W3C home > Mailing lists > Public > public-credentials@w3.org > January 2022

Re: Phil Windley, Biometrics, and Digital Identities

From: Alan Karp <alanhkarp@gmail.com>
Date: Fri, 28 Jan 2022 09:46:36 -0800
Message-ID: <CANpA1Z1bVvkGNrXkoFGGaKdMpN2T=gE3ZGeWSO4NhiYx9hHG4w@mail.gmail.com>
To: "Michael Herman (Trusted Digital Web)" <mwherman@parallelspace.net>
Cc: "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
An interesting blog post that raises some important points.  However, it
includes the statement

Specifically the credential exchange can prove the person presenting the
credential is the same person who it was issued to.

which is not true unless there is a biometric involved in both the
credential and the exchange.  Without that, the credential is actually
issued to a public key, not a person.  The corresponding private key can be
stolen or, more likely, shared.  In that case, the best we can know is who
to hold responsible for the use of the credential, not who actually used it.

Alan Karp

On Fri, Jan 28, 2022 at 4:54 AM Michael Herman (Trusted Digital Web) <
mwherman@parallelspace.net> wrote:

> Checkout
> http://news.windley.com/issues/a-defacto-national-id-from-id-me-technometria-issue-39-997993
> Michael Herman
> Get Outlook for Android <https://aka.ms/AAb9ysg>
Received on Friday, 28 January 2022 17:47:00 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:28 UTC