Use case for Holder Binding

[justAnIdentity]

---

Preview | Diff

[awoie]

potentially fixes #128

[justAnIdentity]

Thank you for the suggestions @TallTed !

[Sakurann]

I understand this use-case but maybe refactor it to a use-case when a user is getting government benefits. that is much more high stake without holder binding and is very real - millions if not billion was stolen in tax monely because there was no holder binding for people geting covid benefits from the govenrment.

[TallTed]

millions if not billion was stolen in tax monely because there was no holder binding for people geting covid benefits from the govenrment

What was the Credential that was not bound to its (or any) Holder, that was used for such theft?

I think it is inarguable that there were a lot of problems with the various programs that distributed [US] government funds to businesses and individuals, and these included dispersals to recipients who were not intended as well as forgiveness of loans which should not have been forgiven if even lent ... but I do not believe these issues could accurately be described as a "lack of holder binding".

[Sakurann]

If user A can get user B's monetary benefit by impersonating user B, that's the problem and with proper holder binding in place, it becomes much harder.

My whole point was, can we use a bit more high stake use case? that's it.

[justAnIdentity]

@Sakurann . The main aim was to keep things simple and illustrate the concept of holder binding. I'm happy enough to accommodate your request for a higher stakes use case though. How about a cross-border tax-filing use case?

[vongohren]

Speaking as an organization that has created a national digital age verification system for the United States (TruAge - run by the National Association of Convenience Stores -- 149,000 retail locations across the US), most variations of holder binding is specifically viewed as an anti-pattern for digital age verification systems.

Could we update this use case to be a higher risk use case, where holder binding might be less likely to raise privacy concerns, such as "boarding an airplane" or "crossing a border"?

Are there any good inspiration from this paper? https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/final-documents/identifier-binding.md

It used to have the airplane case in it, but we removed it because it got complicated with multiple different cases

[justAnIdentity]

Thanks for the language check once more @TallTed . @msporny , see if this use case is better to your liking

[KDean-GS1]

@jandrieu and I have reviewed the request. This is closely aligned with International Travel with Minor and Upgrade and ask that the existing use case be enhanced rather than a new one be created.

[jandrieu]

@KDean-GS1 Reviewed this again today. Because it is so close to an existing use case, we don't feel it illustrates enough new usage.

We are marking this pending closed and will close it if we don't have further engagement.

However, we are open to suggestions for improving the 5.3 International Travel with Minor and Upgrade to better address the coverage you are looking for.

[jandrieu]

Closing.

This has been pending closed for two weeks with no further engagement since the Feb 24 request to reframe this as an update to the existing use case.

We still welcome suggestions for 5.3 International Travel with Minor and Upgrade if that does not fully cover the details desired in this PR.