Re: The SSI protocols challenge [Was]: W3C DID Core 1.0 enters Candidate Recommendation stage

Thanks David, I'll find that feedback and follow up with you off-list too.

I wasn't really talking about digital driving licenses as a credential in
their own right, I'll come back on another thread another time to explore
further our thinking here.

(And yeah I guess I meant that an authenticator X might be bound to a set
of attributes in which some level of confidence had been achieved, and
you're right it's the attributes that are the digital identity rather than
the authenticator. I shouldn't have brought authenticators into this at all
as they aren't necessarily helpful in a VC context.)

George


On Mon, 22 Mar 2021 at 15:34, David Chadwick <D.W.Chadwick@kent.ac.uk>
wrote:

> Hi George
>
> I note that the UK has some strange ideas about digital identity, which I
> have commented on in my reply to its recent call for comments on its
> Digital identity and attributes trust framework.
>
> A digital identity is a set of digital identity attributes. An identifier
> is just one special type of identity attribute that on its own uniquely
> identifies the subject in a particular context. To separate attributes from
> digital identity is a strange conceptualisation to me. Any set of
> attributes can uniquely identify a subject in a particular context. Thus a
> digital driving license asserted by DVLA is a set of identity attributes,
> any subset of which might uniquely identify the subject amongst all other
> driving license holders. To say authenticator X is useful as a digital
> identity is also a strange statement to make. Do you mean identifier?
>
> Kind regards
>
> David
> On 22/03/2021 12:43, George Lund wrote:
>
> Seeing as DVLA got mentioned, it's maybe not too much of a shoe-horn to
> discuss a specific example of how driving license data might be helpful in
> a VC identity world...
>
> (Noting that while a driving license is proof of a particular person's
> eligibility to drive, it is not properly in its own right a form of ID. And
> certainly it isn't a digital identity....)
>
> A DVLA service that can issue a credential that says "I have checked and
> bound authenticator X to a driving license previously issued by us to
> subject A" is a very useful component in a distributed system, and those
> credentials form a useful _part_ of a digital identity. Several such checks
> can give us confidence in X being useful as a digital identity, if taken
> together they give us enough confidence that the user at the keyboard
> really is subject A.
>
> If it turns out that credential was issued wrongly (eg due to fraud) then
> we do need to be able to revoke it, and VC's support that. But the
> credential can exist independently and it's up to relying parties to follow
> a policy on checking for revocation according to their risk profile.
>
> It might very likely have been issued in such a way that people relying on
> that credential can only find out that a certain kind of document check has
> been performed. Those RPs might not even be able to tell that the user is
> legally allowed to drive, if the purpose for generating the credential was
> as part of creating a non-anonymous reusable identity rather than for
> driving checks.
>
> However I'm not yet 100% clear how much we need the properties of DIDs in
> order to achieve this kind of use case (I suspect it is essential, but some
> comments in this thread make me wonder). Might be asking for some help
> about that :-)
>
>
> (NB: I'm not speaking for DVLA (or any part of HMG) here, just discussing
> some possibilities.)
>
> George
>
>
>
>
> --
> George Lund
> Technical Architect
> Digital Identity Programme
> Government Digital Service
>
>

-- 
George Lund
Technical Architect
Digital Identity Programme
Government Digital Service