- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Wed, 14 Oct 2015 03:52:32 +1100
- To: W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAM1Sok2puVrPEwx-iVH2_uu60Vn1QXb9iHo4f_uKDbvOZDGe8Q@mail.gmail.com>
Hi All, theory with reputation - is similar to the 'green lock' function in a web-browser. If a site is defined as a site that is for users over a certain age (ie: 18, 21, etc.) or from a certain location (ie: country) then it is reasonable that the site to ask for that information specifically. Yet, it is quite possible that some website / application providers might ask for far more information than is needed. CONCEPT 1 An ontology exists that makes it easier for developers to make a simple request for standard claims. CONCEPT 2 An ontology exists that allows end-users to understand whether the information being requested is reasonable for the type of service requesting the info. CONCEPT 3 The reputation of a credential provider may reasonably be questioned. If i issue myself a credential with claims about my name, DOB, etc. (Critical claims) it's not going to be as trusted as one issued by a known bank. therein; whitelist / blacklist functionality around 'approved credentials' likely to evolve. Yet equally, how does someone know whether they're providing their info to a real bank, rather than say - from a phishing email purporting to be a bank, from somewhere in the world 'claim your millions of dollars left to you by someone' styled approaches. CONCEPT 4 Is it possible to create Credential Packages. A credential package, in theory, might be issued by a single provider or they may inter-relate with other providers. Therein, A drivers license has a DL number, which relates to an image, age claim, address claim, etc. The issuance of a Drivers License in-turn has a form of digital provenance, upon which the license itself is issued upon the merits or inclusions of the underlying claims. (in that example). If each of these claims were contained in separate credentials, which could then be referenced by a 'packaging credential' (bad name, but i hope it makes sufficient sense), then a few things might happen. 1. If the underlying assumptions changed, the higher level credentials would need to be reissued? 2. the demo would need to show how a package of credentials could then be used 3. the theory being, that if someone wanted to solely present their proof of age as is listed on their Drivers License - they might be able to do so (because the age constituent of the drivers license becomes, in-effect, a separate signed document that inter-relates with the DL); perhaps either via a UI Checkbox (therein, the DL itself almost becomes like a wallet or container of claims issued by the road traffic authority) or, depending on who's asking, provide the entire set of claims embedded in the DL (which then includes the rest of the underlying 'child' credentials). CONCEPT 5 Specified Use (the data rights stuff from some time ago) might also in-turn relate to ontology support. Therein, when an end-user presents their credential - how might they specify for what purpose the information in that credential may be used specifically? I understand that the capacity to enforce this type of request is a very separate matter, however being able to communicate specified use is IMHO, a first step. Perhaps relating to that; is the potential capacity to have the user issue a credential that's counter-signed with the supplied credential, that in-turn declares specified use... cheers. Timothy Holborn
Received on Tuesday, 13 October 2015 16:53:39 UTC