- From: Michael Champion <Michael.Champion@microsoft.com>
- Date: Thu, 15 Sep 2016 14:55:56 -0500
- To: "public-webpayments-ig@w3.org" <public-webpayments-ig@w3.org>
- Message-Id: <24C92DEC-D4C6-45FC-8C94-0C673AE030D0@microsoft.com>
> Manu Sporny: …Microsoft doesn't seem to be pushing back > as strongly as they were at the beginning.. Microsoft won’t have a formal position until we see a charter the W3C Team proposes to the AC, IF they conclude that a Verifiable Claims WG meets a strategic need for W3C and the proposal meets the Recommendation Track Readiness criteria in http://www.w3.org/Guide/standards-track/. But speaking from my personal understanding, I don’t see changes in the revised draft charter that mitigate the concerns we’ve stated in email and at the IG meeting in July. Specifically: - Why are additional standards required to meet the need for a claims format? Windows has been using standards-based verifiable claims for about a decade, first with SAML and WS-*, and now with Oauth/JOSE. There are many standards in this general area and it’s not clear what gap a verifiable claims WG would fill. For example, what is missing from the verified claims format in use for JWTs, which is defined at http://openid.net/specs/openid-connect-core-1_0.html#AggregatedDistributedClaims? Or SAML2 tokens?. In short, I agree with the point in Manu’s recent blog post http://manu.sporny.org/2016/rebalancing/ that part of the necessary due diligence before creating a WG is to “Perform a gap analysis. Identify capabilities that are missing from the Web Platform and explain why those capabilities can address some of the use cases …”. I don’t see such an analysis in the VC WG proposal package, and Manu doesn’t link to one in the blog post that mentions VC several times. - If that gap analysis identifies additional requirements for verifiable JSON, Microsoft is likely to strongly recommend they be addressed in IETF. - If the VC WG intends to fill gaps at a different architectural level than existing standards do, the WG proposers should sketch out what that architecture looks like and make the case that the additional level is useful. Is the proposal to invent a claims format more compatible with linked data perhaps? If so, be explicit why that would add value to the existing formats, and why such a format is ready for standardization Furthermore, I am not convinced that those proposing a Verifiable Claims WG have the critical mass of key stakeholders needed to make a new standard successful. They should cover different industries, represent both users and implementers of these technologies, and consist of people who roughly agree on both the problem that needs to be solved and a roadmap for how to solve it. For example, the WG proposal lists a number of implementers and users of a VC Recommendation, but are they the ones who can really make what the WG comes up with a real world success? Some have advised tightening the proposed WG’s scope to address challenges in industries that the WG participants can directly impact, and that makes sense to me. If the proponents want W3C to develop a more general standard, I suspect you need to do more community building to ensure that key technology vendors and service providers in multiple industries share your diagnosis of the problem and prescription for a cure. > Manu Sporny: Just to echo what ChristopherA was saying... many > of us are proceeding without W3C. We have customers who want in > and we need to move Sounds like the right approach to me. There’s a lot of exciting possibilities in this area, and lots of related ideas being experimented with such as distributed ledger/blockchain technology. We all need to MOVE, but we need to figure out what really WORKS for our customers before we presume to draft new standards.
Received on Thursday, 15 September 2016 19:56:00 UTC