- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 12 Nov 2021 13:59:26 -0500
- To: Credentials Community Group <public-credentials@w3.org>
- Cc: public-vc-edu@w3.org
On 11/12/21 11:05 AM, Kerri Lemoie wrote: > There’s been an ongoing discussion in the Open Badges community about > using email addresses as an identifier when a wallet is not being used. The issue comes down to "How do you authenticate someone that presents an Open Badge with an email address as a subject identifier?" There are email ceremonies that can handle this today (just email the person with an authentication code). I mean, the way the problem is proposed really only drives one way of solving the problem. "You have an email address and nothing else as a subject identifier." -- well, then you only have one solution available to you -- an email address. However, if you shift the problem into "How do I authenticate the person showing the Open Badge"... you could use telephone number, email address, Linked In page, Twitter handle, and a variety of other mechanisms that would enable you to authenticate control over that identifier. That is, for example, send the person a message with a 6-digit code and have them respond by typing in that code on a web page. Remember that you also don't have to provide a credentialSubject.id value in a VC. You can provide multiple alternate identifiers (telephone number, email address, web page), and it's up to the verifier to do the authentication dance there. It is far less secure and automatic than a DID-based login, though. Remember that you can always re-issue already issued VCs. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Friday, 12 November 2021 18:59:45 UTC