Re: When to use pair-wise unique DIDs vs. just individual unique DIDs

Drummond,
Thanks for this clarification (and sorry for my late reply.)

I have concerns about how interoperable such a complex model will be.  I
also have concerns that such a model will result in solutions that don't
remain self-sovereign, but I'm hoping to bring this thread to a close so I
won't continue that thought.

My larger concern is that it sounds like introducing this shared micro
ledger approach is something all SSI providers would need to adopt
otherwise hopes of interoperability seem out of reach. Rather continuing to
pull on this "MyNewerSpace" thread, what is the process for turning these
discussions into actions the results standards we can all use?

For example, we are building an SSI solution that would solve the WebAuthn
scenario with only one DID for MyNewerSpace, and a unique DID for the users
of the service.  How do we ensure that both our SSI solution and the Sovrin
solution could be used by Alice and MyNewerSpace?

   -chrisb

On Mon, Apr 16, 2018 at 11:50 PM, =Drummond Reed <drummond.reed@evernym.com>
wrote:

> Chris, sorry to take all day to reply; it was just that kind of day.
> Inline.
>
> On Mon, Apr 16, 2018 at 8:44 AM, Chris Boscolo <chris@boscolo.net> wrote:
>
>> Drummond,
>> Can I try to unpack this discussion with a concrete example?
>>
>
> Yes, that always helps.
>
>
>>
>> Scenario:
>> Alice, a brand new adult user of the Internet gets her first iPhone, and
>> wants to join the social network that all her friends are using called
>> MyNewerSpace.com.  Alice downloads the MyNewerSpace.com App, and clicks
>> "Create New User".  MyNewerSpace.com decided to roll their own SSI
>> implementation with a DID method name of "mynewer", but they allow users to
>> choose their own SSI provider, and Alice chose Sovrin.
>>
>> did:sov:aaa-bbb-1: is the DID Alice gives to MyNewerSpace.com.
>>
>
> Okay, this is likely where the confusion lies. A microledger DID would use
> a different DID method. The Sovrin community is discussing two options:
>
>    1. did:sov:local:  <== This method would be in the Sovrin DID method
>    namespace, but the Sovrin code would recognize it as a microledger DID.
>    2. did:local:  <== This would be a standard DID method
>    for microledgers.
>
>
>
>> did:mynewer:xxx-yyy-1: is the DID MyNewerSpace.com gives to Alice to
>> communicate with the service.
>>
>> 1) After Alice clicks, "Create New User".  Where are" did:sov:aaa-bbb-1"
>> and "did:mynewer:xxx-yyy-1" stored?
>>
>
> So assuming a microledger DID method, the first one would be stored by
> Alice's Sovrin agent on a microledger dynamically created by that agent and
> used just with MyNewerSpace.
>
>
>>
>> 2) Where does MyNewerSpace.com go to lookup the DDO for "did:sov:aaa-bbb
>> -1"
>>
>
> This is probably obvious, but with a microledger DID method, MyNewerSpace
> would ask its own agent to look up the microledger for Alice.
>
>
>>
>>    2a) Is this some type of walled-garden to provide the privacy you
>> speak of?
>>
>
> Yes. The microledger only exists for Alice and MyNewerSpace.
>
>
>>
>> 3) Where does the App Alice uses to login into MyNewerSpace.com go to
>> lookup the DDO for "did:mynewer:xxx-yyy-1"?
>>
>
> First, just to clarify, for Alice to log into MyNewerSpace, it's
> MyNewerSpace that needs to look up Alice's DID and DID document to send her
> a DID Auth challenge (unless Alice is doing mutual authentication, which is
> of course a good idea). If Alice needs to do that, then Alice's agent would
> need access to a DID resolver for the did:mynewer: method.
>
> Note that if MyNewerSpace issued Alice a pairwise pseudonymous DID when
> they formed their relationship, then both DIDs would be on their
> shared microledger, and both would always know the address of the other
