Re: Digital Signatures for Credentials from Manu Sporny on 2014-11-21 (public-credentials@w3.org from November 2014)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Fri, 21 Nov 2014 00:20:27 -0500
To: Harry Halpin <hhalpin@w3.org>, public-credentials@w3.org, public-socialweb@w3.org, Stéphane Boyera <boyera@w3.org>
Message-ID: <546ECB9B.30205@digitalbazaar.com>

On 11/20/2014 09:34 PM, Harry Halpin wrote:
> +1. That's why there is not a debate - it's out of scope for Social 
> WG.

You said:

1. "For the Social Web WG, as regards JSON, we will use JOSE"
2. "I think the Social WG will use JOSE for all existing and
    future Web standards in this space"

There is disagreement with both of those statements. That is the debate.

The debate is not whether or not Social Web WG will take up the Graph
Normalization or SM work. It's that a W3C staffer has seemed to imply
that JOSE is going to be railroaded through the Social Web WG.

> I doubt at least any signature-facing parts such work would be 
> standardized in *any* W3C WG without objections from the IETF given 
> the obvious overlap.

I expect there to be objections if the work goes forward. Approaching
the JOSE group last year did not lead to even an acknowledgment of the
problems inherent in JOSE. The JOSE group is committed to JOSE, which is
as expected. W3C has a rich history of competing specifications - XHTML2
vs. HTML5, RDFa vs. Microdata, JSON-LD vs. RDF/JSON, etc.

> It's my job to say what in and out of scope as W3C staff and as 
> author of the charter, which took many months of consensus work to 
> come to agreement at the AC.

Again, I agree with your read on the charter. I'm taking exception with
you saying these two things:

1. "For the Social Web WG, as regards JSON, we will use JOSE"
2. "I think the Social WG will use JOSE for all existing and
    future Web standards in this space"

> It is also highly inappropriate to confuse the IETF about the formal
>  status of the "Secure Messaging" work at the W3C 

The specification clearly says "Community Group Draft Report" and always
has:

https://web-payments.org/specs/source/secure-messaging/

> by not mentioning 
> that you are chair of a *Community* Group (i.e. no formal W3C 
> standing) and that the objections you had to SM came from you as an 
> individual or a Community Group, not the W3C.

For those that don't want to read the threads to figure out what Harry
is referring to:

1. I was asked by Karen O'Donoghue and Richard Barnes to send my
   review comments on the JOSE specs to the JOSE mailing list.
2. I did that, but failed to be precise about my affiliations
   (which was a mistake on my part).
3. Harry sent an email 1 hour and 15 minutes later to clear things up.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
http://manu.sporny.org/2014/dawn-of-web-payments/

Received on Friday, 21 November 2014 05:20:57 UTC