- From: =Drummond Reed <drummond.reed@evernym.com>
- Date: Mon, 16 Apr 2018 01:14:50 -0700
- To: Chris Boscolo <chris@boscolo.net>
- Cc: Carlos Bruguera <carlos@selfkey.org>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CAAjunnYGWQrDOmo1bXmDP1KCkXYw6nVf8hJkrTW3TwK_TjvGHQ@mail.gmail.com>
[sorry—caught a typo that could be very confusing—see correction in red below] On Sun, Apr 15, 2018 at 7:50 PM, =Drummond Reed <drummond.reed@evernym.com> wrote: > On Sun, Apr 15, 2018 at 9:42 AM, Chris Boscolo <chris@boscolo.net> wrote: > >> Drummond, >> I must admit, this answer caught me by surprise... >> >> How is what you are describing any different than our current federated >> ID nightmare? >> > > Chris, I must have mis-communicated something. Keep reading. > > >> >> In the age of the Internet and hackers being mostly smarter than those >> building infrastructure, the term "private" is meaningless. >> "Private" just means hidden from the public until at some point in the >> future it is no longer hidden. >> > > Yes, of course, the "privacy" of a microledger is not just that it's *not* > a public ledger. The DIDs and DID documents on a microledger should still > be as privacy-protecting as they would be on a public ledger, i.e., they > shouldn't leak any information about the identity owner or relationship. > They just are not publicly searchable or viewable. > > > >> >> Furthermore, I thought the whole point of the DID approach is that the >> DID owner can update the DDO if, for example, they want to update the >> keys. How would this work if as you say "and that each can maintain a copy >> of the other's DID document". >> > > That may have been the phrase that tripped you up. The "copy" of the > shared DID document on the microledger is just like the "copy" maintained > by all the nodes on a distributed public ledger. In other words, only > the identity owner has the ability (or can delegate the ability) to make > any chances to the DID document. > > To be clear, if Alice maintains a microledger with Bob, then Bob's node on > the microledger has a copy of the pairwise pseudonymous DID and DID > document that Alice has created for Bob, and Alice's node has a copy of the > pairwise pseudonymous DID and DID document that Bob has created for Alice. > Since both DID documents contain the service endpoints for their respective > agents, the two agents are the only "nodes" that need to keep > the microledger in sync (i.e., "consensus" is pretty easy). But it's still > an actual ledger, i.e., all transactions are signed, hashed together into a > chain, and replicated to all nodes. > > > >> Looks like I either need to re-evaluate my support for this approach or >> hopefully some can help clarify this a bit more. >> > > Hopefully I've done that; let me know if it's still not clear. > > =D > >> >> -chrisb >> >> >> On Sun, Apr 15, 2018 at 3:50 AM, Carlos Bruguera <carlos@selfkey.org> >> wrote: >> >>> Hey Drummond, >>> >>> The approach of "private" pairwise DID seems totally reasonable as it >>> fits the very purpose of pairwise identifiers which is (in my >>> understanding) to establish a *private* channel for authentication and >>> authenticated comunication between entities. Also, leaving the ledger for >>> the data that is making purposedly public works not only as an anti-spam >>> measure on the ledger but also solves multiple privacy and anonymity issues. >>> >>> I'm guessing this approach can also be used in cases where correlativity >>> is desired or at least tolerated (by using the same DID or "facet" for >>> authenticating to multiple (possibly related) services, even if generated >>> locally and exchanged privately)?... On a different line, is there any >>> level of "anchoring" for these "private DIDs" against the public ledger? Or >>> it's not necessary at all? >>> >>> >>> On Sun, Apr 15, 2018 at 9:38 AM, =Drummond Reed < >>> drummond.reed@evernym.com> wrote: >>> >>>> On Sat, Apr 14, 2018 at 9:46 AM, Chris Boscolo <chris@boscolo.net> >>>> wrote: >>>> >>>>> First, Adam, thanks for posting the "WebAuthn & DID" presentation that >>>>> surfaced the discussion of using pair-wise unique DIDs. And thank >>>>> you, Drummond, for linking to the discussion taking place at Sovrin on the >>>>> subject. (https://forum.sovrin.org/t/the-benefit-of-pairwise-dids/628 >>>>> /3) >>>>> >>>>> I decided to pull this one question out into its own thread to get >>>>> clarification and to help inform how the WebAuthn protocol might be >>>>> modified to support DIDs. >>>>> >>>>> I think the community would benefit if we had a clear understanding of >>>>> when pair-wise unique DIDs should be used vs. when a per-user unique DIDs >>>>> will suffice. >>>>> >>>>> In the example, where a user is creating a new account on a popular >>>>> website it is clear to me that the user will want to use a unique DID for >>>>> only that site. But, I question whether it is a good idea for the website >>>>> to create a unique DID to communicate with that one user. In fact, I >>>>> wonder if doing so will open the door to other unintended ways of >>>>> correlating users with the site. (When these DIDs are in public ledgers.) >>>>> >>>> >>>> Chris, I just wanted to point out why your final parenthetical is >>>> important to this discussion. In Sovrin architecture, pairwise >>>> pseudonymous DIDs *are not written to the public ledger*. >>>> >>>> It's true that a year ago, even as we started to use pairwise >>>> pseudonymous DIDs, we assumed they were all being written to the Sovrin >>>> public ledger because: a) they did not provide any correlate-able data, and >>>> b) we didn't have an alternative. >>>> >>>> We subsequently realized that, since the whole point of pairwise >>>> pseudonymous DIDs is that they are only needed by the two parties >>>> involved—and that each can maintain a copy of the other's DID >>>> document—there was no reason to write them to a public ledger. Rather the >>>> two parties could maintain them on their own private microledger. >>>> >>>> This has several significant advantages: >>>> >>>> 1. It is even better from a privacy perspective since neither the >>>> pairwise pseudonymous DIDs nor their DID documents needed to be public. >>>> 2. It is wonderful from a scalability perspective since >>>> the microledgers add almost no load to the public ledger. >>>> 3. It means the Sovrin public ledger can be optimized for public >>>> DIDs and other SSI infrastructure data that needs to be fully public and >>>> widely shared. >>>> >>>> Should these considerations be added to the DID spec? >>>>> >>>> >>>> That's a very good question. I don't think the DID spec (or any other >>>> spec) should be weighed down with lots of implementation guidelines and >>>> advice, but we should probably mention the basic option that DIDs can be >>>> registered on public ledgers, private ledgers, or microledgers. >>>> >>>> What do you think? >>>> >>>> >>> >> >
Received on Monday, 16 April 2018 08:15:23 UTC