W3C home > Mailing lists > Public > public-credentials@w3.org > April 2018

When to use pair-wise unique DIDs vs. just individual unique DIDs

From: Chris Boscolo <chris@boscolo.net>
Date: Sat, 14 Apr 2018 09:46:18 -0700
Message-ID: <CAByYRhbZ8bbwqz47iMZMV-QP54R+N1R7j0TJWsPx_1a0k8eDMw@mail.gmail.com>
To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
First, Adam, thanks for posting the "WebAuthn & DID" presentation that
surfaced the discussion of using pair-wise unique DIDs.  And thank
you, Drummond, for linking to the discussion taking place at Sovrin on the
subject. (https://forum.sovrin.org/t/the-benefit-of-pairwise-dids/628/3)

I decided to pull this one question out into its own thread to get
clarification and to help inform how the WebAuthn protocol might be
modified to support DIDs.

I think the community would benefit if we had a clear understanding of when
pair-wise unique DIDs should be used vs. when a per-user unique DIDs will
suffice.

In the example, where a user is creating a new account on a popular website
it is clear to me that the user will want to use a unique DID for only that
site.  But, I question whether it is a good idea for the website to create
a unique DID to communicate with that one user.  In fact, I wonder if doing
so will open the door to other unintended ways of correlating users with
the site. (When these DIDs are in public ledgers.)

Should these considerations be added to the DID spec?

  -chrisb
Received on Saturday, 14 April 2018 16:46:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:26 UTC