- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sun, 7 Jul 2019 15:34:41 -0400
- To: public-credentials@w3.org
On 7/2/19 10:13 AM, Daniel Hardman wrote: >> This is the only concern that I have as it comes across as an >> ultimatum. I'm sure you didn't mean it that way. > > Sorry. I've been up for chunks of the night with a headache and > nausea, and I'm not writing as clearly as I prefer. I'm sorry to hear that Daniel, :( -- I hope you're feeling better now that a few days have passed. I know that many of us are working ourselves to the bone these days to keep up with how fast this space is moving and so I sympathize with feeling the need to respond even though you're not feeling 100%. I tried to provide a bit of lag between your response and this response in the hopes that we could take the discussion a bit more slowly (and with you in better health). > It wasn't meant at all as an ultimatum, just a bid to consider an > idea. I agree that we should consider all well reasoned and well informed ideas, and I count the work that Aries and DIF have done in the space as ideas and implementations that must be considered (because they are well reasoned and well informed). I also consider the ideas that we (Digital Bazaar, and our customers) are contributing to this group in the same category. >> The only hesitation I have is that DIDComm presumes that you have >> to use DIDs with the system, and just like with VCs, it's possible >> and is the default mode of operation... it's not the only mode. >> We're trying to reach folks outside of the DID ecosystem with the >> work as that will be important when we take this stuff standards >> track. Again, we'd rather cast a wider net than just the DID >> ecosystem. Anyone with a public/private key should be able to use >> this system to protect their data. > > Who is the "we" in this paragraph? The "we" is Digital Bazaar, some folks in the Social Web community, and a number of Digital Bazaar's larger customers (many of which we can't divulge due to NDAs, so we don't need to count them in the 'we'... even though they are there). > It feels like you're asserting this requirement is a foregone > conclusion. I see how it could broaden adoption, but the > architectural cost of having a non-DID-based security and > communication mechanism is profound. Do other CCG members believe it > is a worthwhile tradeoff? I don't know, but we should talk about it! That's all I'm asking for right now. Let me try and draw an analogy. When we started the Verifiable Credentials work waaay back in 2013, we thought to ourselves: "There is no way the W3C Membership is going to approve a Working Group that requires Decentralized Identifiers... and Verifiable Credentials *are* useful even if you don't use DIDs... and supporting both is trivial... just say 'the identifier MUST be a URI', and then make DIDs URIs". That's how we struck the balance last time and got a much larger group on board with Verifiable Credentials than would we have had if we said "DID only". I'd like to see if we can achieve the same this time around, not only for DIDs, but for what these portable data stores are used for... the approach that we've taken demonstrates that it's possible... now we just need to see if the various communities and implementers agree that the direction is worth pursuing (or would rather we not pursue the direction). -- manu -- Manu Sporny (skype: msporny, twitter: manusporny) Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Sunday, 7 July 2019 19:35:04 UTC