Three parties are involved when using your physical driver's license: * The Issuer - such as the Washington State Department of Motor Vehicles * The Holder - the person to whom the license was issued (you) * The Verifier - the party you're showing the license to, such as a grocery store or policeman
A key point is that you don't have to (and don't want to) involve the issuer every time you use the license. The DMV doesn't need to know where and when I'm making age-restricted purchases. You don't "call home". Finally, the license is holder-bound; it is not a bearer token. Even if you're in possession of my license, you're unable to use it (unless you look just like me!). JWP enables these same properties in the online world. It uses the three roles. Presentation to a verifier doesn't involve the issuer. Issued tokens are holder-bound. And unlike my physical driver's license, where everyone I show it to can see all the information - including my home address, JWPs enable selective disclosure, so that only necessary claims are released. Many parties, both during the BoF<https://datatracker.ietf.org/doc/bofreq-miller-json-web-proofs/> and on this list, have expressed needs for this functionality backed by real-world business use cases. I urge you to talk to them, understand their needs, and understand how JWP will meet them. Let's (re)create the working group and get going on the needed standards work! -- Mike
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
