- From: Arie Yehuda Levy Cohen <arielevycohen@gmail.com>
- Date: Mon, 9 Nov 2015 14:05:31 -0500
- To: Dave Longley <dlongley@digitalbazaar.com>
- Cc: Tony Arcieri <bascule@gmail.com>, "public-webpayments-ig@w3.org" <public-webpayments-ig@w3.org>
- Message-ID: <CAJ+R0wRBipynLsEjm7y-m3D4DGPNFrKHP4JGd1C8fiNXzAmZCw@mail.gmail.com>
Pardon, wrong link: http://research.greyspark.com/assets/GreySpark-Infographic-Capital-Markets-Use-Cases1.pdf -- CRYPTOGRAPHIC SECURITY | IDENTITY | LEGAL & COMPLIANCE ARIE Y. LEVY-COHEN BLOCKCHAIN ADVISOR | SPEAKER | W3C i-EXPERT ECONOMICS | FINANCE | DISTRIBUTED LEDGER TECH P: *917.692.6999* On Mon, Nov 9, 2015 at 2:05 PM, Arie Yehuda Levy Cohen < arielevycohen@gmail.com> wrote: > Perhaps a tad relevant to the discussion, but this may offer some > insights: does anyone here have this report? (GBP @,000 is not cheap - I > wonder): > > http://research.greyspark.com/assets/GreySpark-Infographic-Capital-Markets-Use-Cases1.pdf > > -- > > CRYPTOGRAPHIC SECURITY | IDENTITY | LEGAL & COMPLIANCE > > ARIE Y. LEVY-COHEN > BLOCKCHAIN ADVISOR | SPEAKER | W3C i-EXPERT > ECONOMICS | FINANCE | DISTRIBUTED LEDGER TECH > P: *917.692.6999 <917.692.6999>* > > On Mon, Nov 9, 2015 at 12:24 PM, Dave Longley <dlongley@digitalbazaar.com> > wrote: > >> On 11/06/2015 08:12 PM, Tony Arcieri wrote: >> >>> On Friday, November 6, 2015, Dave Longley <dlongley@digitalbazaar.com >>> <mailto:dlongley@digitalbazaar.com>> wrote: >>> >>>> >>>> We could use these credentials in conjunction with macaroon >>>> caveats (which seems to be one of the primary use cases for >>>> caveats). In other words, these technologies can complement each >>>> other (which is what I believe you were alluding to, so we're in >>>> agreement). >>>> >>> >>> >>> I would argue the same problems can be solved by Macaroons alone, but >>> it seems this WG is looking more for a meta-standard than a >>> one-size-fits-all solution to bless. >>> >> >> The way I could see macaroons working with the proposed Credentials CG >> solution would be to put third party caveats on macaroons that would >> list a set of Identity Credentials that are required to gain >> authorization. Then, instead of contacting a service to obtain these >> credentials, the target site could make a `navigator.credentials` API >> request for the desired credentials. Once retrieved, the macaroon(s) can >> be verified. >> >> This has a number of benefits; one of which is that it helps enhance >> privacy by not allowing the target site to "probe" for identity >> information, rather, user interaction for consent is required (unless >> automatic consent has been specifically granted to a particular target >> site). Some other benefits derive from the ability to attenuate the >> macaroon according the desired verifiable attributes of an entity -- not >> strongly tying them to any particular service that may happen to >> provide/assert them. >> >> Perhaps this approach could still be modelled as a set of first party >> caveats -- but that's in the details. >> >> >> -- >> Dave Longley >> CTO >> Digital Bazaar, Inc. >> http://digitalbazaar.com >> >> >
Received on Monday, 9 November 2015 19:06:00 UTC