- From: David Chadwick <D.W.Chadwick@kent.ac.uk>
- Date: Tue, 13 Jun 2017 21:14:43 +0100
- To: public-credentials@w3.org
The point I was making is that today, employees with security clearances have access to documents that should not be revealed to the press or foreign nationals, and the vast majority of employees comply. Occasionally one employee might release information to Wikileaks or similar and there is nothing that technology can do to stop this. So we could adopt the same model for VCs. Employees are given VCs and told they should not release them to inspectors outside the organisation (and the VC could contain a policy statement to this effect), but once they are home, the employee could release them if they wanted to. This is because the trust model of VCs is fundamentally different to that of federated identity management systems - see my doc on VC lifecycles for the trust model https://drive.google.com/file/d/0B2qPJBxhjfdqYmJGaE5HODFLZ3ROUFAxQ05yOG9uRTBaaDlr/view regards David On 13/06/2017 19:15, msporny@digitalbazaar.com wrote: > David Chadwick: Concept of high security credentials that should > not be released to anyone outside the org. Nothing in the > technology would stop stepping outside restrictions of employer > (kimhd: not sure I captured this statement correctly)
Received on Tuesday, 13 June 2017 20:15:17 UTC