- From: Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl>
- Date: Wed, 16 Dec 2020 08:48:37 +0000
- To: Adrian Gropper <agropper@healthurl.com>
- CC: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Thanks, Adrian, for your example. Let me summarize to see if I get the details: You have been appointed a guardianship (over some other person - the dependent) by the state, that issued a credential to certify that relationship. The credential contains data that identifies you, data that identifies the dependent. It may also contain the (financial) rights/duties that go with this relationship, but such rights/duties may also be implicit (e.g. the law specifies them). We have an SP that knows the dependent, and has some bad experiences with him/her. -- now comes the part on which I like to focus: -- Then, the SP receives a request to provide some service, and it needs to know for/to whom to provide the service. In normal circumstances, a service would be provided for/to the requester, causing the SP to authenticate the requester so that it can find the requester's account, ,and be done with it. In guardianship circumstances, the requester can present a guardianship credential that allows the SP to authenticate you (and find your account) AND establish that you act as the guardian in a guardianship relationship (with some dependent). I guess the issue I try to identify (before making attempts to solve it) is what the SP would need to be in the guardianship credential that would allow it to find the account of the dependent if that were to exist. The problem here is that the issuer of the guardianship credential may put data in the credential to identify the dependent that makes sense to the issuer, but it may not necessarily make sense to arbitrary SPs. Does that make sense? Rieks From: Adrian Gropper <agropper@healthurl.com> Sent: dinsdag 15 december 2020 17:27 To: Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl> Cc: W3C Credentials CG (Public List) <public-credentials@w3.org> Subject: Re: looking for a specific use-case Legal guardian accessing financial info at Schwab (as SP) On Tue, Dec 15, 2020 at 11:16 AM Joosten, H.J.M. (Rieks) <mailto:rieks.joosten@tno.nl> wrote: I'm looking for a use-case, which I think requires: • that is realistic; Common and I have first-hand experience as the guardian • that involves (at least) two people, as e.g. in a marriage, a guardianship or otherwise, and some service provider (SP); State-certified guardianship • where SP has no earlier knowledge of any of these two people (he doesn't know who these people are); The SP has a prior relationship with a money manager service but a tenuous relationship with the subject and no relationship with the (new) guardian. • where SP can obtain credentials from only one of these persons (the other is somehow incapable of presenting credentials); The guardian can provide a notarized document if necessary. • where SP is requested to make a decision (e.g. to provide a service); Access credentials to the guardian • where SP needs to authenticate *both* persons in order to make that decision. This is unclear. It sounds like you're looking for a new SP account like KYC but that does not involve a second party. If there is a prior account relationship with the SP then there is implicitly a link back to the account data subject. Adrian Any suggestions? Rieks This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages.
Received on Wednesday, 16 December 2020 08:48:53 UTC