- From: Sam Smith <sam.smith@sovrin.org>
- Date: Thu, 14 Dec 2017 12:12:04 -0700
- To: =Drummond Reed <drummond.reed@evernym.com>
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-Id: <F6516F82-643F-4F30-AE84-208F0B7B8018@sovrin.org>
Key Material { id: fragment identifier type: [crypto suite, crypto operation, version], value: the actual key. } Keys: [ 1: key material instance ] authentication: key reference > On 14 Dec 2017, at 11:10 , Sam Smith <sam.smith@sovrin.org> wrote: > > I made a proposal to marry both the Agent and RDF world view by making the DID a graph not a tree. Conflict comes from forcing key material to exist uniquely in a single branch in a tree. > > I am copying here so its part of this thread. > >> Sam, thanks for articulating this so clearly. I recall this is the suggestion you made at the end of the last DID Spec Closure meeting, and in fact it matches a core pattern in XDI designed for exactly that purpose (referencing the same ultimate graph node via multiple ontologies). >> >> So I'm open to it, and it does provide an example of how to bridge the two worldviews we've been discussing. >> >> Talk to you on the call tomorrow. >> >> =Drummond >> >> On Mon, Dec 11, 2017 at 10:38 AM, Samuel Smith <sam@prosapien.com <mailto:sam@prosapien.com>> wrote: >> I suggest a third alternative. >> >> We treat the DDO as a graph not a tree. This means that we can eat our cake and have it too. >> >> I think on of the source of the problems is that we are confusing MUST with MAY and SHOULD requirements. >> If there is consensus that there is one and only one way to do something then its a MUST or if its and essential requirement. >> But if there is more than one good way or if it is application specific then its likely better to be a SHOULD >> >> >> The key material can show up in keys to enable key discovery for version management (an essential security feature) >> The key material has a tightly coupled tuple in a string of key type = (cryptographic suite, cryptographic operation, version) >> The cryptographic suite implies a cryptgraphic strength >> >> The purpose of the key is in another branch of the ddo doc (making it a graph not a tree) >> The leaf of this brach is a did fragment ref (so we only add one extra string to the size of the ddo but we free ourselves of the >> arbitrary constraint of trying to find the one tree ontology for key purpose. >> >> Now we use SHOULD to define how best to "Purpose" keys for different applications such as authentication, (which is almost always applications specific) >> >> > > >> On 13 Dec 2017, at 11:38 , =Drummond Reed <drummond.reed@evernym.com <mailto:drummond.reed@evernym.com>> wrote: >> >> The Credentials Community Group has been holding a special set of calls to drive towards closure of a next "Implementer’s Draft" of the DID spec <https://w3c-ccg.github.io/did-spec/>. Three calls have been held so far, and two more are currently planned (this Thursday and next Thursday at 10AM Pacific Time—see a separate message sent to the list for details of each call). >> >> After the last call, I started to see that some of the major sticking points are due to what I call "worldview conflicts". These are disagreements that usually surface as differences about details of a spec, but where the real causes are rooted in different worldviews about technology—different "big pictures" that different spec contributors are working from/towards. >> >> When this is the case, arguments that can go on for days/weeks/months about the details can often be solved much faster by identifying and dealing with the differences in the underlying worldviews. >> >> So I wanted to start a thread just for discussion of these worldview conflicts. I'll start by taking a stab at articulating the worldviews as I understand them: >> >> THE RDF/JSON-LD WORLDVIEW >> >> In this worldview, DID documents are a standard way to describe a well-known subgraph of a potentially very large RDF graph of data about a subject. To quote this message from Dave Longley on a github DID issues thread <https://github.com/w3c-ccg/did-spec/pull/36#issuecomment-351128922>: "a DID document, is about establishing an independent entity and being able to authenticate that certain activities/actions were performed by that entity -- and to interact with that entity via services. This necessarily includes specifying how that DID document can be changed." Linked Data Signatures are also important in this worldview since it is the standard way to sign JSON-LD documents. >> >> THE AGENT WORLDVIEW >> >> In this worldview, DID documents are about having an open, interoperable way to discover and manage the cryptographic keys and service endpoints necessary to bootstrap secure, verifiable connections, claims, and interactions between agents acting on behalf of DID subjects. >> >> OBSERVATIONS >> >> First, obviously neither worldview is "wrong". They are just different perspectives about the primary purpose of DID documents and the universes into which they fit. >> >> Second, in the RDF/JSON-LD worldview it is important to describe the data using an RDF graph model using an ontology that can live alongside other ontologies. In the agent worldview the primary importance is on interoperability; it is not "anti-RDF", but it wants to avoid a dependence on RDF in order to make it easy to consume/transform the metadata carried by DID documents into other graph models and formats. >> >> Thirdly, the two have different views of key management. In the RDF/JSON-LD worldview the importance is on being able to authenticate an interaction with the DID subject. In the agent worldview, a DID document is the "public-face" (or "non-private-face") of all types of key management, i.e., it is how a DID subject shares any type of key that needs to be shared with another party to verify interactions, decrypt communications, or do additional key negotiation. >> >> QUESTIONS >> >> First, it would be good to get feedback on these worldview descriptions and observations from those who hold them. In other words, are the descriptions accurate? Do the observations about them follow? Are there other important points that are missing? >> >> Secondly, once we have a picture of the differences in the worldviews, what solutions to DID issues can we come up with that help reconcile these differences and ideally work for both worldviews? > > Samuel M. Smith Ph.D. > Technical Governance Board > Sovrin Foundation > mobile: 1.801.592.8230 > email: sam.smith@sovrin.org <mailto:sam.smith@sovrin.org> Samuel M. Smith Ph.D. Technical Governance Board Sovrin Foundation mobile: 1.801.592.8230 email: sam.smith@sovrin.org
Received on Thursday, 14 December 2017 19:12:38 UTC