Re: Feedback from Microsoft on Verifiable Claims from Christoph Dorn on 2016-09-16 (public-credentials@w3.org from September 2016)

From: Christoph Dorn <christoph@christophdorn.com>
Date: Fri, 16 Sep 2016 16:38:09 +0000
To: timothy.holborn@gmail.com
Cc: msporny@digitalbazaar.com, public-credentials@w3.org
Message-Id: <201609161638.u8GGc9up007159@rs103.luxsci.com>
(I have not participated in the credentials work; just observing from afar)

Microsoft is happy with current solutions which are either "heavy and 
encompassing" or "light and disjointed". They abstract the "heavy" for 
their customers into tools that can also accommodate the "light" for 
any purpose. There is no inherent motivation to go "light and 
encompassing".

IMO what the credentials work is trying to achieve is to build a "light 
and principled core" that can be used to model the "heavy" of old and 
orchestrate the "light" of the new (pun intended).

What I am talking about is a set of simple principles and standards 
that bring a crypto/mathematical foundation to data sets and exchange 
that is field of application agnostic. It is built from first 
principles that may be applied in different permutations to model any 
comparable/competing system.

The standard and resulting implementations are small, easy to 
understand by newcomers, able to do all primary work in-standard and 
interface with a huge ecosystem of adapters for legacy porting and 
extra functionality. i.e. The standard is truly enabling instead of 
another silo.

Act as if.

IMO if the credentials work is ready then start building **small** core 
reference implementation components that are easily consumed in 
JavaScript (IDEs to model and runtimes) and build larger systems with 
these that specialize and bridge. This will flush out your core 
principles very quickly and if the core components have the right 
interfaces everyone can write their own implementations that scale.

IMO many adopted standards are either forced, got lucky with timing, or 
precipitated from frustration with interoperability. There has to be a 
better way.

IMO the credentials work is forward-looking and thus runs the risk of 
not being backwards friendly if the standard and implementation 
recommendations are not based on actual production implementations. Not 
being backwards friendly is a killer.

I think the credentials work has the potential to spread as fast as 
JSON Web Tokens [1] if there is a simple standard, compact reference 
implementations and an implementation-agnostic test suite to ensure 
interoperability.

Enable HTML5/JavaScript applications to leverage the whole credentials 
ecosystem irrespective of the browser/shell first. This will allow 
whoever is implementing the standard or expanding on it to work from 
the same **functional** base that can be collaboratively refined 
**today**.

IMO if you treat the credentials discussions to arrive at a standard as 
your only venue of collaboration you disperse the force that is 
bringing your vision together because we all have such different points 
of view and difficulties communicating on the same terms. It makes it 
difficult to understand what the exact common denominator is because it 
cannot be functionally validated over time.

If instead you focus on a common core reference implementation, a 
website with test suites and showcasing the live status of the growing 
ecosystem of leveraging projects and their current deviation from spec 
you not only have something to **work against** as a directing group 
but can also engage users of your standard.

I find it immensely frustrating when I see how much time goes into 
emails that end up like **grains** of sand on a beach. Nothing to show. 
No impact. I would much rather build sand **castles** that have a 
chance to turn into palaces because others can **easily learn** and 
**usefully interact** with it **today**.

Christoph

[1] - https://jwt.io/




On September 15, 2016 09:17:03 pm PDT, "Timothy Holborn" 
<timothy.holborn@gmail.com> wrote:

> One of the greatest applications of credentials could be via support for
> any such standards apparatus being able to "uplift" active directory
> functionality.
>
> Tim.H.
>
> On Fri., 16 Sep. 2016, 10:54 am Manu Sporny, <msporny@digitalbazaar.com>
> wrote:
>
>> Hi all,
>>
>> Here's the latest feedback from Microsoft:
>>
>>
>> https://lists.w3.org/Archives/Public/public-webpayments-ig/2016Sep/0023.html
>>
>> and the response:
>>
>>
>> https://lists.w3.org/Archives/Public/public-webpayments-ig/2016Sep/0024.html
>>
>> -- manu
>>
>> --
>> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
>> Founder/CEO - Digital Bazaar, Inc.
>> blog: Rebalancing How the Web is Built
>> http://manu.sporny.org/2016/rebalancing/
>>
>>
Received on Friday, 16 September 2016 16:38:50 UTC