W3C home > Mailing lists > Public > public-credentials@w3.org > December 2022

Re: NIST Draft on Digital Identity

From: Steve Capell <steve.capell@gmail.com>
Date: Sat, 17 Dec 2022 04:36:44 +1100
Message-Id: <D14391D0-99C6-4C94-BE7F-A35A7B753016@gmail.com>
Cc: W3C Credentials CG <public-credentials@w3.org>
To: Mike Prorock <mprorock@mesur.io>
Sorry for the typos (corrected below). Writing longish emails at 4:30am with thumb on iPhone …

Steven Capell
Mob: 0410 437854

> On 17 Dec 2022, at 4:29 am, Steve Capell <steve.capell@gmail.com> wrote:
> Reading the table of contents you’d be forgiven for thinking that NIST have totally forgotten to include decentralised identity models 
> Digging further into the document you can see in fig 1 page 12 there’s a diagram that has a bit of a flavour of decentralised models with the “credential service provider” (issuer?) that does “identity proofing and enrolment” (issue Vc?) to an “applicant” (vc subject?) who then becomes a “subscriber” (to what?).  The “subscriber” then “authenticates” (presents vp?) to a “relying party” (verifier?) and gets redirected to a “verifier” (another verifier?) to become a “claimant” and then can continue on to perform identified and authenticated interactions with a relying party.  All three roles of “relying party”, “verifier”, “credential service provider” are wrapped in one box called “service provider functions”
> The diagram title is “non federated digital
> Identity model”.  Don’t see anything in there about subject self issued identifiers (dids). 
> It looks like an attempt to include half the ideas of a proper decentralised identity architecture and stuff them into a slightly tweaked version of the federated identity model (ie a “federation” of centralised idps) that we all know and “love” ;) 
> I don’t understand the intent of including this hybrid that is neither decentralised nor centralised  and labelling it “non-federated”?  Why do that? Why not fully recognise the reality of decentralised models, name it appropriately, draw it correctly, and include one of the most foundational ideas (the did)?  
> I think somebody with some clout (Anil?) should suggest some corrections to NIST 
> Steven Capell
> Mob: 0410 437854
>>> On 17 Dec 2022, at 3:17 am, Mike Prorock <mprorock@mesur.io> wrote:
>> CCG,
>> I would love to collect thoughtful feedback and review comments from members of the community on the the following:
>> https://csrc.nist.gov/publications/detail/sp/800-63/4/draft
>> There are some strong implications in this doc, and it may set the stage for many years to come, so we should all take some time to review carefully, and comment in a professional, proactive, and positive way on areas we are individually subject matter experts in.  I would love feedback on the list as well for myself and the other Co-chairs as we review in depth additionally for any items that are highly positive in the draft(s) or areas of concern that could be refined to avoid future issues.
>> thanks in advance!
>> Mike Prorock
>> CTO, Founder
>> https://mesur.io/

Received on Friday, 16 December 2022 17:37:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 16 December 2022 17:37:11 UTC