Re: DID Spec "Hardening" Proposal (was: Re: DID PR review deadline: October 24)

Kim, Manu et al,

Thanks to everyone for the loads of feedback and comments on this
"hardening proposal". We are really getting down to the meat of the matters.

Per the conclusion on today's call, we will continuing discussion of this
proposal in the comments on the Google doc, and potentially peeling off
into some threads here on the list if necessary. Once we reach some
conclusions, we'll figure out next steps with regard to developing a PR
(but in the meantime the current "post-RWOT" PR will be processed, so we
can show the progression).

Just so folks know, I have a killer schedule in Utah this week, so I may
not be able to dive into the comments discussion until Friday or this
weekend, but I'll be in there as soon as I can.

Best,

=Drummond

On Tue, Oct 24, 2017 at 7:09 AM, Kim Hamilton Duffy <kim@learningmachine.com
> wrote:

> There's a lot of good stuff in here -- thanks Drummond and Christian!
>
> I added detailed comments to the doc, but a high level observation: many
> of the changes related to tightening key definitions (in my mind) are
> broadly useful, i.e. beyond the DID spec. Those include:
> - clarification of created/updated
> - curve key/types reference (Appendix B) -- this made my day, thank you!
> - encoding
>
> I am not sure exactly where these belong; perhaps we need some combination
> of:
> 1. update https://web-payments.org/vocabs/security
> 2. publish appendix B and reference it from places like the security
> vocabulary, signature suites, etc
>
> This would separate "Key" data model changes from the DID spec, and spread
> the benefits of these suggestions.
>
> Thanks,
> Kim
>
>
> On Tue, Oct 24, 2017 at 9:01 AM =Drummond Reed <drummond.reed@evernym.com>
> wrote:
>
>> Folks,
>>
>> The good news was that there was a TON of interest in the DID spec at Internet
>> Identity Workshop <http://www.internetidentityworkshop.com/> #25. I gave
>> three complete presentations on it and we had several other related
>> sessions.
>>
>> The bad news (well, not really) is that there was a ton of feedback.
>> People are really starting to care deeply about making sure the DID spec,
>> as the foundation for a global DPKI (decentralized public key
>> infrastructure
>> <https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/final-documents/dpki.pdf>),
>> is solid as a rock.
>>
>> On the Friday after IIW I had a long breakfast with Christian Lundkvist
>> of uPort where we discussed this and developed a proposal for how to handle *key
>> descriptions* and *service descriptions* in a data graph so simple it
>> can be serialized unambiguously in any modern format. Yesterday I wrote up this
>> proposal in this Google doc
>> <https://docs.google.com/document/d/1amDNmBqu8uXKeEqdoZ2RMaaxiUlqUKyKoyi8YgGWG6M/edit?usp=sharing>
>> (publicly viewable by anyone with the link).
>>
>> This proposal also includes the recommendation that interoperability at
>> the DID layer is so crucial that *every key description* and *every
>> service description* should have a corresponding spec (even if fairly
>> lightweight).
>>
>> I have not had a chance to share this with Manu or anyone else yet
>> besides Christian (to make sure I got it right) and the Evernym DID team
>> (as a sanity check and to get input on how it helps with DKMS support).
>>
>> We can of course translate this into an actual PR against the current
>> draft spec—and we will do that when ready—but it seemed easiest to share it
>> in this format first for discussion.
>>
>> Talk to you tomorrow,
>>
>> =Drummond
>>
>>
>>
>> On Thu, Oct 19, 2017 at 2:59 AM, Timothy Holborn <
>> timothy.holborn@gmail.com> wrote:
>>
>>> Found a relevent IETF RFC[4] re: trust anchors[2]
>>>
>>> On Thu, 19 Oct 2017 at 18:09 Timothy Holborn <timothy.holborn@gmail.com>
>>> wrote:
>>>
>>>> very quickly.  was looking at the overview[1] and saw the concept "root
>>>> of trust <https://en.wikipedia.org/wiki/Trust_anchor>" which
>>>> hyperlinks to Trust Anchor[2].  I suggest either defining a new wikipedia
>>>> page for the term[3] rather than simply a redirect, or change the term used
>>>> in the spec doc.
>>>>
>>>> more l8r.
>>>>
>>>> Tim.H.
>>>>
>>>> [1] https://w3c-ccg.github.io/did-spec/#overview
>>>> [2] https://en.wikipedia.org/wiki/Trust_anchor
>>>> [3] https://en.wikipedia.org/w/index.php?title=Root_of_
>>>> Trust&action=history
>>>>
>>> [4] https://tools.ietf.org/html/rfc5914
>>>
>>>>
>>>> On Thu, 19 Oct 2017 at 17:49 Timothy Holborn <timothy.holborn@gmail.com>
>>>> wrote:
>>>>
>>>>> On Thu, 19 Oct 2017 at 08:20 Manu Sporny <msporny@digitalbazaar.com>
>>>>> wrote:
>>>>>
>>>>>> On 10/18/2017 01:50 PM, Kim Hamilton Duffy wrote:
>>>>>> > Manu -- what are your thoughts?
>>>>>>
>>>>>> Steven, at this point the only feedback we're looking for is only
>>>>>> technical in nature and even then, based on whether the text reflects
>>>>>> consensus at Rebooting the Web of Trust 5, which you weren't at.
>>>>>>
>>>>>
>>>>> Is this a RWOT spec?
>>>>>
>>>>> If so, it should be marked as such.   This CG can then make one
>>>>> inspired by it, if/as required.
>>>>>
>>>>> Therein, the spec should be moved to the RWOT repo?
>>>>>
>>>>>
>>>>>>
>>>>>> In other words, the spec isn't ready for your kind of valuable
>>>>>> feedback
>>>>>> yet... it would largely be a waste of your time to correct the large
>>>>>> swaths of the spec text that may be confusing for non-implementers
>>>>>> that
>>>>>> are buried in the details right now.
>>>>>>
>>>>>> I expect that we may need your review help in a few months time from
>>>>>> now. As always, thanks for offering and we will certainly take you up
>>>>>> on
>>>>>> it once it becomes a good use of your time.
>>>>>>
>>>>>
>>>>> I'll review and have a look; and am not sure of the specifics, whilst
>>>>> noting important principles herein.
>>>>>
>>>>> IMHO: it's important to be inclusive and the W3 IPR framework is not
>>>>> unintentionally misaligned in some way that is against the spirit of this
>>>>> structure.
>>>>>
>>>>> I  guess.  try not to oversimplify imho.  might end-up with unintended
>>>>> consequences. (technically speaking).
>>>>>
>>>>>
>>>>>> -- manu
>>>>>>
>>>>>> best wishes,
>>>>>
>>>>> tim.
>>>>>
>>>>>
>>>> --
>>>>>> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
>>>>>> Founder/CEO - Digital Bazaar, Inc.
>>>>>> blog: Rebalancing How the Web is Built
>>>>>> http://manu.sporny.org/2016/rebalancing/
>>>>>>
>>>>>> --
> Kim Hamilton Duffy
> CTO & Principal Architect Learning Machine
> Co-chair W3C Credentials Community Group
> 400 Main Street Building E19-732, Cambridge, MA 02139
>
> kim@learningmachine.com | kimhd@mit.edu
> 425-652-0150 <(425)%20652-0150> | LearningMachine.com
>

Received on Wednesday, 25 October 2017 07:01:23 UTC