> agent via the other's DID document. Again, if that connection was ever
> severed because both agents moved URLs at the exact same time, then the two
> agents could use a dead-drop <https://en.wikipedia.org/wiki/Dead_drop> on
> a public ledger to restore the connection.
>
> Hope this helps,
>
> =Drummond
>
>
>
>>
>>    -chrisb
>>
>>
>>
>> On Mon, Apr 16, 2018 at 1:14 AM, =Drummond Reed <
>> drummond.reed@evernym.com> wrote:
>>
>>> [sorry—caught a typo that could be very confusing—see correction in red
>>> below]
>>>
>>> On Sun, Apr 15, 2018 at 7:50 PM, =Drummond Reed <
>>> drummond.reed@evernym.com> wrote:
>>>
>>>> On Sun, Apr 15, 2018 at 9:42 AM, Chris Boscolo <chris@boscolo.net>
>>>> wrote:
>>>>
>>>>> Drummond,
>>>>> I must admit, this answer caught me by surprise...
>>>>>
>>>>> How is what you are describing any different than our current
>>>>> federated ID nightmare?
>>>>>
>>>>
>>>> Chris, I must have mis-communicated something. Keep reading.
>>>>
>>>>
>>>>>
>>>>> In the age of the Internet and hackers being mostly smarter than those
>>>>> building infrastructure, the term "private" is meaningless.
>>>>> "Private" just means hidden from the public until at some point in the
>>>>> future it is no longer hidden.
>>>>>
>>>>
>>>> Yes, of course, the "privacy" of a microledger is not just that it's
>>>> *not* a public ledger. The DIDs and DID documents on a microledger
>>>> should still be as privacy-protecting as they would be on a public ledger,
>>>> i.e., they shouldn't leak any information about the identity owner or
>>>> relationship. They just are not publicly searchable or viewable.
>>>>
>>>>
>>>>
>>>>>
>>>>> Furthermore, I thought the whole point of the DID approach is that the
>>>>> DID owner can update the DDO if, for example, they want to update the
>>>>> keys.  How would this work if as you say "and that each can maintain a copy
>>>>> of the other's DID document".
>>>>>
>>>>
>>>> That may have been the phrase that tripped you up. The "copy" of the
>>>> shared DID document on the microledger is just like the "copy" maintained
>>>> by all the nodes on a distributed public ledger. In other words, only
>>>> the identity owner has the ability (or can delegate the ability) to make
>>>> any chances to the DID document.
>>>>
>>>> To be clear, if Alice maintains a microledger with Bob, then Bob's node
>>>> on the microledger has a copy of the pairwise pseudonymous DID and DID
>>>> document that Alice has created for Bob, and Alice's node has a copy of the
>>>> pairwise pseudonymous DID and DID document that Bob has created for Alice.
>>>> Since both DID documents contain the service endpoints for their respective
>>>> agents, the two agents are the only "nodes" that need to keep
>>>> the microledger in sync (i.e., "consensus" is pretty easy). But it's still
>>>> an actual ledger, i.e., all transactions are signed, hashed together into a
>>>> chain, and replicated to all nodes.
>>>>
>>>>
>>>>
>>>>> Looks like I either need to re-evaluate my support for this approach
>>>>> or hopefully some can help clarify this a bit more.
>>>>>
>>>>
>>>> Hopefully I've done that; let me know if it's still not clear.
>>>>
>>>> =D
>>>>
>>>>>
>>>>>   -chrisb
>>>>>
>>>>>
>>>>> On Sun, Apr 15, 2018 at 3:50 AM, Carlos Bruguera <carlos@selfkey.org>
>>>>> wrote:
>>>>>
>>>>>> Hey Drummond,
>>>>>>
>>>>>> The approach of "private" pairwise DID seems totally reasonable as it
>>>>>> fits the very purpose of pairwise identifiers which is (in my
>>>>>> understanding) to establish a *private* channel for authentication
>>>>>> and authenticated comunication between entities. Also, leaving the ledger
>>>>>> for the data that is making purposedly public works not only as an
>>>>>> anti-spam measure on the ledger but also solves multiple privacy and
>>>>>> anonymity issues.
