Re: VOTE: Verifiable Claims Terminology from Timothy Holborn on 2016-06-12 (public-credentials@w3.org from June 2016)

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Sun, 12 Jun 2016 00:32:51 +0000
To: Dave Longley <dlongley@digitalbazaar.com>, David Chadwick <d.w.chadwick@kent.ac.uk>, public-credentials@w3.org
Message-ID: <CAM1Sok04ibLkghE9N5iypA-RJHp5kPywVKgR2gyKNqZ6chyVqg@mail.gmail.com>

On Sun, 12 Jun 2016 at 02:57 Dave Longley <dlongley@digitalbazaar.com>
wrote:

> On 06/11/2016 07:27 AM, David Chadwick wrote:
> >
> >
> > It would appear to be so from the cat example that Dave gave (that
> > unfortunately has been cut out of your reply), in which the cat has two
> > different profiles but the same ID (because it refers to the same cat).
> > I think this is the wrong design, because we have now created
> > linkability between two separate profiles (or pseudonyms) that I might
> > have sent to two different relying parties. By using a common ID for two
> > different identity profiles we produce a correlation handle for the
> > relying parties.
>
> There are multiple use cases we want to support. One of them involves
> the ability to share a common identity with multiple parties. That
> doesn't mean that you *must* do this, it just means that you can.
>
> There are also cases where you should be able to have the unlinkability
> characteristics you mention, which can be implemented in a variety of
> different ways. I believe a layered approach will work here. I will
> reiterate though that the trust characteristics, disincentives for
> fraud, and infrastructure needs can be much more complicated in the
> unlinkable use cases.
>
> All True, but ATM (prior to Web-DHT or alternatives being part of the
deliverable scope for the short-term, et.al.) the container for credentials
is more likely to be linked to a Google / Microsoft / Apple account.

Companies are likely to use 'enterprise solutions' that don't require
sharing of data to these 'groups' and whilst i'm rather set on building
more localised, sovereign solutions (for use world-wide) - i'm not exactly
sure how that's going to fall out atm.

therein; the credentials lifecycle atm - isn't solving the ID problem and
ID relates also to whether the ID is controlled and whom by.

I guess some people might deem the way it works now to be perfectly fine..
 i'm just not one of them.

Tim.H.


> --
> Dave Longley
> CTO
> Digital Bazaar, Inc.
>
>

Received on Sunday, 12 June 2016 00:33:30 UTC