issuance, consumption and use by
> any agent; with the minimum viable energy consumption profile; delivered as
> an open-standard in a manner that is fit-for-purpose for Banking and other
> sensitivity use-cases that incorporate sensitivity around a complex group
> of predicates that are cumulatively required in relation to the life-cycle
> from creation to disposal; Open 'Credentialing' technology format.
> IMHO; the remarkable benefit that may be achieved should we be successful
> with the credentials project; is not something that is simply defined in an
> isolated transactional use-case, but rather, exhibited in relation to the
> complex set of transaction related instances that represent an life-cycle
> embodiment of a particular event. In this way, it is similar to the
> challenge faced when first describing what HTML and WebBrowsers are useful
> for; as each of the particular functions probably had some way of being
> serviced with existing technology; but cumulatively, and particularly
> mindfully of a non-iterative but rather illustrative approach - highlighted
> the benefits of a common-format - why WWW - was a good idea, something
> worth spending time on investigating further (the rest is history...)...
> So to explore this concept; here are some iterative attempt to describe
> the perceived future complexity of use-cases; which therein, embody
> sufficient illustrative elements to improve communicative support for why
> the standards project is worthy of support (based upon my declared and/or
> implicit assumptions, et.al)
> Alice wants to share some of her private photos with bob.  Alice creates a
> document using linked-data that describes the permissions, copyright
> information, creative commons and commercial usage agreements for her
> photos which Alice then collects together and produces a credential that
> she sends bob so that he can access them.
> In this use-case; Alice may store her photos privately on her own
> web-hosting account.  Bob may have a webpage he build that connects to his
> own server; or, his web-browser might have functionality built-into it,
> that supports navigation; perhaps, commercial photo editing software can
> inter-operate with the credential and access the photos directly.
> *EXTENDED SUPPORT: Sub-Use Case - EG: Credentialing s**upport for Agent:
> Sharing, collaborating & implicit economic declarations.*
> The Permissions provided by Alice to Bob allowed him to make modifications
> to the photos, so long as they were sent back to Alice as derivatives. Bob
> reviews the photos and believes he can alter / edit the images to 'fix
> them'.  Bob edits the photos, and in his photo editing software; saves the
> photo.  When Bob saves the derivative of the photo, bob generates a new
> credential that looks for the information in the original credential; then
> appends additional information to describe that he has edited it noting the
> original resource; Alice receives a notification that accepts the new
> photos, and now Alice has both her original photos and some edited photos,
> that incorporate the information about the contributions of both Alice and
> Bob.
> *NOTES: *
> This example illustrates the concept that both Alice and Bob have one of
> more credential issuing services that they use to validate the way in which
> they're sharing, and collaborating.   These types of use-cases could be
> extended to include examples where the sales-price of the photos were set
> by Alice to a particular amount (or therein, have a floor-price, or relate
> to a pricing table that's accessible in RDF/linked-data, etc.).  Alice may
> in-turn have shared those photos with bob, simply because she wanted to
> share the photos with her friend; perhaps after that, bob 'fixed them up'
> because he wanted to; and if Alice was happy with them, perhaps she in-turn
> offers the new versions / derivatives and shares some of the sales price
> with bob (should someone purchase them).
> Alice could always work with other people to create derivatives; and if
> they used the original work, the use of the photos may not in-turn
> incorporate a revenue to bob but rather whoever the new contributor is;
> which in-turn may relate to variations in the terms of which the original
> assets were shared by Alice, as defined in the credential record.
> In a related embodiment;  Alice may want to make the photos available to
> anyone on the web to use subject to commercial terms, that she seeks where
> the photos are used for commercial purposes.  She's happy for them to be
> used for education purposes, or by people who love her photos but aren't
> making alot of cash out of them; yet even if someone takes it to get it
> printed for their wall at home, she things that much like the operator of
> the printing business - she should get some sort of recognition for her
> work if its valued by others; whether that simply be cases where she cares
> only about attribution (that that of others who have helped her); or
> sharing in the revenue created, that in-turn could be used so that Alice
> can purchase new camera equipment.
> Herein; the formulate approach of Credentials not-only allows the capacity
> to furnish 'fiduciary terms', but also the capacity to relate to other
> 'credentialing' related services such as a bank-account.  This in-turn may
> be used in an environment where an automated printing machine can accept
> payment to printing a related product; and that as part of the function of
> that machine, a fee, where it is applicable, may be provided digitally to
> Alice and any other contributors of that work in real-time, at point of
> sale.
