- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Wed, 15 Jun 2016 15:41:43 +0000
- To: Dave Longley <dlongley@digitalbazaar.com>, David Chadwick <d.w.chadwick@kent.ac.uk>, public-credentials@w3.org
- Message-ID: <CAM1Sok3o-okJAFD7kV_s_usV6U=+1QZw5gpJC_jJEPAemkii=Q@mail.gmail.com>
"self sovereign" or 'human centric' have different business models applied, on a simplistic layer, to that of alternatives whether paid as a commercial product/service, provided in relation to KPI's for GOV funding based on "low risk tolerance" models (particularly within complex global, vertical industry based ecosystems), advertising supported or indeed by government for citizens (as distinct to a market based solution for whatever specified purpose + reuse opportunities) or by a government for humanity (whether or not their citizens). We do not know which yields better investment performance over the others as yet, imho, due to having insufficient data to effectively evaluate the impacts of various possible alternatives, over an appropriately scaled lifecycle period. The combination of data-logs and A.I / applied linked-data systems provides mind-boggling opportunities for the advancement of humanity and the means in which we impact our surroundings; including the means to furnish opportunity to individuals who had previously not been entitled to particular opportunities due to their inability to fit traditional anthropological linguistics, such as is the case with "have's" and "have not's" of many credentials. Investors, Companies and even Countries look for identity, economic participation, innovation, talent and capability - yet perhaps we can improve the language and methodology they use when seeking/evaluating it, in a significant way for people who can use WWW into the future. I think we need to makes choices, which should not necessarily be singular in modality; and therefore needs to be supported by the linguistics we use. This is W3C --> not any one of its members, but rather, TimBL who set-up via contracts agreements for entities to work together, with an objective of ideological weighting towards the betterment of mankind; viewed to be achievable via the specified task of developing W3 (www) via W3C as a means to produce world-class standards recommendations that may be implemented free of license (i.e. patent) charges and amongst other things; therefore compatible with all major web-browsers without necessary changes for specified support of different venders by the HTML document author. truely visionary. started with a poster. I guess my frustration is a concern that we are not dealing with the underlying ID/Auth issue (for known reasons) and i'm not sure if we've flagged a possible solution for this underlying foundation that has a known, executable agenda and development path. 'service centric' solutions exist and are widespread, if they were not then it would be a similar issue just one that impacts incorporated entities more than natural legal entities when looking at the issue in a simple way. In the interests of an appropriate and proportionate measures for foresight; Perhaps some sort of enquiry with the crew in the WebID Group might discover a means to resource some means for a path forward at that dependency layer. I appreciate stakeholders here may be very busy and the additional workload may not be easily resourced without additional resources... I believe the SoLiD crew are also testing open ID connect, and may also be a good candidate to query a level of interest and possible collaboration, yet, it seems most likely to me that this may occur via the WebID group... Has any form of official discovery / exploratory conversation occurred with the WebID or alternative yet similarly chartered W3C CG, IG or WG? Would it be beneficial to see what is possible and if so, what would be the terms embodied within the brief? Reiterating: I think we have the institutional approach covered, yet i have known experiences where their solutions haven't worked for me. i'm thankful i'm not a refugee on a boat from a hostile country, or someone else with far worse problems than i; yet, we're also trying to get these people connected to the web. provide ID, bank-account access, the basics. Internet was principally set-up by kids in Australia, not telco's. their parent told them to move their business elsewhere when 100 telephone lines got delivered to the family lounge-room (in at least one situation...). Other 'institutional' methodologies have taken a much longer-time to become available... Given our targeted scope, much like working with odrl[1] - where should the Web-DHT elements be progressed if their not scoped in payments/creds v1 deliverables? Without ODRL - i'm not sure where we'd be about privacy. I'm not sure how we'll be able to fix the linguistics to support the various position statements put forward by participants (at times, on behalf of the entity they represent) without defining something that helps us move forward on this underlying (perceived) problem. I also note that market-based solutions behave differently when their not in a monopoly environment, as it become more important to listen to what their customers want. I also think, as i've noted elsewhere; other providers may emerge that have very different business models; and i'd note post organisations to be one of the various alternatives; US-Post, Royal Mail, AusPost (etc.) have retail outlets (or agents) dotted across their regions (assumption?) for easy physical access and in some cases they've got relationships to various ID / secure document services already + their sovereign + it's not bound to an Email Identifier necessarily. these sorts of considerations also impact the way the keys are supported broadly. I'm hoping we're not going to be being overly narrow in our thinking... </rant>. [1] https://www.w3.org/ns/odrl/2/ODRL21 On Thu, 16 Jun 2016 at 00:32 Dave Longley <dlongley@digitalbazaar.com> wrote: > On 06/15/2016 06:00 AM, David Chadwick wrote: > > [snip] > > > > On 15/06/2016 02:25, Manu Sporny wrote: > >> > >> The point isn't that something is irreparable - yes, most things can be > >> fixed. It just takes an enormous amount of time, energy, money, and > stress. > >> > >> ... and we can avoid all of this by using identifiers that are not > >> cryptographic in nature (e.g. DIDs). > > > > But one still has to prove possession of the DID. Sure, it can be shown > > that the DID was created at some point in the past, but what proves that > > it was you who created it, and not some imposter saying that they > > created it? > > I think what Manu meant is that a system where an identifier must be a > fingerprint of a public key *and* the only way to prove > ownership of it is to possess the matching private key is too brittle. > > It would be fine, IMO, to originally generate a DID from the fingerprint > of a public key, provided that this mechanism was only used to assert > ownership when registering the identifier with other pieces of > information that could be later used to also assert ownership should you > lose the private key or should it become obsolete. > > At some point you should be able to essentially treat the DID as opaque > and prove ownership through some other mechanism. > > I think we want *more* than just a public key fingerprint, but using > that concept to bootstrap the process is perfectly fine. > > > -- > Dave Longley > CTO > Digital Bazaar, Inc. > http://digitalbazaar.com > >
Received on Wednesday, 15 June 2016 15:42:22 UTC