- From: Adrian Gropper <agropper@healthurl.com>
- Date: Wed, 16 Dec 2020 07:34:46 -0500
- To: "Joosten, H.J.M. (Rieks)" <rieks.joosten@tno.nl>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CANYRo8hCGzPddOx2YeMtQxknMg0FX=tdixwf3nEuTgnNYFS=AQ@mail.gmail.com>
Yes, that makes perfect sense. This is the reason for de-duplicated identities and notaries in the real world. I wrote some of this up as the Zener Diode in https://github.com/w3c/did-use-cases/issues/102#issuecomment-703943437 I've also heard an aspect of this described as 'sharing of liability' to certificate authorities where the CA is paid to isolate the issuer and/or the verifier from some liability. Whether you call it a notary or a CA the common thing is that: - they are bonded or certified as fiduciaries of the jurisdiction (typically the gov, but could be private) - they verify a de-duplicated identity for the subject - they keep a log that can be accessed at some significant cost if needed I worry that our SSI use cases tend to be simplistic and artificial by not including audit, authorization, revocation, and mediating service providers as primary concerns. As an engineer I appreciate the desire of engineers to "layer" things and to model simple issuer, holder, verifier, registry relationships. As a privacy engineer with deep regulatory experience, I feel this is overly simplistic and will harm the adoption of our hard work. Adrian On Wed, Dec 16, 2020 at 3:48 AM Joosten, H.J.M. (Rieks) < rieks.joosten@tno.nl> wrote: > Thanks, Adrian, for your example. Let me summarize to see if I get the > details: > You have been appointed a guardianship (over some other person - the > dependent) by the state, that issued a credential to certify that > relationship. > The credential contains data that identifies you, data that identifies the > dependent. > It may also contain the (financial) rights/duties that go with this > relationship, but such rights/duties may also be implicit (e.g. the law > specifies them). > We have an SP that knows the dependent, and has some bad experiences with > him/her. > -- now comes the part on which I like to focus: -- > Then, the SP receives a request to provide some service, and it needs to > know for/to whom to provide the service. > In normal circumstances, a service would be provided for/to the requester, > causing the SP to authenticate the requester so that it can find the > requester's account, ,and be done with it. > In guardianship circumstances, the requester can present a guardianship > credential that allows the SP to authenticate you (and find your account) > AND establish that you act as the guardian in a guardianship relationship > (with some dependent). > > I guess the issue I try to identify (before making attempts to solve it) > is what the SP would need to be in the guardianship credential that would > allow it to find the account of the dependent if that were to exist. The > problem here is that the issuer of the guardianship credential may put data > in the credential to identify the dependent that makes sense to the issuer, > but it may not necessarily make sense to arbitrary SPs. > > Does that make sense? > Rieks > > From: Adrian Gropper <agropper@healthurl.com> > Sent: dinsdag 15 december 2020 17:27 > To: Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl> > Cc: W3C Credentials CG (Public List) <public-credentials@w3.org> > Subject: Re: looking for a specific use-case > > Legal guardian accessing financial info at Schwab (as SP) > > On Tue, Dec 15, 2020 at 11:16 AM Joosten, H.J.M. (Rieks) <mailto: > rieks.joosten@tno.nl> wrote: > I'm looking for a use-case, which I think requires: > • that is realistic; > Common and I have first-hand experience as the guardian > > • that involves (at least) two people, as e.g. in a marriage, a > guardianship or otherwise, and some service provider (SP); > State-certified guardianship > > • where SP has no earlier knowledge of any of these two people (he doesn't > know who these people are); > The SP has a prior relationship with a money manager service but a tenuous > relationship with the subject and no relationship with the (new) guardian. > > • where SP can obtain credentials from only one of these persons (the > other is somehow incapable of presenting credentials); > The guardian can provide a notarized document if necessary. > > • where SP is requested to make a decision (e.g. to provide a service); > Access credentials to the guardian > > • where SP needs to authenticate *both* persons in order to make that > decision. > This is unclear. It sounds like you're looking for a new SP account like > KYC but that does not involve a second party. If there is a prior account > relationship with the SP then there is implicitly a link back to the > account data subject. > > Adrian > > Any suggestions? > Rieks > > This message may contain information that is not intended for you. If you > are not the addressee or if this message was sent to you by mistake, you > are requested to inform the sender and delete the message. TNO accepts no > liability for the content of this e-mail, for the manner in which you use > it and for damage of any kind resulting from the risks inherent to the > electronic transmission of messages. >
Received on Wednesday, 16 December 2020 12:35:11 UTC