Re: "Web Identity" -> "Web Credentials" from Anders Rundgren on 2014-03-05 (public-webpayments@w3.org from March 2014)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 05 Mar 2014 11:38:05 +0100
To: Manu Sporny <msporny@digitalbazaar.com>, Web Payments <public-webpayments@w3.org>
Message-ID: <5316FE8D.6050002@gmail.com>

My concern is really on a more fundamental level:

  Who is the actual consumer of these identities?

In the conventional payment world (which I know more about than WebPayments),
you identify yourself (in some way...) to a payment provider _once_.  After
that you get access to a payment resource which does not necessarily expose
your identity.

It is IMHO rather the opposite, the _less_ identity you have to provide during
a payment operation the better.

Invoiced purchases are different, they typically require background checking before
getting through, at least for new customers.

Anders

On 2014-03-05 02:57, Manu Sporny wrote:
> We're trying to clarify the terminology for the badly named "Web
> Identity" spec. While this may seem like bikeshedding, clarifying the
> terminology helps identify what the spec is and isn't about. The newest
> iteration of the specification abstract looks like this:
> 
> """
> An identity is a Linked Data description of a particular entity such as
> a person or organization. A credential is a qualification, achievement,
> quality, or information about an identity's background such as a name,
> government ID, home address, or university degree. This specification
> describes mechanisms for reading credentials from and writing
> credentials to a Linked Data identity while ensuring that the
> information is only accessible to authorized applications.
> """
> 
> The terminology has changed from "assertion" -> "credential", and from
> "endorsement" -> "claim. So, identities may contain one or more
> credentials. Credentials may contain one or more claims about a
> particular identity.
> 
> As an example, an identity "https://example.com/i/jane" contains a
> digitally signed credential supplied by the US Government claiming that
> the name "Jane Doe" and the government-issued ID "123-45-6789" is
> associated with the identity:
> 
> {
>   "@context": "https://w3id.org/identity/v1",
>   "id": "https://example.com/i/jane",
>   "type": "Identity",
>   "name": "Jane Doe",
>   "governmentId": "123-45-6789",
>   "credential": [{
>     "id": "http://ssa.us.gov/credentials/3732",
>     "type": "PassportCredential",
>     "claim": {
>       "id": "https://example.com/i/jane",
>       "name": "Jane Doe",
>       "governmentId": "123-45-6789"
>     },
>     "expires": "2018-01-01",
>     "signature": {
>        "type": "GraphSignature2012",
>        "signer": "https://ssa.us.gov/keys/27",
>        "signature": "3780eyfh3q0fhhfi...8ahsidfhf29rhaish"
>     }
>   }, ... ]
> }
> 
> This new formulation hints at the real purpose of the specification. It
> isn't about identity as much as it is about asserting an identity's
> credentials. In that vein, the specification should probably be renamed
> from "Web Identity" to "Web Credentials".
> 
> Thoughts?
> 
> -- manu
>

Received on Wednesday, 5 March 2014 10:38:40 UTC