- From: Kim Hamilton <kimdhamilton@gmail.com>
- Date: Mon, 15 Nov 2021 19:51:35 -0800
- To: dcrocker@bbiw.net, Eric Kuhn <eric.kuhn@microsoft.com>
- Cc: Kerri Lemoie <klemoie@concentricsky.com>, Credentials Community Group <public-credentials@w3.org>, public-vc-edu@w3.org
- Message-ID: <CAFmmOzceMbOoupjOrgYRqXdL152_8j3ObHdXiT61oP-odNX6RQ@mail.gmail.com>
This is a fantastically clear yet brief description of VCs. Great insights in your response, Eric. > Verifiable Credentials are externalizing and giving the credential usefulness outside of the boundary of the entity issuing it. On Mon, Nov 15, 2021 at 5:30 PM Dave Crocker <dhc@dcrocker.net> wrote: > On 11/12/2021 8:05 AM, Kerri Lemoie wrote: > > There’s been an ongoing discussion in the Open Badges community about > > using email addresses as an identifier when a wallet is not being used. > > This is a dilemma particularly in the Open Badges community because it > > has been using email addresses as recipient identifiers. Over the years > > using emails as identifiers has been problematic in numerous ways > > especially considering that the recipients don’t have control over their > > email addresses and in the past has led to lost badges. > > > A topic like this, needs to be very cautious about distinguishing theory > from practice. Theory is always more appealing, because it does not yet > show the scars from suffering the realities of practice. > > Identification at global scale is rather more difficult than under more > limited circumstances. > > Assignment of identifiers looks simple. Until it is done at scale. > Independence from a controlling organization might look simple. Go try > that at scale. The same applies to queries using an identifier. > Simple, until done at scale. > > In practice, the choices involve tradeoffs, rather than between terrible > vs. perfect. > > Having a single, private organization own and administer all the > identifiers is about as bad as this topic can get. It's not a matter of > whether the organization is enlightened or evil, but in the nature of > designing a single point of administrative and operational failure. > > If you think it's possible to do identifier assignment and lookup where > no organization is involved, please provide an example that has > demonstrated utility at scale, because I haven't heard of it. > > Absent that, we are back to tradeoffs. > > Domain names are an example of a single, public organization, having > control over the top of the hierarchy, but in practical terms, both > administration (assignment) and operation (query) are massively > distributed. In practical terms, for most of us, the concerning > dependency is primarily on the domain registrar and registry, rather > than on ICANN. > > And for the left-hand side of the email address, the question is who is > in charge of the domain name. > > If you get your own domain name, the answer is: you! And you can move > to different platform provides as you wish. The burden, then, is the > hassle of knowing enough to exploit this choice. > > If you go with an email service provider and use their domain name, then > we're back to a single -- typically private -- organization controlling > your fate. However the improvement is that they don't have to be > controlling mine. Or the other guys'. > > It's easy to criticize the use of email addresses as global identifiers. > What is difficult is finding a better alternative. That works at scale. > > d/ > > -- > Dave Crocker > Brandenburg InternetWorking > bbiw.net > >
Received on Tuesday, 16 November 2021 03:52:03 UTC