Open bvandersloot-mozilla opened 5 months ago
And to get ahead of comments on the scope of this venue, here is an excerpt from our standards position:
We acknowledge that this style of API has superior utility to the hodgepodge of forms, QR codes, and other overlay systems that people have to navigate today when there is a genuine need to present credentials. Many people have wallets, or will get them soon, and Web integration could be far more convenient and reliable than those alternatives. We also recognize that the issuer-holder-verifier model that underpins the proposed API is a powerful tool for enabling individual autonomy, far superior to alternatives involving third party identity services. However, it is not enough to be superior to alternatives; it is essential to address risks and ensure that new features make the web better overall. We owe people a solution that acts in their interests, not just something that is justified because the alternative is worse or because it is more convenient.
This is a consequence of a few related issues: #35, #32, and #30.
Put simply, this API enables gating web content behind holding a government issued credential with particular properties. This can reduce access to the web for users in several ways:
One such exclusion may be incidentally restricting to only credentials of a particular type. An age verification request is more complicated than it initially seems if there is a fractured international ecosystem of credential types, and a developer may not include (making things up here) a format more common in East Asia or Europe when building their site in the USA.
Similarly, there are many people in the world without a government ID. In the USA this has a large overlap with the most marginalized groups, e.g. unhoused people. Internationally this includes stateless people. Any requirement to present a digital identity on a website would then exclude these people from using the service.
Another exclusion may be government pressured geoblocking. Consider citizens of countries like Cuba and Iran who experience censorship both from their own governments but also by other governments enforcing economic sanctions on websites. With a high-reliability mechanism to determine someone's nationality, we may see unexpected pressure for users to disclose this information to use more sites than they must today.
This would also make a naive real-name policy much easier to implement which would reduce the access for users that don't want to use their government-name. Such policies also have several other downsides, and lowering the bar to them should be considered.
There may be other exclusions that can happen here that I forgot, and may be some we can't think of.