W3C home > Mailing lists > Public > public-credentials@w3.org > June 2022

Re: Good reading

From: Harrison <harrison@spokeo.com>
Date: Sun, 26 Jun 2022 13:23:39 -0700
Message-ID: <CAFYh=40=b71hY5Eg=m5KYqA90TZhwAairhJh14d_vDACiRbPBA@mail.gmail.com>
To: Adrian Gropper <agropper@healthurl.com>
Cc: Kerri Lemoie <kerri@openworksgrp.com>, Mike Prorock <mprorock@mesur.io>, W3C Credentials CG <public-credentials@w3.org>
Hi Adrian,

If you don't mind, can you expound more on why you think Issuer and
Verifier hold more power than Holder in the current Issuer - Holder -
Verifier model?

In this triad, the Issuer and Verifier hold immense and, as the EFF blog
> post points out, almost unchecked, power over the holder.

In the current model, Holder intermediates the identity-related
transaction, and since the middleman usually controls the multi-sided
platform, my understanding is that Holder should hold more power than
Issuer and Verifier.  Why do you think this is not the case?  And how could
the new "Service Provider" party address the problem?


On Fri, Jun 24, 2022 at 12:26 PM Adrian Gropper <agropper@healthurl.com>

> Today, I’m answering calls from reporters after the SCOTUS vs. Roe
> decision. My comments highlight the lack of federal privacy laws as
> described in this article.
> Yesterday, at Identiverse, I organized a panel “*Human Rights Perspective
> on W3C and IETF Protocol Interaction*”
> https://identiverse.com/idv2022/session/841489/ that calls out the
> enhanced surveillance efficiency from standardized digital credentials
> compounded by the tendency to user strong digital credentials like mDL
> rather than deal with the burden of clicking GDPR-like selective disclosure
> boxes.
> Here is the protocols sequence that Eve Maler, Justin Richer and I
> discussed as a potential mitigation:
> A video with my slides and the full discussion will be posted.
> Many of the talks and keynotes at Identiverse highlighted the inadequacy
> of a simplistic Issuer - Holder - Verifier model. In this triad, the Issuer
> and Verifier hold immense and, as the EFF blog post points out, almost
> unchecked, power over the holder. For example, Eve Maler’s keynote, at the
> start of Thursday Identiverse, discussed the need to add a separate
> “service provider” party to the Issuer-Holder-Verifier model. In the
> diagram above, this would be the Delegate Server as manager of the resource
> owner’s policies.
> Adrian
> On Fri, Jun 24, 2022 at 2:38 PM Kerri Lemoie <kerri@openworksgrp.com>
> wrote:
>> Thanks, Mike.
>> On Jun 24, 2022, at 1:51 PM, Mike Prorock <mprorock@mesur.io> wrote:
>> Good topic for CCG discussion and reading on the implications of a lot of
>> the tech we are working on:
>> https://www.eff.org/deeplinks/2022/05/what-companies-can-do-now-protect-digital-rights-post-roe-world
>> Mike Prorock
>> CTO, Founder
>> https://mesur.io/

*Harrison Tang*
 LinkedIn  <https://www.linkedin.com/in/theceodad/> •   Instagram
<https://www.instagram.com/spokeo/> •   Facebook

(image/png attachment: 42DEE2E3-8CF1-41E0-BE09-32E8BEE1E0CF.png)

Received on Sunday, 26 June 2022 20:24:07 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 26 June 2022 20:24:08 UTC