Re: [identity-credentials] Clarity of definitions: Credentials, unbound identity, identity hardening, and bound identity from Dave Raggett on 2015-05-27 (public-webpayments-ig@w3.org from May 2015)

From: Dave Raggett <dsr@w3.org>
Date: Wed, 27 May 2015 19:14:55 +0100
To: Adrian Hope-Bailie <adrian@hopebailie.com>
Cc: Erik Anderson <eanders@pobox.com>, Web Payments IG <public-webpayments-ig@w3.org>
Message-Id: <03F2F1AA-0C21-4156-9A25-50C8216A09C7@w3.org>

> On 27 May 2015, at 15:28, Adrian Hope-Bailie <adrian@hopebailie.com> wrote:
> 
> To harden this identity we must "tie it to reality". The problem is, anyone with the document in Example3 can present it and claim to be the subject of that document. In order to harden this identity we require a way for the holder to prove they are also the subject.
> 
> This can be achieved through technology by having biometric data in the document that can be verified by the consumer or the presenter must be able to sign a challenge with one of the keys used to sign the document or.... some other mechanism.

The requirement to embed biometric data isn’t obvious to me.  I would instead expect that we would have assertions about identities, e.g. a web identity used in a transaction and based upon an ecliptic curve key pair that applies to the {user, device, account} combo. This could be tied to a real world identity with attributes such as full name, address, data of birth, financial institution, account number etc.  

Essentially, KYC is addressed through a certificate that ties a web identity to a real world identity. Privacy considerations might weaken this to allow for a deferred binding that is only revealed upon a court order / legal proceedings. 

—
   Dave Raggett <dsr@w3.org <mailto:dsr@w3.org>>

Received on Wednesday, 27 May 2015 18:15:01 UTC