W3C home > Mailing lists > Public > public-credentials@w3.org > December 2017

Re: Worldview conflicts on the purpose of DID documents

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Thu, 14 Dec 2017 13:01:30 -0500
To: Joe Andrieu <joe@joeandrieu.com>, public-credentials@w3.org
Message-ID: <4e5a3bb2-9029-8d1f-bb73-5fd85caf68b5@digitalbazaar.com>
On 12/13/2017 05:45 PM, Joe Andrieu wrote:
> Thanks, Drummond, for suggesting the world-view as a framing for 
> discussion, we definitely have some high-level questions about the
> thing that is unique for DIDs.
> 
> I like Markus's drive that the DID should just "resolve" to the 
> resource, DIDs are fundamentally different than HTTP URLs because
> they do something different. If all they do is resolve to arbitrary 
> resources, that makes DIDs methods an accelerated way to publish 
> distributed resolution protocols. That's not that interesting.
> 
> What's interesting is standardizing how multiple distributed
> protocols can present authentication capabilities and other services
> for public consumption. I'm ok with each method having unique ways to
> resolve a DID to the DID document, but unless there's some
> interoperable payload at the end of that document, DIDs are nothing
> more than a weird namespace for new distributed resolution protocols.
> The resource at the location is the whole point.
> 
> More comments after quoting Drummond:
> 
>> On 12/13/2017 07:38 PM, =Drummond Reed wrote:
>> 
>>> Second, in the RDF/JSON-LD worldview it is important to describe
>>> the data using an RDF graph model using an ontology that can live
>>>  alongside other ontologies. In the agent worldview the primary 
>>> importance is on interoperability; it is not "anti-RDF", but it
>>> wants to avoid a dependence on RDF in order to make it easy to 
>>> consume/transform the metadata carried by DID documents into
>>> other graph models and formats.
>>> 
>>> Thirdly, the two have different views of key management. In the 
>>> RDF/JSON-LD worldview the importance is on being able to
>>> authenticate an interaction with the DID subject. In the agent
>>> worldview, a DID document is the "public-face" (or
>>> "non-private-face") of all types of key management, i.e., it is
>>> how a DID subject shares any type of key that needs to be shared
>>> with another party to verify interactions, decrypt
>>> communications, or do additional key negotiation.
> 
> I don't think these are the vital distinctions. I don't approach this
>  from the "agent" world view as presented, nor am I driven by
> defining an ontology that fits into a global namespace.
> 
> I am at odds with two points in the agent world view paragraph.
> 
> First, the presumption that keys are the only authentication
> mechanism worth putting into a DID. Whether we are talking about
> ZKPs, biometric templates, future quantum entanglement
> serializations, or just plain username/password hashes there are
> ABSOLUTELY non-key authentication mechanisms available. What is
> important is the verification of the source, NOT the keys.
> 
> Second, BOTH worldviews are about authenticating communications
> and/or data as originating from the DID Subject. This describes both
>  "authenticate an interaction" and "verifying interactions, decrypt 
> communications, or do additional key negotiations."
> 
> I would describe the "Agent World-View" you described, Drummond as a
>  key-centric world view. In contrast, I am coming at this from a 
> subject-centric world view: it's not about the keys, it is about 
> verifying interactions across space and time with a given Subject. We
>  won't do ourselves any good getting stuck in the myopia of our given
>  implementations. Keys are great, but the real opportunity is in 
> empowering ANY subject to take control of their publicly resolvable 
> identifiers.
> 
> It's about the subjects, not the keys.
> 

+1

I think that does a good job of capturing the "subject" world view. And
I also agree with Manu that it seems that this world view subsumes the
key view -- and with what seems to be, so far, the general consensus
that these viewpoints are compatible. I think the main point of
contention is that, from the perspective of the "subject" point of view
is an attempt to restrict the technology to prefer (or potentially only
work with) the specifics of the key view rather than work more broadly.

The counter to this, from the "subject" world view, would be: Why can't
we take the "subject" world view, but use the "key world view" as the
first and most obvious place for interoperability? Let's not make it
*all* DID documents are about, but rather, say that this is the first
place where we are defining a common way of doing things -- asserting
and building on top of a larger model that other people can also add to
with their own, new, innovative ways to find common ground in the future?


-- 
Dave Longley
CTO
Digital Bazaar, Inc.
http://digitalbazaar.com
Received on Thursday, 14 December 2017 18:01:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:17 UTC