Re: Voluntary (and non-) Standards

On 12/8/16 4:45 PM, Nottingham, Mark wrote:
> Personally, I refer to it as "hope-based standardisation." There is
> certainly a place for it, but making such an effort successful
> takes a considerable amount of very specialised work (or luck).
>...and is one of
> the reasons you're seeing such a strong reaction from the "old
> timers". If you want the discussion to move forward, I'd recommend
> that the advocates stop making assertions like this; it's a bit of
> a red flag.
>
> Hope this helps,

It did help me.

It reminds me of that tremendous skit by Lily Tomlin where her elderly 
parents are driving her insane by arguing, in the same terms, over and 
over, about a cake, and she finally loses it and screams at them as 
loud as she can, "AAAAAAAHHHH!! PLEASE STOP ARGUING ABOUT THE 
CAKE!!!!" and then slams the door.

In my opinion sometimes contexts are similar enough to draw useful 
conclusions from ("past experience with attempts at standardization in 
the W3C, of which the VC is an example, leads to such and such a 
prediction of what will happen..."); but these conclusions are just 
risk assessments, guesses, in the same way as the 'hope' is; and we 
don't know, in either case, what's actually going to happen next.

And sometimes contexts are so different that such a comparison is 
misleading.

 From my point of view the accelerating changes on the Earth at the 
moment make it likely that this may be a unique need (the need for 
verifiability, for traceability, for accountability) that has sprung 
up because of the crossover of the Internet, Global Trade, terrorist 
activity and warfare, and the limits of the Earth and climate change.

This may be crucial for us, as a species, to get past some extremely 
thorny knots that the Internet is presenting for us; it may be a need 
so great that the question is really 'what can each of us do to help 
this happen?' --In other words, it may be that we'll need to get 
*some* method of verification of digital data's relationship to 
physical truth, or literally go up in flames. It's not like we don't 
have the arsenal waiting to do that, in various places in the world.

I have no idea if W3C is the right place to attempt this 
standardization. Or even if standardization is the correct path -- I'm 
not arguing for either side of the cake. But I don't think comparing 
it with past standardization needs is necessarily all that useful, 
because I think this problem exists in a larger scale of importance to 
be accomplished than most of what has gone before.

