- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Wed, 7 Feb 2018 09:01:50 -0500
- To: public-credentials@w3.org
On 02/07/2018 04:33 AM, Markus Sabadello wrote: > For the BCGov project, I feel like a mix of these will be required, > looking forward to further discussions during the calls and at RWoT. Great, thanks for outlining your thinking on this, Markus. What you say sounds like a good way to frame the work/discussion. Which then leads to the question -- where are the various pieces of work happening? My expectation was that the spec work would happen in the CCG (and then go to W3C, IETF, or OASIS) while the implementation work would happen at DIF. Using your list as a basis: > - Proof of control over a DID on a transport layer -> DID-TLS, > CurveCP, CurveZMQ This feels like IETF. > - Proof of control over a DID on the HTTP layer -> HTTP-Signatures Definitely IETF. > - Proof of control over a DID and proof of possession of a > credential inside a browser -> Credential Handler API Definitely W3C. > - Proof of control over a DID via more complex flows involving > browsers, redirects, mobile apps, etc., potentially > transport-agnostic -> Some kind of challenge/response pattern using > LD-Signatures, see DID-Auth diagrams from RWoT#4 Mix of W3C and OASIS? Feels like a higher-level meta protocol? Thoughts? -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: The State of W3C Web Payments in 2017 http://manu.sporny.org/2017/w3c-web-payments/
Received on Wednesday, 7 February 2018 14:02:18 UTC