- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Thu, 14 Dec 2017 18:36:13 +0100
- To: "=Drummond Reed" <drummond.reed@evernym.com>
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAKaEYhJ69kDVz-cHKenbm8jFr_CY=SJpuYe3m3jvjs_4U4cqQQ@mail.gmail.com>
On 14 December 2017 at 00:33, =Drummond Reed <drummond.reed@evernym.com> wrote: > On Wed, Dec 13, 2017 at 3:23 PM, Melvin Carvalho <melvincarvalho@gmail.com > > wrote: > >> >> >> On 13 December 2017 at 19:38, =Drummond Reed <drummond.reed@evernym.com> >> wrote: >> >>> The Credentials Community Group has been holding a special set of calls >>> to drive towards closure of a next "Implementer’s Draft" of the DID spec >>> <https://w3c-ccg.github.io/did-spec/>. Three calls have been held so >>> far, and two more are currently planned (this Thursday and next Thursday at >>> 10AM Pacific Time—see a separate message sent to the list for details of >>> each call). >>> >>> After the last call, I started to see that some of the major sticking >>> points are due to what I call "worldview conflicts". These are >>> disagreements that usually surface as differences about details of a spec, >>> but where the real causes are rooted in different worldviews about >>> technology—different "big pictures" that different spec contributors are >>> working from/towards. >>> >>> When this is the case, arguments that can go on for days/weeks/months >>> about the details can often be solved much faster by identifying and >>> dealing with the differences in the underlying worldviews. >>> >>> So I wanted to start a thread just for discussion of these worldview >>> conflicts. I'll start by taking a stab at articulating the worldviews >>> as I understand them: >>> >>> *THE RDF/JSON-LD WORLDVIEW* >>> >>> In this worldview, DID documents are a standard way to describe a >>> well-known subgraph of a potentially very large RDF graph of data about a >>> subject. To quote this message from Dave Longley on a github DID issues >>> thread >>> <https://github.com/w3c-ccg/did-spec/pull/36#issuecomment-351128922>: >>> "a DID document, is about establishing an independent entity and being able >>> to authenticate that certain activities/actions were performed by that >>> entity -- and to interact with that entity via services. This necessarily >>> includes specifying how that DID document can be changed." Linked Data >>> Signatures are also important in this worldview since it is the standard >>> way to sign JSON-LD documents. >>> >>> *THE AGENT WORLDVIEW* >>> >>> In this worldview, DID documents are about having an open, >>> interoperable way to discover and manage the cryptographic keys and service >>> endpoints necessary to bootstrap secure, verifiable connections, claims, >>> and interactions between agents acting on behalf of DID subjects. >>> >>> *OBSERVATIONS* >>> >>> First, obviously neither worldview is "wrong". They are just different >>> perspectives about the primary purpose of DID documents and the universes >>> into which they fit. >>> >>> Second, in the RDF/JSON-LD worldview it is important to describe the >>> data using an RDF graph model using an ontology that can live alongside >>> other ontologies. In the agent worldview the primary importance is on >>> interoperability; it is not "anti-RDF", but it wants to avoid a dependence >>> on RDF in order to make it easy to consume/transform the metadata carried >>> by DID documents into other graph models and formats. >>> >>> Thirdly, the two have different views of key management. In the >>> RDF/JSON-LD worldview the importance is on being able to authenticate an >>> interaction with the DID subject. In the agent worldview, a DID document is >>> the "public-face" (or "non-private-face") of all types of key management, >>> i.e., it is how a DID subject shares any type of key that needs to be >>> shared with another party to verify interactions, decrypt communications, >>> or do additional key negotiation. >>> >> >> The agent world view was quite a long sentence. Could it be perhaps >> rephrased or broken into more than one sentence. >> > > My apologies. Here's a slightly expanded description of the "agent > worldview" (which is an arbitrary name, BTW, not anyone's doctrine > anywhere): > > - Agents are software processes that perform interactions on behalf of > their owners/controllers. They broadly fall into two categories: > - *Edge agents* run at the edge of the network, on a user's device > with the user interacting directly with the agent. Example: a mobile app > that serves as an identity wallet. Edge agents are not expected to be > always present on the network; they may come and go. > - *Cloud agents* run in the cloud. Users do not interact with them > directly, but through an edge agent, a web browser, or some other edge app. > They are typically always present on the network, similar to an email > server or web server, and thus typically have a service endpoint at which > they can be reached. > - Agents don't have DIDs themselves, rather they represent the subject > of the DID. So, if for example a DID identified a person, a service > endpoint in the DID document can identify: > - An agent (typically a cloud agent) for interacting with that > person. > - One more more cryptographic keys (or other cryptographic material > as Joe points out) that can be used to to secure/verify communications with > the agent at that endpoint. > > So in the agent worldview, what matters about a DID document is that it > represents a standard way to discovery the service endpoint(s) and > cryptographic key(s) needed to perform trusted interactions with the > subject of the DID via the subject's agent(s). Note that "interactions" is > unbounded, i.e., it's not just authentication, it may be encryption, key > negotiation, claims signing, etc. That's why key management is so important > to the agent worldview. (However I understand Joe's point, in a later > message, that keys are not as important in other worldviews. I'll reply to > Joe's message later today; must run into a meeting now). > Thank you for the clarification. It seems to me similar models with slightly different types of indirection. I have used both models in my time, both have use cases. FWIW I came into the world of standards (a long while ago) as an RDF skeptic. But I thought I better learn a bit about it, at least, to understand what others were talking about. I can say that is a time investment that I have been very happy with, and I feel that things like JSON-LD are are great path to interop for different worlds and models. tl;dr I picture both world views being compatible > > =Drummond >
Received on Thursday, 14 December 2017 17:36:38 UTC