Steven Rowat




>
>
>
>
>> On 9 Dec. 2016, at 9:09 am, Michael Champion
>> <michael.champion@microsoft.com> wrote:
>>
>>> "long experience has shown in W3C that "if we standardize it,
>>> they will come as needed" is a generally false assertion."
>>
>> Hmm, I was hoping someone would provide a couple of
>> counter-examples.  The one usually cited is SVG, which gradually
>> gained credibility and universal implementation long after the
>> original Recommendation was published.   But that happened 15
>> years ago, and I can’t think of a more recent example. John
>> Foliot makes a good point about WCAG, but that is a *guideline*
>> not a spec to be implemented.  And its success as a quasi-de jure
>> standard comes after many years of relationship building,
>> education, and successful use in the real world.
>>
>> One interesting data-based analysis is in
>> https://blogs.windows.com/msedgedev/2016/02/03/2016-platform-priorities
>> - “more than a third of web standards aren’t implemented by any
>> of the most popular browsers.”   It would be interesting to
>> research which supposed core web platform standards those are and
>> how they got to be standardized without implementation support.
>> But this reality is what is driving the browser implementer
>> community to insist on incubation before standardization.
>>
>> More anecdotal evidence of notable failures of Rec-track work to
>> be implemented, with painful consequences for W3C:
>>
>> - XHTML2 is the poster child for an “aspirational” effort that
>> had no support from implementers, and W3C’s persistence in trying
>> to standardize an XML-based alternative to HTML drove HTML
>> standards work out of W3C, to WHATWG.  W3C admitted error and
>> tried to re-unite the communities a few years later, but the
>> wound never healed and most technical work on HTML and DOM now
>> happens in WHATWG (with W3C playing a useful role of publishing
>> versions with broad and clear patent commitments).
>> https://en.wikipedia.org/wiki/WHATWG#History
>> https://www.wired.com/2009/07/the_w3c_buries_xhtml_2dot0_html_5_is_the_future_of_the_web/
>>
>>  - A more recent example is the HTML longdesc attribute, which
>> became a W3C Recommendation over the objections of implementers,
>> and even 2 years later AFAIK has little actual (correct) use on
>> popular websites. For example, it’s not mentioned by caniuse.com,
>> the de facto reference for which web “standards” actually work.
>> And it’s still not specified in the WHATWG version of HTML.
>> Although it is not widely implemented or used, it still causes
>> controversy and distraction. http://caniuse.com/#search=longdesc
>> https://github.com/w3c/html/issues/507
>>
>>
>>
>> From: Adrian Hope-Bailie <adrian@hopebailie.com> Date: Thursday,
>> December 8, 2016 at 1:18 PM To: Tantek Çelik
>> <tantek@cs.stanford.edu> Cc: "Varn, Richard J" <rvarn@ets.org>,
>> Gray Taylor <gtaylor@conexxus.org>, David Singer
>> <singer@apple.com>, David Ezell <David_E3@verifone.com>, Michael
>> Champion <Michael.Champion@microsoft.com>, Manu Sporny
>> <msporny@digitalbazaar.com>, Nate Otto <nate@badgealliance.org>,
>> "Stone, Matthew K" <matt.stone@pearson.com>, Chris Wilson
>> <cwilso@google.com>, Mark Nottingham <mnotting@akamai.com>,
>> "w3c-ac-forum@w3.org" <w3c-ac-forum@w3.org>,
>> "public-webpayments-comments@w3.org"
>> <public-webpayments-comments@w3.org>, Drummond Reed
>> <drummond@respectnetwork.com>, Nathan George
>> <nathan.george@evernym.com>, Kerri Lemoie
>> <kerri@openworksgrp.com>, David Chadwick
>> <d.w.chadwick@kent.ac.uk>, Eric Korb
>> <Eric.Korb@accreditrust.com>, Christopher Allen
>> <ChristopherA@blockstream.com>, Phil Archer <phila@w3.org>, Linda
>> Toth <ltoth@conexxus.org>, Jay Johnson <jay@qples.com>, Bob Burke
>> <bburke@kou.pn> Subject: Re: Voluntary (and non-) Standards (was:
