Re: Comments on draft charter [Was: Agenda: Verifiable Claims Teleconference - Tuesday, March 8th 2016]

An important part of this requirement also relates to URI's and means in
which to ensure accounts may be portable.

therein, some sort of 'update' mechanic.


On Mon, 14 Mar 2016 at 10:20 Steven Rowat <steven_rowat@sunshine.net> wrote:

> On 3/13/16 3:44 PM, Dave Longley wrote:
> > On 03/12/2016 06:27 PM, Steven Rowat wrote:
> >> RE: "Identity fragility"
> >>
> >> I flagged this a few days ago and got no comments, but on re-reading the
> >> Charter draft it still stands out for me, and this time I have a
> >> suggested improvement.
> >>
> >> Currently, the Problem Statement includes:
> >>
> >> "In existing attribute exchange architectures (like SAML, OpenID
> >> Connect, Login with SuperProviderX, etc.), users, and their verifiable
> >> claims, do not independently exist from service providers. This means
> >> users can't easily change their service provider without losing their
> >> digital identity. This leads to vendor lock-in, identity fragility,
> >> reduced competition in the marketplace, and reduced privacy for all
> >> stakeholders. "
> >>
> >> As this stands, the main direct problem for the credential holder --
> >> besides privacy -- is 'identity fragility'. I'd suggest that:
> >> a) that's vague
> >> b) there are other things happening: IMO the vendor lock-in leads to
> >> identity duplication, confusion, loss, and inaccuracy.
> >>
> >> Perhaps all those things together could be characterised as 'fragility',
> >> but since the vendor lock-in issue is a major reason why verifiable
> >> claims are needed, IMO it's best to spell it out. I suggest the last
> >> sentence be amended to:
> >>
> >> "This leads to: vendor lock-in, identity fragility (duplication,
> >> confusion, loss, and inaccuracy), reduced competition in the
> >> marketplace, and reduced privacy for all stakeholders."
> >>
> >> And of course we could also fight about (I mean discuss) which of those
> >> four descriptors are accurate, and/or add others.
> >
> > "Undue/undesirable fragmentation" is another.
>
> Yes, but now on reconsidering the whole paragraph, I think there's
> another problem (and possible improvement) in the previous sentence,
> where it states "without losing their digital identity". Because if we
> agree that 'identity fragility' contains several things (like
> fragmentation, duplication, confusion, inaccuracy, loss), then
> 'losing' their identity isn't always the most accurate way to view
> what's happening. What's happening sometimes is that the identity gets
> vague and hard to use or verify; not 'lost'. As you say, it fragments.
>
> So maybe adding 'fragmenting' to that previous sentence would work
> (and removing 'loss' from the next one, because it's already used):
> something like as follows :
>
> "In existing attribute exchange architectures (like SAML, OpenID
> Connect, Login with SuperProviderX, etc.), users, and their verifiable
> claims, do not independently exist from service providers. This means
> users can't easily change their service provider without losing or
> fragmenting their digital identity. This leads to vendor lock-in,
> identity fragility (duplication, confusion, and inaccuracy), reduced
> competition in the marketplace, and reduced privacy for all
> stakeholders. "
>
> Steven Rowat
>
>

Received on Monday, 14 March 2016 01:06:49 UTC