Verifiable Claims Use Cases Review

Hi Shane, Dan,

Thank you for putting the abbreviated Verifiable Claims Use Cases
document together, it's looking good. I couldn't find any
significant/glaring errors.

This is a review of the Verifiable Claims Use Cases document that has
been paired with the Verifiable Claims Working Group Draft Charter:

http://w3c.github.io/webpayments-ig/VCTF/use-cases/

Abstract
========

> receiving digitally verifiable proof of attributes such as 
> qualifications and achievements

suggest changing to "digitally verifiable claims such as"

> The use cases in this document focus on concrete scenarios that the 
> technology defined by the group should address.

May want to change to:

"should address in part or in full".

There's a concern here that some of these use cases imply some sort of
browser API to be accomplished (which is true), but we're not trying to
do protocol in the first iteration of this WG.

Status of This Document
=======================

> This document represents a concise but limited collection of use 
> cases readers should review in conjunction with the proposed Charter
>  for a Verifiable Claims Working Group.

Again, we need some text that says we're specifically interested in the
data format and syntax portion of the use cases, not the protocol bits
(yet).

We could re-write all of those use cases to just talk about data format
and syntax, but I'm afraid that if we do so, the use cases are going to
seem very strange and meta.

Introduction
============

> The Verifiable Claims Task Force of the Web Payments Interest and

The missing "Group" at the end of "Interest" makes this sound a bit
awkward. Would rather:

The Verifiable Claims Task Force of the Web Payments Interest Group and
the Credentials Community Group at the W3C are investigating...

> This document does NOT attempt to define an architecture for the 
> support of Verifiable Claims.

We have an architecture, we should mention it at a high level either in
the use cases document or the Data Model document. Probably Use Cases is
a better place for it. Just a high level on credential issuers, holders,
repositories, and consumers/inspectors.

> by trusted parties

should this be "trusted third parties"?

How to Read This Document
=========================

The current text feels a bit overly prescriptive and patronizing. I
already know how to read, dammit! :P

I prefer a combination of this:

https://www.w3.org/TR/json-ld/#how-to-read-this-document

and this:

http://wicg.github.io/web-payments-browser-api/#how-this-document-is-organized

> basic operations that might be performed on a Verifiable Claim

Do we need to capitalize that? Probably just link to the terminology?
Although, we don't define "verifiable claim" in the terminology. We should.

Terminology
===========

Add "verifiable claim" to terminology section, make the definition
something like:

"A type of _claim_ such that the _issuer_ of the claim can be
cryptographically verified."

> A statement made by an entity about an identity.

I'd like to see if we can rip "identity" out of here and replace it w/
"subject".

> credential consumer

The more I think about this the more I think we should rename it to
something else, like "inspector" (which is preferred by some of the ISO
/ ABC4Trust.eu projects). We will, of course, need to bikeshed this in
the VCTF and CG

> credential verification

We don't use this term anywhere in the document, strike it.

> identity

Let's get rid of this term if we can, it makes people think our scope is
bigger than it is. Lots of people also project a lot of their beliefs
onto the "identity" word.

Examples
========

> typical commerce situation.

strike "commerce" as the ecosystem is broader than that.

How a Verifiable Claim Might be Created
=======================================

Change title of the section to "... Might be Issued"?

> #3 Verify identity

Let's do "verify a quality or attribute of Jane" instead. "Verify
identity" could mean a variety of things.

> steps 9 and 10

I'm not sure these steps add anything useful.

> Jane asks her User Agent to help her get a Verifiable Claim about
> her identity.

strike "identity"

> Her user agent connects her to a certificate issuer that is able to 
> verify her identity.

"certificate issuer" -> "credential issuer" or "claims issuer"

> information about her identity linked

Again, we want to distance ourselves from anything related to Identity
Proofing... maybe "information about her qualifications"

> she instructs her User Agent to save the Verifiable Claim

This makes it seem like the ecosystem depends on the UA - it doesn't, we
shouldn't make it seem like we need the browser to do anything in v1.

Again, steps #9 and #10 don't feel like they add much to the story.

