Definitions

• identity - the fact of being who or what a person or thing is.
• credential - a qualification, achievement, personal quality, or aspect of a person's background, typically when used to indicate that they are suitable for something. Credentials are often used to establish identity.
• issuer - an entity that issues a credential to a recipient.
• recipient - an entity that is in control of a set of credentials where they are the subject of the credential.
• credential consumer (also, relying party) - an entity that accepts credentials for the purpose of granting access to particular services
• vault / credential curator (also, identity provider) - a 3rd party storage service for credentials

The Problem

The problem is interoperability of credential data.

There is no standard, broadly adopted way to express a digital credential on the Web:

1. that is composed of a set of attributes (claims) about an entity
2. where the issuer can be verified (via a digital signature of some kind)
3. where the recipient can be verified to be in control of the credential (via a digital counter-signature of some kind)

The Proposal

http://www.dvrpc.org/Freight/img/2006-04_port/ContainerShipCrane.jpg

http://scm.zoomquiet.io/data/20131004215734/standard_container.jpg

DO

• create a standard data format to express the above
• create a standard protocol (REST APIs and browser APIs) to store and request credentials
• take privacy and security very seriously
• base it off of the good parts of prior less-than-wildly-successful initiatives like Persona, OpenID, SAML, etc. (and understand why those initiatives did not become as successful as intended)

DO NOT

• specify exactly what goes into a KYC / AML / address / passport credential - let each market vertical (issuers and credential consumers) do this

If successful, we could use this for:

• A better way of logging into a website than username/password
• Removing tedious form filling online (for example: at checkout - shipping address, loyalty card number, discount coupon, etc.)
• Stronger establishment of KYC when doing high-value transactions (>$3K, for example)
• Proving that you have a professional license to do something like financial trading, writing prescriptions, buying explosives, etc.

Discussion

• This problem is worth addressing on the Open Web Platform.
• This problem will affect the Web Payments work at some point past v1.
• A working group, separate from Web Payments WG, should be chartered to address the Credentials problem.
• The Credentials WG should run in parallel to the Web Payments V1 work.