Fwd: Review of Verifiable Claims Working Group Charter

Forwarding input from John Tibbett's, who doesn't have access to Web
Payments IG mailing list.

-------- Forwarded Message --------
Subject: Review of Verifiable Claims Working Group Charter
Date: Thu, 10 Mar 2016 17:40:15 -0800
From: John Tibbetts <john.tibbetts@kinexis.com>
To: Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials Community
Group <public-credentials@w3.org>

I’ve reviewed the Working Group Charter and, with a couple of minor
exceptions, think it’s a very creditable document.  It’s amazing to me
how quickly this group’s deliverables have evolved even with half the
troupe out sick.

I have two comments:

Section 2. Goals

I was skeptical at first about Ian’s suggestion of making these points
more goal-like.  But I now realize that was a failure of imagination on
my part.  I now see that they are a big improvement.  (Manu says he’ll
do some word-smoothing over the weekend, but with that it’s an
impressive set).

However there’s one other point that might strengthen the goals.  Since
the Problem Statement explicitly includes the point about cross-industry
interoperability shouldn’t there be a goal that makes some assertion
like: Supporting extensible vocabularies that can serve the need of a
variety of industries.

My wording here is somewhat anemic but the sense of this is that this
goal would address the capabilities that earlier on, in the
‘Retrospective' blog post, we categorized as ‘Extensible Data Model’, or
slightly differently, ‘Decentralized Vocabulary’.  It seems that we
ought to have some goal in this section that addresses these issues.


Section 3.2. Security and Privacy Considerations

I wonder if we shouldn’t slightly soften this sentence: "Protection of
the privacy of all participants in a credentials ecosystem is essential
to maintaining the trust that credential systems are dependent upon to
function.”.  I’m saying we should tone this down a mite for W3C
political reasons.  Think of it this way: there are a lot of folks out
there who put a lot of trust in OpenID Connect even though it’s a basic
premise of this group that we can do a lot better with Privacy.  So an
OIDC advocate might read this sentence as saying: if you can’t provide
privacy of all participants your credential system isn't trustworthy.
I’ll leave it to those in our group who are more politically astute to
judge whether this is a vulnerability or just my imagination.


Very nice job gang.

John

Received on Saturday, 12 March 2016 16:14:21 UTC