Ideas about DID explanation from Andrew Hughes on 2018-12-04 (public-credentials@w3.org from December 2018)

From: Andrew Hughes <andrewhughes3000@gmail.com>
Date: Tue, 4 Dec 2018 13:18:55 -0800
To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAGJp9UanZR+WEHe3Nb_P7HddFFbrJ4YJ6GgQoVhVSV=EWXPeXQ@mail.gmail.com>

Looking back on my prior notes about how to explain decentralized
identifiers, and why they are significantly different than existing
identifier schemes, I've come up with a list. This is what I noted while
you were all discussing the topic on the credentials community group calls
- I just collected it all up.

Please let me know if these points are correct and add value - if yes, then
I suggest that we should include similar bullets in the DID Explainer.

A Decentralized Identifier:
1) is a Uniform Resource Identifier (an identifier that identifies an
abstract or physical resource)
2) is a Uniform Resource Name (a URI that is intended to persistently
identify a resource, in this case the Subject)
3) may be a self-issued identifier
4) cannot be 'cancelled' by an authority
5) includes the associated DID Document, which may contain material used to
authenticate the DID, the DID Document, and the DID 'owner/controller'

a) DID authentication may use cryptographic proofs to demonstrate which
entity is the 'owner/controller'.
b) When cryptographic proofs for DID authentication are used, this enables
special properties associated with zero knowledge proofs such as selective
disclosure, <<what is this list?>>
c) Authentication mechanisms, keying material, service endpoints, etc.
specified in the DID Document can be managed without requiring the DID
value to change.
d) The ability to manage keying material without disturbing the DID value
enables key rotation and key recovery mechanisms
e) The registry of DID Methods accepts all valid DID Method Schemes,
therefore the DID namespace may be extended to cover existing and
previously-unknown identifier schemes or technologies.

A DID also
i) may be a Uniform Resource Locator if it is resolved to locate a resource
on the Web.
ii) can be directly used, referenced and resolved in any DLT by writing a
new DID method

Each of the lists kinda speaks to a slightly different audience to address
their concerns and questions. The implications of each bullet could also be
expanded if needed (e.g WHY is it significant that a DID cannot be
cancelled by an authority?, etc)

What do you think? Is this close?
It assumes that the reader is familiar with namespace characteristics,
namespace management, key management, resolvers. And generally,
issues/strengths with them. Which probably describes our current target
audience. If the 'cryptographic' bullets are enhanced then it can also
speak to 'crypto-people'.

Thanks to Markus for helping refine this but, of course, any
misunderstandings or errors are all mine.
andrew.

*Andrew Hughes *CISM CISSP
*In Turn Information Management Consulting*

o  +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road, Victoria, BC V8P 2H8
AndrewHughes3000@gmail.com
*https://www.linkedin.com/in/andrew-hughes-682058a
<https://www.linkedin.com/in/andrew-hughes-682058a>*
*Digital Identity | International Standards | Information Security *

Received on Tuesday, 4 December 2018 21:19:30 UTC