> On 24 Sep 2015, at 22:02, Dave Longley <dlongley@digitalbazaar.com> wrote:
>
> We also need to be careful about the privacy implications here. To
> explain this I'm going to lay out some quick terminology for a
> user-centric system.
>
> In the Credentials CG work, we have four main parties that are involved
> in a "credentials ecosystem". Here's a brief overview:
>
> 1. Users - entities about which claims are made
> 2. Issuers - services that make claims
> 3. IdPs - services that aggregate claims on behalf of Users
> 4. Consumers - services that request and make use of claims
>
> Now, regarding privacy, it would be ideal if a User could interact with
> Consumers without Issuers or IdPs being made aware of this fact. If
> information is going to be transferred "server-to-server", this property
> should be preserved.
A further desirable property would be that the identifiers used between the User and Consumer are short lived (i.e. session based), to minimise loss of privacy across sessions or across Consumers.
—
Dave Raggett <dsr@w3.org <mailto:dsr@w3.org>>