W3C home > Mailing lists > Public > public-webpayments-ig@w3.org > December 2015

Re: Verifiable Claims Task Force Summary of Concerns

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 01 Dec 2015 23:54:46 -0500
Message-ID: <565E7996.5060401@digitalbazaar.com>
To: public-webpayments-ig@w3.org
On 12/01/2015 01:51 PM, David Singer wrote:
> Hi Manu, everyone

Hi David, :) responses to your questions/assertions follow...

> The Wiki page has some inconsistencies: the title says "Verifiable 
> Claims Task Force PROPOSAL” and then it talks about a Working Group 
> "Determine if a W3C Working Group should be created”.

Yes, that's confusing. Here are the order of operations:

1. Propose a Verifiable Claims Task Force. This is where we are right
   now and that's why the title has PROPOSAL in it.
2. Approve Verifiable Claims Task Force as Web Payments IG Task Force.
3. Verifiable Claims Task Force operates and determines whether a W3C
   Working Group should be created.

Does that help clear it up? If so, what wording would you suggest to
correct the issues you saw?

> My personal view is that this is not a payment-specific problem (“to
>  do X the web site needs to be able to verify your claim Y”)

It's not a payment-specific problem, but the problem does affect payments.

"In order to sell you alcohol, I need to know you're above the legal
drinking age." (proof of age is a verifiable claim)

"In order to make this cross-border payment, I need to clearly identify
the sending party and the receiving party." (proof of who you are is a
set of verifiable claims)

> and I am not sure that it’s a W3C problem.

It's very hard to prove things about yourself on the Web in an
interoperable way today. Why doesn't that fall into W3C's purview?

For example, it's easier to prove that I have a valid US passport in
person than it is via the Web. Isn't that a shortcoming of the Web platform?

> I also happen to think it’s rather hard (since in effect, you end up 
> having to say “well, Z supports my claim Y” - e.g. my driving
> license supports my claimed birth-date, and then you have to get 
> organizations Z willing to support individuals’ claims).

The current proposals don't work that way. Rather, organization Z says
something (a verifiable claim) about an entity A. Entity A can then take
that claim and present it to entity B, and as long as entity B trusts
organization Z, it can trust that verifiable claim (assuming Entity A
can prove that they are Entity A and there is some sort of crypto on the
verifiable claim).

We have a number of organizations (large, multi-billion dollar
multi-nationals) involved in the work that are comfortable with this model.

Does that make sense? Or did I miss something?

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Web Payments: The Architect, the Sage, and the Moral Voice
Received on Wednesday, 2 December 2015 04:55:15 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:08:47 UTC