Following up to myself: if the plan is really that people will have a single identity that they then present to everyone and that claims hang off, I think W3C should not standardize that.
-Ekr On Mon, Dec 12, 2016 at 8:48 AM, Eric Rescorla <e...@rtfm.com> wrote: > I took a quick look at this material and it's very hard to tell what the > actual privacy properties are: > > "From a privacy perspective it is important that information that is > intended to remain private is handled appropriately. Maintaining the trust > of a verifiable claims ecosystem is important. Verifiable claims technology > defined by this group should not disclose private details of the > participants' identity or other sensitive information unless required for > operational purposes, by legal or jurisdictional rules, or when > deliberately consented to (e.g. as part of a request for information) by > the holder of the information. The design of any data model and syntax(es) > should guard against the unwanted leakage of such data." > > But then when I read their architecture, I see: > "In order for Jane (Holder and Subject) to have information assigned to > her, she must get an identifier (Subject Identifier)." > > Which makes it sound like this is going to leak a huge amount of tracking > information (effectively being an identity credential with attributes > attached). There has been a huge amount of work on using crypto to allow > you to prove specific claims without information leakage (cf. > https://www.microsoft.com/en-us/research/project/u-prove/), but this > doesn't seem to reflect any of it, rather opting for a much more naive > design which is going to have much worse privacy properties. Is that really > the intent here? > > -Ekr > > > > On Fri, Dec 9, 2016 at 6:17 PM, L. David Baron <dba...@dbaron.org> wrote: > >> The W3C is proposing a new charter for: >> >> Verifiable Claims Working Group >> https://www.w3.org/2017/vc/charter >> https://lists.w3.org/Archives/Public/public-new-work/2016Dec/0003.html >> >> Mozilla has the opportunity to send comments or objections through >> Sunday, January 15, 2017. >> >> Please reply to this thread if you think there's something we should >> say as part of this charter review, or if you think we should >> support or oppose it. >> >> -David >> >> -- >> 𝄞 L. David Baron http://dbaron.org/ 𝄂 >> 𝄢 Mozilla https://www.mozilla.org/ 𝄂 >> Before I built a wall I'd ask to know >> What I was walling in or walling out, >> And to whom I was like to give offense. >> - Robert Frost, Mending Wall (1914) >> >> _______________________________________________ >> dev-platform mailing list >> dev-platform@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-platform >> >> > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
