Re: Naming EDVs for all (Was: Re: [MINUTES] W3C Credentials CG Call - 2020-01-21 12pm ET from Adrian Gropper on 2020-02-01 (public-credentials@w3.org from February 2020)

From: Adrian Gropper <agropper@healthurl.com>
Date: Sat, 1 Feb 2020 09:22:31 -0500
To: Juan Caballero <juan.caballero@spherity.com>
Cc: Jim Goodell <jgoodell2@yahoo.com>, Keerthi Thomas <thomas.keerthi@gmail.com>, Steven Rowat <steven_rowat@sunshine.net>, public-credentials@w3.org
Message-ID: <CANYRo8gVTfaigb4AMUWRC5aqvKudyXRw+ammOpL15ZWTzC74Nw@mail.gmail.com>
Mobility is THE question. A locker holds things you control by possession,
like a driver’s license or VC. It’s easy for us to narrowly focus on the VC
perspective where we are inherently dealing with copies of what the issuer
knows. This is fabulous for privacy.

However, identity-related storage reality is much broader than signed
copies of things. The vast majority of personal information is created by
others and cannot be copied, signed, presented, and authenticated
conveniently. Moving information away from the source by making a copy (the
VC model) is a huge privacy problem in itself because the subject is now
charged with keeping track of the future copies that verifiers are making.
Yes, ZKP can fix that but how much of our personal info (think health
records or letters of recommendation) can be shared as a ZKP?

Framing the discussion around use of SSI in terms of EDV is short-sighted
and will limit adoption. It may work in government because they have a
captive customer base. It might work in education where the mobility and
privacy of credentials are not a significant differentiator among issuers.
The gov and ed sectors are minuscule compared to health or transportation /
hospitality parts of the economy that depend on personal information at
their core.

The economic value of DID and VC comes from from more effective control and
accountability of personal information that stays in place with the issuer.
Mobility is a nice way to refer to the broader perspective and it is
confused by EDV. Mobility in the sense of access away from the network
certainly is not helped by EDV. Mobility in the sense of having your
digital credentials accepted by the vast majority of services you interact
with needs to not burden those services if we hope for rapid adoption of
SSI.

Does the EDV model help mobility in the adoption sense? Yes, to the extent
that wallets and agents are standardized. That is what we should be talking
about and EDV may not be a helpful concept.

- Adrian

On Sat, Feb 1, 2020 at 8:15 AM Juan Caballero <juan.caballero@spherity.com>
wrote:

