- From: Kim Hamilton Duffy <kim@learningmachine.com>
- Date: Fri, 11 Aug 2017 02:54:48 +0000
- To: David Chadwick <D.W.Chadwick@kent.ac.uk>, public-credentials@w3.org
- Message-ID: <CAB=TY85tQpduuAVBznY13=Bb9v_5TSyaSVSN7s-D4Ge8MGc6mQ@mail.gmail.com>
Hi David, The final proposed paragraph is on the very last page of the google doc. I looked at your comment and I'm not sure where it would fit into the current draft, which is significantly shortened. We're not listing types of credentials/claims (as in the context where your comment appeared). Please have a look and add your comment if you think the current draft needs to call out group membership. Some questions: 1. Bearer credentials: what are some positive disadvantages? It's possible we picked a bad phrase here. Our intent was to emphasize that the approaches enable recipient consent/empowerment 2. About longevity: I agree it's extremely challenging. The goal here is to emphasize that the approaches we are considering get us closer to that goal (e.g. blockchain), but brushes over many details and caveats. To expand on that, we wanted the mission statement to be brief, and sometimes we erred on the side of being more aspirational than exact. We could probably avoid this tradeoff with more iterations, but I think many are wanting to wrap this up and switch to (at least) a better mission statement than what we currently have. For that reason, I'd be fine dropping my request to work in "longevity" because that could be also viewed as a factor in enabling recipient-centric credentials (at least in some scenarios...I encounter this in EDU very frequently). Thanks, Kim On Wed, Aug 9, 2017 at 3:06 AM David Chadwick <D.W.Chadwick@kent.ac.uk> wrote: > Hi Chris > > It all depends upon what you call long lived. PKI certificates can last > 20 years or so, and these already exist on the web, so I would not say > that it is particularly unique to VCs to have long lived credentials. > > However, proving that a credential is still valid after the issuer no > longer exists is clearly a challenge. Even more so, if the issuer went > out of business suddenly and did not make any provisions for VC > validation after its demise. > > Finally on the topic of bearer credentials, I would not shout so loudly > about them, as I think they have positive disadvantages and should not > be championed in our work. > > regards > > David > > On 08/08/2017 18:54, Christopher Allen wrote: > > By the end of the call today we had a good discussion and an improved > > proposal for mission statement: > > > > > https://docs.google.com/document/d/1kxm6yGnGAVgNTLMYft_cz2zW3c1AE8uSCy4i5A6OhG8/edit?usp=sharing > > > > “The mission of the Credentials Community Group is to explore the > > creation, storage, presentation, and verification of credentials. We > > focus on a verifiable credential (a set of claims) created by an > > issuer about a subject—a person, group, or thing—and seek solutions > > inclusive of approaches such as: self-sovereign identity; > > presentation of proofs by the bearer; data minimization; and > > centralized, federated, and decentralized registry and identity > > systems. Our tasks include drafting and incubating Internet > > specifications for further standardization and prototyping and > > testing reference implementations.” > > > > > > The remaining issue was that I was hoping to incorporate a phrase about > > another unique thing about our architecture — the ability to present > > claims that are long-lived. For instance, I should be able to present a > > valid claim that I was legally married 25 years ago, even if the issuer > > has rotated or revoked their keys since. This is possible with proof of > > existence and dated key rotation/revocation registries. It should be > > possible for me to prove that I graduated from college, even if colleges > > have changed names, merged, etc., name systems and degree changes, for > > as long as the claim was not fraudulent. > > > > That, and the bearer instrument side of our work, offers something > > unique and compelling about our architecture, and also ties us into the > > newer possibilities offered by blockchain systems. > > > > If you would like to discuss this, or other issues with the mission > > statement, please reply to this email. If you have ideas on how to > > specific change that in the above mission statement, submit the change > > as a suggestion to the google doc above. > > > > Thanks! > > > > — Christopher Allen > > -- Kim Hamilton Duffy Principal Engineer | Learning Machine + MIT Media Lab Co-chair W3C Credentials Community Group 400 Main Street Building E19-732, Cambridge, MA 02139 12001 N. Central Expy, Suite 1025, Dallas, TX 75243 kim@learningmachine.com | kimhd@mit.edu 425-652-0150 | LearningMachine.com
Received on Friday, 11 August 2017 02:55:21 UTC