Re: WebID-TLS + Credentials from Timothy Holborn on 2015-06-20 (public-webpayments@w3.org from June 2015)

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Sun, 21 Jun 2015 01:30:27 +1000
To: Dave Longley <dlongley@digitalbazaar.com>
Cc: Web Payments CG <public-webpayments@w3.org>
Message-ID: <CAM1Sok1GvPkpf1e8Mf6UzX8Uu4A9Fpm2dX_d2UM2vw2-O+XXZQ@mail.gmail.com>

On 21 June 2015 at 01:01, Dave Longley <dlongley@digitalbazaar.com> wrote:

> On 06/20/2015 10:37 AM, Timothy Holborn wrote:
> > Working on local issues, HbbTV is compatible with WebID-TLS from a
> > device layer (TV's).
> >
> > It's potentially important that WebID-TLS becomes interoperable for
> > billing purposes with other systems that may be best addressed using
> >  Credentials.
> >
> > What is the current viewpoint on how these two standards may become
> > interoperable.
>
> I don't think there's much that needs to be done to make them
> compatible. WebID-TLS, as the name implies, operates at the TLS layer.
> You could put your DID (decentralized identifier) into the
> subjectAltName area of a certificate and it would work just like
> WebID-TLS works today except you'd be dereferencing the DID through some
> future (to be created) "WebDHT" protocol instead of HTTPS.
>
> I think it's important to reference Oshani & Lalana's work [1]

Once dereferenced, you'd have a "DID document", in JSON-LD
> format, just like you'd get by dereferencing an HTTPS WebID URL today.
> This document would have a public key in it (where its paired private
> key was used in the TLS protocol) and you'd check that against what's in
> the certificate just like you do today with WebID-TLS.
>
> Remember, the identity work in the Credentials CG is just based off of
> WebID. The WebID spec currently says a WebID is an HTTP or HTTPS URI --
> we're just proposing a decentralized protocol that better supports
> identity portability for the WebIDs in the credentials work. So, in
> short, the scheme is very compatible. The only difference is that we're
> looking to use a decentralized, portable identifier (DID) instead of an
> HTTPS one.
>
> Hopefully only a simple software update would be necessary to add
> support for "WebDHT" look ups. The rest of the protocol would remain the
> same.
>
> Beautiful.  More questions will come to pass as I investigate
interoperability between systems that store user-data such as SoLiD [2] and
how Payments/Credentials works can become interwoven with the same storage
considerations (LDP [3]).  If you have any comments in the meantime, please
feel welcome...



> --
> Dave Longley
> CTO
> Digital Bazaar, Inc.
>
>
Tim.H.

[1] http://dig.csail.mit.edu/2010/Papers/IAB-privacy/httpa.pdf
[2] https://github.com/linkeddata/SoLiD
[3] http://www.w3.org/TR/ldp/

Received on Saturday, 20 June 2015 15:30:54 UTC