- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Mon, 14 Mar 2016 03:37:16 +0000
- To: Steven Rowat <steven_rowat@sunshine.net>, public-credentials@w3.org
- Message-ID: <CAM1Sok0CmVEazk+7Eq_cP-zVnkVPCDmARvT4YbU4xWvKWUttJg@mail.gmail.com>
Re: Scope - can we insert 'browser independent' somewhere? or is that impractical? On Mon, 14 Mar 2016 at 12:06 Timothy Holborn <timothy.holborn@gmail.com> wrote: > An important part of this requirement also relates to URI's and means in > which to ensure accounts may be portable. > > therein, some sort of 'update' mechanic. > > > On Mon, 14 Mar 2016 at 10:20 Steven Rowat <steven_rowat@sunshine.net> > wrote: > >> On 3/13/16 3:44 PM, Dave Longley wrote: >> > On 03/12/2016 06:27 PM, Steven Rowat wrote: >> >> RE: "Identity fragility" >> >> >> >> I flagged this a few days ago and got no comments, but on re-reading >> the >> >> Charter draft it still stands out for me, and this time I have a >> >> suggested improvement. >> >> >> >> Currently, the Problem Statement includes: >> >> >> >> "In existing attribute exchange architectures (like SAML, OpenID >> >> Connect, Login with SuperProviderX, etc.), users, and their verifiable >> >> claims, do not independently exist from service providers. This means >> >> users can't easily change their service provider without losing their >> >> digital identity. This leads to vendor lock-in, identity fragility, >> >> reduced competition in the marketplace, and reduced privacy for all >> >> stakeholders. " >> >> >> >> As this stands, the main direct problem for the credential holder -- >> >> besides privacy -- is 'identity fragility'. I'd suggest that: >> >> a) that's vague >> >> b) there are other things happening: IMO the vendor lock-in leads to >> >> identity duplication, confusion, loss, and inaccuracy. >> >> >> >> Perhaps all those things together could be characterised as >> 'fragility', >> >> but since the vendor lock-in issue is a major reason why verifiable >> >> claims are needed, IMO it's best to spell it out. I suggest the last >> >> sentence be amended to: >> >> >> >> "This leads to: vendor lock-in, identity fragility (duplication, >> >> confusion, loss, and inaccuracy), reduced competition in the >> >> marketplace, and reduced privacy for all stakeholders." >> >> >> >> And of course we could also fight about (I mean discuss) which of those >> >> four descriptors are accurate, and/or add others. >> > >> > "Undue/undesirable fragmentation" is another. >> >> Yes, but now on reconsidering the whole paragraph, I think there's >> another problem (and possible improvement) in the previous sentence, >> where it states "without losing their digital identity". Because if we >> agree that 'identity fragility' contains several things (like >> fragmentation, duplication, confusion, inaccuracy, loss), then >> 'losing' their identity isn't always the most accurate way to view >> what's happening. What's happening sometimes is that the identity gets >> vague and hard to use or verify; not 'lost'. As you say, it fragments. >> >> So maybe adding 'fragmenting' to that previous sentence would work >> (and removing 'loss' from the next one, because it's already used): >> something like as follows : >> >> "In existing attribute exchange architectures (like SAML, OpenID >> Connect, Login with SuperProviderX, etc.), users, and their verifiable >> claims, do not independently exist from service providers. This means >> users can't easily change their service provider without losing or >> fragmenting their digital identity. This leads to vendor lock-in, >> identity fragility (duplication, confusion, and inaccuracy), reduced >> competition in the marketplace, and reduced privacy for all >> stakeholders. " >> >> Steven Rowat >> >>
Received on Monday, 14 March 2016 03:37:55 UTC