Re: Worldview conflicts on the purpose of DID documents from Melvin Carvalho on 2017-12-14 (public-credentials@w3.org from December 2017)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Thu, 14 Dec 2017 18:36:13 +0100
To: "=Drummond Reed" <drummond.reed@evernym.com>
Cc: Credentials Community Group <public-credentials@w3.org>
Message-ID: <CAKaEYhJ69kDVz-cHKenbm8jFr_CY=SJpuYe3m3jvjs_4U4cqQQ@mail.gmail.com>
On 14 December 2017 at 00:33, =Drummond Reed <drummond.reed@evernym.com>
wrote:

> On Wed, Dec 13, 2017 at 3:23 PM, Melvin Carvalho <melvincarvalho@gmail.com
> > wrote:
>
>>
>>
>> On 13 December 2017 at 19:38, =Drummond Reed <drummond.reed@evernym.com>
>> wrote:
>>
>>> The Credentials Community Group has been holding a special set of calls
>>> to drive towards closure of a next "Implementer’s Draft" of the DID spec
>>> <https://w3c-ccg.github.io/did-spec/>. Three calls have been held so
>>> far, and two more are currently planned (this Thursday and next Thursday at
>>> 10AM Pacific Time—see a separate message sent to the list for details of
>>> each call).
>>>
>>> After the last call, I started to see that some of the major sticking
>>> points are due to what I call "worldview conflicts". These are
>>> disagreements that usually surface as differences about details of a spec,
>>> but where the real causes are rooted in different worldviews about
>>> technology—different "big pictures" that different spec contributors are
>>> working from/towards.
>>>
>>> When this is the case, arguments that can go on for days/weeks/months
>>> about the details can often be solved much faster by identifying and
>>> dealing with the differences in the underlying worldviews.
>>>
>>> So I wanted to start a thread just for discussion of these worldview
>>> conflicts. I'll start by taking a stab at articulating the worldviews
>>> as I understand them:
>>>
>>> *THE RDF/JSON-LD WORLDVIEW*
>>>
>>> In this worldview, DID documents are a standard way to describe a
>>> well-known subgraph of a potentially very large RDF graph of data about a
>>> subject. To quote this message from Dave Longley on a github DID issues
>>> thread
>>> <https://github.com/w3c-ccg/did-spec/pull/36#issuecomment-351128922>:
>>> "a DID document, is about establishing an independent entity and being able
>>> to authenticate that certain activities/actions were performed by that
>>> entity -- and to interact with that entity via services. This necessarily
>>> includes specifying how that DID document can be changed." Linked Data
>>> Signatures are also important in this worldview since it is the standard
>>> way to sign JSON-LD documents.
>>>
>>> *THE AGENT WORLDVIEW*
>>>
>>> In this worldview, DID documents are about having an open,
>>> interoperable way to discover and manage the cryptographic keys and service
>>> endpoints necessary to bootstrap secure, verifiable connections, claims,
>>> and interactions between agents acting on behalf of DID subjects.
>>>
>>> *OBSERVATIONS*
>>>
>>> First, obviously neither worldview is "wrong". They are just different
>>> perspectives about the primary purpose of DID documents and the universes
>>> into which they fit.
>>>
>>> Second, in the RDF/JSON-LD worldview it is important to describe the
>>> data using an RDF graph model using an ontology that can live alongside
>>> other ontologies. In the agent worldview the primary importance is on
>>> interoperability; it is not "anti-RDF", but it wants to avoid a dependence
>>> on RDF in order to make it easy to consume/transform the metadata carried
>>> by DID documents into other graph models and formats.
>>>
>>> Thirdly, the two have different views of key management. In the
>>> RDF/JSON-LD worldview the importance is on being able to authenticate an
>>> interaction with the DID subject. In the agent worldview, a DID document is
>>> the "public-face" (or "non-private-face") of all types of key management,
>>> i.e., it is how a DID subject shares any type of key that needs to be
>>> shared with another party to verify interactions, decrypt communications,
>>> or do additional key negotiation.
>>>
>>
>> The agent world view was quite a long sentence.  Could it be perhaps
>> rephrased or broken into more than one sentence.
>>
>
> My apologies. Here's a slightly expanded description of the "agent
> worldview" (which is an arbitrary name, BTW, not anyone's doctrine
> anywhere):
>
>    - Agents are software processes that perform interactions on behalf of
>    their owners/controllers. They broadly fall into two categories:
>       - *Edge agents* run at the edge of the network, on a user's device
>       with the user interacting directly with the agent. Example: a mobile app
>       that serves as an identity wallet. Edge agents are not expected to be
>       always present on the network; they may come and go.
>       - *Cloud agents* run in the cloud. Users do not interact with them
>       directly, but through an edge agent, a web browser, or some other edge app.
>       They are typically always present on the network, similar to an email
>       server or web server, and thus typically have a service endpoint at which
>       they can be reached.
>    - Agents don't have DIDs themselves, rather they represent the subject
>    of the DID. So, if for example a DID identified a person, a service
>    endpoint in the DID document can identify:
>       - An agent (typically a cloud agent) for interacting with that
>       person.
>       - One more more cryptographic keys (or other cryptographic material
>       as Joe points out) that can be used to to secure/verify communications with
>       the agent at that endpoint.
>
> So in the agent worldview, what matters about a DID document is that it
> represents a standard way to discovery the service endpoint(s) and
> cryptographic key(s) needed to perform trusted interactions with the
> subject of the DID via the subject's agent(s). Note that "interactions" is
> unbounded, i.e., it's not just authentication, it may be encryption, key
> negotiation, claims signing, etc. That's why key management is so important
> to the agent worldview. (However I understand Joe's point, in a later
> message, that keys are not as important in other worldviews. I'll reply to
> Joe's message later today; must run into a meeting now).
>

Thank you for the clarification.

It seems to me similar models with slightly different types of indirection.

I have used both models in my time, both have use cases.

FWIW I came into the world of standards (a long while ago) as an RDF
skeptic.  But I thought I better learn a bit about it, at least, to
understand what others were talking about.  I can say that is a time
investment that I have been very happy with, and I feel that things like
JSON-LD are are great path to interop for different worlds and models.

tl;dr I picture both world views being compatible


>
> =Drummond
>
Received on Thursday, 14 December 2017 17:36:38 UTC