- From: Stephane Boyera <boyera@w3.org>
- Date: Mon, 02 Jun 2014 15:18:25 +0200
- To: Mary Bold <mary.bold@accreditrust.com>, public-webpaymentsigcharter@w3.org
Dear Mary, thank you very much for your comments. See below my remarks > > Identity and authentication methods for the Web should meet criteria > for additional spheres. Accreditrust needs a global solution for storing > high stakes credential data and ability to associate them with identity > on the Web. We think any solutions working for finance should also work > for the education sector. you are absolutely right. The fact is that identity on the Web is something that is far bigger in scope than identity related to web payments. That's why this group will not be in charge of defining idenitty on the web or authentication, but will define the specific requirements related to payments and work with other groups (W3C or non-w3C ones) to ensure that the technologies they are developed can fit with web payments requirements. I will try to clarify better this point > > Use-cases can appropriately include educational data--the same > requirements for authentication exist. Educational data might include a > range of elements and would surely differ around the globe. Elements > could be high stakes exam results, performance records, personal > history. People using such systems range in age from child- to > adulthood. Educational records of adults actually number larger because > they include training and professional credentials. I'm not sure i got this comment. Related to the previous one, I agree with your point that educational data use cases are surely important for identity and authentication. However, While those requirements should be submitted to relevant groups working on those topics, i don't think this is in the scope of this exact group focused on payments? > > The education industry requires identity and credential assurance, > comparable to the financial industry. Credential data that provide data > portability and are privacy-aware (e.g., the identity provider should > not know where the credential data are being sent) should be considered > in the use-cases and requirements. here again, i agree with your point that privacy is an important element. The role of privacy for an identity provider is also critical as you are underlining it. I will try to clarify this point int he charter. However, like mentioned above, I'm convinced that the requirements on the identity providers would differ from use cases to use cases, and the scope of this group is to focus on the requirements on payments. It is out of the scope of this group to work on identity and identity providers. > > We acknowledge that it may be necessary to limit the scope of > identity work; our interest is how to store and transmit high-stakes > credentials to relying parties. I will clarify this element in the charter. Thank you again for your comments Best Stephane > Accreditrust will be interested in joining this work through > contributions to a Working Group and membership at the W3C. > > > > Mary Bold, Ph.D., CFLE > EVP and Chief Research Officer > Accreditrust LLC > Email: mary.bold@accreditrust.com <mailto:mary..bold@accreditrust.com> > Direct: 940-367-3852 -- Stephane Boyera stephane@w3.org W3C +33 (0) 6 73 84 87 27 BP 93 F-06902 Sophia Antipolis Cedex, France
Received on Monday, 2 June 2014 13:18:57 UTC