Re: DID-Auth from Melvin Carvalho on 2018-02-07 (public-credentials@w3.org from February 2018)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Wed, 7 Feb 2018 17:08:23 +0100
To: Markus Sabadello <markus@danubetech.com>
Cc: W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <CAKaEYh+-ZRBHC8mJfzhYg2MWHDJDJz+5JdJPD_iCr5pk8ez_5g@mail.gmail.com>

On 7 February 2018 at 15:58, Markus Sabadello <markus@danubetech.com> wrote:

> Here's some work on DID-TLS that Evernym did last year, it's probably not
> fully up-to-date:
> https://docs.google.com/document/d/1-aPY1eeHdR_TnF7_
> WpEs58RZ_jNdDeptVrNEu3groFc/
>
> Melvin, since you have a lot of experience with WebID, your ideas on this
> would be interesting too!
>

Thanks Markus!  Very interesting, still digesting ...


> Markus
> On 02/07/2018 03:04 PM, Melvin Carvalho wrote:
>
>
>
> On 7 February 2018 at 10:33, Markus Sabadello <markus@danubetech.com>
> wrote:
>
>> I think it was mostly Kyle Den Hartog (who attended RWoT#5) with some
>> input from others who used that Google doc for brainstorming on DID-Auth,
>> and yes we've had some discussions on this during the DIF calls.
>>
>> Thanks for your feedback and adding some pointers, +1 to re-using what's
>> already there.
>>
>> Personally, think the term DID-Auth has been used quite a bit but is
>> currently not really well-defined.
>> It could be understood as an umbrella term for "proving control over a
>> DID", and perhaps also more broadly as "proving something else such as
>> possession of a credential".
>>
>> This high-level concept of DID-Auth can manifest itself in various ways:
>>
>> - *Proof of control over a DID on a transport layer* -> DID-TLS,
>> CurveCP, CurveZMQ
>>
>
>
> DID-TLS sounds very interesting -- can I read more about it?
>
>
>> - *Proof of control over a DID on the HTTP layer* -> HTTP-Signatures
>>
>> - *Proof of control over a DID and proof of possession of a credential
>> inside a browser* -> Credential Handler API
>>
>> - *Proof of control over a DID via more complex flows involving
>> browsers, redirects, mobile apps, etc., potentially transport-agnostic*
>> -> Some kind of challenge/response pattern using LD-Signatures, see
>> DID-Auth diagrams from RWoT#4
>>
>> For the BCGov project, I feel like a mix of these will be required,
>> looking forward to further discussions during the calls and at RWoT.
>>
>> Markus
>> On 02/06/2018 05:03 PM, Manu Sporny wrote:
>>
>> On 02/06/2018 08:20 AM, Markus Sabadello wrote:
>>
>> I would love this group's input on how to approach this in a way that
>> is re-usable and complementary with other community efforts.
>>
>> Hmm, just found this in the link you sent, Markus:
>> https://docs.google.com/document/d/1Lt0uMvSuv094Bb-5XvVKNqNFEDrlWm3acy1O5-vVZu4/edit#
>>
>> Feels like DIF is duplicating work that is also being done in this CG.
>> We should talk about making sure we're not duplicating effort when we
>> discuss this in the CG.
>>
>> -- manu
>>
>>
>>
>>
>
>

Received on Wednesday, 7 February 2018 16:09:02 UTC