On Tue, Dec 13, 2016 at 5:56 AM, Eric Rescorla <e...@rtfm.com> wrote: > Following up to myself: if the plan is really that people will have a > single identity that they then present to everyone and that claims hang > off, I think W3C should not standardize that.
A lot hinges on the nature of that identifier, but couldn't it be a pseudonymous identifier, even unique to the specific transaction? Building a set of issuers that sites are willing to trust creates a whole new set of problems. Say that I accept claims from the California DMV for the purposes of age. When you produce a document signed by the DMV saying that you are 21, I also learn that (with high probability) you live in California. If which entities are trusted, that has another set of consequences. What consequences on whether the relying party does or is able to advertise which entities it trusts. All of this stuff matters at the scale of the web. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
