W3C home > Mailing lists > Public > public-vc-edu@w3.org > November 2021

Re: Using Email as an Identifier

From: Serge Ravet <serge.ravet@gmail.com>
Date: Tue, 16 Nov 2021 13:08:55 +0100
Message-Id: <49FA9500-3C55-450A-B993-9E876472257A@gmail.com>
Cc: Kerri Lemoie <klemoie@concentricsky.com>, Credentials Community Group <public-credentials@w3.org>, public-vc-edu@w3.org
To: dcrocker@bbiw.net
I am very much in line with Dave feedback. I would add that people should be free to choose the identifiers they want ([self-]sovereign!). The risk of “losing” a badge is a small price to pay in exchange for not being obliged to hold a “wallet”.

In reality, the problem invoked is not about “loosing” a badge, but making it not verifiable [on its own]. And “verifiability” can be a totally useless piece of information in comparison with “currency”: if you have a degree in computer science but you don’t practice for 5 years, the “currency” of the degree might be close to nil. What kind of information could we get to check that it is still “current?” Evidence of practice, testimonies, endorsements, being part of a community of practice, all things that badges can capture quite well.

Life is imperfect and the idea of a “perfect” technology, one that will keep a piece of information “verifiable” until the laws of physics become invalid doesn’t make much sense.

Moreover, unless I missed an important piece of information, we are now back to creating revocation lists (if true, this would mean that there is a major flaw in the design of VCs). Although I was not keen with the initial verification mechanism of Open Badges (compare the copy with the original) as it would mean that when the issuer is gone, the badge is not anymore “verifiable", there was no need to create revocation list, just get rid of the original assertion. And if it’s easy to revoke, it’s also easy to update.

So, while a fantastic work has been done to connect badges with VCs (thanks Kerri, Nate et al.), there is still much to be done with the current standard to move from “verifiability” (until the laws of physics change) to keeping them “current” (during bits of a lifetime).


Reconnaître - Open Recognition Alliance - reconnaitre.openrecognition.org <http://reconnaitre.openrecognition.org/>
Sign the Bologna Open Recognition Declaration - www.openrecognition.org <http://www.openrecognition.org/>
Mobile	+33 6 0768 6727 
Twitter	@szerge
Blog		learningfutures.eu

> On 16 Nov 2021, at 02:27, Dave Crocker <dhc@dcrocker.net> wrote:
> On 11/12/2021 8:05 AM, Kerri Lemoie wrote:
>> There’s been an ongoing discussion in the Open Badges community about using email addresses as an identifier when a wallet is not being used. This is a dilemma particularly in the Open Badges community because it has been using email addresses as recipient identifiers. Over the years using emails as identifiers has been problematic in numerous ways especially considering that the recipients don’t have control over their email addresses and in the past has led to lost badges.
> A topic like this, needs to be very cautious about distinguishing theory from practice.  Theory is always more appealing, because it does not yet show the scars from suffering the realities of practice.
> Identification at global scale is rather more difficult than under more limited circumstances.
> Assignment of identifiers looks simple.  Until it is done at scale. Independence from a controlling organization might look simple.  Go try that at scale.  The same applies to queries using an identifier. Simple, until done at scale.
> In practice, the choices involve tradeoffs, rather than between terrible vs. perfect.
> Having a single, private organization own and administer all the identifiers is about as bad as this topic can get.  It's not a matter of whether the organization is enlightened or evil, but in the nature of designing a single point of administrative and operational failure.
> If you think it's possible to do identifier assignment and lookup where no organization is involved, please provide an example that has demonstrated utility at scale, because I haven't heard of it.
> Absent that, we are back to tradeoffs.
> Domain names are an example of a single, public organization, having control over the top of the hierarchy, but in practical terms, both administration (assignment) and operation (query) are massively distributed.  In practical terms, for most of us, the concerning dependency is primarily on the domain registrar and registry, rather than on ICANN.
> And for the left-hand side of the email address, the question is who is in charge of the domain name.
> If you get your own domain name, the answer is: you!  And you can move to different platform provides as you wish.  The burden, then, is the hassle of knowing enough to exploit this choice.
> If you go with an email service provider and use their domain name, then we're back to a single -- typically private -- organization controlling your fate.  However the improvement is that they don't have to be controlling mine.  Or the other guys'.
> It's easy to criticize the use of email addresses as global identifiers.  What is difficult is finding a better alternative.  That works at scale.
> d/
> -- 
> Dave Crocker
> Brandenburg InternetWorking
> bbiw.net

Received on Monday, 22 November 2021 18:33:11 UTC

This archive was generated by hypermail 2.4.0 : Monday, 22 November 2021 18:33:12 UTC