-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds use case "Public authority identity credentials (eIDAS)" #112
Adds use case "Public authority identity credentials (eIDAS)" #112
Conversation
Written by @ewagner70 with some small edits by myself. |
happy to try, but can someone point me to the best way to see the proposal and comment. sorry, i'm still learning elementary github and respec |
@peacekeeper @agropper : just a question - did the PR go through? |
Quick note: We are going to accept this, but we are going to add a bit of human story to anchor it to a specific person doing a specific thing. If you're curious what I mean, I have a few issues for other sections #107 #106 #105 #109 #110 that do something similar. We'll take that on, but if you beat us to it, that'd be great too. |
I think we already have this use case, but by a different name. The Digital Permanent Residence card use case could be amended slightly to read as follows. This is in need of review by people familiar with eIDAS and ESSIF please - there is way too much guesswork in what I've proposed here, but you get the idea I hope. We have the human-centred story, we just need to bring in the European angle. Hence a flag for @peacekeeper. Thanks Markus. Sam is a long term immigrant to the United States and is applying for Permanent Resident status from the Citizenship and Immigration Services (USCIS). His application includes multiple pieces of evidence including his record of citizenship in the country of his birth, Slovenia, his masters degree from the University of Ljubljana, and his credit history with the Unicredit Banka Slovenija. Each credential is made available using credentials compliant with the European Union's Electronic Identification, Authentication and trust Services regulation (eIDAS). However, thanks to the European Self-Sovereign Identity Framework (ESSIF), rather than submitting three separate credentials, Sam is able to simply provide his DID through which each credential is available as a service endpoint. Since the credentials come from highly trusted sources through a highly trusted mechanism, Sam receives his receives notice of Permanent Resident status. Along with his notice is directions for downloading and using a digital version of his physical card, including a one-time activation code. After getting a digital wallet, he visits the USCIS website, signs in, and uses his activation code to get a digital credential. His wallet provides a DID to the website and demonstrates control over the DID to prove to USCIS that the identifier is under Sam's control. USCIS issues a newly minted digital credential with the subject identifier set to the provided DID. Now, Sam can use that digital credential anywhere by demonstrating the same proof of control to provide a specific level of identity assurance, anchored in the cryptography of the proof-of-control ceremony. Verifiers of that credential can cryptographically verify both the authenticity and origin of the credential itself—it can be proven that it was issued by USCIS and unchanged since then—AND it can verify that the presenter of the credential still controls the identifier. |
@philarcher : in general, you're right, that the permanent residence card is a sub-sub-sub-case of the proposed KYC use case (as it not only comprises basic identification, but also due diligence with up to 50 additional different attributes) . I would recommend to
|
@philarcher I think you have found an interesting way to combine these two use cases in a single story, but I would still argue that they are different use cases.
Besides this difference, there's also a subtle political aspect.. eIDAS/ESSIF is about empowering European citizens and allowing them to obtain digital sovereignty. Please don't get this the wrong way, but I have to mention that one reason (among several) why there is such strong interest in SSI and DIDs is the experience of mass surveillance by (primarily) the U.S. government and surveillance capitalist practices by (primarily) U.S.-based corporations such as Facebook and Google. If we now write a use case that says "ESSIF is good for making it easy for Europeans to immigrate to the U.S.", then that could be understood by some as disrespectful to what ESSIF is really meant for. I understand this argument could be dismissed on the basis that the Use Cases document isn't concerned with such political opinions. But still I wanted to bring it up, since the messaging behind use cases matters too. And as I said in the beginning, I think that even when we leave the politics aside, the use cases still feel sufficiently different. I'd be happy to work on improving this use case by adding a better human story element! |
@philarcher I argee with @peacekeeper on this one. I think the value of specifically highlighting eIDAS integration in a European context is important. @peacekeeper If you could take a stab at a human story, I'd be happy to iterate on it with you and get it pulled in. |
Points noted, thanks all. I've assigned this to Markus just to keep things going. If you can bash out a human story doe eIDEAS I'll delete this PR and create a new one from your words. Thank you. |
Also adds requirement "Legally-enabled identity"
a797c16
to
027fd0e
Compare
@philarcher and @jandrieu , per our discussion above, I completely re-wrote the use case to add a human story. Could you review again? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great. Thanks, @peacekeeper
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you very much, Markus!
Also adds requirement "Legally-enabled identity".
Addresses #102.
Preview | Diff