- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 05 Mar 2014 11:38:05 +0100
- To: Manu Sporny <msporny@digitalbazaar.com>, Web Payments <public-webpayments@w3.org>
My concern is really on a more fundamental level: Who is the actual consumer of these identities? In the conventional payment world (which I know more about than WebPayments), you identify yourself (in some way...) to a payment provider _once_. After that you get access to a payment resource which does not necessarily expose your identity. It is IMHO rather the opposite, the _less_ identity you have to provide during a payment operation the better. Invoiced purchases are different, they typically require background checking before getting through, at least for new customers. Anders On 2014-03-05 02:57, Manu Sporny wrote: > We're trying to clarify the terminology for the badly named "Web > Identity" spec. While this may seem like bikeshedding, clarifying the > terminology helps identify what the spec is and isn't about. The newest > iteration of the specification abstract looks like this: > > """ > An identity is a Linked Data description of a particular entity such as > a person or organization. A credential is a qualification, achievement, > quality, or information about an identity's background such as a name, > government ID, home address, or university degree. This specification > describes mechanisms for reading credentials from and writing > credentials to a Linked Data identity while ensuring that the > information is only accessible to authorized applications. > """ > > The terminology has changed from "assertion" -> "credential", and from > "endorsement" -> "claim. So, identities may contain one or more > credentials. Credentials may contain one or more claims about a > particular identity. > > As an example, an identity "https://example.com/i/jane" contains a > digitally signed credential supplied by the US Government claiming that > the name "Jane Doe" and the government-issued ID "123-45-6789" is > associated with the identity: > > { > "@context": "https://w3id.org/identity/v1", > "id": "https://example.com/i/jane", > "type": "Identity", > "name": "Jane Doe", > "governmentId": "123-45-6789", > "credential": [{ > "id": "http://ssa.us.gov/credentials/3732", > "type": "PassportCredential", > "claim": { > "id": "https://example.com/i/jane", > "name": "Jane Doe", > "governmentId": "123-45-6789" > }, > "expires": "2018-01-01", > "signature": { > "type": "GraphSignature2012", > "signer": "https://ssa.us.gov/keys/27", > "signature": "3780eyfh3q0fhhfi...8ahsidfhf29rhaish" > } > }, ... ] > } > > This new formulation hints at the real purpose of the specification. It > isn't about identity as much as it is about asserting an identity's > credentials. In that vein, the specification should probably be renamed > from "Web Identity" to "Web Credentials". > > Thoughts? > > -- manu >
Received on Wednesday, 5 March 2014 10:38:40 UTC