- From: David Chadwick <d.w.chadwick@kent.ac.uk>
- Date: Sat, 11 Jun 2016 16:58:09 +0100
- To: public-credentials@w3.org
On 11/06/2016 12:44, Timothy Holborn wrote:
> The use-case for verifiable claims would make more sense if it were
> about one credential that said someone has a passport with the name of
> joe smith on it, and another with the name frank n. beans
>
> a verifiable claim needs to link to an identity.
I would rather say that a verifiable claim identifies an entity (as
maybe belonging to a group) but it does not necessarily identify a
single unique individual. e.g. a ginger hair credential identifies the
holder as a ginger haired person.
regards
David
we haven't figured the
> identity piece out yet, from memory, it was out of scope when
> establishing the cred's. CG.
>
> Tim.H.
>
> On Sat, 11 Jun 2016 at 21:29 David Chadwick <d.w.chadwick@kent.ac.uk
> <mailto:d.w.chadwick@kent.ac.uk>> wrote:
>
>
>
> On 11/06/2016 01:01, Steven Rowat wrote:
> > Dave,
> > Interesting reply. My responses throughout.
> >
> > On 6/10/16 12:54 PM, Dave Longley wrote:
> >> On 06/10/2016 12:57 PM, Steven Rowat wrote:
> >>> On 6/10/16 8:54 AM, Dave Longley wrote:
> >>>
> >>>> This is an "Identity Profile":
> >>>>
> >>>> {
> >>>> "id": "<id from the identifier registry>",
> >>>> "type": "Identity",
> >>>> /* ...attributes asserted in this particular profile */
> >>>> }
> >>>>
> >>>> Note that the document above is referred to as an "Identity
> Profile",
> >>>> but the "type" associated with the "id" is "Identity". You can have
> >>>> many
> >>>> "Identity Profiles" for any particular "id", but the thing the
> >>>> attributes therein are talking about is of type "Identity".
> >>>>
> >>>>
> >>>
> >>> I don't think I understand this difference yet, unless there
> also exist
> >>> instances that are not "Identity Profiles", yet also have an 'id',
> >>> and a
> >>> type: 'Identity'. Otherwise, why not just call the "type" for
> "Identity
> >>> Profile"..."Identity Profile" ?
> >>>
> >>> If this is true, can you give an example of one -- something
> that isn't
> >>> an Identity Profile, but would use the type: "Identity"?
> >>
> >> I think that's the wrong question. This is about what the identifier
> >> identifies. In my opinion, it does not identify a Profile, it
> identifies
> >> an Identity.
> >
> > Ah, that's what I'm getting at. I need an example that shows me
> how this
> > works; and having read your whole answer (below, where I comment
> more),
> > I'm still fuzzy on whether this is true.
> >
> > Let me try an example another way: if it's true...then, if I make two
> > profiles for real-life person John, both pseudonyms:
> >
> > The Alfred Identity Profile
> > The Bob Identity Profile
> >
> > then, according to what you've said, the Alfred Profile and the Bob
> > Profile will both have exactly the same id; that is, in the same
> part of
> > the code, each of the Alfred and Bob Profile will actually have the id
> > of John from the identifier registry:
> >
> > Alfred Identity Profile contains:
> >>>> "id": "<id [of John] from the identifier registry>",
> >>>> "type": "Identity",
> >
> > Bob Identity Profile contains:
> >>>> "id": "<id [of John] from the identifier registry>",
> >>>> "type": "Identity",
> >
> > Is this true?
>
> It would appear to be so from the cat example that Dave gave (that
> unfortunately has been cut out of your reply), in which the cat has two
> different profiles but the same ID (because it refers to the same cat).
> I think this is the wrong design, because we have now created
> linkability between two separate profiles (or pseudonyms) that I might
> have sent to two different relying parties. By using a common ID for two
> different identity profiles we produce a correlation handle for the
> relying parties.
>
> Your later conclusion that the IDs should be different seems to be right
> approach to me, but this conflicts with Dave's approach
>
> regards
>
> David
>
> >
> > If so, yes, I did misunderstand that. I thought the id was identifying
> > the "Alfred Identity Profile" or the "Bob Identity Profile". So they
> > could be distinguished from each other, and thus pretend to be
> separate
> > people (as far as the rest of the world knows).
> >
> > But...then, where does the id for the "Alfred Identity Profile"
> sit? An
> > id that distinguishes it as a separate thing in the universe? And
> > especially that distinguishes it from the Bob Identity Profile. Those
> > two ids must be somewhere, right?