>> Support for Verifiable Claims)
>>
>>
>>
>> What I am still waiting for is a citation (or anything more than
>> anecdotal evidence) for the following statement which seems to be
>> the crux of all arguments I have heard against this work to
>> date:
>>
>> "long experience has shown in W3C that "if we standardize it,
>> they will come as needed" is a generally false assertion."
>>
>>
>>
>> On 8 December 2016 at 23:01, Tantek Çelik
>> <tantek@cs.stanford.edu> wrote:
>>
>>> On Thu, Dec 8, 2016 at 12:51 PM, Varn, Richard J
>>> <rvarn@ets.org> wrote:
>>>> I cannot say I much appreciate your discourteous tone.
>>>
>>> Please don't misinterpret directness as discourteousness. I
>>> will interpret tone-policing of content criticisms as
>>> insecurity.
>>>
>>>> Attached is the information on state of digital driver's
>>>> licenses I got from the Internet in 3 minutes and 25
>>>> seconds.
>>>
>>> Thanks I will take a look.
>>>
>>>> So there should be some greater use of citations by us
>>>
>>> By everyone.
>>>
>>>
>>>> and some basic research by you
>>>
>>> No.
>>>
>>> This is part of the problem that Chris, Mike, David have
>>> pointed out. Any expectation from advocates that critics are
>>> supposed to do their own research is an unreasonable attitude
>>> of time-entitlement.
>>>
>>> This is such a fundamentally flawed attitude that it further
>>> undercuts any faith in verifiable claims efforts.
>>>
>>> Imagine if a recipient of a claim was told to "do some basic
>>> research" in order to verify it. It would be totally
>>> unacceptable as a protocol.
>>>
>>> Tantek
>>>
>>>
>>>
>>>> -----Original Message----- From: Tantek Çelik
>>>> [mailto:tantek@cs.stanford.edu] Sent: Thursday, December 08,
>>>> 2016 3:28 PM To: Gray Taylor <gtaylor@conexxus.org> Cc:
>>>> singer@apple.com; David Ezell <David_E3@verifone.com>;
>>>> Michael Champion <Michael.Champion@microsoft.com>; Manu
>>>> Sporny <msporny@digitalbazaar.com>; Nate Otto
>>>> <nate@badgealliance.org>; Stone, Matthew K
>>>> <matt.stone@pearson.com>; Chris Wilson <cwilso@google.com>;
>>>> Tantek Çelik <tantek@cs.stanford.edu>; Mark Nottingham
>>>> <mnotting@akamai.com>; w3c-ac-forum@w3.org;
>>>> public-webpayments-comments@w3.org; Varn, Richard J
>>>> <rvarn@ets.org>; Drummond Reed <drummond@respectnetwork.com>;
>>>> Nathan George <nathan.george@evernym.com>; Kerri Lemoie
>>>> <kerri@openworksgrp.com>; David Chadwick
>>>> <d.w.chadwick@kent.ac.uk>; Eric Korb
>>>> <Eric.Korb@accreditrust.com>; Christopher Allen
>>>> <ChristopherA@blockstream.com>; Phil Archer <phila@w3.org>;
>>>> Linda Toth <ltoth@conexxus.org>; Jay Johnson <jay@qples.com>;
>>>> Bob Burke <bburke@kou.pn> Subject: Re: Voluntary (and non-)
>>>> Standards (was: Support for Verifiable Claims)
>>>>
>>>> tl;dr: Who verifies the claims of the Verified Claims
>>>> advocates?
>>>>
>>>> (motivation) If Verified Claims advocates can't be bothered
>>>> to provide simple URL citations to verify their claims, why
>>>> would anyone bother with anything more complex?
>>>>
>>>> (dogfooding) If you're not living breathing the behaviors
>>>> you're advocating, why should anyone take advocations of
>>>> (formalized versions of) those behaviors seriously?
>>>>
>>>>
>>>> Longer:
>>>>
>>>>
>>>> Not picking on you in particular Gray, because this is an
>>>> endemic problem that I have seen in pretty much all Verified
>>>> Claims (CG/WG) discussions.
>>>>
>>>> Lots of claims made in the prose of such messages/emails,
>>>> usually zero citations to verify those claims. Manu is the
>>>> notable exception, he usually provides quite a few citations
>>>> for his points in his emails.
>>>>
>>>> So just as an example:
>>>>
>>>>
>>>> On Wed, Dec 7, 2016 at 8:35 AM, Gray Taylor
>>>> <gtaylor@conexxus.org> wrote:
>>>>> Interesting thread on legal standing.  Right now, 9 states
