From 1dc5a55bc888b5020fa521b55412d0a2b6d9079c Mon Sep 17 00:00:00 2001 From: Rieks Date: Mon, 1 Jul 2019 12:05:11 +0200 Subject: [PATCH 1/2] Progress on #96. --- index.html | 51 ++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 46 insertions(+), 5 deletions(-) diff --git a/index.html b/index.html index 97eac13..271214b 100644 --- a/index.html +++ b/index.html @@ -374,7 +374,7 @@

Healthcare

through her health care network and goes in for treatment. She is a new patient, so the clinic needs to know who she is and how she will be paying. When checking in, she presents her verifiable claim that demonstrates her identity and her proof of - insurance. When the clinc submits this to the insurance company, they can automatically + insurance. When the clinic submits this to the insurance company, they can automatically ascertain that she submitted her proof of identity and insurance to the provider and granted the physician the ability to submit the claim for payment.
@@ -438,7 +438,7 @@

Professional Credentials

C.2 Busy doctor
Barney was a board-certified physician, but he ran out of - time to complete his contuning education requirements and his + time to complete his continuing education requirements and his certification lapsed. Since the board can revoke his certification, credential inspectors will automatically be aware that he can no longer issue prescriptions or perform medical @@ -450,9 +450,13 @@

Professional Credentials

that she was a trained Project Manager. It was later discovered that BigTraining Co. was not actually training anyone, and their organization's certificate was revoked via the US Department of - Education's Accreditation Database. Jane's credential is - therefore invalid, and prospective employers will be aware of - this when they check her certifications.
+ Education's Accreditation Database, invalidating Jane's credential. + Jane's current employer performs a monthly check on the validity of + the credentials that its employees provided at the time they were hired. + So, within a month, he will find out that Jane has not been trained + appropriately, and can take corresponding action. + Also, any prospective employers will become aware of + this when they check Jane's certifications.
C.4 New employer
@@ -491,6 +495,13 @@

Professional Credentials

only verifying that she is the holder of the certificate, that she is the subject of it, and that she is an aid worker. In this way she maintains her anonymity in this controversial forum while still being able to assist her fellow countrymen. +
Social healthcare platforms, such as those on which Josie and Paula post their profiles and messages, + enhance the trustworthiness of such posts by publishing (possibly anonymized) claims and credentials + that the platform itself has verified at the time they were posted. + However, as time elapses, so does the likelihood that such claims are no longer valid, + e.g. because they have expired, or they have been revoked. + To ensure the trustworthiness of its content, the platform decides to check the validity of all claims + that have been posted on a daily basis, and to (temporarily) remove any invalid claims, or posts that have such claims.
C.6 Job applicant
@@ -708,6 +719,36 @@

Revoke Claim

+
+

Check Revocation

+
+
Requirement
+
It MUST be possible for the verifier that has been presented with a revocable claim, + to check whether or not that claim has been revoked, not only when it received that claim, but also at later times. + Such checking MUST NOT require the verifier to contact the holder from which the claim was received. + Also, it MUST NOT require the verifier to contact the issuer of that claim. +
Motivation
+
Claims that are valid at the time a verifier receives them (and checks their validity), + may no longer be valid at the time that they are actually used, e.g. for making decisions. + This may be caused e.g. by expiration of (the credential that contains) the claim, + or by that credential having been revoked by its issuer. + Using claims whose validity no longer is verifiable, to make decisions, comes with a risk + that increases as the period between the validity-check and the use of such claims gets longer. + In order to thwart this risk, the verifier must be able to check the validity of such claims + immediately prior to using them. + Note that since the verifier, at this point in time, may not be able to connect to the holder, + it must be able to check the validity on its own. + Also note that for reasons of privacy, the verifier should not connect to the issuer + at the time it checks the validity of the claim, since the issuer could then learn which of its credentials + are being used by which verifiers.
+
Needs
+
F.1, F.5, E.2, E.4, H.2, H.4 + , C.2, C.3, C.5. + Also, the need for this is illustrated in section 5.2, + where the NOAA needs to check the current status of all of Pat's certifications.
+
The above paragraph on Needs needs to be revised.
+
+

Focal Use Cases

From fbf8b30528e4c31b89920eb0a6f9e3e1e6ebbb67 Mon Sep 17 00:00:00 2001 From: Rieks Date: Mon, 1 Jul 2019 12:10:05 +0200 Subject: [PATCH 2/2] Added parking permit use-case. --- index.html | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/index.html b/index.html index 271214b..a2c7e29 100644 --- a/index.html +++ b/index.html @@ -564,6 +564,24 @@

Legal Identity

this because it is available from many places often the Internet. Since it is verifiable, the IFRC is comfortable vouching for them and resettling them in a safer area for the duration of the conflict. +
+ L.5 Parking permit +
+
The city of Groningen issues at most one parking permit to any family\ + whose members live at the same city address. Also, a parking permit is only issued + if the applicant owns or leases the vehicle. In order to automatically issue and + enforce the parking permit, the city of Groningen requests every applicant + to provide two credentials: one that is issued by the municipality itself that + states that the applicant resides at some address in the city, + and another one that is issued by the car registration agency of the Netherlands + that states the licence plate of the vehicle that the applicant owns or leases. + Several months after Michiel has successfully applied for a parking permit in Groningen, + he decides to sell his car, which implies a de-registration of him as owner, + and the ownership credential to be revoked. When the city checks its parking permits + (e.g. every week/month/year), it will detect that Michiel is no longer eligable + for a parking permit, which it can subsequently revoke. + Note that if Michiel did not decide to sell the car (and supposing that the credentials have not expired), + he would not need to re-apply for such a permit every year, which saves on agony.
@@ -743,7 +761,7 @@

Check Revocation

are being used by which verifiers.
Needs
F.1, F.5, E.2, E.4, H.2, H.4 - , C.2, C.3, C.5. + , C.2, C.3, C.5, L.5. Also, the need for this is illustrated in section 5.2, where the NOAA needs to check the current status of all of Pat's certifications.
The above paragraph on Needs needs to be revised.