Add Focal Use-Case for human-centered DID interoperability: Alice Rents a Car

[agropper]

Our service endpoint and interop discussions will benefit from a human-centered perspective. To that end, I've invented a hypothetical badge, the Gold Button, that indicates interoperability between one's authentication and authorization agent and various service providers. The Gold Button is conceived as a voluntary assertion to a standardized bundle of protocols, TBD, that is NOT domain-specific. In other words, the idea is that the auth'n and auth'z agent asserting Gold Button is general while the competing service providers asserting Gold Button are typically domain-specific (e.g. healthcare or education).

Here is the proposed additional focal use-case:

Alice Rents a Car

    <h4>Background</h4>

It’s 2021 and SSI is the golden child. Alice looks forward to never having to use a password or fill out a form again. Alice’s service providers are looking to adopt zero-trust architecture with Y2K zeal. Neither of them really know what SSI or zero-trust means, but they want it.

Description

Alice has just provisioned an “agent” as recommended by EFF and supported through Mozilla. It’s costing her $5/month and is somehow linked to the FaceID that also unlocks her smartphone. Her agent occasionally sends a text message asking a question with a yes or no answer but otherwise mostly leaves her alone. Her agent bears a Gold Button logo that she thinks is a bit like “American Express welcome here” in the old days.

Alice is going to France. She uses DuckDuckGo to discover a list of car rental companies anonymously to avoid price discrimiantion and targeted ads. Some of the rental companies display the Gold Button logo, some don’t. She knows that the ones that do will respect her agent. She picks Fertz for the rental even though she has never done business with them before, knowing that with Gold Button her user experience will be an automated breeze.

Among dozens of others, Alice already has Gold Button service providers for her US driver’s license, her US insurance, and her bank. The DMV, insurer, and bank all authenticate Alice using a secure pseudonym linked to her smartphone. Each of the three has a different DID for Alice, but each of the three knows that they can use that DID in court to hold Alice accountable. Alice just knows that her smartphone allowed her to sign her driver’s license application, her insurance application, and her bank customer registration form using FaceID because Gold Button works.

Alice clicks on the Fertz “Rent Now” button and:

• Exposes a DID through her agent in order to set up a secure communication channel.
• Fertz tells Alice’s agent that they will need license, insurance, and bank info for the purpose of renting a car in France.
• Alice’s agent has a policy that saying that any company as large as Fertz can get whatever they explicitly ask for. Smaller companies, or large ones on a blacklist may need Alice to give explicit permission - which the agent will ask for using a text message.
• Alice’s agent gives gives Fertz three signed bearer tokens authorizing release of her personal information from three specific service providers. These tokens are encrypted so that Fertz doesn’t know what’s in them. Alice’s service providers use pre-registered information linked to their DID for Alice to decrypt the tokens and verify they were signed by Alice’s agent.
• Note, that in this example, Alice does not care that her three service providers know she is becoming a Fertz customer. If Alice did care, she might go through the trouble of having one or another of the services issue a Verified Credential to her so she can present it wherever she wants. Alice’s agent has policies that force the more privacy preserving, Holder-mediated flow when dealing with some less trusted vendors.
• Fertz gathers the information from Alice’s service providers, checks it against their internal rental policies, and issues Alice’s agent a signed capability linked to a QR code. The agent emails the capability to Alice.

The whole sequence from click in the search results to Alice getting a QR code in the email took 8 seconds. A week later:

• Alice goes to the Fertz garage at Charles de Gaulle airport, and picks a car with the keys already in it and the price posted on the parking space. She drives to the automated exit gate.
• At the gate, Alice opens her email, shows the QR code she received through her agent and gets a message on her phone asking her to scan her face. The gate agent combines the license info of the car, the QR code and the challenge signed by Alice with her face and opens the gate.

Challenges

The challenge in this case is to combine technical standards and protocols into a human-meaningful interoperability claim that crosses between one's general-purpose agent and a multitude of domain-specific service offerings.

Distinction

This use case is based on a profiling exercise by a group to be determined and the voluntary adoption of the badge by some agents and some service providers. The badge need not be associated with a costly certification process which means that both audited and un-audited versions of the claim can co-exist. False and misleading assertions are already enforced by both the marketplace and by truth in labeling laws.

[agropper]

Can someone help me turn this into a PR?

[philarcher]

Thanks @agropper for providing the text that would be required for this to be added.

My question is: does this use case entail any requirements not already listed at https://w3c.github.io/did-use-cases/#requirements ? If so, what are they? If not, I'm minded not to add this UC simply because it wouldn't actually make a material difference to the outcome, given the maturity of the discussions in the WG at this time.

[agropper]

Excellent point @philarcher We may need a new requirement for human-centered (human-understandable) interoperability.

These four requirements do address some of the issues that will impact human-centered interoperability but I'm suggesting we may need to add a new requirement.

https://w3c.github.io/did-use-cases/#serviceEndpoint https://w3c.github.io/did-use-cases/#keyRotation https://w3c.github.io/did-use-cases/#noVendorLock https://w3c.github.io/did-use-cases/#survivesRel

[philarcher]

That makes sense, @agropper. I'll work on adding in that requirement - that's a small effort that's doable.

Thanks

[agropper]

Thank you. Does that mean the Alice Rents a Car use case goes in as well?

On Thu, Oct 1, 2020 at 8:42 AM Phil Archer notifications@github.com wrote:

That makes sense, @agropper https://github.com/agropper. I'll work on adding in that requirement - that's a small effort that's doable.

Thanks

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/w3c/did-use-cases/issues/101#issuecomment-702107405, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABB4YMSZIAAEEVCHTPXZHLSIR2JXANCNFSM4Q6SZP5Q .

[philarcher]

Thank you. Does that mean the Alice Rents a Car use case goes in as well? … On Thu, Oct 1, 2020 at 8:42 AM Phil Archer @.***> wrote: That makes sense, @agropper https://github.com/agropper. I'll work on adding in that requirement - that's a small effort that's doable. Thanks — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#101 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABB4YMSZIAAEEVCHTPXZHLSIR2JXANCNFSM4Q6SZP5Q .

I'll look at it in detail. I can see already I'll need to increase the level of anonymity wrt to named (or near-named) companies. It's really whether or not it actually introduces new requirements that I can't just as easily highlight in one or more existing UCs.

[jandrieu]

@agropper That's a great use case. I'll work with Phil to add it. We may have further questions for you.

[philarcher]

PR in review that more or less uses this text verbatim. Closing this issue as a result.