>>>>> are wrestling with putting verifiable drivers licenses on
>>>>> mobile devices (the paper artifacts we use today are
>>>>> eminently fraud prone - just ask any college student).
>>>>
>>>> Which 9 states? Citations to .gov sites that can be used to
>>>> verify this "9 states" claim? Or a citation to a summary
>>>> thereof itself with citations for the specific states?
>>>>
>>>>
>>>>> In today's case, US State Department, DMV, Social Security
>>>>> Administration, County records, etc. all act as trusted
>>>>> service providers of the "paper and static ID" world; with
>>>>> great peril to the citizen as these artifacts can be stolen
>>>>> easily.  Their role won't change anytime soon.
>>>>
>>>> Presumably you're referring to passports, drivers licenses,
>>>> social security cards, etc. and expecting (likely) that these
>>>> examples are physically self-evident.
>>>>
>>>>
>>>>> Conexxus' feeling is that we don't proscribe legal purview
>>>>> of verifiable claims, but create an eco-system by which the
>>>>> "watchers" in today's existential data world can choose
>>>>> reliable new technologies to continue their mandated
>>>>> mission; and on a basis of NOT conveying unnecessary and
>>>>> static PII, which is the Achilles heel of our online
>>>>> existence.  So the intent is to provide control over our
>>>>> own identities as a first order.
>>>>
>>>> Could you provide a public Conexxus URL that describes this
>>>> "eco-system" goal in more detail?
>>>>
>>>>
>>>>> If W3C creates a trusted environment framework, then the
>>>>> agencies will adopt them as a matter of public demand (IMHO
>>>>> this will be an escalating societal trend).
>>>>
>>>> This is a very shaky hypothesis, on multiple counts.
>>>>
>>>> First, agencies presumably adopt things without W3C
>>>> involvement (e.g. whatever they have adopted today).
>>>>
>>>> Second, what successful examples can you cite of W3C created
>>>> standards involving trust (or anything else) that "agencies"
>>>> subsequently adopted? Whether from public demand or other
>>>> motivation. I have seen no evidence to support this "if ...
>>>> then" hypothesis.
>>>>
>>>>
>>>>> Each (global) jurisdiction will make its decision based on
>>>>> available technology and political aims v. the will of
>>>>> their people.
>>>>>
>>>>> Our retail industry does not want to know anything about
>>>>> you beyond "are you old enough to buy beer?" and can I
>>>>> capture the signature (read legal verification) of the TSP
>>>>> saying you are?  Certainly no business will stake their
>>>>> liquor license on a semi-trusted service provider, so the
>>>>> framework needs to authenticate the TSP as well.
>>>>
>>>> Presumably this is orthogonal or unrelated, as such
>>>> businesses today seem to (anecdotally) only accept government
>>>> issued IDs for "are you old enough". I would assume they will
>>>> continue to do so, regardless of what tech happens to be in
>>>> such IDs, and I'd doubt they'd accept non-govt issued IDs.
>>>>
>>>>
>>>>> So long opinion, short, if we build it, they will come as
>>>>> needed ...
>>>>
>>>> build yes, just standardize no. And this discussion is about
>>>> creating a working group to create a standard.
>>>>
>>>> Specifically, long experience has shown in W3C that "if we
>>>> standardize it, they will come as needed" is a generally
>>>> false assertion.
>>>>
>>>> More TR RECs (https://www.w3.org/TR/) than not have failed to
>>>> gain any serious broad traction (web browsers and servers
>>>> implement a small subset of W3C RECs, not to mention IETF
>>>> RFCs). The number of obsolete, abandoned, etc. W3C RECs and
>>>> IETF RFCs greatly outnumbers those in modern use. I don't
>>>> have exact numbers, merely from personal analysis.
>>>>
>>>>
>>>> <aside>
>>>>
>>>> The AB *is* working on a process for explicitly obsoleting
>>>> abandoned RECs to start cleaning this up, in the hopes that
