RE: Voluntary (and non-) Standards (was: Support for Verifiable Claims)

Tantek Celik wrote:
> And Gray Taylor wrote:
> > who watches the watchers is the age-old question.
> 
> who asks the claimers for citations for their claims?

Speaking for myself, I don't remember any "claim citation" requirement for posting here in informal discussion.

It's a fair question to ask for backup - I think that part of your message is clear.

Best regards,
David

> -----Original Message-----
> From: Tantek Çelik [mailto:tantek@cs.stanford.edu]
> Sent: Thursday, December 08, 2016 3:28 PM
> To: Gray Taylor
> Cc: singer@apple.com; David Ezell; Michael Champion; Manu Sporny; Nate
> Otto; Stone, Matthew K; Chris Wilson; Tantek Çelik; Mark Nottingham; w3c-
> ac-forum@w3.org; public-webpayments-comments@w3.org; Richard Varn;
> Drummond Reed; Nathan George; Kerri Lemoie; David Chadwick; Eric Korb;
> Christopher Allen; Phil Archer; Linda Toth; Jay Johnson; Bob Burke
> Subject: Re: Voluntary (and non-) Standards (was: Support for Verifiable
> Claims)
> 
> tl;dr: Who verifies the claims of the Verified Claims advocates?
> 
> (motivation) If Verified Claims advocates can't be bothered to provide simple
> URL citations to verify their claims, why would anyone bother with anything
> more complex?
> 
> (dogfooding) If you're not living breathing the behaviors you're advocating,
> why should anyone take advocations of (formalized versions
> of) those behaviors seriously?
> 
> 
> Longer:
> 
> 
> Not picking on you in particular Gray, because this is an endemic problem
> that I have seen in pretty much all Verified Claims (CG/WG) discussions.
> 
> Lots of claims made in the prose of such messages/emails, usually zero
> citations to verify those claims. Manu is the notable exception, he usually
> provides quite a few citations for his points in his emails.
> 
> So just as an example:
> 
> 
> On Wed, Dec 7, 2016 at 8:35 AM, Gray Taylor <gtaylor@conexxus.org> wrote:
> > Interesting thread on legal standing.  Right now, 9 states are wrestling with
> putting verifiable drivers licenses on mobile devices (the paper artifacts we
> use today are eminently fraud prone - just ask any college student).
> 
> Which 9 states? Citations to .gov sites that can be used to verify this "9
> states" claim? Or a citation to a summary thereof itself with citations for the
> specific states?
> 
> 
> >  In today's case, US State Department, DMV, Social Security Administration,
> County records, etc. all act as trusted service providers of the "paper and
> static ID" world; with great peril to the citizen as these artifacts can be stolen
> easily.  Their role won't change anytime soon.
> 
> Presumably you're referring to passports, drivers licenses, social security
> cards, etc. and expecting (likely) that these examples are physically self-
> evident.
> 
> 
> > Conexxus' feeling is that we don't proscribe legal purview of verifiable
> claims, but create an eco-system by which the "watchers" in today's
> existential data world can choose reliable new technologies to continue their
> mandated mission; and on a basis of NOT conveying unnecessary and static
> PII, which is the Achilles heel of our online existence.  So the intent is to
> provide control over our own identities as a first order.
> 
> Could you provide a public Conexxus URL that describes this "eco-system"
> goal in more detail?
> 
> 
> > If W3C creates a trusted environment framework, then the agencies will
> adopt them as a matter of public demand (IMHO this will be an escalating
> societal trend).
> 
> This is a very shaky hypothesis, on multiple counts.
> 
> First, agencies presumably adopt things without W3C involvement (e.g.
> whatever they have adopted today).
> 
> Second, what successful examples can you cite of W3C created standards
> involving trust (or anything else) that "agencies" subsequently adopted?
> Whether from public demand or other motivation. I have seen no evidence
> to support this "if ... then" hypothesis.
> 
> 
> >  Each (global) jurisdiction will make its decision based on available
> technology and political aims v. the will of their people.
> >
> > Our retail industry does not want to know anything about you beyond "are
> you old enough to buy beer?" and can I capture the signature (read legal
> verification) of the TSP saying you are?  Certainly no business will stake their
> liquor license on a semi-trusted service provider, so the framework needs to
> authenticate the TSP as well.
> 
> Presumably this is orthogonal or unrelated, as such businesses today seem to
> (anecdotally) only accept government issued IDs for "are you old enough". I
> would assume they will continue to do so, regardless of what tech happens
> to be in such IDs, and I'd doubt they'd accept non-govt issued IDs.
> 
> 
> > So long opinion, short, if we build it, they will come as needed ...
> 
> build yes, just standardize no. And this discussion is about creating a working
> group to create a standard.
> 
> Specifically, long experience has shown in W3C that "if we standardize it,
> they will come as needed" is a generally false assertion.
> 
> More TR RECs (https://www.w3.org/TR/) than not have failed to gain any
> serious broad traction (web browsers and servers implement a small subset
> of W3C RECs, not to mention IETF RFCs). The number of obsolete,
> abandoned, etc. W3C RECs and IETF RFCs greatly outnumbers those in
> modern use. I don't have exact numbers, merely from personal analysis.
> 
> 
> <aside>
> 
> The AB *is* working on a process for explicitly obsoleting abandoned RECs to
> start cleaning this up, in the hopes that eventually the RECs remaining are the
> ones that have actually be widely implemented, deployed, and are in use.
> 
> We've started with a few examples to help us drive the necessary process
> changes:
> * https://www.w3.org/wiki/AB/2016_Priorities#Specifications_to_obsolete

