Warning:
This wiki has been archived and is now read-only.
Main Page/FTF June2015/CredentialsBreakoutSession
From Web Commerce Interest Group
< Main Page | FTF June2015
Definitions
- identity - the fact of being who or what a person or thing is.
- credential - a qualification, achievement, personal quality, or aspect of a person's background, typically when used to indicate that they are suitable for something. Credentials are often used to establish identity.
- issuer - an entity that issues a credential to a recipient.
- recipient - an entity that is in control of a set of credentials where they are the subject of the credential.
- credential consumer (also, relying party) - an entity that accepts credentials for the purpose of granting access to particular services
- vault / credential curator (also, identity provider) - a 3rd party storage service for credentials
The Problem
The problem is interoperability of credential data.
There is no standard, broadly adopted way to express a digital credential on the Web:
- that is composed of a set of attributes (claims) about an entity
- where the issuer can be verified (via a digital signature of some kind)
- where the recipient can be verified to be in control of the credential (via a digital counter-signature of some kind)
The Proposal
http://www.dvrpc.org/Freight/img/2006-04_port/ContainerShipCrane.jpg
http://scm.zoomquiet.io/data/20131004215734/standard_container.jpg
DO
- create a standard data format to express the above
- create a standard protocol (REST APIs and browser APIs) to store and request credentials
- take privacy and security very seriously
- base it off of the good parts of prior less-than-wildly-successful initiatives like Persona, OpenID, SAML, etc. (and understand why those initiatives did not become as successful as intended)
DO NOT
- specify exactly what goes into a KYC / AML / address / passport credential - let each market vertical (issuers and credential consumers) do this
If successful, we could use this for:
- A better way of logging into a website than username/password
- Removing tedious form filling online (for example: at checkout - shipping address, loyalty card number, discount coupon, etc.)
- Stronger establishment of KYC when doing high-value transactions (>$3K, for example)
- Proving that you have a professional license to do something like financial trading, writing prescriptions, buying explosives, etc.
Discussion
- This problem is worth addressing on the Open Web Platform.
- This problem will affect the Web Payments work at some point past v1.
- A working group, separate from Web Payments WG, should be chartered to address the Credentials problem.
- The Credentials WG should run in parallel to the Web Payments V1 work.