W3C home > Mailing lists > Public > public-credentials@w3.org > November 2021

Re: [EXTERNAL] Re: Using Email as an Identifier

From: Adrian Gropper <agropper@healthurl.com>
Date: Fri, 12 Nov 2021 17:52:55 -0500
Message-ID: <CANYRo8gXcR10sHXYJouLb+f9Pdp2uHdEBYfd8BPeX0bLvZxmPA@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Credentials Community Group <public-credentials@w3.org>, "public-vc-edu@w3.org" <public-vc-edu@w3.org>
What are the human rights implications of a "more capable" wallet?

Is it a "certified" wallet that Apple or Google provides to pretty much
everyone with a certified biometric lock?

Allow me to stipulate that Apple and Google will adopt any (W3C) standard
that allows them to keep their wallet franchise just like Apple almost
introduced coerced "local scanning" for illegal content in
end-to-end secure messaging.

Once that becomes the norm and we're all expected to have such a capable
biometric wallet for our cryptographically secure "papers please" what is
left for the SSI community to do?

Do we have some kind of regulation or governance system or technology in
mind to mitigate this risk?

- Adrian

On Fri, Nov 12, 2021 at 5:41 PM Manu Sporny <msporny@digitalbazaar.com>

> On 11/12/21 4:18 PM, Eric Kuhn wrote:
> > If the user does not yet have a Wallet to use, the issuer will still
> have a
> > record of whatever the accomplishment is until the user does have a
> > Wallet.
> >
> > We would advise our issuance customers to give their users a VC at time
> of
> >  credential attainment (i.e. completing a course) but have a way to come
> > back at a later point in time to get issued the Verifiable Credential.
> Yes, exactly this -- thanks for putting it so eloquently, Eric. That's
> what I
> was trying to say with "Remember that you can always re-issue already
> issued VCs."
> VCs don't have to be a one and done thing. You can provide a bearer VC to
> start, mix in an email if that's all you have, and then re-issue when the
> individual gets a more capable digital wallet in time. All of this, of
> course,
> depends on your system of record being able to authenticate the individual
> throughout their lifetime -- and for that, you can use email address, SMS,
> multifactor, in-person biometrics, or any combination thereof to upgrade
> their
> less capable VC to a more capable one.
> -- manu
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021)
> https://www.digitalbazaar.com/
Received on Friday, 12 November 2021 22:53:21 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:24 UTC