> >
> >
> >> It always takes something else (e.g. a document) to be able to talk
> >> about an actual thing. A thing itself is the thing, it is not the
> >> description of the thing.
> >
> > Yes, I don't think that was the source of my confusion. I may be
> wrong,
> > but I think the source of the confusion -- in addition to what I
> > described above -- is the unfortunate coincidence (to the degree that
> > it's a true coincidence, which is debatable I believe) of using
> > identifiers, called "id" in the code, to identify everything including
> > this thing human beings like to call "identity". Any statement that
> > attempts to identify identity using identifiers is ripe for a
> descent in
> > to infinite loops at the least misstep. ;-)
> >
> > Maybe that's a strong argument for using 'entity' throughout
> rather than
> > 'identity', and I think I'd change my voting if I'd realized this
> > earlier. Then we could be talking about 'id' and 'identifiers' of
> > entities, not of identities. Which I, for one, would find a lot easier
> > to follow. :-)
> >
> >
> >> The statements within a profile associate information with an
> Identity,
> >> such as what it is, its "type". So the "type" does not refer to the
> >> profile document, it refers to the thing you're talking about.
> >
> > I'm having trouble here. What is the referent for the first 'it', in
> > 'what it is'? Is it 'Identity' or is it 'information'?
> >
> > What you seem to be saying is that the 'type' attribute doesn't
> refer to
> > the profile document, it refers to the 'Identity'. But the example you
> > gave literally says type: "identity". So you're saying the
> identity, the
> > thing you're talking about, has a type which is 'identity'. But
> this is
> > tautological.
> >
> > I.e., how can there possibly be an Identity that has another type? An
> > Identity that has a type...--oh, wait. Could there be an identity that
> > has a type "pseudonym"? Hmm...
> >
> >
> >> The profile document is just a collection of statements *about* the
> >> thing.
> >> It is a (typically incomplete) description of the thing.
> >
> > Right, but as above, where is the id that identifies the profile
> > document, which represents a (possibly) pseudonymous identity?
> >
> >
> >> Let's talk about "profiles" using something other than "Identity".
> >
> > Yes!!! :-)
> >
> > Or, alternatively, change the code so it uses something instead of
> > 'identifier'.
> >
> > Like 'la' = 'label', instead of 'id' = 'identifier'. That would also
> > remove the confusion with Identity as it is commonly used. This
> may seem
> > like a long way around, but maybe not. Since the core reason for
> the VC
> > to exist is to nail down 'Identity' as it is known globally and in the
> > UN, then, using a term internally in the code that refers to
> everything
> > that can possibly exist in the world, real or virtual, with a code
> term
> > using a word, 'id' = 'identifier', that can be easily confused
> with the
> > word 'identity' (and probably will be by all the naive developers and
> > users of the final system) seems to be asking for trouble.
> >
> >
> >> And that would be a different "profile" of the same cat. If you
> wanted
> >> to give these "profiles" their own identifiers, you could do that as
> >> well, but they would each get their own -- because they are different
> >> things -- and because they are different from the cat itself.
> >
> > Agreed, see above. I was expecting this.
> >
> >> Similarly, people may create "identities" for themselves. You may
> have
> >> one that you use for work, one for home life, one for your medical
> >> records, whatever.
> >
> > Yes, I was expecting this also, and, ah, now I think I finally see:
> >
> > In my example earlier of John's two pseudonyms, Alfred and Bob, I was
> > not right.
> >
> > What actually happens is that Alfred and Bob are *pre-registered* with
> > ids, before anything else can happen. Then:
> >
> > Alfred Identity Profile contains:
> >>>> "id": "<id [of Alfred] from the identifier registry>",
> >>>> "type": "Identity",
> >
> > Bob Identity Profile contains:
> >>>> "id": "<id [of Bob] from the identifier registry>",
> >>>> "type": "Identity",
> >
> > So:
> > 1. Neither contain a John id.
> > 2. And the id they do contain doesn't refer to the Profile
> document itself.
> > 3. And the Alfred Identity Profile, as a document, can have its own
> > id...somewhere. Which you've probably already told me about in your
> > reply by this time. :-)
> >
> > What fun language is. :-)
> >
> > Steven
> >
> >
> >
> >
>
Received on Saturday, 11 June 2016 15:58:37 UTC