Re: Credentials specifications page created from Manu Sporny on 2014-10-05 (public-credentials@w3.org from October 2014)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 05 Oct 2014 16:33:36 -0400
To: Anders Rundgren <anders.rundgren.net@gmail.com>, Credentials Community Group <public-credentials@w3.org>
Message-ID: <5431AB20.4040408@digitalbazaar.com>
On 10/04/2014 04:49 AM, Anders Rundgren wrote:
> On 2014-10-03 23:29, Manu Sporny wrote:
>> We finally got around to porting the history[1] over for the 
>> Identity Credentials specification today, so the opencreds.org 
>> website finally has a specifications page:
>> 
>> http://opencreds.org/specs/
> 
> If I got it correctly, Identity Credentials' WAYF (Where Are You 
> From) mechanism is based on a distributed system (TeleHash) which I 
> haven't seen anywhere else in the identity space, have you?

Telehash is only a few years old at this point. It's not really used in
any large projects (that we know of). For those that are not familiar
with Telehash, it's the work of the inventor of the XMPP[1] protocol
(Jeremy Miller), which is an IETF standard used for decentralized
messaging. So, while Telehash is new and not widely used and still
pretty experimental, it's also being built by someone that really knows
that they're doing and is well respected in the standards community.

I spoke with Jeremy quite a bit before we tried to integrate it with the
Identity Credentials demo:

https://manu.sporny.org/2014/identity-credentials/

That said, we're thinking of removing the reliance on Telehash. Telehash
is a bit too alpha for our tastes and Jeremy seems to be too busy to
properly support the needs of this group, so we may scale the technology
back a bit and design a simpler DHT implemented over HTTP. We'd be
taking the best bits of Telehash and IPNS[2] and standardizing that.

Here's the trade-off: either we use a DHT to solve the client cold-start
problem (a browser needs to know who your identity provider is when you
use it for the first time), or we promote vendor lock-in, and give up on
privacy and preventing pervasive monitoring.

> Yes, I know we can't change browsers but I'm not convinced that 
> putting a lot of effort on workarounds is the right approach either, 
> at least not in standards context.

It's not a workaround, it's the way that we expect this stuff to work in
the end. You need a DHT of some kind to do discovery on identity
provider / payment provider, etc.

> The real problem is rather that a lot of IC-like schemes [probably] 
> need the same thing but for historic reasons, slightly overblown
> egos and a general lack of foresight, the critical mass for a
> unified solution seems to be outside of what can be achieved through
> a standards process unless we are talking about standardization of 
> something which is already firmly established like it was for XHR.

I don't share your cynicism. :)

We need the right players and the right motivations. Unfortunately, you
can't see who those players are yet because we're still in preliminary
talks with many of them and large corporations tend to be very
conservative about announcing their interest in activities such as this.

If you'll remember, this was my response to you when we were getting the
players for the Web Payments work together. The response was met with
skepticism, but the end result was the attendance of Bloomberg, US
Federal Reserve, Google, ING, Rabobank, European Commission, AT&T, GSMA,
etc. All of them want this problem solved.

If you were to watch who's in the group now and who shows up to W3C TPAC
this year, you'll note that there are a set of non-trivial players at
the table now and they all want to see this happen. I certainly think
what we're trying to do here is achievable, especially since we're not
trying to boil the oceans like the previous initiatives did.

> Anyway, I'm fairly convinced that the Information Card principle 
> eventually will be resurrected (in some way...) because it is simple 
> and extensible[*], it only needs a [much] better platform!

There is a large amount of philosophical overlap between what Identity
Credentials spec/tech does today and the Information Card work did many
years ago. I guess I don't understand what parts of the Information Card
stuff you think are vital to success?

-- manu

[1] http://en.wikipedia.org/wiki/XMPP
[2] https://github.com/jbenet/ipfs

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Sunday, 5 October 2014 20:34:06 UTC