Re: Proof of Concept: Identity Credentials Login

On 06/13/2014 02:12 AM, Tim Holborn wrote:
> I can, and will write a volume or two about this area (identity, 
> privacy, anonymity, etc.): however, figure it’s not something for
> the list, and in any case; it’ll need some editing…

I'll chime in on where there seems to be consensus (thus far) to help
those new to the mailing list understand what we've already discussed
wrt. privacy/anonymity, etc.

In general, we are designing a privacy-aware system. That is, it will
protect your privacy as much as possible (given the rules and
regulations in your country and parameters of the transaction).

In general, we are not designing an anonymous payments system, but do
intend to enable one or more to hook into the Web Payments architecture
as long as it doesn't create a system that runs afoul of your national
laws/regulations. For example, Bitcoin is fine in some countries and
illegal in others. We want to support Bitcoin, and Ripple, and Zerocash.

> When the terms ‘digital cash’ and ‘anonymity’ is concerned; are you 
> talking about entirely anonymous? or identity displacement?

The PaySwarm specs talk about identity displacement. That is, only those
who need to know get to know who you are, and you are always notified
and have the final say when that information is being requested/exchanged.

We may decide to do something w/ entirely anonymous transactions in
time, but standardizing something for doing that now would be premature.

> Whilst I absolutely believe enormously beneficial to encouraging 
> users with an Email Address - to migrate towards owning and operating
> their own domain - it’s not specifically within the ‘domain’ of
> web-payments.

Also keep in mind that not all 2.4 billion people on the Web will be
able to or capable of operating their own domain. We will still need to
consider intermediaries that manage your identity online w/ the current
design of the Internet.

Any design that we come up with will need to ensure identity provider
flexibility. Just because your email address is hosted at a particular
domain doesn't mean that the domain should also be your identity
provider. The same goes for your payment processor. Just because you
login with a particular email address doesn't mean that the domain that
hosts that email address should be your payment provider and identity
provider.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
http://manu.sporny.org/2014/dawn-of-web-payments/

Received on Sunday, 15 June 2014 20:51:06 UTC