Re: Human rights perspective on W3C and IETF protocol interaction from Adrian Gropper on 2022-01-05 (public-credentials@w3.org from January 2022)

From: Adrian Gropper <agropper@healthurl.com>
Date: Wed, 5 Jan 2022 14:46:08 -0500
To: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Cc: GNAP Mailing List <txauth@ietf.org>, W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <CANYRo8iqPAaGnjYsRQuq9Ympo2EZQKn65KwqmgKLsPpzcsUyaw@mail.gmail.com>
I completely agree with Ted. Unfortunately, Holder is even more misleading
than Subject because it applies to the Issuer as well as the controller of
a VC. This is the problem with linking control with possession.

In the human rights context of this thread, we might consider ways that
Subject is verified. Is it though a biometric? Control of a private key?
Control of a legally mandated device such as an ankle bracelet? Control of
a device like Apple Wallet with certified biometric controls?

Choice of words aside, the linkage of control to possession in the context
of CCG is not a matter of ethics. Standardized digital credentials exist in
the context of state-controlled mobile driver's license credentials and
privately controlled $3Trillion wallet platforms. The NY Times describes
the tension between these sovereigns around the world almost every day. I
might stipulate that DHS and Apple are both ethical within the scope of
CCG. A verifiable VC issued as a COVID credential in New Zealand presumes
that a state document was verified and the mobile wallet used to present it
was certified. Otherwise, we're just engaging in security theater like much
of what passes for digital credentials today.

Translated to protocol work related to CCG, ethics and human rights are
different issues. Paraphrasing Heinz vonFoerster, we might say that the
ethical imperative of the CCG is to maximize the number of effective
choices on behalf of the Subject as they face the sovereign Issuers and
Verifiers and the equally sovereign private platforms.

Adrian

On Wed, Jan 5, 2022 at 2:04 PM Ted Thibodeau Jr <tthibodeau@openlinksw.com>
wrote:

>
> On Jan 5, 2022, at 10:11 AM, Adrian Gropper <agropper@healthurl.com>
> wrote:
>
>
> transferring responsibility from an issuer to a subject of a VC
>
>
>
> For the eleventeenth time, the SUBJECT of a VC has NO CONTROL
> over anything to do with that VC.  The only entities with control
> of any kind are the Issuer, the Holder(s), and the Verifier.
> In the wilderness of the World Wide Web, ANYONE CAN SAY ANYTHING
> ABOUT ANYTHING.  (This is not so different from the wilderness
> of paper-space.)
>
> I could Issue a VC today, with you, Adrian, as the Subject,
> which contains anything I care to say about you.  I could say
> that you, Adrian, are the 14th moon orbiting Sol III (a/k/a
> the third planet orbiting our sun, a/k/a Planet Earth).  This
> is not actually a fact, of course, but I may nonetheless Assert
> it, and I may do so in a VC, which simply allows anyone to
> Verify that I did in fact Issue that Assertion within that VC.
>
> I could Issue this VC with or without the knowledge of you,
> the Subject, to any Holder of my choosing, who may Present
> it to any Holder or Verifier of *their* choosing, without
> any alert to you, the Subject.
>
> There is *nothing* that the CCG nor the VCWG nor the IETF nor
> the UN nor the USGovt nor any other entity can do to prevent
> me from doing so.  The USGovt *may* pass laws that impose
> penalties upon me or others who make such untrue assertions
> in VCs, but, to date, they have not, and there would be some
> lengthy freedom of speech litigation if such were enacted and
> someone then attempted enforcement -- and this is the *most*
> possible path to such restrictions.
>
> Your various efforts will have much greater effect, perhaps
> even delivering the results you want, if you digest this,
> and work it into your various writings and excoriations of
> the various WGs and CGs and other audiences you address.
> Failure to integrate this reality into your output will
> only lead to frustration on all sides, and failure to
> reach any of your declared goals.
>
> I believe that some of your efforts have value.  (I don't
> know the totality of your efforts, so cannot say this about
> everything you will do or have done.)  I would like to see
> these benefit the world.  I do not believe that will happen
> if you continue to ignore the hard-won vocabulary developed
> by the CCG, VCWG, DIDWG, and related efforts.
>
> Be seeing you,
>
> Ted
>
>
>
>
>
> --
> A: Yes.                          http://www.idallen.com/topposting.html
> | Q: Are you sure?
> | | A: Because it reverses the logical flow of conversation.
> | | | Q: Why is top posting frowned upon?
>
> Ted Thibodeau, Jr.           //               voice +1-781-273-0900 x32
> Senior Support & Evangelism  //        mailto:tthibodeau@openlinksw.com
> <tthibodeau@openlinksw.com>
>                              //              http://twitter.com/TallTed
> OpenLink Software, Inc.      //              http://www.openlinksw.com/
>          20 Burlington Mall Road, Suite 322, Burlington MA 01803
>      Weblog    -- http://www.openlinksw.com/blogs/
>      Community -- https://community.openlinksw.com/
>      LinkedIn  -- http://www.linkedin.com/company/openlink-software/
>      Twitter   -- http://twitter.com/OpenLink
>      Facebook  -- http://www.facebook.com/OpenLinkSoftware
> Universal Data Access, Integration, and Management Technology Providers
>
>
>
>
>
Received on Wednesday, 5 January 2022 19:46:32 UTC