W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: decentralised

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Wed, 15 Jun 2016 23:20:29 +0200
Message-ID: <CA+eFz_JiUsaY59i=kR6DVVx6hcbvmZNkCcbmA2iyC2+Kv7KSKA@mail.gmail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: Dave Longley <dlongley@digitalbazaar.com>, Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials Community Group <public-credentials@w3.org>
A good solution should support identifiers that are stored in a
decentralized registry (blockchain or WebDHT etc) and those that are held
in namespaced registries (DNS/domain based etc).

Different users will have the need to use one, the other or both at
different times.

The same user should be able to point both the of the following identifiers
at the same identity:
user@host and uuid:gdgyt767fd

The challenge is that every decentralized identity registry is effectively
another silo from the perspective of a protocol that needs to do discovery
as it's first step.

On 15 June 2016 at 22:01, Melvin Carvalho <melvincarvalho@gmail.com> wrote:

>
>
> On 15 June 2016 at 15:37, Dave Longley <dlongley@digitalbazaar.com> wrote:
>
>> On 06/15/2016 04:31 AM, Melvin Carvalho wrote:
>> >
>> >
>> > On 14 June 2016 at 16:21, Manu Sporny <msporny@digitalbazaar.com
>> > <mailto:msporny@digitalbazaar.com>> wrote:
>> >
>> >     On 06/13/2016 07:33 PM, Melvin Carvalho wrote:
>> >     > "The Web currently does not have a mechanism where people and
>> >     > organizations can claim identifiers that they have sole ownership
>> >     > over. Identifiers, such as those rooted in domain names like
>> emails
>> >     > addresses and website addresses, are effectively rented by people
>> >     > and organizations rather than owned. Therefore, their use as
>> >     > long-term identifiers is dependent upon parameters outside of
>> their
>> >     > control. One danger is that if the rent is not paid, all data
>> >     > associated with the identifier can be made temporarily or
>> permanently
>> >     > inaccessible. This document specifies a mechanism where people and
>> >     > organizations can cryptographically claim ownership over
>> identifiers
>> >     > such that they control them and the documents that they refer to."
>> >     >
>> >     > This is not a significant danger.  It's like saying the google
>> could
>> >     > lose google.com <http://google.com> <http://google.com> due to
>> >     factors outside of their
>> >     > control.  It wont happen, will it?
>>
>> Is the assertion that Google will be around forever -- or at least
>> longer than anyone's lifetime? Is the assertion that the likelihood of
>> Google losing its domain is the same as the likelihood of some random
>> person? What about some random person who falls on difficult times and
>> can't pay for their domain? What about some random person that needs an
>> identifier that doesn't reveal certain aspects about them by being
>> attached to their domain?
>>
>> I don't think this covers many cases.
>>
>
> Thanks Dave.  Im more convinced by this.
>
> I think it's good to distinguish between a company going down and a whole
> global infrastructure like ICANN going down, or a govt.  The first we can
> try and mitigate against, primarily by market participants being good
> actors.
>
>
>>
>> >
>> > Have a look at
>> >
>> > https://tld-list.com/
>> >
>> > There's a few domains in the $1-$2 range.
>> >
>> > Lets encrypt certs are free.  But well HTTPS is not mandatory for a
>> > domain.
>>
>> Certificates may be free, paying for the education to be able to
>> maintain one and use Lets encrypt is not free (in many countries). HTTPS
>> may be mandatory to be able to adequately prove various assertions about
>> your identity.
>>
>> >
>> > But actually I think everyone should get credit from the govt to have
>> > one domain (and probably server space) for free.
>>
>> Which government? While a laudable goal, not every government is free
>> and stable.
>>
>> > This is a service that
>> > should be a utility and covered by tax revenue, or passport registration
>> > fees.  It should be started from school so that children have the
>> > ability to learn programming.
>>
>> This may work coming from a first world perspective. What about everyone
>> else?
>>
>
> Yes that's probably a first world perspective.  Estonian ids all come with
> your own subdomain.  I expect other countries to move to digital ids
> soonish.
>
>
>>
>> >
>> > For example have a look at what you can get for 2.99 a month from
>> scaleway:
>> >
>> > https://www.scaleway.com/
>> >
>> > 2 x86 64bit Cores
>> > 2GB Memory
>> > 50GB SSD Disk
>> > 200Mbit/s
>> > Unmetered bandwidth
>>
>> Again, consider the perspective. This approach works for people living
>> in first world countries with tech experience and the desire to run
>> their own servers and/or governments that they trust to indefinitely
>> provide these services on their behalf.
>>
>> Second of all, how are you going to pay for that in the first place? Are
>> you going to present some identity and/or payment credentials that you
>> already possess? I think perspective is key here.
>>
>
> Im very interested in helping people in developing countries.  It would
> actually be good to have numbers on how much an identity costs.  Dont
> forget that one scaleway server could easily host 1 million identities.
>
>
>>
>>
>> --
>> Dave Longley
>> CTO
>> Digital Bazaar, Inc.
>>
>
>
Received on Wednesday, 15 June 2016 21:21:01 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC