Re: What’s after DIDs? from Henry Story on 2019-07-30 (public-credentials@w3.org from July 2019)

From: Henry Story <henry.story@gmail.com>
Date: Tue, 30 Jul 2019 14:23:23 +0200
To: Credentials Community Group <public-credentials@w3.org>
Cc: Manu Sporny <msporny@digitalbazaar.com>
Message-Id: <4E70B4FD-E3E3-48AC-8B9F-6FAC53AE9F64@gmail.com>

> On 30 Jul 2019, at 13:16, Henry Story <henry.story@gmail.com> wrote:
> 
> Would it be possible to make a minor extension to HttpSignature
> so that one can use https WebIDs [0] just as a way to get a simple
> thing going? That could be completely compatible with DIDs, but
> would allow one to get going in cases where one does not need
> all of the extra goodies that DIDs give one.
> 
> I did some work on that to implement a server side HTTP-Signatures
> and before that I worked on how one could use JS Crypto to create
> keys in the browser. 


Actually I think one could get the two to get quite close by adding a
notion of a KeyId ie perhaps an URI for a key that could be linked to
a WebID. One could then have 

- https:// KeyIds. These could be located in the WebID Profile,
in a different document on the same server, or perhaps even on 
a different server.
- or dids.

A WebID could point to the KeyID or DID (or perhaps these are
the same?), and authentication using Https Signature could then
pass both in the header. The DID for authentication, the WebID for
social network type identifier, and the link from the WebID  to the 
Did/KeyId in the Profile Document would be the proof.

Henry

> 
> Henry
> 
> [0] https://www.w3.org/2005/Incubator/webid/spec/identity/ <https://www.w3.org/2005/Incubator/webid/spec/identity/>
> [1] https://github.com/read-write-web/akka-http-signature <https://github.com/read-write-web/akka-http-signature>
> [2] https://github.com/read-write-web/solid-client <https://github.com/read-write-web/solid-client>
> 
>> On 30 Jul 2019, at 04:22, Manu Sporny <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com>> wrote:
>> 
>> On 7/29/19 1:35 PM, Joe Andrieu wrote:
>>> TL;DR What’s after DIDs?
>> 
>> From a technical standards perspective, these are currently pain points
>> for Digital Bazaar and our customers that seem like we might be able to
>> collaborate on with other developers / companies in this group:
>> 
>> * True multi-DID interop
>> * True multi-wallet/issuer/verifier interop
>> * Collaboration on the Credential Handler API
>> * Linked Data Proofs/Signatures (W3C WGs for these)
>> * Secure Data Hubs (or, how do we make storage privacy-aware
>>  and self-sovereign)
>> * Verifiable Credentials 1.1 (we're not done yet)
>> * Verifiable Credentials Extensions
>> * VC/DID/LDP Registries
>> 
>> There are non-technical things we should do as well:
>> 
>> * Non-Violent Communication (and other approaches) to mend some of the
>>  damage across the identity community
>> * Field Work - More Use Cases from real people/customers
>> * Bite sized material to communicate our work to the general public
>> 
>> -- manu
>> 
>> -- 
>> Manu Sporny (skype: msporny, twitter: manusporny)
>> Founder/CEO - Digital Bazaar, Inc.
>> blog: Veres One Decentralized Identifier Blockchain Launches
>> https://tinyurl.com/veres-one-launches <https://tinyurl.com/veres-one-launches>
>> 
>

Received on Tuesday, 30 July 2019 12:23:52 UTC