<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Kristina, thanks for re-writing the Introduction.</p>
<p>My personal opinion is that "User Controlled" is a better term
than "User-Centric". The two letter acronym is still the same
(IC), but if you replace user-centric with user controlled in your
introduction, I think it reads better,</p>
<p>Kind regards</p>
<p>David</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 19/04/2022 09:05, Kristina Yasuda
via Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite"
cite="mid:MN2PR00MB0893C99830059DE678DD1B18E5F29@MN2PR00MB0893.namprd00.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:"\@Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Also as promised, I did write up an
introduction that more clearly positions the thinking of the
WG around why “User-Centric” and not another term. The
language definitely needs tweaking, but would appreciate the
feedback if people agree with the direction (especially, Nat,
John, Mike, Vittorio, Tobias, DW, and the small group of
editors
<span style="font-family:"Segoe UI
Emoji",sans-serif">😊</span>)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We all know how much the industry is used
to the terms “SSI” and “Decentralized Identity” so if we are
making a conscious decision to use another term even when
meaning something quite similar (especially to the
decision-making folks), it has to be crystal clear why, hence
quite straightforward language below:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">---<o:p></o:p></p>
<p class="MsoNormal"><b>Introduction <o:p></o:p></b></p>
<p class="MsoNormal">OpenID Connect, a protocol that has enabled
deployment of federated Identity at scale, was built with
User-Centricity in mind. The protocol flow is designed to
provide Identity Providers a capability to directly talk to
the End-User to obtain consent before releasing claims about
that End-User to the Relying Party. The protocol also enables
the End-Users to run their own Identity Providers instead of
using third party provided ones.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Now, the User-Centricity is evolving to the
next level, where the End-Users retain full control over the
key decisions when receiving identity information from the
Credentials Issuers, and when presenting those credentials to
the Verifiers. The End-Users can now directly receive their
identity information as credentials from the Issuers and
present those credentials to the Verifiers without Verifiers
obtaining those user claims from the Issuer. This is an
obvious evolution from a federated Identity protocol flow
where after receiving the End-User’s consent, the Identity
Provider directly provides the Verifier with the identity
information about the End-User.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">When describing the concept of putting the
End-User in control of their identity, the readers might be
more familiar with the terminology Self-Sovereign Identity or
Decentralized Identity. This whitepaper could have used those
terms, too. However, after numerous long discussions, Connect
WG in OpenID Foundation has decided to use a term User-Centric
Identity to describe both a vision and an architecture of this
new, emerging approach to the identity management.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The Connect WG could not reach consensus to
use the term Self-Sovereign Identity because Self-Sovereignty
implies the End-User’s autonomy and freedom from the Issuers
and the Verifiers, which is not the case in real-life
use-cases. Even if the Verifier has obtained the claims
directly from the End-User, it is up to the Verifier to decide
whether to accept those credentials and provide the service to
the End-User. Regardless of where the End-Use is planning to
use a credential, it is up to the Issuer to decide whether to
issue credential to the End-User in the first place. Even
after the issuance, in most cases, the Issuer retains the
right to revoke and invalidate the credential.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The Connect WG also could not reach
consensus to use the term Decentralized Identity because
decentralized implementation techniques have their role to
play, but they are neither necessary nor sufficient to achieve
user centric identity. For the End-Users to directly receive
identity credentials from the Issuers and directly present
them to the Verifiers, user identifiers other than
Decentralized Identifier (DIDs) can be used, meaning that
Distributed Ledger Technology or Blockchain is not required
and data models other than W3C Verifiable Credentials can be
used.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Therefore, the goal of this whitepaper is
to first and foremost to inform the audience about the work on
the OpenID for User-Centric Identity (OpenID4UCI)
specification family and help position it in the broader
landscape of Self-Sovereign Identity and Decentralized
Identity. The work is being conducted in the OpenID
Foundation, in liaison with the Decentralized Identity
Foundation (DIF). .<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The whitepaper targets decision-makers,
architects and implementers interested in the concepts,
use-cases and architecture where the End-User directly
receives identity credentials from the Issuer and directly
presents them to the Verifier, a concept that will be referred
to as “User-Centric Identity” in this whitepaper.<o:p></o:p></p>
<p class="MsoNormal">---<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank you!<o:p></o:p></p>
<p class="MsoNormal">Kristina<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Openid-specs-ab
<a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab-bounces@lists.openid.net"><openid-specs-ab-bounces@lists.openid.net></a>
<b>On Behalf Of </b>Kristina Yasuda via Openid-specs-ab<br>
<b>Sent:</b> Monday, April 18, 2022 6:08 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<b>Cc:</b> Kristina Yasuda
<a class="moz-txt-link-rfc2396E" href="mailto:Kristina.Yasuda@microsoft.com"><Kristina.Yasuda@microsoft.com></a><br>
<b>Subject:</b> [Openid-specs-ab] Replacement to
"User-Centric Identity" complete + another terminology
topic: alternative to a "credential"?<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi, thanks a lot for a productive
conversation regarding the terminology in the “OpenID for
User-Centric Identity (preliminary naming)”
<a
href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1H556GIM_xD1yKl7rw1seq4bu83movFCkU8fQ7T8b1dI%2Fedit&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C8fb4bcc61b63463b182b08da21a106ef%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637859273185651256%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yX9Q7MJ%2B%2FB2PMnYUBNMrXfj5vrYAsrFeNyUCkH2JaaQ%3D&reserved=0"
moz-do-not-send="true">
whitepaper</a> – the details of the conversation will be in
the notes that will be sent out.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">As agreed, I replaced all the references to
the “Decentralized Identity” to “User-Centric Identity”
(Thanks Mike for making the suggestions). As agreed, if you
come up with a better term than “User-Centric”, please bring
it up. We are looking for “a generic property that transcend
the topology we are working with at this point in time (I
really like how Vittorio has put it!)” that describes “an
approach to the identity management where the End-User retains
full control over from which Credential Issuer to obtain what
credential, and when to disclose which credential to which
Verifier (again, paraphrasing Vittorio)”. (and now I am not a
big fan of an acronym OpenID4UCI, so acronym suggestions
welcome too..)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Another terminology topic I wanted to bring
up is inspired by Pieter’s comment on the definition of
“Credential”: “It was interesting to see terminology in the EU
Digital Wallet architecture like "Electronic Attribute
Attestation" (EAA) that may provide alternatives to the
heavily overloaded "credential". Not sure it is the right time
to adopt it, but may be a good way to disambiguate terms like
credential (and align with frameworks emerging elsewhere).”
<o:p></o:p></p>
<p class="MsoNormal">I agree with Pieter both in that EAA might
be an alternative, and in that maybe this is whitepaper V2
issue… Some food for thought.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Cheers,<o:p></o:p></p>
<p class="MsoNormal">Kristina<o:p></o:p></p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="https://lists.openid.net/mailman/listinfo/openid-specs-ab">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
</body>
</html>