-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use case for Holder Binding #129
Conversation
potentially fixes #128 |
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Thank you for the suggestions @TallTed ! |
I understand this use-case but maybe refactor it to a use-case when a user is getting government benefits. that is much more high stake without holder binding and is very real - millions if not billion was stolen in tax monely because there was no holder binding for people geting covid benefits from the govenrment. |
What was the Credential that was not bound to its (or any) Holder, that was used for such theft? I think it is inarguable that there were a lot of problems with the various programs that distributed [US] government funds to businesses and individuals, and these included dispersals to recipients who were not intended as well as forgiveness of loans which should not have been forgiven if even lent ... but I do not believe these issues could accurately be described as a "lack of holder binding". |
If user A can get user B's monetary benefit by impersonating user B, that's the problem and with proper holder binding in place, it becomes much harder. My whole point was, can we use a bit more high stake use case? that's it. |
@Sakurann . The main aim was to keep things simple and illustrate the concept of holder binding. I'm happy enough to accommodate your request for a higher stakes use case though. How about a cross-border tax-filing use case? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there are enough approvals, I am ok with the current example - we can do another update PR later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Speaking as an organization that has created a national digital age verification system for the United States (TruAge - run by the National Association of Convenience Stores -- 149,000 retail locations across the US), most variations of holder binding is specifically viewed as an anti-pattern for digital age verification systems.
Could we update this use case to be a higher risk use case, where holder binding might be less likely to raise privacy concerns, such as "boarding an airplane" or "crossing a border"?
Are there any good inspiration from this paper? https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/final-documents/identifier-binding.md It used to have the airplane case in it, but we removed it because it got complicated with multiple different cases |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor fixes
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
@jandrieu and I have reviewed the request. This is closely aligned with International Travel with Minor and Upgrade and ask that the existing use case be enhanced rather than a new one be created. |
@KDean-GS1 Reviewed this again today. Because it is so close to an existing use case, we don't feel it illustrates enough new usage. We are marking this pending closed and will close it if we don't have further engagement. However, we are open to suggestions for improving the 5.3 International Travel with Minor and Upgrade to better address the coverage you are looking for. |
Closing. This has been pending closed for two weeks with no further engagement since the Feb 24 request to reframe this as an update to the existing use case. We still welcome suggestions for 5.3 International Travel with Minor and Upgrade if that does not fully cover the details desired in this PR. |
Preview | Diff