Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dpv:AgeVerification as a purpose concept #128

Closed
besteves4 opened this issue Feb 6, 2024 · 11 comments
Closed

Add dpv:AgeVerification as a purpose concept #128

besteves4 opened this issue Feb 6, 2024 · 11 comments
Milestone
dpv v2

Comments

@besteves4
Copy link
Collaborator

It would be nice to have dpv:AgeVerification as a purpose concept for websites that need age data to ensure minors are not exposed to inappropriate online content.

I'm not sure if it should be narrower than dpv:IdentityVerification or if it should be at the same level and thus narrower than dpv:EnforceSecurity.
@bact
Copy link
Collaborator

bact commented Feb 6, 2024
edited
Loading

Do we need to differentiate between these two?:

  1. dpv:AgeVerification: to verify if an age is at a specific value
    • Need to know age data
  2. dpv:AgeRequirementVerification: to verify if an age meets an age requirement (higher / lower / in range of specific value(s))
    • Don't have to know age data

For example, if one have a driving license it can be infer that that person is at least X years old. This fact of a person possesses something (which itself has an age requirement) can be use for age requirement verification without the need to ask for age data.

@besteves4
Copy link
Collaborator Author

I don't think we need both, you can specify whether you want generic age data or a specific value or range with DPV-PD using Age, AgeExact or AgeRange. The purpose will always be to do age verification even if you infer the age from a piece of data that is not "age data". That way the purpose stands on its own -- does not depend on whether you use a certain data type.

@TallTed
Copy link
Member

TallTed commented Feb 7, 2024
edited
Loading

Most attempts at age verification are problematic. The best I've yet seen is currently running as TruAge in the US, which is primarily focused on and driven by convenience stores (that commonly sell age-restricted things like alcohol, pornography, cigarettes, etc.). I don't know that this is currently adaptable/adapted for online use by arbitrary web surfers, but perhaps it could be... @msporny might be able to provide some insight on this.

@coolharsh55
Copy link
Collaborator

Hi, I agree with @besteves4 comment about the purpose. To include what @bact describes as the distinction between exact age (e.g. 21) verification and age status (e.g. adult), we can have text in the description of the purpose. I also propose we have Verification be a purpose under which InformationVerification and AgeVerification can be situated. Other verifications will also arise in due time, e.g. accuracy verification - so this would be the way to organise them.

Term: AgeVerification
Subtype of: Verification
Description: Purposes associated with verification of age whether as an exact number (e.g. 21 years) or a condition (e.g. above 18 years) or through evidence associated with age (e.g. has a driver's license)

This is a placeholder description. I think ISO is currently working on an age assurance standard - so I'll see the final definitions once they have been published.

@besteves4
Copy link
Collaborator Author

@coolharsh55 agreed! You meant that IdentityVerification and AgeVerification would be a type of Verification right? Also, would Verification be a type of EnforceSecurity or a high level concept just below Purpose? Looking at the definition of EnforceSecurity it seems to make sense to maintain the Verification concepts under it.

@coolharsh55
Copy link
Collaborator

Also, would Verification be a type of EnforceSecurity or a high level concept just below Purpose?

Yes, for now it should be under EnforceSecurity. Re-organisation of the entire taxonomy structure (e.g. adding a Governance high-level purpose) can be for the next major version. Also gives us time to have these discussions about what we're trying to do exactly.

@msporny
Copy link
Member

msporny commented Feb 8, 2024
edited
Loading

@TallTed wrote:

Most attempts at age verification are problematic.

Yes, agreed, please tread carefully... some of the vocabulary terms you're defining here are known anti-patterns. I'm one of the Chief Architects of the TruAge system and the open standards work (standardized at Conexxus).

https://www.conexxus.org/resources/age-verification-initiative

Retail standard specification available here:

https://www.conexxus.org/resources/conexxus-age-verification-specification-v11

The TruAge digital age verification went into production in January 2023 (over a year ago) and covers 150,000 retail locations in the US. It is designed to be strongly privacy preserving, even to the point of preventing a retailer from being able to track an individual from store to store (even within the same retail brand). The standards WG discussed some of the concepts that you seem to be defining above and came to the conclusion that some of them are privacy anti-patterns (like asking for a specific age).

We do have an RDF vocabulary defined here (if you're interested in the concepts that we did end up standardizing):

https://w3id.org/age/

I don't know that this is currently adaptable/adapted for online use by arbitrary web surfers, but perhaps it could be... @msporny might be able to provide some insight on this.

It is usable in online scenarios.

In a more broad sense, this is the first I've heard of this CG, but it looks like you're doing interesting and relevant work. Specifically, the W3C Verifiable Credentials Working Group would be looking for something like DPV for use in a Verifiable Credential query language (like Verifiable Presentation Request). Is that something this group is looking into?

@coolharsh55
Copy link
Collaborator

Hi. Thanks for the caution. For DPV, we are really only looking to provide a single term for 'purpose' stating the goal is to do age verification. We can point to this and other works for further description/implementation.

Other groups like ODRL or Verifiable Credential are orthogonal to this work in the sense that they can use DPV to represent information in their respective data structures, and yes we would like to have some alignment or links between them.

@coolharsh55
Copy link
Collaborator

Hi. I have added the following as a proposed concept:

  • Term: AgeVerification
  • Label: Age Verification
  • Description: Purposes associated with verifying or authenticating age or age related information as a form of security
  • Parent: dpv:Verification
  • Type: dpv:Purpose
  • Comment: Age Verification can include verification of the exact age, e.g. being 21 years old, a date, e.g. birth date is 01 January 1969, or a condition, e.g. age is over 21 years and the person is an adult. Specific dedicated resources should be used to further express information and processes associated with Age Verification, for example the Age Verification Vocabulary https://w3id.org/age/

@msporny
Copy link
Member

msporny commented Feb 14, 2024

I have added the following as a proposed concept

Excellent, that looks good. Thank you! :)

@bact
Copy link
Collaborator

bact commented Mar 30, 2024

Maybe of interest for people in this issue.
A study on age verification and fundamental rights.

https://www.greens-efa.eu/en/article/document/trustworthy-age-assurance

@coolharsh55 coolharsh55 added this to the dpv v2 milestone Apr 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
dpv v2
Development

No branches or pull requests
5 participants
@msporny @bact @TallTed @coolharsh55 @besteves4