- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Sun, 13 Mar 2016 18:44:26 -0400
- To: public-credentials@w3.org
On 03/12/2016 06:27 PM, Steven Rowat wrote: > RE: "Identity fragility" > > I flagged this a few days ago and got no comments, but on re-reading the > Charter draft it still stands out for me, and this time I have a > suggested improvement. > > Currently, the Problem Statement includes: > > "In existing attribute exchange architectures (like SAML, OpenID > Connect, Login with SuperProviderX, etc.), users, and their verifiable > claims, do not independently exist from service providers. This means > users can't easily change their service provider without losing their > digital identity. This leads to vendor lock-in, identity fragility, > reduced competition in the marketplace, and reduced privacy for all > stakeholders. " > > As this stands, the main direct problem for the credential holder -- > besides privacy -- is 'identity fragility'. I'd suggest that: > a) that's vague > b) there are other things happening: IMO the vendor lock-in leads to > identity duplication, confusion, loss, and inaccuracy. > > Perhaps all those things together could be characterised as 'fragility', > but since the vendor lock-in issue is a major reason why verifiable > claims are needed, IMO it's best to spell it out. I suggest the last > sentence be amended to: > > "This leads to: vendor lock-in, identity fragility (duplication, > confusion, loss, and inaccuracy), reduced competition in the > marketplace, and reduced privacy for all stakeholders." > > And of course we could also fight about (I mean discuss) which of those > four descriptors are accurate, and/or add others. "Undue/undesirable fragmentation" is another. -- Dave Longley CTO Digital Bazaar, Inc.
Received on Sunday, 13 March 2016 22:44:55 UTC