- From: Chris Boscolo <chris@boscolo.net>
- Date: Sat, 14 Apr 2018 09:46:18 -0700
- To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Received on Saturday, 14 April 2018 16:46:52 UTC
First, Adam, thanks for posting the "WebAuthn & DID" presentation that surfaced the discussion of using pair-wise unique DIDs. And thank you, Drummond, for linking to the discussion taking place at Sovrin on the subject. (https://forum.sovrin.org/t/the-benefit-of-pairwise-dids/628/3) I decided to pull this one question out into its own thread to get clarification and to help inform how the WebAuthn protocol might be modified to support DIDs. I think the community would benefit if we had a clear understanding of when pair-wise unique DIDs should be used vs. when a per-user unique DIDs will suffice. In the example, where a user is creating a new account on a popular website it is clear to me that the user will want to use a unique DID for only that site. But, I question whether it is a good idea for the website to create a unique DID to communicate with that one user. In fact, I wonder if doing so will open the door to other unintended ways of correlating users with the site. (When these DIDs are in public ledgers.) Should these considerations be added to the DID spec? -chrisb
Received on Saturday, 14 April 2018 16:46:52 UTC