- From: Arie Yehuda Levy Cohen <arielevycohen@gmail.com>
- Date: Mon, 9 Nov 2015 14:05:03 -0500
- To: Dave Longley <dlongley@digitalbazaar.com>
- Cc: Tony Arcieri <bascule@gmail.com>, "public-webpayments-ig@w3.org" <public-webpayments-ig@w3.org>
- Message-ID: <CAJ+R0wRYa+uoGY6AD+FX6PZJCpxR4+X5Ptb1Gi77T7mnjfFSbQ@mail.gmail.com>
Perhaps a tad relevant to the discussion, but this may offer some insights: does anyone here have this report? (GBP @,000 is not cheap - I wonder): http://research.greyspark.com/assets/GreySpark-Infographic-Capital-Markets-Use-Cases1.pdf -- CRYPTOGRAPHIC SECURITY | IDENTITY | LEGAL & COMPLIANCE ARIE Y. LEVY-COHEN BLOCKCHAIN ADVISOR | SPEAKER | W3C i-EXPERT ECONOMICS | FINANCE | DISTRIBUTED LEDGER TECH P: *917.692.6999* On Mon, Nov 9, 2015 at 12:24 PM, Dave Longley <dlongley@digitalbazaar.com> wrote: > On 11/06/2015 08:12 PM, Tony Arcieri wrote: > >> On Friday, November 6, 2015, Dave Longley <dlongley@digitalbazaar.com >> <mailto:dlongley@digitalbazaar.com>> wrote: >> >>> >>> We could use these credentials in conjunction with macaroon >>> caveats (which seems to be one of the primary use cases for >>> caveats). In other words, these technologies can complement each >>> other (which is what I believe you were alluding to, so we're in >>> agreement). >>> >> >> >> I would argue the same problems can be solved by Macaroons alone, but >> it seems this WG is looking more for a meta-standard than a >> one-size-fits-all solution to bless. >> > > The way I could see macaroons working with the proposed Credentials CG > solution would be to put third party caveats on macaroons that would > list a set of Identity Credentials that are required to gain > authorization. Then, instead of contacting a service to obtain these > credentials, the target site could make a `navigator.credentials` API > request for the desired credentials. Once retrieved, the macaroon(s) can > be verified. > > This has a number of benefits; one of which is that it helps enhance > privacy by not allowing the target site to "probe" for identity > information, rather, user interaction for consent is required (unless > automatic consent has been specifically granted to a particular target > site). Some other benefits derive from the ability to attenuate the > macaroon according the desired verifiable attributes of an entity -- not > strongly tying them to any particular service that may happen to > provide/assert them. > > Perhaps this approach could still be modelled as a set of first party > caveats -- but that's in the details. > > > -- > Dave Longley > CTO > Digital Bazaar, Inc. > http://digitalbazaar.com > >
Received on Monday, 9 November 2015 19:05:35 UTC