At the request of today's meeting I create this addendum and would like feedback from the team on it prior to use. ..tom Effect of AI on User Agent Wallets Most user agents, like browsers and wallets, are already offering users assistance is setting preferences and saving passwords or pass keys. As AIs grow in capabilities on the user mobile devices, they will be more involved in user convenience, privacy and safety. This section focuses on the means to ensure that privacy enhancing choices are made for the benefit of the user. Both the existing practice with the Driver’s license card as well as the early example of mobile verification apps enable the verifier to acquire more of the user’s data than is needed for the purposes of the transaction. In order for the user, or the user’s agent to make informed decisions about the data needed the purpose and the verifiable identifier of the organization requesting the data must be supplied. This will allow a real-time evaluation of the request against the typical request for such a transaction beyond what the user would normally understand. Similarly, dark patterns from verifiers could be detected and the user warned. As new dark patterns are discovered in attacks against user privacy and security, these can be presented to any AI agent to improve the user’s experience. Here we focus on a request made to an unknown user by the verifier as well as the issuer since they also verify the user before issuing any credential to them. The Verifier may make any number of different requests in their query to the user’s agent that will help the agent make good decision for the user. Some of those requests will be to understand what wallet is used and the level of protection provided by the wallet, including proof of presence and proof of continued liveness of the certificate holder or the holder’s delegated representative. In these circumstances the agent is not permitted to act for the holder but must honor the request of the verifier. Where the agent does act on behalf of the holder, it is important for the wallet or other agent code to be identified to the verifier. Any agent instance identification can itself be personally identifiable information about the user and must be treated as such by the verifier. The information on Purpose and the Identity of the Verifier is critical to the user or the user’s agent when acting on their behalf. It is to be expected that strong trust ecosystems for these as well as other data supplied by the verification are in place. The adoption of AI agents, wallets and other mobile applications depends on such a trust relationship. One other use case where an AI user agent could help is where the user wishes to select a credential to provide to the verifier before the verifier sends any information to the user. This type of transaction is high risk as the user can only rely on the physical context and has no other control over who actually acquires the presented credentials. The AI agent can try to understand the context by any means available and help to guide the user into a safe choice.
participants (1)
-
Tom Jones