Credentials Community Group - W3C TPAC F2F
Minutes for 2014-10-28
- Identity Proofing
- Scope of CG Work
- Use Cases / Future Work
- Identifier Portability
- Data Rights, Legacy Support
- Manu Sporny
- Brian Sletten
- Manu Sporny, Brian Sletten, Jörg Heuer, Glen Wiley, Pat Adler, Karen O'Donoghue, Mountie Lee, Pindar Wong, Evert Fekkes, Eric Korb, Bill Gebert, Mary Bold, Daniel Buchner, Shane McCarron, Josh Soref
Brian Sletten is scribing.
Joerg: Please add an 's' to Deutche Telekom on the slide. :)
Topic: Identity Proofing
Joerg: Will we succeed until we solve this Identity on the Web problem?
Joerg: When you want to prove that I am German, you need to know who *I* is.
Joerg: Credentials seem very much tied to the person. So Identity needs to be solved, no?
Joerg: In Germany we have a National ID by which we can now interact with the Web and it has the ability express a strong level of confidence of identity.
Joerg: Combinations of different credentials make a lot of sense to establish the context.
Topic: Scope of CG Work
Joerg: We should think about both sides of this: Who is guaranteeing the credentials and the consumer who is establishing a level of trust.
Here is a link to the IETF mailing list that is starting a discussion around vectors of trust or levels of assurance.
There is no chartered work at this point, but this is a preliminary mailing list to discuss possible directions that this might go, and one of the possible directions might be contributing to an update of NIST SP 800-63
Joerg: I don't think Payment requires Identity. You need sufficient funds. Cash is useful for anonymous interactions we should protect it.
Joerg: Even if we don't establish the identity of the consumer for the payment, we are still dealing with pseudonyms and technical identifiers like email accounts ("Mickey Mouse identity") and that may still be important to keep track of.
Group breaks for lunch.
Topic: Use Cases / Future Work
Error: (IRC nickname 'karen_od' not recognized)[Tue 16:38:31] <karen_od> Joerg: we could try to distill the earlier conversation
Error: (IRC nickname 'karen_od' not recognized)[Tue 16:48:06] <karen_od> Joerg: Are we expecting credentials to live on forever?
Topic: Identifier Portability
... Two sides of a credential, customer and user,
Error: (IRC nickname 'karen_od' not recognized)[Tue 16:51:36] <karen_od> Joerg: would this be optional because there may be privacy problems here
... Further discussion on how revocation might work and decisions involved
... Can they play both roles?
... Credential servers store credentials issued by issuers
...Long term issuer independent storage
Topic: Data Rights, Legacy Support
Error: (IRC nickname 'karen_od' not recognized)[Tue 17:23:43] <karen_od> Joerg: are we to replace user name and password with this?
Error: (IRC nickname 'karen_od' not recognized)[Tue 17:24:36] <karen_od> Joerg: sounds like OAUTH to me.
...We could wrap OAUTH credentials in the system.