W3C home > Mailing lists > Public > public-credentials@w3.org > November 2017

Re: DID Spec Hardening Proposal V3

From: Christopher Allan Webber <cwebber@dustycloud.org>
Date: Mon, 27 Nov 2017 13:22:00 -0600
To: Dave Longley <dlongley@digitalbazaar.com>
Cc: =Drummond Reed <drummond.reed@evernym.com>, Melvin Carvalho <melvincarvalho@gmail.com>, "W3C Credentials CG \(Public List\)" <public-credentials@w3.org>
Message-ID: <87tvxfwmqv.fsf@dustycloud.org>
Dave Longley writes:

> If every DID method supported this method of retrieval, DID resolvers
> would become vastly more simple, interop would receive a significant
> boost, and application developers could more easily embed these smaller
> DID resolvers and focus on writing applications. Also, if we combine
> this approach with the path resolution approach above, a DID resolver
> that worked across all DID methods could be entirely implemented using
> only HTTP for all HTTP-based service requests.
>
> Note that there may also be some economic opportunities for trusted
> resolution services that could arise from this model.

Joe, Manu, Dave and I had some conversations about this at the AirBnB
but they never got recorded in a way that the rest of the group heard,
so I should probably write that down.  Say you want to retrieve a
DID... how do you do it?  You have three resolution methods:

1) Run a full node, of all DID methods you'd consider using.  Definitely
   not feasible for most users.

2) Run a full node of one or a few DID methods.  More feasible, but
   still not feasible for many users.  Though as Dave says above, someone
   already participating in a DID method could do this at little extra
   cost... in fact, maybe even at some profit (see 4 & 5).

3) Don't run a full node yourself, but connect to a number of nodes over
   a general-purpose DID resolution service.  Retrieve the same DID from
   several random nodes to have some level of reasonable assurance that
   the object you get back really is the object it says it is.
   Unfortunately, on its own, the economics of this may be fairly
   poor... a lot of leeching without an incentive to be a provider.
   (But someone would "step up" to volunteer for this?  After all there
   are public DNS servers one can connect to...)

4) Have a trusted, probably paid relationship with some well known
   entity.  You trust this entity, so they're hooked into the full
   system, and you just believe what they tell you, or rely on the
   proofs they distribute (however I think of the proofs for the methods
   using a blockchain require being a full node to be *really*
   sure... maybe less true for IPID)

5) Have a peer-to-peer resolution system speaking a common protocol
   where you can get "paid" to distribute correct DIDs.  Filecoin may be
   inspiration here.

One question I have with 4 (paid edition) and 5 is: we're selling DIDs
pretty hard on being a system that everyone is able to participate in
regardless of socioeconomic status.  It seems to me from thinking
through the above that we may be at risk of adding some significant
level of expense to play, but it's not clear until we've actually built
and tested such a system.

On the upside:
 - #4 and #5 answer the "who pays for it" question nicely, which always
   gets asked
 - Participating in #4 or #5 should be pretty easy once you're already
   participating in the method, as I think Dave was trying to convey above
 - In #5 at least you could imagine being able to trade-your-way towards
   easier participation in the system.  Perhaps there are
   lower-hanging-fruit DIDs (IPFS/IPID?) which provide less longevity
   guarantees but which are easier to retrieve and "trade up" for the
   systems that require holding a full node.

What do people think?
 - Chris
Received on Monday, 27 November 2017 19:22:40 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:42 UTC