> *Support for IoT and Corporate Use Embedded within Use-Case*
> In the Above use-case, the Printer may have a credential that enables them
> to associate the service of printing with the life-cycle information of the
> photo and its use.  Additionally, should the printer have some form of
> 'print vending machines' these machines may have credentials that relate to
> the operator of the machine; which in-turn may support automation of
> banking and copyright related transaction information and fulfillment of
> defined 'fiduciary terms' by supply chain related agents.
> *Buying a Motor Vehicle*
> Joe wants to purchase a new vehicle.  He finds a dealer who is offering a
> vehicle he likes and speaks to their sales agent Frank.  Joe asks the Frank
> to Take the Vehicle for a Test-Drive.
> Frank and Joe start to entertain the idea of Joe purchasing this vehicle.
> Frank would like to know whether Joe has the capacity to purchase the
> vehicle or whether, Joe's simply interested in going for a test-drive with
> no-capacity to make a transaction. Frank has a family and it's important he
> spends his time on sales opportunities. Frank does not have alot of time to
> waste on 'tyre kickers'.
> Joe uses his phone to scale the 2D Barcode on the car; then adds Frank as
> a contact. Joe has a look at the information about the car on his phone
> that his obtained by scanning the 2d barcode. He is concerned about the
> service history and the price in relation to other similar cars given his
> view of the car in the lot, and the information about it, that his reading
> on his phone.
> Frank suggests they share some more details and if the information
> provided stacks up, then joe should borrow the car and if he likes it,
> they'll negotiate on the price if he is still interested.
> Joe presses a button on his phone, and Frank gets a 'green light'
> indicator that shows that joe has a license and has the financial capacity
> to purchase the car.
> -- > Whilst it is non of franks business; Joe has a linked-credential that
> denotes the intention of his parents to purchase a vehicle for him to a
> particular value, which in-turn contributed towards getting the 'green
> light' he needed, before going to find a car he likes.
> Frank is happy to provide Joe access to the car, to take for a
> test-drive.  Frank and Joe issues credentials for the purpose of the
> test-drive, that support insuring the Joe in case he has an accident;
> whilst also supporting Frank, in case Joe doesn't come back with the car.
> Joe takes the car for a test-drive and notices that there are some
> mechanical issues with the car.  He enters the information in his record
> that relates to the vehicle, and the application on his phone provides an
> estimation of the cost to fix the problem in addition to any information
> about whether by law, Frank needs to fix that problem before he sells it to
> Joe.
> Joe Returns. Frank and Joe talk about the price, which results in Frank
> finishing the sales-opportunity by issuing Joe an Offer that is attached to
> the record stored in relation to his phone application.  Joe informs frank
> he'll be back, frank limits the offer to a few days hoping to close a deal
> before the time his commissions need to be finalized for the month; Joe
> goes to have a look at other vehicles.
> The Minister for ICT has a discussion at a BBQ with some friends who work
> in the education field; about why he does not have a qualification within
> fields of IT and Telecommunications, being that he is the minister.  The
> Minister retorts that the education minister has no academic proof he knows
> how to use the ICT either; which in-turn, may be interpreted as a
> limitation to his capacity to carry out his role.
> The minister asks staff to investigate how he might be able to obtain
> professional or academic recognition for the skills have led to the social
> endorsement of the minister, in becoming the minister, being deemed most
> suitable for carrying out the role on behalf of the people.
> NANODEGREES[6]: Nano-degrees are emerging in the marketplace as a means to
> provide 'qualification' for particular skills that may be constituents of
> broader formal qualifications. Whereas it may be argued that traditional
> formats of Tertiary Education were to some degree uniquely designed; which
> in-turn limited the capacity for applying 'recognition of prior learning'
> or RPL due to the specific design of the course; Nano-Degree enable the
> development of new formula that may better address transparency with regard
> to skills, professional development, the role of academia and academic
> qualification.
> EG: Social Media
> Staffers collate an array of materials they feel substantiate the skill
> set of the minister and provide that to an academic institution seeking '.
> The academic institution asks for additional information that supports some
> evidence that the minister knows how to use 'social-media'; staffers
> in-turn send a link to the minister asking that the minister click on the
> link, which in-turn queries the ministers social-network graph to identify
> whether the minister has carried out sufficient use of the technology to
> justify accreditation within the field.
> The above fictional outline; may be facilitated in an environment where
> industry scale disruption is occurring between traditional training and
> academic institutions; and emerging market-entrants. Linked-Data can not
> only be used to identify information relating to the assessment of an
> individuals skill-set; but also, inter-institutional assessment orientated
> delineation.
> through the use of 'sameAs[7]' references in notation; a particular skill
> that has been assessed by a non-traditional institution; may be related to
> that of a traditional institution, or a multitude of institutions
> definition of the skills inherent within the definition of the skill.