> 
> </aside>
> 
> 
> > who watches the watchers is the age-old question.
> 
> who asks the claimers for citations for their claims?
> 
> I'm going to keep asking for citations for claims until I see a cultural shift
> towards people who want Verified Claims as a technology providing URLs to
> substantiate their claims.
> 
> I think everyone should adopt more of a [citation needed] practice,
> especially in this community.
> 
> Tantek
> 
> 
> > -----Original Message-----
> > From: singer@apple.com [mailto:singer@apple.com]
> > Sent: Tuesday, December 6, 2016 4:34 PM
> > To: David Ezell <David_E3@VERIFONE.com>
> > Cc: Michael Champion <Michael.Champion@microsoft.com>; Gray Taylor
> > <gtaylor@conexxus.org>; Manu Sporny <msporny@digitalbazaar.com>;
> Nate
> > Otto <nate@badgealliance.org>; Stone, Matthew K
> > <matt.stone@pearson.com>; Chris Wilson <cwilso@google.com>; Tantek
> > Çelik <tantek@cs.stanford.edu>; Mark Nottingham
> <mnotting@akamai.com>;
> > w3c-ac-forum@w3.org; public-webpayments-comments@w3.org; Richard
> Varn
> > <rvarn@ets.org>; Drummond Reed <drummond@respectnetwork.com>;
> Nathan
> > George <nathan.george@evernym.com>; Kerri Lemoie
> > <kerri@openworksgrp.com>; David Chadwick
> <d.w.chadwick@kent.ac.uk>;
> > Eric Korb <Eric.Korb@accreditrust.com>; Christopher Allen
> > <ChristopherA@blockstream.com>; Phil Archer <phila@w3.org>; Linda
> Toth
> > <ltoth@conexxus.org>; Jay Johnson <jay@qples.com>; Bob Burke
> > <bburke@kou.pn>
> > Subject: Re: Voluntary (and non-) Standards (was: Support for
> > Verifiable Claims)
> >
> >
> >> On Dec 6, 2016, at 14:15 , David Ezell <David_E3@VERIFONE.com> wrote:
> >>
> >> To the first point, I’m not sure what you mean by non-voluntary standards
> organizations:  ... I’m not sure this non-voluntary distinction is worth fretting
> about.
> >
> > Some standards organizations (notably ITU) are the result of treaties, and
> some (including ITU) produce standards that can later have the force of law
> behind them.   “X’s sold or made available in country Y must comply with
> standard Z.”
> >
> > As you say, it’s not strongly relevant, except that in this field, some of the
> use cases for verifiable claims also intersect with legal requirements (e.g.
> being required to check the age of someone before selling them certain
> products). We easily back into the ‘quis custodiet custodies?’ problem if
> we’re not careful (who watches the watchers?) and wonder “who is
> recognized legally as being able to prove the age of a customer?”.
> >
> >
> > David Singer
> > Manager, Software Standards, Apple Inc.
> >

Received on Thursday, 8 December 2016 20:58:26 UTC