- From: Adrian Gropper <agropper@healthurl.com>
- Date: Tue, 2 Jun 2020 06:56:45 -0400
- To: Will Abramson <wip.abramson@gmail.com>
- Cc: Brent Shambaugh <brent.shambaugh@gmail.com>, Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANYRo8hrTqf3R9j9DOy_b3hiW5rw_ss98fVqPrmC8GmbDz=wCg@mail.gmail.com>
I have a handful of FIDOish tokens in my drawer and can’t bear to use any of them. Some have a fingerprint sensor. Some use USB or USB-C. One uses NFC. I have FaceID on one device and TouchID on two other devices. I use them 100 times a day. I have no idea if they use any standards at all. I have a three password managers on the three devices. They each sync with themselves. One uses Dropbox. One uses iCloud. Firefox uses Mozilla. It’s a mess, sort-of works, and upsets me every time I use any of them. Most service providers I use offer me login using Facebook or Twitter. I never use that because OIDC leaks both privacy and sovereignty. I’m waiting for Apple Sign-In so I can at least have some privacy at the cost of my self- sovereignty. Sucks. Oh, I almost forgot my two-factor auth SMS and Duo calls from MIT to my mobile. And the authenticator apps from Microsoft and Google that I almost never use. There’s also a Bitcoin wallet or three, ApplePay, uPort, and I forget..... If any two of my three devices is lost I have some prayer of recovering some of my credentials but I still have some paper backups in places I’ve possibly forgotten or files with passwords I never use. How will SSI come into my life? Will it be through DID Peer or DID Auth? Who will sell it to me? Will it still be self-sovereign? - Adrian On Tue, Jun 2, 2020 at 5:05 AM Will Abramson <wip.abramson@gmail.com> wrote: > This was really interesting thanks, > > It helps shed some light on the different perspectives within this > community and the history of these ideas. > > I would encourage everyone to read this. And those who already know and > buy into the ideas presented in this article but are confused by the > Hyperledger/Sovrin esc ideas would do well to read article for a similar > purpose https://www.cs.ru.nl/~jhh/pub/secsem/chaum1985bigbrother.pdf. > > It seems we often talk past each other, but we all want roughly the same > things. The differences, to me at least, come down to an emphasis on > different aims. It seems some of us are working to enable Verifiable > Credentials that are simple, and easy to use specifically within the > context of the web as a core focus with privacy important but not a deal > breaker. Whereas other members are most focused on ensuring the privacy of > holders when using digital credentials in any context through strong > cryptography. This approach is naturally complex, so while simplicity is > important it has not been the main priority. > > I am biased, but I just want to point out cryptographers have been talking > about credentials using much the same language and for many of the same > reasons since before the W3C existed. If privacy-preserving integrity > assured credentials that enable independent minimal disclosure of a > required set of attributes within a certain context while reducing the > potential for correlation are a priority for this group, we would do well > to at least have knowledge of the prior art. > > To be clear I am not saying cryptography is a panacea for all of the > challenges in digital identity, but cryptography is the science of secure > communication. And (secure) communication is key component when forming our > identities, whether in the digital world or otherwise. > > Joe - I wonder if the cryptographers perspective is another Mental Model > of Identity? > > Cheers, > Will > > On Sun, May 31, 2020 at 5:54 PM Brent Shambaugh <brent.shambaugh@gmail.com> > wrote: > >> Haha. Manu. >> >> http://manu.sporny.org/2014/credential-based-login/ >> >> >>
Received on Tuesday, 2 June 2020 10:57:10 UTC