use cases: misc. issues

[du5t]

This is for tracking minor-ish items that just need checking off to make sure they've been addressed with brief discussion of some kind. Branching off into sub-issues as needed is not unwelcome.

• [ ] is onboarding sufficiently well discussed?
• [ ] are unsolved problems complete enough?
• [ ] is there the right amount of discussion of threat models?
• [ ] are technical requirements illustrated in enough detail? too much detail?
  • [ ] How detailed should we get on distributed data stores? (not just blockchain, of course)
• [x] is web of trust sufficiently promoted in each use case?
• [ ] references
  • [ ] British Columbia ID system
  • [x] XDI info (see comment)
  • [ ] distributed data store examples
  • [x] single blockchain-employing
    • [ ] twister
    • [x] bitcoin
    • [x] ethereum
    • [x] nxt
  • [ ] others
    • [ ] tahoe-lafs
    • [ ] ssb (blockchain without global consensus)

[du5t]

Re: XDI, points raised for inclusion by @talltree during discussion:

• link contracts are p2p agreements about disclosure, sharing, and time of data
• in use case 3 (building credit), user is covered by protective stipulations without 'right to be forgotten'
• XDI (if well-implemented by bank and rating agencies) will enable user's ability to dispute erroneous or malicious financial rating or activity associated with her account--tool that empowers user and enables efficient detection of possibly fraudulent activity
• sunshine+transparency

[du5t]

Re: use case 4 (refugee)

• self-sovereign identity needs further elucidation
• make sure definition of WoT and identities registered to it are clear
  • consider using Kaliya's topologies of identity models
• explain threat models at each point of refugee's journey
• biometrics should not be offered uncritically
• explain how motes of refugee's identity can be maintained (while respecting privacy) by NGOs and governments
• technical approach: blockchain(-like) structure, XDI for semantic interoperability, provable claims, biometric-type identification, attestations (by refugee workers for example)

[du5t]

Re: use case 5 (victim of trafficking):

• DELEGATION (in initiating record, obtaining attestations)
• STEWARDSHIP (of vulnerable or short identity record)
• Limited Liability Persona
  • http://bgidps.typepad.com/bgidps/2007/10/llp-in-the-new-.html
  • https://www.youtube.com/watch?v=Lazg31TN8FE
  • http://www.slideshare.net/Kaliya/identification-and-social-justice-

[du5t]

Re: unsolved problems/opportunities (in closing discussion):

• Bootstrapping/onboarding/enrollment from self-affirmed identity attributes
• Swapping in 'proof of X' for 'X' in (all) transactions where someone's identity is read, as a rule
• Manageable and portable equipment for storing identity information and making strong (yet opaque) claims with precise scope
• Repudiable biometrics
• Negotiating concordance between amount of information provided by uncredentialed person and amount initially required by conventional institution

[jimscarver]

Re use case one (Selective Disclosure: Proof of Age)

It should be mentioned that the picture of the person is displayed to to the club owner or something to prove who's credential is being proven it the same person in possession of the phone. It seems obvious but reader may wonder about that.

[du5t]

Good point, but if you can unlock the phone and enter some passphrase or what have you to authenticate these requests, you can probably modify any picture that the phone can display. Moreover, I'm sure we'd like to avoid the issue of someone's ID portrait being drastically different from, say, a state-issued one becoming a bone of contention. I guess we can just mention that visual confirmation can be obtained as needed?

[jimscarver]

Your picture would have to be displayed on the club owner device after scanning your QR code proof. An alternative would be for the club owner to snap your pic or use voice verification but there must be something proving who the claim is for.

On Tue, Nov 10, 2015 at 4:42 PM, du5t notifications@github.com wrote:

Good point, but if you can unlock the phone and enter some passphrase or what have you to authenticate these requests, you can probably modify any picture that the phone can display. Moreover, I'm sure we'd like to avoid the issue of someone's ID portrait being drastically different from, say, a state-issued one becoming a bone of contention.

— Reply to this email directly or view it on GitHub https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/issues/51#issuecomment-155575719 .

[du5t]

If I can insert records into the store with that device and, say, my passphrase, I can change my picture anytime. So if I have the device, I can unlock it, and I can make valid claims, a picture in the store offers no more credibility than any other biometric.

Requiring very malleable biometrics like these on production of an ID leads to a whole rabbit hole of issues that aren't really fixable at this level--better to prevent it from being an issue entirely.

[jimscarver]

I can lend you my device and you can prove you are over 65? There must be some assurance to the club owner that the claim to proven for you and not the owner of the device. It must be a biometric. Otherwise the assurance given to the club owner is zero.

On Tue, Nov 10, 2015 at 5:47 PM, du5t notifications@github.com wrote:

If I can insert records into the store with that device and, say, my passphrase, I can change my picture anytime. So if I have the device, I can unlock it, and I can make valid claims, a picture in the store offers no more credibility than any other biometric.

Requiring very malleable biometrics like these on production of an ID leads to a whole rabbit hole of issues http://theadvocate.com/news/13403039-123/louisiana-office-of-motor-vehicles that aren't really fixable at this level--better to prevent it from being an issue entirely.

— Reply to this email directly or view it on GitHub https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/issues/51#issuecomment-155592387 .

[du5t]

If your device is properly secured, it's probably cost-prohibitive to do so. It doesn't have to be a biometric, and shouldn't be, for documented reasons I named above. Risk of fraud is accepted in any ID system--we should err on the side of harm reduction for good-faith users.

[jimscarver]

How does the club owner know my device is properly secured? What prevents me from giving you access except a biometric?/

On Tue, Nov 10, 2015 at 7:12 PM, du5t notifications@github.com wrote:

If your device is properly secured, it's probably cost-prohibitive to do so. It doesn't have to be a biometric, and shouldn't be, for documented reasons I named above. Risk of fraud is accepted in any ID system--we should err on the side of harm reduction for good-faith users.

— Reply to this email directly or view it on GitHub https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/issues/51#issuecomment-155609442 .

[du5t]

Oh come on: the club owner is completely not responsible for this, under even existing systems. This is not material to the discussion in the scope of this whitepaper anyway--the actual method of authentication and degree of due diligence is going to depend on the regulatory environment and the application engineers.

[jimscarver]

The club owner is responsible for the person looking something like the picture. An ID without some physicall connection to who is presenting it is useless. You cannot replace a photo id with a device proving a claim about the ower of a device with no assurance the owner is present.

On Tue, Nov 10, 2015 at 7:22 PM, du5t notifications@github.com wrote:

Oh come on: the club owner is completely not responsible for this, under even existing systems. This is not material to the discussion in the scope of this whitepaper anyway--the actual method of authentication and degree of due diligence is going to depend on the regulatory environment and the application engineers.

— Reply to this email directly or view it on GitHub https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/issues/51#issuecomment-155610977 .

[du5t]

@jimscarver if you have anything new to add, please confine it to an issue specifically for that purpose. Repeating your arguments in this fashion is counterproductive.

[du5t]

Closing since paper was published.