> BitLocker is taken, no? I just used it on my new windows laptop last week.
>
>
> https://support.microsoft.com/en-us/help/4530477/windows-10-finding-your-bitlocker-recovery-key
>
> -----------------
> Juan Caballero
> Communications, Research, Press
> Signal/whatsapp: +1 415-3101351
> Berlin-based: +49 1573 5994525
> (sent from phone)
>
> On Sat, Feb 1, 2020, 1:57 PM Keerthi Thomas <thomas.keerthi@gmail.com>
> wrote:
>
>> Bitlocker is a trademark of Microsoft
>> https://trademarks.justia.com/775/98/bitlocker-to-77598061.html
>>
>> It's also stated on Microsoft website:
>>
>> https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/en-us.aspx
>>
>> On Sat, 1 Feb 2020, 12:44 pm Jim Goodell, <jgoodell2@yahoo.com> wrote:
>>
>>> “Safe” can mean more than one thing, e.g. physical thing, conditional
>>> state.
>>>
>>> “Locker” is a more concrete and unambiguous analogy. So BitLocker,
>>> BitVault or DigitalLocker are good, except weak on conveying mobility. But
>>> perhaps physical mobility isn’t the important quality to convey anyway. It
>>> seems to me more about ubiquity, always available, (via internet) rather
>>> than the person carries it with them (like on a flash drive)
>>>
>>> Might need to check if chosen name is registered trademark
>>>
>>> Sent from Yahoo Mail for iPhone
>>> <https://overview.mail.yahoo.com/?.src=iOS>
>>>
>>> On Friday, January 31, 2020, 11:41 AM, Steven Rowat <
>>> steven_rowat@sunshine.net> wrote:
>>>
>>> On 2020-01-31 8:16 am, Adrian Gropper wrote:
>>> > IndiaStack uses Digilocker. It’s in the context of other
>>> > identity-linked services.
>>> > https://www.indiastack.org
>>>
>>> Interesting. And I think the simplest description of what is being
>>> stored is "bits", so perhaps:
>>> Bit Locker
>>> or
>>> Bit Safe
>>> Bit Box
>>>
>>> I'm unsure about 1 vs. two words. A single word would be nice, but
>>> there are at least two concepts needed, possibly three: portable safe
>>> data. Getting that in one word might be tricky unless it's camel case.
>>>   :-)
>>> SafeDataBox
>>> BitLockBox
>>> BitBox
>>> BitSafe
>>>
>>> But camel case won't fly for the general public I think, and anyway
>>> it's easy to forget the capital or miss it in a transcription.
>>>
>>> Steven
>>>
>>> >
>>> > I have tried to steer them in the direction of standards, so far
>>> > without much success.
>>> >
>>> > Adrian
>>> >
>>> > On Fri, Jan 31, 2020 at 11:08 AM Steven Rowat
>>> > <steven_rowat@sunshine.net <mailto:steven_rowat@sunshine.net>> wrote:
>>>
>>> >
>>> >    Hello,
>>> >    In the discussion of the Jan 21 CCG call, the section quoted at
>>> >    the end of this email shows to me that there's a general name
>>> >    discussion required around EDVs (Encrypted Data Vaults). "Wallet"
>>> >    is rejected because it has other uses. There's no consensus yet.
>>> >
>>> >    I believe this is like what happened around "Digital Identifiers",
>>> >    where the whole CCG list got involved, because, as Dave Longley
>>> >    notes at the end of the quote, the naming needs to satisfy the
>>> >    general public as well as developers and codewriters.
>>> >
>>> >    And I began to think up some possibilities for "safe storage" that
>>> >    already exist in the physical world, perhaps to get the ball
>>> >    rolling in such a discussion. These are:
>>> >
>>> >    Safe     [banks, homes]
>>> >    Safe Drop   [couriers]
>>> >    Safety Deposit Box    [banks]
>>> >    Deposit Box  [banks, post office]
>>> >    Lockbox   [real estate, travel]
>>> >    Storage    [rental lockers, computer storage]
>>> >    Strongbox   [rental lockers, banks, homes]
>>> >    Secure Sockets   [HTTPS, SSL]
>>> >    Trunk   [travel luggage]
>>> >    Suitcase   [travel luggage]
>>> >    Container    [shipping trade]
>>> >
>>> >    I believe both "safe" and "mobile" need to be implied, and I'm
>>> >    unsure whether the word "data" is best used or not. So at this
>>> >    point my own preferences would be combinations like:
>>> >    Data Lockbox
>>> >    Safe Box
>>> >    Data Safe
>>> >
>>> >    etc.
>>> >
>>> >    Other opinions?
>>> >
>>> >
>>> >    On 2020-01-29 8:19 pm, W3C CCG Chairs wrote:
>>> >      > Manu Sporny: ...We, as an organization, want
>>> >      >    to focus on portability, CHAPI, moving wallets, etc. simpler
>>> use
>>> >      >    cases. [scribe assist by Dave Longley]
>>> >      > Joe Andrieu:  I put myself on the queue - to push back on
>>> >      >    language around wallet vs. vault that Manu used. Naming is
>>> hard,
>>> >      >    attempting to be constructive.
>>> >      > Orie Steele: "Wallet" is a terrible name :( ... names are
>>> hard...
>>> >      > Drummond Reed: The DIF Glossary Project is drilling deep into
>>> >      >    community definitions of "wallet", "agent", and "credential".
>>> >      >    It's amazing how diverse some of the responses are.
>>> >      > Joe Andrieu:  ChristopherA and I wrote a topic for the last
>>> >      >    rebooting - spoke about how "Identity Wallets" and "Crypto
>>> >      >    Wallets" have similarities, trying to find similarities
>>> >      >    architecturally. Crypto wallets are not in your hardware
>>> >      >    wallet... a wallet is how you control access to your stuff,
>>> not
>>> >      >    the actual store that has it. A good crypto wallet could have
>>> >      >    Bitcoin, Ethereum, AltCoins, but the way that tech works is
>>> that
>>> >      >    the important stuff is not in the wallets.
>>> >      > Adrian Gropper: +1 To Joe's and Drummond's comments on "wallet"
>>> >      > Stephen Curran: "Wallet" in mainstream usage is the app you have
>>> >      >    on your phone. It's not the bit of the any "thingy" (agent,
>>> >      >    whatever) that stores things. Using that term is fighting a
>>> >      >    losing battle.
>>> >      > Joe Andrieu:  The interfaces that we use to get access to stores
>>> >      >    vs the stores themselves are important. We also need a good
>>> >      >    separation between those so we can move EDVs around w/o
>>> changing
>>> >      >    front-end wallet.
>>> >      > Dave Longley: There's probably also a naming issue here where
>>> the
>>> >      >    general public will understand "wallet" as all of the
>>> >    layers, but
>>> >      >    developers/technologists should understand there are more
>>> layers
>>> >
>>> >
>>> >    Steven Rowat
>>> >
>>>
>>>
Received on Saturday, 1 February 2020 14:22:46 UTC