Why is the Identity Profile not included in the list of "standardization work"? #25
Comments
|
An interesting observation, and after reading through those sections again my guess (not being an author of this) is a combination of the following:
I agree that it looks like a major omission in the flow of the document though, because of the equal space and size given to the Entity Credential and Identity Profile. So, personally at this point, I can live with it but I'm not completely happy. :-) |
|
The short answer is that the schema of the Identity Profile is inherently emergent. Different creators and recipients will have different needs and those needs will change over time. The VCTF previously used to use the term "Identity", defined as all the claims about a particular person, which is aligned with related ISO standards. I advocate against using "Identity" in that way because it is confusing and rarely captures the needed complexity, especially for real-world uses of identity aka "legal identity". Instead, I argue in favor of describing identity systems in terms of how they enable or prevent correlation. (You can read the Rebooting Web of Trust paper http://bit.ly/identitycrisispaper for a more complete argument.) In part in response to that conversation, VCTF turned to "Identity Profile" to capture essentially the same idea: the collection of all the identity-enabling information stored as verifiable claims. However, the schema for that profile will, by design, be flexible over time as uses cases, technologies, and regulations evolve. My experience with different attempts to define a universal schema for "identity" suggest that it is an intractable problem due to the continually changing intersection of the need for minimal disclosure and the flexibility required by recipients for identity assurance. There's still value in referring to the set of identity-enabling claims collectively and "Identity profile" is as good a term as any. There just isn't a closed form data model for what information can actually be captured in said profile. |
|
I withdraw my earlier comment without prejudice. ;) The Entity Profile is missing, and in the latest PR #67, incorrect as commented in #67 (comment) I answered a more overarching question because I didn't understand that Entity Profiles were what holders present to inspector-verifiers. I spent a year thinking claims were presented, and therefore interpreted Entity Profiles to be the collection of claims related to an individual, which for various reasons is often the end-goal for many new to issues of digital identity, i.e. "What are the necessary attributes to prove someone's identity". That question remains intractable. However, for any given use, we can and should demonstrate the Entity Profile actually presented to the inspector-verifier. |
|
We plan on addressing this when we address #66 with a PR to resolve related terminology issues. |
|
We have the concept of a "Verifiable Profile" in the spec now: Lines 455 to 460 in 700263a Closing this issue. |
In the Introduction there are "two pieces of possible standardization work": 1) data model of entity credentials and 2) specific representations in different syntaxes. Why isn't the Identity Profile Model (cf section 3.2 of this document) included in that list? If it's more fully described in some other document or standard, then that should be referenced. If it's defined herein, it should be added to this list.
The text was updated successfully, but these errors were encountered: