- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Mon, 23 May 2016 22:17:00 +0000
- To: David Chadwick <d.w.chadwick@kent.ac.uk>, public-credentials@w3.org
- Message-ID: <CAM1Sok0qaS+WmccbEvj9a+Ppx608wempM13+uY=AngVKky-oTw@mail.gmail.com>
On Mon, 23 May 2016 at 00:08 David Chadwick <d.w.chadwick@kent.ac.uk> wrote: > > > On 22/05/2016 14:56, Timothy Holborn wrote: > > > > > > On Sun, 22 May 2016 at 23:30 David Chadwick <d.w.chadwick@kent.ac.uk > > <mailto:d.w.chadwick@kent.ac.uk>> wrote: > > > > > > > > On 22/05/2016 13:26, Timothy Holborn wrote: > > > What about version control and therein; 'get latest'... > > > > I dont think this is needed when have an issuing time and expiry > time. > > You can tell from the former which is the latest credential > > > > > > If a new version is released, then the older version has expired? > > Not necessarily. It depends upon the expiry time. It is frequently the > case that I have had two credit cards from the same bank that are both > valid simultaneously, and I am asked to cut up the older one. But I can > continue to use it for a week or two if I wish. > > Expiry on a credit card was established prior to electronic transactions where those who wanted to be paid, had an obligation to check the signature and expiry date of the financial instrument that was recorded using something like: http://fearlessmen.com/wp-content/uploads/2013/09/Old-Credit-Card-Swiper.jpg In a 'web payments' or credentials model; the date-validation identifying whether the instrument can still be used is a real-time function. The main question relating to expiry IMHO would be; has the status changed and if so how. You might have a credential (v1 issued on some-date) that gave you a $5k limit. that may be upgraded if you got trapped at an airport with no money to $15k and that may happen in seconds (issuance of v2) which may have in the notation of the model, that the valid credential instrument must be the most recent one (ie: v2 not v1). in other models i think you are kinda correct - you might be able to use both. In that way, you might only need to 'qualify' the claim stated in the first place. many qualifications grow overtime and as such the 'credential' may be 'upgraded' therein supporting the notion of 'version control' as a means to express these changes in state. Yet if fraud was detected; then the credential chain would be invalid, therefore needing to be revoked and a new-one issued stating the facts of the newly found circumstance that doesn't involve any fraudulent acts or claims. Yet; one of the flaws of this model may relate to privacy. say you've got a driver who's keeps needing a breath-testing thing on the car. they've got it for a while, loose the requirement for it, then get it back again. The assumption would be that the history is not necessarily discoverable by anyone requesting the D/L document, subject to law in effect... > regards > > David > > > FWIW - their my thoughts. I think expiry happens when the thing doesn't work anymore and i also think their are two related functions that were carried out by a traditional expiry function - but may be better-off split into two aspects 1. version-control 2. optional expiry date. Tim.H. > > > > > Tim.H. > > > > > > regards > > > > David > > > > > > On Sun, 22 May 2016 at 22:01 Victoriano Giralt <victoriano@uma.es > > <mailto:victoriano@uma.es> > > > <mailto:victoriano@uma.es <mailto:victoriano@uma.es>>> wrote: > > > > > > On 21/05/16 20:44, David Chadwick wrote: > > > > You are mixing up the attribute/claim, date of birth (or > > similar) > > > which > > > > lasts forever, and the credential, which is a cryptographic > > digital > > > > representation of it. This has to have an expiry time due to > the > > > > inherent weakness of the crypto. > > > > > > You are very right, David, it is possibly me being thick > > because of the > > > cabin pressure. I should read threads twice before responding > > from a > > > plane :-) You already noted that in the thread, and you are > right, > > > signatures should be refreshed because of crypto. > > > > > > > regards > > > > > > double those ;-) > > > > > > -- > > > Victoriano Giralt CIO > > > University of > Malaga > > > +34952131415 SPAIN > > > > ================================================================== > > > Note: signature.asc is the electronic signature of present > message > > > A: Yes. > > > > Q: Are you sure ? > > > >> A: Because it reverses the logical flow of conversation. > > > >>> Q: Why is top posting annoying in email ? > > > > > >
Received on Monday, 23 May 2016 22:17:37 UTC