W3C home > Mailing lists > Public > public-credentials@w3.org > December 2020

Re: looking for a specific use-case

From: Adrian Gropper <agropper@healthurl.com>
Date: Wed, 16 Dec 2020 07:34:46 -0500
Message-ID: <CANYRo8hCGzPddOx2YeMtQxknMg0FX=tdixwf3nEuTgnNYFS=AQ@mail.gmail.com>
To: "Joosten, H.J.M. (Rieks)" <rieks.joosten@tno.nl>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Yes, that makes perfect sense. This is the reason for de-duplicated
identities and notaries in the real world.

I wrote some of this up as the Zener Diode in

I've also heard an aspect of this described as 'sharing of liability' to
certificate authorities where the CA is paid to isolate the issuer and/or
the verifier from some liability.

Whether you call it a notary or a CA the common thing is that:
- they are bonded or certified as fiduciaries of the jurisdiction
(typically the gov, but could be private)
- they verify a de-duplicated identity for the subject
- they keep a log that can be accessed at some significant cost if needed

I worry that our SSI use cases tend to be simplistic and artificial by not
including audit, authorization, revocation, and mediating service providers
as primary concerns. As an engineer I appreciate the desire of engineers to
"layer" things and to model simple issuer, holder, verifier, registry
relationships. As a privacy engineer with deep regulatory experience, I
feel this is overly simplistic and will harm the adoption of our hard work.


On Wed, Dec 16, 2020 at 3:48 AM Joosten, H.J.M. (Rieks) <
rieks.joosten@tno.nl> wrote:

> Thanks, Adrian, for your example. Let me summarize to see if I get the
> details:
> You have been appointed a guardianship (over some other person - the
> dependent) by the state, that issued a credential to certify that
> relationship.
> The credential contains data that identifies you, data that identifies the
> dependent.
> It may also contain the (financial) rights/duties that go with this
> relationship, but such rights/duties may also be implicit (e.g. the law
> specifies them).
> We have an SP that knows the dependent, and has some bad experiences with
> him/her.
> -- now comes the part on which I like to focus: --
> Then, the SP receives a request to provide some service, and it needs to
> know for/to whom to provide the service.
> In normal circumstances, a service would be provided for/to the requester,
> causing the SP to authenticate the requester so that it can find the
> requester's account, ,and be done with it.
> In guardianship circumstances, the requester can present a guardianship
> credential that allows the SP to authenticate you (and find your account)
> AND establish that you act as the guardian in a guardianship relationship
> (with some dependent).
> I guess the issue I try to identify (before making attempts to solve it)
> is what the SP would need to be in the guardianship credential that would
> allow it to find the account of the dependent if that were to exist. The
> problem here is that the issuer of the guardianship credential may put data
> in the credential to identify the dependent that makes sense to the issuer,
> but it may not necessarily make sense to arbitrary SPs.
> Does that make sense?
> Rieks
> From: Adrian Gropper <agropper@healthurl.com>
> Sent: dinsdag 15 december 2020 17:27
> To: Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl>
> Cc: W3C Credentials CG (Public List) <public-credentials@w3.org>
> Subject: Re: looking for a specific use-case
> Legal guardian accessing financial info at Schwab (as SP)
> On Tue, Dec 15, 2020 at 11:16 AM Joosten, H.J.M. (Rieks) <mailto:
> rieks.joosten@tno.nl> wrote:
> I'm looking for a use-case, which I think requires:
> • that is realistic;
> Common and I have first-hand experience as the guardian
> • that involves (at least) two people, as e.g. in a marriage, a
> guardianship or otherwise, and some service provider (SP);
> State-certified guardianship
> • where SP has no earlier knowledge of any of these two people (he doesn't
> know who these people are);
> The SP has a prior relationship with a money manager service but a tenuous
> relationship with the subject and no relationship with the (new) guardian.
> • where SP can obtain credentials from only one of these persons (the
> other is somehow incapable of presenting credentials);
> The guardian can provide a notarized document if necessary.
> • where SP is requested to make a decision (e.g. to provide a service);
> Access credentials to the guardian
> • where SP needs to authenticate *both* persons in order to make that
> decision.
> This is unclear. It sounds like you're looking for a new SP account like
> KYC but that does not involve a second party. If there is a prior account
> relationship with the SP then there is implicitly a link back to the
> account data subject.
> Adrian
> Any suggestions?
> Rieks
> This message may contain information that is not intended for you. If you
> are not the addressee or if this message was sent to you by mistake, you
> are requested to inform the sender and delete the message. TNO accepts no
> liability for the content of this e-mail, for the manner in which you use
> it and for damage of any kind resulting from the risks inherent to the
> electronic transmission of messages.
Received on Wednesday, 16 December 2020 12:35:11 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 16 December 2020 12:35:12 UTC