W3C home > Mailing lists > Public > public-credentials@w3.org > July 2021

Re: VC-HTTP-API - A follow up on the RAR presentation

From: Adrian Gropper <agropper@healthurl.com>
Date: Mon, 12 Jul 2021 13:36:12 -0400
Message-ID: <CANYRo8gOwdvN0tTtf5mbuT7U4YnzgfNiaNhpXfcL7hRZic+j3Q@mail.gmail.com>
To: "John, Anil" <anil.john@hq.dhs.gov>
Cc: "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
Thank you, Anil, for the clarity of your statements. As we all know, the
success of all of our hard work depends on mitigating concerns that the
digital credentials for things like vaccinations or blood tests will be
"too good" in the sense that they will create unprecedented surveillance
efficiency *as they are implemented in the real world*. This real-world
issue is what our experience with OAuth2 and OIDC has demonstrated.

I am not among those that believe that secure digital credentials are
inherently dangerous to human rights.

I do believe that the SSI community needs to be very clear that we are
doing everything we can to handle common use-cases like the Cruise Ship one
and that we have mitigated the risks of OAuth2 and client credentials.

- Adrian

On Mon, Jul 12, 2021 at 12:52 PM John, Anil <anil.john@hq.dhs.gov> wrote:

> >… can you clarify if your intent, 6 years ago or today, is to link
> control to possession of the VC …
>
>
>
> This question, as phrased, implies that I had the ability to flawlessly
> forecast the future 6 years ago AND that intent remains static in the face
> of new information, feedback, lessons learned, and technology advances.
>
>
>
> Neither of which is true!
>
>
>
> Adrian, respectfully, I am not going to get any more drawn into the
> discussion on delegation, precisely because as I noted below:
>
>    - We expect you all to *work out in the open in the global
>    standards/incubation communities* (e.g. W3C CCG etc.) in developing
>    open APIs that *meet the needs of a global implementer community to
>    ensure both visibility of the work AND technical review and input on the
>    work*.
>    - Our sense and intent here is to have *the potentially competing
>    interests of implementers be reconciled thru this open work and discussion*
>    to reach a common outcome that *benefits both us AND the broader and
>    global technical community*.
>
> The only reason that I engaged just now was that in this and some of the
> other conversation threads on this topic, there have been aspersions made
> regarding Government motives in the VC/DID ecosystem as it relates to
> privacy, and I wanted to set the record straight on our **demonstrated**
> support (
> https://docs.google.com/presentation/d/1MeeP7vDXb9CpSBfjTybYbo8qJfrrbrXCSJa0DklNe2k/edit?usp=sharing
> ) for individual agency, consent and control enabled by un-linkable
> presentations and prevention of “phone home” architectures that we hope
> will result in a competitive marketplace of diverse, interoperable
> solutions that are in the public interest.
>
>
>
> Best Regards,
>
>
>
> Anil
>
>
>
> Anil John
>
> Technical Director, Silicon Valley Innovation Program
>
> Science and Technology Directorate
>
> US Department of Homeland Security
>
> Washington, DC, USA
>
>
>
> Email Response Time – 24 Hours
>
>
>
> [image: https://www.dhs.gov/science-and-technology/svip]
>
>
>

image001.png
(image/png attachment: image001.png)

Received on Monday, 12 July 2021 17:36:45 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:18 UTC