Our service endpoint and interop discussions will benefit from a human-centered perspective. To that end, I've invented a hypothetical badge, the Gold Button, that indicates interoperability between one's authentication and authorization agent and various service providers. The Gold Button is conceived as a voluntary assertion to a standardized bundle of protocols, TBD, that is NOT domain-specific. In other words, the idea is that the auth'n and auth'z agent asserting Gold Button is general while the competing service providers asserting Gold Button are typically domain-specific (e.g. healthcare or education).
Here is the proposed additional focal use-case:
Alice Rents a Car
Background
It’s 2021 and SSI is the golden child. Alice looks forward to never having to use a password or fill out a form again. Alice’s service providers are looking to adopt zero-trust architecture with Y2K zeal. Neither of them really know what SSI or zero-trust means, but they want it.
Description
Alice has just provisioned an “agent” as recommended by EFF and supported through Mozilla. It’s costing her $5/month and is somehow linked to the FaceID that also unlocks her smartphone. Her agent occasionally sends a text message asking a question with a yes or no answer but otherwise mostly leaves her alone. Her agent bears a Gold Button logo that she thinks is a bit like “American Express welcome here” in the old days.
Alice is going to France. She uses DuckDuckGo to discover a list of car rental companies anonymously to avoid price discrimiantion and targeted ads. Some of the rental companies display the Gold Button logo, some don’t. She knows that the ones that do will respect her agent. She picks Fertz for the rental even though she has never done business with them before, knowing that with Gold Button her user experience will be an automated breeze.
Among dozens of others, Alice already has Gold Button service providers for her US driver’s license, her US insurance, and her bank. The DMV, insurer, and bank all authenticate Alice using a secure pseudonym linked to her smartphone. Each of the three has a different DID for Alice, but each of the three knows that they can use that DID in court to hold Alice accountable. Alice just knows that her smartphone allowed her to sign her driver’s license application, her insurance application, and her bank customer registration form using FaceID because Gold Button works.
Alice clicks on the Fertz “Rent Now” button and:
- Exposes a DID through her agent in order to set up a secure communication channel.
- Fertz tells Alice’s agent that they will need license, insurance, and bank info for the purpose of renting a car in France.
- Alice’s agent has a policy that saying that any company as large as Fertz can get whatever they explicitly ask for. Smaller companies, or large ones on a blacklist may need Alice to give explicit permission - which the agent will ask for using a text message.
- Alice’s agent gives gives Fertz three signed bearer tokens authorizing release of her personal information from three specific service providers. These tokens are encrypted so that Fertz doesn’t know what’s in them. Alice’s service providers use pre-registered information linked to their DID for Alice to decrypt the tokens and verify they were signed by Alice’s agent.
- Note, that in this example, Alice does not care that her three service providers know she is becoming a Fertz customer. If Alice did care, she might go through the trouble of having one or another of the services issue a Verified Credential to her so she can present it wherever she wants. Alice’s agent has policies that force the more privacy preserving, Holder-mediated flow when dealing with some less trusted vendors.
- Fertz gathers the information from Alice’s service providers, checks it against their internal rental policies, and issues Alice’s agent a signed capability linked to a QR code. The agent emails the capability to Alice.
The whole sequence from click in the search results to Alice getting a QR code in the email took 8 seconds. A week later:
- Alice goes to the Fertz garage at Charles de Gaulle airport, and picks a car with the keys already in it and the price posted on the parking space. She drives to the automated exit gate.
- At the gate, Alice opens her email, shows the QR code she received through her agent and gets a message on her phone asking her to scan her face. The gate agent combines the license info of the car, the QR code and the challenge signed by Alice with her face and opens the gate.
Challenges
The challenge in this case is to combine technical standards and protocols into a human-meaningful interoperability claim that crosses between one's general-purpose agent and a multitude of domain-specific service offerings.
Distinction
This use case is based on a profiling exercise by a group to be determined and the voluntary adoption of the badge by some agents and some service providers. The badge need not be associated with a costly certification process which means that both audited and un-audited versions of the claim can co-exist. False and misleading assertions are already enforced by both the marketplace and by truth in labeling laws.