> If the skill is whether someone understands how to author a web-page using
> HTML/CSS; this skill can be assessed in enumerate ways; as such,
> institutions themselves may find value/merit, in using credentials to
> capture a definition at a point of time (which is in-turn protected should
> that definition change at a later date); and in-turn associate a 'sameAs'
> reference, in relation to the tuition process embodied by that unit, within
> their broader academic service of providing any particular form of
> qualification.
> Whilst it is impossible to enumerate potential variations and/or
> embodiment; Credentials CG proposes an open-standards based enabling
> technology that aims to supports the capacity for agents (in their various
> embodiment and explicit relations) to make relations, associations in a
> manner that can be verified.
> We envisage OpenCreds to provide an important and contributory innovation
> for the purpose of furnishing HTTP agents with the capacity to declare
> fiduciary terms and relations, for use by other agents; in an extensible
> and decentralised manner.
> This iterative design process has been undertaken in a manner that seeks
> to shield agents on a universal basis; from patent related encumbrances
> otherwise necessitating an agent to furnish and maintain relation to a
> particular agent with a license fee, that may be varied over time; as a
> prerequisite put upon agents seeking to be furnished with apparatus
> enabling the capacity to make declaration in a format that is machine and
> human readable; to flexibly, safely and securely communicate and purport
> particular ''fudicary terms' to other agents; as required by society in
> relation to the agent.
> This is a relatively quickly authored draft that attempts to deal with
> some of the underlying issues surrounding the status of development for
> credentials; and how the work is, from my individual perspective alone,
> being carried out, incumbent upon an array of premise relating to the
> undertaking itself.
> I hope this elements of this draft note are deemed useful.
> Cheers,
> Timothy Holborn.
> [1] http://en.wikipedia.org/wiki/United_States_Mint
> [2] http://xmlns.com/foaf/spec/#term_Agent
> [3] http://en.wikipedia.org/wiki/User_agent
> [4] http://en.wikipedia.org/wiki/Fiduciary
> [5] http://en.wikipedia.org/wiki/Term_(logic)
> [6] https://www.udacity.com/nanodegree
> [7] http://www.w3.org/TR/owl-ref/#sameAs-def
> On 4 June 2015 at 23:28, Manu Sporny <msporny@digitalbazaar.com> wrote:
>> One set of use cases that keep coming up are privacy enhancing
>> credentials. Specifically, can the ID that's associated with a
>> credential be used to track an individual between colluding sites (the
>> answer is clearly, yes). So, we've engaged the Cryptography Forum
>> Research Group[1] in an attempt to discover the most cutting edge ways
>> of establishing trustworthy credentials that are also privacy protecting:
>> http://www.ietf.org/mail-archive/web/cfrg/current/msg06864.html
>> We've also launched a research initiative at Digital Bazaar to look into
>> this space in more detail. We have a number of workable solutions that
>> we're looking at right now. They primarily revolve around creating a way
>> to automatically re-issue a short-lived bearer credential that is not
>> associated with an ID. Here's how the most promising solution we've come
>> up with could work:
>> Definitions
>> -----------
>> 'bearer credential' - a short-lived one-time use credential (5 minutes)
>> that is not associated with an identity that "proves" that the holder of
>> the credential has been verified by the issuer as having a valid
>> credential.
>> Credential Flow
>> ---------------
>> 1. An issuer issues a long-lived credential to a recipient. The
>>    credential has information in it on how to acquire a
>>    short-lived 'bearer credential'.
>> 2. When a consumer asks the recipient for a credential, the recipient's
>>    software notices that the credential could be provided in an
>>    'anonymous' fashion using a 'bearer credential'. The recipient is
>>    asked if they'd like to protect their privacy by using the
>>    'bearer credential'.
>> 3. The bearer credential is transmitted to the consumer, which verifies
>>    that the digital signature from the issuer is valid.
>> The issuer always has the option to reject bearer credentials if
>> pseudo-anonymity isn't desired on their end.
>> This mechanism could be built into a browser's "Incognito mode" such
>> that only bearer credentials can be used in "incognito mode".
>> This is just a heads-up that we're looking into it and have a few
>> solutions that we think may be workable.
>> -- manu
>> [1] https://irtf.org/cfrg
>> --
>> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
>> Founder/CEO - Digital Bazaar, Inc.
>> blog: Web Payments: The Architect, the Sage, and the Moral Voice
>> https://manu.sporny.org/2015/payments-collaboration/
Received on Friday, 5 June 2015 06:35:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:17:46 UTC