W3C home > Mailing lists > Public > public-webpayments-ig@w3.org > May 2015

Re: [identity-credentials] Clarity of definitions: Credentials, unbound identity, identity hardening, and bound identity

From: Dave Raggett <dsr@w3.org>
Date: Wed, 27 May 2015 19:14:55 +0100
Cc: Erik Anderson <eanders@pobox.com>, Web Payments IG <public-webpayments-ig@w3.org>
Message-Id: <03F2F1AA-0C21-4156-9A25-50C8216A09C7@w3.org>
To: Adrian Hope-Bailie <adrian@hopebailie.com>

> On 27 May 2015, at 15:28, Adrian Hope-Bailie <adrian@hopebailie.com> wrote:
> 
> To harden this identity we must "tie it to reality". The problem is, anyone with the document in Example3 can present it and claim to be the subject of that document. In order to harden this identity we require a way for the holder to prove they are also the subject.
> 
> This can be achieved through technology by having biometric data in the document that can be verified by the consumer or the presenter must be able to sign a challenge with one of the keys used to sign the document or.... some other mechanism.

The requirement to embed biometric data isn’t obvious to me.  I would instead expect that we would have assertions about identities, e.g. a web identity used in a transaction and based upon an ecliptic curve key pair that applies to the {user, device, account} combo. This could be tied to a real world identity with attributes such as full name, address, data of birth, financial institution, account number etc.  

Essentially, KYC is addressed through a certificate that ties a web identity to a real world identity. Privacy considerations might weaken this to allow for a deferred binding that is only revealed upon a court order / legal proceedings. 

—
   Dave Raggett <dsr@w3.org <mailto:dsr@w3.org>>




Received on Wednesday, 27 May 2015 18:15:01 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:08:36 UTC