>>>> eventually the RECs remaining are the ones that have actually
>>>> be widely implemented, deployed, and are in use.
>>>>
>>>> We've started with a few examples to help us drive the
>>>> necessary process changes: *
>>>> https://www.w3.org/wiki/AB/2016_Priorities#Specifications_to_obsolete
>>>>
>>>>
>>>>
</aside>
>>>>
>>>>
>>>>> who watches the watchers is the age-old question.
>>>>
>>>> who asks the claimers for citations for their claims?
>>>>
>>>> I'm going to keep asking for citations for claims until I see
>>>> a cultural shift towards people who want Verified Claims as a
>>>> technology providing URLs to substantiate their claims.
>>>>
>>>> I think everyone should adopt more of a [citation needed]
>>>> practice, especially in this community.
>>>>
>>>> Tantek
>>>>
>>>>
>>>>> -----Original Message----- From: singer@apple.com
>>>>> [mailto:singer@apple.com] Sent: Tuesday, December 6, 2016
>>>>> 4:34 PM To: David Ezell <David_E3@VERIFONE.com> Cc: Michael
>>>>> Champion <Michael.Champion@microsoft.com>; Gray Taylor
>>>>> <gtaylor@conexxus.org>; Manu Sporny
>>>>> <msporny@digitalbazaar.com>; Nate Otto
>>>>> <nate@badgealliance.org>; Stone, Matthew K
>>>>> <matt.stone@pearson.com>; Chris Wilson <cwilso@google.com>;
>>>>> Tantek Çelik <tantek@cs.stanford.edu>; Mark Nottingham
>>>>> <mnotting@akamai.com>; w3c-ac-forum@w3.org;
>>>>> public-webpayments-comments@w3.org; Richard Varn
>>>>> <rvarn@ets.org>; Drummond Reed
>>>>> <drummond@respectnetwork.com>; Nathan George
>>>>> <nathan.george@evernym.com>; Kerri Lemoie
>>>>> <kerri@openworksgrp.com>; David Chadwick
>>>>> <d.w.chadwick@kent.ac.uk>; Eric Korb
>>>>> <Eric.Korb@accreditrust.com>; Christopher Allen
>>>>> <ChristopherA@blockstream.com>; Phil Archer <phila@w3.org>;
>>>>> Linda Toth <ltoth@conexxus.org>; Jay Johnson
>>>>> <jay@qples.com>; Bob Burke <bburke@kou.pn> Subject: Re:
>>>>> Voluntary (and non-) Standards (was: Support for Verifiable
>>>>> Claims)
>>>>>
>>>>>
>>>>>> On Dec 6, 2016, at 14:15 , David Ezell
>>>>>> <David_E3@VERIFONE.com> wrote:
>>>>>>
>>>>>> To the first point, I’m not sure what you mean by
>>>>>> non-voluntary standards organizations:  ... I’m not sure
>>>>>> this non-voluntary distinction is worth fretting about.
>>>>>
>>>>> Some standards organizations (notably ITU) are the result
>>>>> of treaties, and some (including ITU) produce standards
>>>>> that can later have the force of law behind them.   “X’s
>>>>> sold or made available in country Y must comply with
>>>>> standard Z.”
>>>>>
>>>>> As you say, it’s not strongly relevant, except that in this
>>>>> field, some of the use cases for verifiable claims also
>>>>> intersect with legal requirements (e.g. being required to
>>>>> check the age of someone before selling them certain
>>>>> products). We easily back into the ‘quis custodiet
>>>>> custodies?’ problem if we’re not careful (who watches the
>>>>> watchers?) and wonder “who is recognized legally as being
>>>>> able to prove the age of a customer?”.
>>>>>
>>>>>
>>>>> David Singer Manager, Software Standards, Apple Inc.
>>>>>
>>>>
>>>> ________________________________
>>>>
>>>> This e-mail and any files transmitted with it may contain
>>>> privileged or confidential information. It is solely for use
>>>> by the individual for whom it is intended, even if addressed
>>>> incorrectly. If you received this e-mail in error, please
>>>> notify the sender; do not disclose, copy, distribute, or take
>>>> any action in reliance on the contents of this information;
>>>> and delete it from your system. Any other use of this e-mail
>>>> is prohibited.
>>>>
>>>>
>>>> Thank you for your compliance.
>>>>
>>>> ________________________________
>>>
>>
>>
>
> -- Mark Nottingham    mnot@akamai.com    https://www.mnot.net/
>

Received on Friday, 9 December 2016 01:42:08 UTC