- From: =Drummond Reed <drummond.reed@evernym.com>
- Date: Sun, 15 Apr 2018 19:41:52 -0700
- To: Carlos Bruguera <carlos@selfkey.org>
- Cc: Chris Boscolo <chris@boscolo.net>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CAAjunnZE+ZVnd6E_tGWzERG72EDK+FYpmrM7Ggh_uw6RFimDDw@mail.gmail.com>
On Sun, Apr 15, 2018 at 3:50 AM, Carlos Bruguera <carlos@selfkey.org> wrote: > Hey Drummond, > > The approach of "private" pairwise DID seems totally reasonable as it fits > the very purpose of pairwise identifiers which is (in my understanding) to > establish a *private* channel for authentication and authenticated > comunication between entities. Also, leaving the ledger for the data that > is making purposedly public works not only as an anti-spam measure on the > ledger but also solves multiple privacy and anonymity issues. > Agreed. > > I'm guessing this approach can also be used in cases where correlativity > is desired or at least tolerated (by using the same DID or "facet" for > authenticating to multiple (possibly related) services, even if generated > locally and exchanged privately)?... > Yes. From my POV, DIDs can support any degree of pseudonymity or veronymity as desired by the publisher of the DID. Pairwise pseudonymous DIDs on a microledger are one end of the spectrum; fully public DIDs on a public ledger are another, and you can also establish any degree in between. Note that it's also possible to have pseudonymous DIDs—even pairwise—on a public ledger; my previous post just explained why it wasn't necessary to do that. > On a different line, is there any level of "anchoring" for these "private > DIDs" against the public ledger? Or it's not necessary at all? > Yes, there are cases where you might want to do this. The one we've discussed most in the Sovrin community is the need for the parties to a pairwise pseudonymous DID to use a public ledger to establish a "dead-drop <https://en.wikipedia.org/wiki/Dead_drop>" in case both parties happened to move agents/agencies at the same time and lost their connection. However that's an edge case, and as long as both parties agree beforehand how the dead-drop will be established, there is no need to do actually create it unless/until they become disconnected. =D > > > On Sun, Apr 15, 2018 at 9:38 AM, =Drummond Reed <drummond.reed@evernym.com > > wrote: > >> On Sat, Apr 14, 2018 at 9:46 AM, Chris Boscolo <chris@boscolo.net> wrote: >> >>> First, Adam, thanks for posting the "WebAuthn & DID" presentation that >>> surfaced the discussion of using pair-wise unique DIDs. And thank >>> you, Drummond, for linking to the discussion taking place at Sovrin on the >>> subject. (https://forum.sovrin.org/t/the-benefit-of-pairwise-dids/628/3) >>> >>> >>> I decided to pull this one question out into its own thread to get >>> clarification and to help inform how the WebAuthn protocol might be >>> modified to support DIDs. >>> >>> I think the community would benefit if we had a clear understanding of >>> when pair-wise unique DIDs should be used vs. when a per-user unique DIDs >>> will suffice. >>> >>> In the example, where a user is creating a new account on a popular >>> website it is clear to me that the user will want to use a unique DID for >>> only that site. But, I question whether it is a good idea for the website >>> to create a unique DID to communicate with that one user. In fact, I >>> wonder if doing so will open the door to other unintended ways of >>> correlating users with the site. (When these DIDs are in public ledgers.) >>> >> >> Chris, I just wanted to point out why your final parenthetical is >> important to this discussion. In Sovrin architecture, pairwise >> pseudonymous DIDs *are not written to the public ledger*. >> >> It's true that a year ago, even as we started to use pairwise >> pseudonymous DIDs, we assumed they were all being written to the Sovrin >> public ledger because: a) they did not provide any correlate-able data, and >> b) we didn't have an alternative. >> >> We subsequently realized that, since the whole point of pairwise >> pseudonymous DIDs is that they are only needed by the two parties >> involved—and that each can maintain a copy of the other's DID >> document—there was no reason to write them to a public ledger. Rather the >> two parties could maintain them on their own private microledger. >> >> This has several significant advantages: >> >> 1. It is even better from a privacy perspective since neither the >> pairwise pseudonymous DIDs nor their DID documents needed to be public. >> 2. It is wonderful from a scalability perspective since >> the microledgers add almost no load to the public ledger. >> 3. It means the Sovrin public ledger can be optimized for public DIDs >> and other SSI infrastructure data that needs to be fully public and widely >> shared. >> >> Should these considerations be added to the DID spec? >>> >> >> That's a very good question. I don't think the DID spec (or any other >> spec) should be weighed down with lots of implementation guidelines and >> advice, but we should probably mention the basic option that DIDs can be >> registered on public ledgers, private ledgers, or microledgers. >> >> What do you think? >> >> >
Received on Monday, 16 April 2018 02:42:26 UTC