- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Mon, 9 Apr 2018 08:55:33 -0400
- To: public-vc-wg@w3.org
On 04/08/2018 06:03 PM, Liam R. E. Quin wrote: > Wondering if there's a way to improve the US of signing up for > services that require an email account and send you a "verification" > link, maybe with email providers signing a hasThisEmailAddress > credential? Yes, this is the quintessential use case for login and is what kick-started all of this technical work: http://manu.sporny.org/2014/credential-based-login/ Fundamentally, a site may ask: 1. Prove to me that you control a DID, and then 2. Give me a verified email address so I can communicate with you. Note that this destroys any sort of privacy gained via a ZKP approach, which is why people are talking about replacing email w/ secured messaging services. > What led me here is the related-but-different story in > https://jameshfisher.com/2018/04/07/the-dots-do-matter...html I didn't even know of that feature until you emailed it to the list and are now working through if our own systems are vulnerable to such an attack. Building secure systems is hard. :) -- manu PS: also interesting is that in that blog post, we were using the term "Verifiable Credentials"... so, we've come full circle on terminology after 4+ years. -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Monday, 9 April 2018 12:56:00 UTC