W3C home > Mailing lists > Public > public-credentials@w3.org > December 2017

Re: Worldview conflicts on the purpose of DID documents

From: Joe Andrieu <joe@joeandrieu.com>
Date: Wed, 13 Dec 2017 14:45:25 -0800
Message-Id: <1513205125.2104738.1204244088.03706E50@webmail.messagingengine.com>
To: public-credentials@w3.org
Thanks, Drummond, for suggesting the world-view as a framing for
discussion, we definitely have some high-level questions about the thing
that is unique for DIDs.
I like Markus's drive that the DID should just "resolve" to the
resource, DIDs are fundamentally different than HTTP URLs because they
do something different. If all they do is resolve to arbitrary
resources, that makes DIDs methods an accelerated way to publish
distributed resolution protocols. That's not that interesting.
What's interesting is standardizing how multiple distributed protocols
can present authentication capabilities and other services for public
consumption. I'm ok with each method having unique ways to resolve a DID
to the DID document, but unless there's some interoperable payload at
the end of that document, DIDs are nothing more than a weird namespace
for new distributed resolution protocols. The resource at the location
is the whole point.
More comments after quoting Drummond:

> On 12/13/2017 07:38 PM, =Drummond Reed wrote:
> 
>> Second, in the RDF/JSON-LD worldview it is important to describe the
>> data using an RDF graph model using an ontology that can live
>> alongside other ontologies. In the agent worldview the primary
>> importance is on interoperability; it is not "anti-RDF", but it wants
>> to avoid a dependence on RDF in order to make it easy to
>> consume/transform the metadata carried by DID documents into other
>> graph models and formats.>> 
>> Thirdly, the two have different views of key management. In the RDF/JSON-
>> LD worldview the importance is on being able to authenticate an
>> interaction with the DID subject. In the agent worldview, a DID
>> document is the "public-face" (or "non-private-face") of all types of
>> key management, i.e., it is how a DID subject shares any type of key
>> that needs to be shared with another party to verify interactions,
>> decrypt communications, or do additional key negotiation.
I don't think these are the vital distinctions. I don't approach this
from the "agent" world view as presented, nor am I driven by defining an
ontology that fits into a global namespace.
I am at odds with two points in the agent world view paragraph.

First, the presumption that keys are the only authentication mechanism
worth putting into a DID. Whether we are talking about ZKPs, biometric
templates, future quantum entanglement serializations, or just plain
username/password hashes there are ABSOLUTELY non-key authentication
mechanisms available. What is important is the verification of the
source, NOT the keys.
Second, BOTH worldviews are about authenticating communications and/or
data as originating from the DID Subject. This describes both
"authenticate an interaction" and "verifying interactions, decrypt
communications, or do additional key negotiations."
I would describe the "Agent World-View" you described, Drummond as a key-
centric world view. In contrast, I am coming at this from a subject-
centric world view: it's not about the keys, it is about verifying
interactions across space and time with a given Subject. We won't do
ourselves any good getting stuck in the myopia of our given
implementations. Keys are great, but the real opportunity is in
empowering ANY subject to take control of their publicly resolvable
identifiers.
It's about the subjects, not the keys.

-j

> On 12/13/2017 07:38 PM, =Drummond Reed wrote:
> 
>> The Credentials Community Group has been holding a special set of
>> calls to drive towards closure of a next "Implementer’s Draft" of
>> the DID spec[1]. Three calls have been held so far, and two more
>> are currently planned (this Thursday and next Thursday at 10AM
>> Pacific Time—see a separate message sent to the list for details of
>> each call).>> 
>> After the last call, I started to see that some of the major sticking
>> points are due to what I call "worldview conflicts". These are
>> disagreements that usually surface as differences about details of a
>> spec, but where the real causes are rooted in different worldviews
>> about technology—different "big pictures" that different spec
>> contributors are working from/towards.>> 
>> When this is the case, arguments that can go on for days/weeks/months
>> about the details can often be solved much faster by identifying and
>> dealing with the differences in the underlying worldviews.>> 
>> So I wanted to start a thread just for discussion of these worldview
>> conflicts. I'll start by taking a stab at articulating the worldviews
>> as I understand them:>> 
>> *THE RDF/JSON-LD WORLDVIEW*
>> 
>> In this worldview, DID documents are a standard way to describe a well-
>> known subgraph of a potentially very large RDF graph of data about a
>> subject. To quote this message from Dave Longley on a github DID
>> issues thread[2]: "a DID document, is about establishing an
>> independent entity and being able to authenticate that certain
>> activities/actions were performed by that entity -- and to interact
>> with that entity via services. This necessarily includes specifying
>> how that DID document can be changed." Linked Data Signatures are
>> also important in this worldview since it is the standard way to sign
>> JSON-LD documents.>> 
>> *THE AGENT WORLDVIEW*
>> 
>> In this worldview, DID documents are about having an open,
>> interoperable way to discover and manage the cryptographic keys and
>> service endpoints necessary to bootstrap secure, verifiable
>> connections, claims, and interactions between agents acting on behalf
>> of DID subjects.>> 
>> *OBSERVATIONS*
>> 
>> First, obviously neither worldview is "wrong". They are just
>> different perspectives about the primary purpose of DID documents and
>> the universes into which they fit.>> 
>> Second, in the RDF/JSON-LD worldview it is important to describe the
>> data using an RDF graph model using an ontology that can live
>> alongside other ontologies. In the agent worldview the primary
>> importance is on interoperability; it is not "anti-RDF", but it wants
>> to avoid a dependence on RDF in order to make it easy to
>> consume/transform the metadata carried by DID documents into other
>> graph models and formats.>> 
>> Thirdly, the two have different views of key management. In the RDF/JSON-
>> LD worldview the importance is on being able to authenticate an
>> interaction with the DID subject. In the agent worldview, a DID
>> document is the "public-face" (or "non-private-face") of all types of
>> key management, i.e., it is how a DID subject shares any type of key
>> that needs to be shared with another party to verify interactions,
>> decrypt communications, or do additional key negotiation.>> 
>> *QUESTIONS*
>> 
>> First, it would be good to get feedback on these worldview
>> descriptions and observations from those who hold them. In other
>> words, are the descriptions accurate? Do the observations about them
>> follow? Are there other important points that are missing?>> 
>> Secondly, once we have a picture of the differences in the
>> worldviews, what solutions to DID issues can we come up with that
>> help reconcile these differences and ideally work for both
>> worldviews?
--
Joe Andrieu, PMP
joe@joeandrieu.com
+1(805)705-8651
http://blog.joeandrieu.com


Links:

  1. https://w3c-ccg.github.io/did-spec/
  2. https://github.com/w3c-ccg/did-spec/pull/36#issuecomment-351128922
Received on Wednesday, 13 December 2017 22:45:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:17 UTC