W3C home > Mailing lists > Public > public-credentials@w3.org > December 2020

Re: looking for a specific use-case

From: Steve Capell <steve.capell@gmail.com>
Date: Wed, 16 Dec 2020 06:27:27 +1100
Message-Id: <ED7B0CE3-F49E-4346-823B-AC758B21C42C@gmail.com>
Cc: "Joosten, H.J.M. (Rieks)" <rieks.joosten@tno.nl>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
To: Alan Karp <alanhkarp@gmail.com>
A visa application for a travelling family that includes a toddler but where the visa rules say each person must have an individual application 

This is a common scenario for many Australian visa types.  Some authorised delegate (eg Mum) has to do the application for the toddler but still present the toddlers credentials 

Any use? 

Steven Capell
Mob: 0410 437854

> On 16 Dec 2020, at 4:08 am, Alan Karp <alanhkarp@gmail.com> wrote:
> 
> 
> oosten, H.J.M. (Rieks) <rieks.joosten@tno.nl> wrote:
>> I'm looking for a use-case, which I think requires:
>> 
>> that is realistic;
>> that involves (at least) two people, as e.g. in a marriage, a guardianship or otherwise, and some service provider (SP);
>> where SP has no earlier knowledge of any of these two people (he doesn't know who these people are);
>> where SP can obtain credentials from only one of these persons (the other is somehow incapable of presenting credentials);
>> where SP is requested to make a decision (e.g. to provide a service);
>> where SP needs to authenticate *both* persons in order to make that decision.
> That's a good set of requirements, except the last.  Authenticating the two identities, which I assume is what you meant, is less important for the SP than knowing what permissions they have.  Using authentication of identity, role, or attributes to make an access decision often leads to a confused deputy vulnerability.
> 
> --------------
> Alan Karp

Received on Tuesday, 15 December 2020 19:27:43 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 15 December 2020 19:27:44 UTC