Re: Request for user story - Store basic identity credentials from Manu Sporny on 2014-05-15 (public-webpayments@w3.org from May 2014)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Thu, 15 May 2014 14:57:24 -0400
To: public-webpayments@w3.org
Message-ID: <53750E14.7070107@digitalbazaar.com>

On 05/05/2014 04:14 AM, Anders Rundgren wrote:
> REQUIREMENTS (optional)
> 
> Information about a user on the web should be made accessible to 
> other parties at the user's discretion. I personally do not see how 
> you can fix that without getting into pretty awkward management 
> schemes that few users would be able to cope with.

Why do you say that? I don't think that's true. Here's one fairly
straight forward way to do it:

1. Website requests name and shipping address from customer's identity
   provider.
2. Identity provider shows customer exactly what information is going
   to be transmitted to the website. For example, "buymart.com has
   requested some information from you. Specifically, we're getting
   ready to send your name (Bob McBobson) and your shipping address
   (123 Interweb Lane, Cityville, CA 90215) to them. Is that
   okay with you? (Yes/No)"
3. Customer approves the transmission, website receives the data.

That's something that most users would be able to cope with (and is
something that the Identity Credentials spec is already designed to do):

https://web-payments.org/specs/source/identity-credentials/

> My only remedy is that you rather "carry" such information and 
> selectively disclose it when requested.

Yes, and by "carry", keep in mind that that information can be locked
away in an online data/identity provider such that only you can access
it (via encryption password or private key). So, there is no need to
physically carry it around thanks to the Internet :).

> I'm aware of the fact that such measures require deep patches in 
> browsers...

I don't think they do. There are a number of ways, using pure HTTP and
JavaScript, where you can store and retrieve this information from an
encrypted online data locker using a website you trust.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
http://manu.sporny.org/2014/dawn-of-web-payments/

Received on Thursday, 15 May 2014 18:57:46 UTC