Re: DID-Auth

On 02/07/2018 04:33 AM, Markus Sabadello wrote:
> For the BCGov project, I feel like a mix of these will be required, 
> looking forward to further discussions during the calls and at RWoT.

Great, thanks for outlining your thinking on this, Markus. What you say
sounds like a good way to frame the work/discussion.

Which then leads to the question -- where are the various pieces of work
happening? My expectation was that the spec work would happen in the CCG
(and then go to W3C, IETF, or OASIS) while the implementation work would
happen at DIF.

Using your list as a basis:

> - Proof of control over a DID on a transport layer -> DID-TLS, 
> CurveCP, CurveZMQ

This feels like IETF.

> - Proof of control over a DID on the HTTP layer -> HTTP-Signatures

Definitely IETF.

> - Proof of control over a DID and proof of possession of a
> credential inside a browser -> Credential Handler API

Definitely W3C.

> - Proof of control over a DID via more complex flows involving 
> browsers, redirects, mobile apps, etc., potentially 
> transport-agnostic -> Some kind of challenge/response pattern using 
> LD-Signatures, see DID-Auth diagrams from RWoT#4

Mix of W3C and OASIS? Feels like a higher-level meta protocol?

Thoughts?

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The State of W3C Web Payments in 2017
http://manu.sporny.org/2017/w3c-web-payments/

Received on Wednesday, 7 February 2018 14:02:18 UTC