- From: Dmitri Zagidulin <dzagidulin@gmail.com>
- Date: Wed, 7 Mar 2018 19:26:25 -0500
- To: Brett McDowell <brett@fidoalliance.org>
- Cc: Markus Sabadello <markus@danubetech.com>, Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANnQ-L4rragOSyC6+oyXV5eGZaC1R_B-ze9TGh7LKe-NWP9yqw@mail.gmail.com>
Hi Brett, I participate in the Web Authentication WG (mostly in listen-only capacity), and from everything I've been able to understand, the spec is tantalizingly to what we're trying to do with DID-Auth, except that you don't get access to the keys to perform signatures or verify them (you just have the challenge-response API to work with). I'll re-read the latest spec, and see if I can explain in more detail. On Mon, Mar 5, 2018 at 10:06 AM, Brett McDowell <brett@fidoalliance.org> wrote: > Is anyone here also participating in the W3C Web Authentication Working > Group <https://www.w3.org/blog/webauthn/>? The work they are doing seems > to fit DID-Auth use cases. I can try to recruit someone from that effort > to come help this group if we don't already have that expertise engaged. A > full understanding of Webauthn/fido2 should make progress against the > following next step pretty easy: > > > *DID Auth work should focus on the following:* > > > - *Agree on scope of DID Auth.* > - *Agree on supported formats for challenges and responses.* > - > *Agree on supported protocols and flows. * > > > Brett McDowell, Executive Director, FIDO Alliance > <https://fidoalliance.org/> | +1 (413) 404-5593 <(413)%20404-5593> > > On Sat, Mar 3, 2018 at 10:31 AM, Markus Sabadello <markus@danubetech.com> > wrote: > >> Just a quick note on the DID Auth topic, I submitted a RWoT#6 topic >> paper that summarizes the many different ideas, data formats, flows, >> etc. I've seen in relation to "DID Auth". >> >> https://github.com/WebOfTrustInfo/rebooting-the-web-of- >> trust-spring2018/blob/master/topics-and-advance-readings/ >> DID%20Auth:%20Scope,%20Formats,%20and%20Protocols.md >> >> (Sorry for doing this so late, maybe it can serve as an outline for >> discussions next week). >> >> Markus >> >> On 02/06/2018 04:06 PM, Manu Sporny wrote: >> > On 02/06/2018 08:20 AM, Markus Sabadello wrote: >> >> But I wanted to quickly report that I was selected for this BCGov >> >> opportunity to design and implement a DID authentication (DID-Auth) >> >> and authorization mechanism across 4 concrete scenarios: >> > Congratulations, Markus! That's great news! >> > >> >> I would love this group's input on how to approach this in a way that >> >> is re-usable and complementary with other community efforts. >> > ... and thank you for seeking input from the community in an attempt to >> > align what you create with what we're doing. >> > >> >> I am aware there is already a lot of existing work from RWoT and >> >> other sources on DID/TLS, HTTP Signatures, Credentials Browser API, >> >> etc. that can be used. >> > Yes, let's please re-use all the work that has been done to date. For >> > example, HTTP Signatures were designed to be compatible with DID-based >> > authentication since we introduced the spec way back in 2013. >> > >> > A tremendous amount of work has gone into the Credential Handler demo in >> > order to align it with browser initiatives from Google Chrome and >> others: >> > >> > https://credential-repository.demo.digitalbazaar.com/ >> > >> > I'm concerned that deviating greatly from these directions will result >> > in derailing some of this work... or at least, if anyone plans to >> > deviate, please understand why the designs are as they are today and >> > make sure you're deviating for a very good reason. >> > >> > That said... this is all great news Markus! Looking forward to >> > discussing it during the calls. >> > >> > -- manu >> > >> >> >> >> >
Received on Thursday, 8 March 2018 00:27:03 UTC