>>>>>>
>>>>>> I'm guessing this approach can also be used in cases where
>>>>>> correlativity is desired or at least tolerated (by using the same DID or
>>>>>> "facet" for authenticating to multiple (possibly related) services, even if
>>>>>> generated locally and exchanged privately)?... On a different line, is
>>>>>> there any level of "anchoring" for these "private DIDs" against the public
>>>>>> ledger? Or it's not necessary at all?
>>>>>>
>>>>>>
>>>>>> On Sun, Apr 15, 2018 at 9:38 AM, =Drummond Reed <
>>>>>> drummond.reed@evernym.com> wrote:
>>>>>>
>>>>>>> On Sat, Apr 14, 2018 at 9:46 AM, Chris Boscolo <chris@boscolo.net>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> First, Adam, thanks for posting the "WebAuthn & DID" presentation
>>>>>>>> that surfaced the discussion of using pair-wise unique DIDs.  And thank
>>>>>>>> you, Drummond, for linking to the discussion taking place at Sovrin on the
>>>>>>>> subject. (https://forum.sovrin.org/t/th
>>>>>>>> e-benefit-of-pairwise-dids/628/3)
>>>>>>>>
>>>>>>>> I decided to pull this one question out into its own thread to get
>>>>>>>> clarification and to help inform how the WebAuthn protocol might be
>>>>>>>> modified to support DIDs.
>>>>>>>>
>>>>>>>> I think the community would benefit if we had a clear understanding
>>>>>>>> of when pair-wise unique DIDs should be used vs. when a per-user unique
>>>>>>>> DIDs will suffice.
>>>>>>>>
>>>>>>>> In the example, where a user is creating a new account on a popular
>>>>>>>> website it is clear to me that the user will want to use a unique DID for
>>>>>>>> only that site.  But, I question whether it is a good idea for the website
>>>>>>>> to create a unique DID to communicate with that one user.  In fact, I
>>>>>>>> wonder if doing so will open the door to other unintended ways of
>>>>>>>> correlating users with the site. (When these DIDs are in public ledgers.)
>>>>>>>>
>>>>>>>
>>>>>>> Chris, I just wanted to point out why your final parenthetical is
>>>>>>> important to this discussion. In Sovrin architecture, pairwise
>>>>>>> pseudonymous DIDs *are not written to the public ledger*.
>>>>>>>
>>>>>>> It's true that a year ago, even as we started to use pairwise
>>>>>>> pseudonymous DIDs, we assumed they were all being written to the Sovrin
>>>>>>> public ledger because: a) they did not provide any correlate-able data, and
>>>>>>> b) we didn't have an alternative.
>>>>>>>
>>>>>>> We subsequently realized that, since the whole point of pairwise
>>>>>>> pseudonymous DIDs is that they are only needed by the two parties
>>>>>>> involved—and that each can maintain a copy of the other's DID
>>>>>>> document—there was no reason to write them to a public ledger. Rather the
>>>>>>> two parties could maintain them on their own private microledger.
>>>>>>>
>>>>>>> This has several significant advantages:
>>>>>>>
>>>>>>>    1. It is even better from a privacy perspective since neither
>>>>>>>    the pairwise pseudonymous DIDs nor their DID documents needed to be public.
>>>>>>>    2. It is wonderful from a scalability perspective since
>>>>>>>    the microledgers add almost no load to the public ledger.
>>>>>>>    3. It means the Sovrin public ledger can be optimized for public
>>>>>>>    DIDs and other SSI infrastructure data that needs to be fully public and
>>>>>>>    widely shared.
>>>>>>>
>>>>>>> Should these considerations be added to the DID spec?
>>>>>>>>
>>>>>>>
>>>>>>> That's a very good question. I don't think the DID spec (or any
>>>>>>> other spec) should be weighed down with lots of implementation guidelines
>>>>>>> and advice, but we should probably mention the basic option that DIDs can
>>>>>>> be registered on public ledgers, private ledgers, or microledgers.
>>>>>>>
>>>>>>> What do you think?
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>