3.2 How a Verifiable Claim Might be Used
========================================

> Verifiable Claims

We should link this to the terminology definition of "verifiable claim"

> (e.g., her passport, driving license, and birth certificate).

We're going to get push-back from privacy advocates that this is
over-sharing of information. Dial the credentials back to 3 proofs of
age from 3 different issuers (state government, school.

4. Use Cases
============

That Editor's note seems like it should be in red or some other color
that denotes it'll be removed eventually. Maybe this should be an issue
marker?

"Requirement" -> "Requirements" in the tables as some of the entries
have more than one.

4.1.1 Uniquitous Claim Issuance
===============================

"Uniquitous" -> "Ubiquitous"

> Asako just passed the final test to

This use case points out who the issuer and credential consumer are. I
think that's helpful. It may be repetitive to do it everywhere, but
maybe not? I'd like to try to work the mappings into the prose and see
what one of the sections looks like.

4.1.2 Credential Verifiability
==============================

Suggested change to Motivation section based on Editor's note:

> A credential that has been created by an issuer must be able to be 
> validated by an arbitrary third party (credential consumer).

Credentials are more valuable to society if almost anyone can verify
their authenticity to an extremely high degree of certainty.

> can be used to share her identity

can be used to assert her identity.

> and it is impossible to counterfeit.

"impossible" -> "effectively impossible"

4.2.1 Issuer Revokes Claim
==========================

> and are endorsing

This language is a loaded term of art in the education industry, we
should strike "endorsing" as it means different things to different people.

> an end user

client? customer? end user is bleh

> It was later discovered that BigTraining Co. was not actually 
> training anyone, and their organization's certificate was revoked via
> the US Department of Education's Accreditation Database.

This use case is technically very hard to achieve (I think?) and relies
on a CA-like system (maybe) and is not very realistic (maybe). We need a
replacement for this one, what about:

Jane took a college entrance exam at a local testing center and gets a
very high score. It is later discovered that Jane cheated on her test.
The local testing center revokes her credential and the revocation takes
effect immediately. Jane's credential is therefore invalid, and
prospective colleges will be aware of this when they check her
certifications.

4.4.1 Credential Consumer Requests Credential
=============================================

> Verifiable Claim

capitalized in some places, not in others. We should consistently
lowercase these terms (since they link to the terminology section).

> credentials to visible when

"to visible" -> "to be visible"

> MOOC

We should spell out what "MOOC" means

4.4.2 Consumer Verifies Claim
=============================

This section feels like it duplicates 4.1.2 Credential Verifiability

> The verifying entity must have the capability to connect the
> issuer’s identity to its credential identifier and the subject's
> identity to their identifier as indicated in the credential. The
> issuer’s verification information, such as its public key, must be 
> discoverable from the credential record and verifiably linked to the 
> issuer.

This is really hard to follow. Please consider simplifying it or
removing it entirely.

> well as one about Bob. iPharmacy's system automatically verifies the
>  ability of the physician to write prescriptions, as well as Bob's 
> insurance coverage.

It's not entirely clear that Bob handed over an insurance card
credential. Could we make that a bit more clear? For example:

"as well as Bob's electronic insurance card credential. iPharmacy's
system..."

4.4.3 Pseudo-Anonymity
======================

> It also must be possible for the holder to limit the duration for 
> which that information is shared.

This is an impossible requirement (as data can be copied easily). We
could say something to the effect of "if the holder provides continuous
access to the information, they must also be able to revoke that access
at their discretion."

> He further marks the disclosure as expiring in 30 days - he does not
>  want his information verifiable after that time.

This is super important, and could be argued as out of scope. We should
keep it in there, it's important to keep this particular scenario in mind.

> assist her fellow countrymen.

change to "assist her fellow citizens."

Thanks for putting this short set of use cases together Shane, awesome
job as always. I'm going to make another pass through (at some other
point in time soon) and try to make sure that all of the findings on the
VCTF page wrt. benefits to ecosystem participants are there:

http://w3c.github.io/vctf/#benefits

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Web Browser API Incubation Anti-Pattern
http://manu.sporny.org/2016/browser-api-incubation-antipattern/

Received on Wednesday, 27 April 2016 03:04:46 UTC