Re: Credentials Task Force proposal

Pardon, wrong link:
http://research.greyspark.com/assets/GreySpark-Infographic-Capital-Markets-Use-Cases1.pdf

--

CRYPTOGRAPHIC SECURITY  |  IDENTITY  |  LEGAL & COMPLIANCE

ARIE Y. LEVY-COHEN
BLOCKCHAIN ADVISOR | SPEAKER | W3C i-EXPERT
ECONOMICS | FINANCE | DISTRIBUTED LEDGER TECH
P: *917.692.6999*

On Mon, Nov 9, 2015 at 2:05 PM, Arie Yehuda Levy Cohen <
arielevycohen@gmail.com> wrote:

> Perhaps a tad relevant to the discussion, but this may offer some
> insights: does anyone here have this report? (GBP @,000 is not cheap - I
> wonder):
>
> http://research.greyspark.com/assets/GreySpark-Infographic-Capital-Markets-Use-Cases1.pdf
>
> --
>
> CRYPTOGRAPHIC SECURITY  |  IDENTITY  |  LEGAL & COMPLIANCE
>
> ARIE Y. LEVY-COHEN
> BLOCKCHAIN ADVISOR | SPEAKER | W3C i-EXPERT
> ECONOMICS | FINANCE | DISTRIBUTED LEDGER TECH
> P: *917.692.6999 <917.692.6999>*
>
> On Mon, Nov 9, 2015 at 12:24 PM, Dave Longley <dlongley@digitalbazaar.com>
> wrote:
>
>> On 11/06/2015 08:12 PM, Tony Arcieri wrote:
>>
>>> On Friday, November 6, 2015, Dave Longley <dlongley@digitalbazaar.com
>>> <mailto:dlongley@digitalbazaar.com>> wrote:
>>>
>>>>
>>>> We could use these credentials in conjunction with macaroon
>>>> caveats (which seems to be one of the primary use cases for
>>>> caveats). In other words, these technologies can complement each
>>>> other (which is what I believe you were alluding to, so we're in
>>>> agreement).
>>>>
>>>
>>>
>>> I would argue the same problems can be solved by Macaroons alone, but
>>> it seems this WG is looking more for a meta-standard than a
>>> one-size-fits-all solution to bless.
>>>
>>
>> The way I could see macaroons working with the proposed Credentials CG
>> solution would be to put third party caveats on macaroons that would
>> list a set of Identity Credentials that are required to gain
>> authorization. Then, instead of contacting a service to obtain these
>> credentials, the target site could make a `navigator.credentials` API
>> request for the desired credentials. Once retrieved, the macaroon(s) can
>> be verified.
>>
>> This has a number of benefits; one of which is that it helps enhance
>> privacy by not allowing the target site to "probe" for identity
>> information, rather, user interaction for consent is required (unless
>> automatic consent has been specifically granted to a particular target
>> site). Some other benefits derive from the ability to attenuate the
>> macaroon according the desired verifiable attributes of an entity -- not
>> strongly tying them to any particular service that may happen to
>> provide/assert them.
>>
>> Perhaps this approach could still be modelled as a set of first party
>> caveats -- but that's in the details.
>>
>>
>> --
>> Dave Longley
>> CTO
>> Digital Bazaar, Inc.
>> http://digitalbazaar.com
>>
>>
>

Received on Monday, 9 November 2015 19:06:00 UTC