Re: Using Email as an Identifier

On 11/12/21 11:05 AM, Kerri Lemoie wrote:
> There’s been an ongoing discussion in the Open Badges community about
> using email addresses as an identifier when a wallet is not being used.

The issue comes down to "How do you authenticate someone that presents an Open
Badge with an email address as a subject identifier?"

There are email ceremonies that can handle this today (just email the person
with an authentication code).

I mean, the way the problem is proposed really only drives one way of solving
the problem.

"You have an email address and nothing else as a subject identifier." -- well,
then you only have one solution available to you -- an email address.

However, if you shift the problem into "How do I authenticate the person
showing the Open Badge"... you could use telephone number, email address,
Linked In page, Twitter handle, and a variety of other mechanisms that would
enable you to authenticate control over that identifier. That is, for example,
send the person a message with a 6-digit code and have them respond by typing
in that code on a web page.

Remember that you also don't have to provide a credentialSubject.id value in a
VC. You can provide multiple alternate identifiers (telephone number, email
address, web page), and it's up to the verifier to do the authentication dance
there.

It is far less secure and automatic than a DID-based login, though. Remember
that you can always re-issue already issued VCs.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/

Received on Friday, 12 November 2021 18:59:45 UTC