- From: Harrison <harrison@spokeo.com>
- Date: Sun, 26 Jun 2022 13:23:39 -0700
- To: Adrian Gropper <agropper@healthurl.com>
- Cc: Kerri Lemoie <kerri@openworksgrp.com>, Mike Prorock <mprorock@mesur.io>, W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CAFYh=40=b71hY5Eg=m5KYqA90TZhwAairhJh14d_vDACiRbPBA@mail.gmail.com>
Hi Adrian, If you don't mind, can you expound more on why you think Issuer and Verifier hold more power than Holder in the current Issuer - Holder - Verifier model? In this triad, the Issuer and Verifier hold immense and, as the EFF blog > post points out, almost unchecked, power over the holder. In the current model, Holder intermediates the identity-related transaction, and since the middleman usually controls the multi-sided platform, my understanding is that Holder should hold more power than Issuer and Verifier. Why do you think this is not the case? And how could the new "Service Provider" party address the problem? Thanks, Harrison On Fri, Jun 24, 2022 at 12:26 PM Adrian Gropper <agropper@healthurl.com> wrote: > Today, I’m answering calls from reporters after the SCOTUS vs. Roe > decision. My comments highlight the lack of federal privacy laws as > described in this article. > > Yesterday, at Identiverse, I organized a panel “*Human Rights Perspective > on W3C and IETF Protocol Interaction*” > https://identiverse.com/idv2022/session/841489/ that calls out the > enhanced surveillance efficiency from standardized digital credentials > compounded by the tendency to user strong digital credentials like mDL > rather than deal with the burden of clicking GDPR-like selective disclosure > boxes. > > Here is the protocols sequence that Eve Maler, Justin Richer and I > discussed as a potential mitigation: > A video with my slides and the full discussion will be posted. > > Many of the talks and keynotes at Identiverse highlighted the inadequacy > of a simplistic Issuer - Holder - Verifier model. In this triad, the Issuer > and Verifier hold immense and, as the EFF blog post points out, almost > unchecked, power over the holder. For example, Eve Maler’s keynote, at the > start of Thursday Identiverse, discussed the need to add a separate > “service provider” party to the Issuer-Holder-Verifier model. In the > diagram above, this would be the Delegate Server as manager of the resource > owner’s policies. > > Adrian > > On Fri, Jun 24, 2022 at 2:38 PM Kerri Lemoie <kerri@openworksgrp.com> > wrote: > >> Thanks, Mike. >> >> >> On Jun 24, 2022, at 1:51 PM, Mike Prorock <mprorock@mesur.io> wrote: >> >> Good topic for CCG discussion and reading on the implications of a lot of >> the tech we are working on: >> >> https://www.eff.org/deeplinks/2022/05/what-companies-can-do-now-protect-digital-rights-post-roe-world >> >> Mike Prorock >> CTO, Founder >> https://mesur.io/ >> >> >> -- *Harrison Tang* CEO LinkedIn <https://www.linkedin.com/in/theceodad/> • Instagram <https://www.instagram.com/spokeo/> • Facebook <https://www.facebook.com/TheCEODad>
Attachments
- image/png attachment: 42DEE2E3-8CF1-41E0-BE09-32E8BEE1E0CF.png
Received on Sunday, 26 June 2022 20:24:07 UTC