- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sat, 12 Mar 2016 11:13:55 -0500
- To: Web Payments IG <public-webpayments-ig@w3.org>
Forwarding input from John Tibbett's, who doesn't have access to Web Payments IG mailing list. -------- Forwarded Message -------- Subject: Review of Verifiable Claims Working Group Charter Date: Thu, 10 Mar 2016 17:40:15 -0800 From: John Tibbetts <john.tibbetts@kinexis.com> To: Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials Community Group <public-credentials@w3.org> I’ve reviewed the Working Group Charter and, with a couple of minor exceptions, think it’s a very creditable document. It’s amazing to me how quickly this group’s deliverables have evolved even with half the troupe out sick. I have two comments: Section 2. Goals I was skeptical at first about Ian’s suggestion of making these points more goal-like. But I now realize that was a failure of imagination on my part. I now see that they are a big improvement. (Manu says he’ll do some word-smoothing over the weekend, but with that it’s an impressive set). However there’s one other point that might strengthen the goals. Since the Problem Statement explicitly includes the point about cross-industry interoperability shouldn’t there be a goal that makes some assertion like: Supporting extensible vocabularies that can serve the need of a variety of industries. My wording here is somewhat anemic but the sense of this is that this goal would address the capabilities that earlier on, in the ‘Retrospective' blog post, we categorized as ‘Extensible Data Model’, or slightly differently, ‘Decentralized Vocabulary’. It seems that we ought to have some goal in this section that addresses these issues. Section 3.2. Security and Privacy Considerations I wonder if we shouldn’t slightly soften this sentence: "Protection of the privacy of all participants in a credentials ecosystem is essential to maintaining the trust that credential systems are dependent upon to function.”. I’m saying we should tone this down a mite for W3C political reasons. Think of it this way: there are a lot of folks out there who put a lot of trust in OpenID Connect even though it’s a basic premise of this group that we can do a lot better with Privacy. So an OIDC advocate might read this sentence as saying: if you can’t provide privacy of all participants your credential system isn't trustworthy. I’ll leave it to those in our group who are more politically astute to judge whether this is a vulnerability or just my imagination. Very nice job gang. John
Received on Saturday, 12 March 2016 16:14:21 UTC