Re: DID-Auth from Markus Sabadello on 2018-02-07 (public-credentials@w3.org from February 2018)

From: Markus Sabadello <markus@danubetech.com>
Date: Wed, 7 Feb 2018 15:58:33 +0100
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <d0d6f28c-137f-f542-55e3-0ce2ecea879a@danubetech.com>

Here's some work on DID-TLS that Evernym did last year, it's probably
not fully up-to-date:
https://docs.google.com/document/d/1-aPY1eeHdR_TnF7_WpEs58RZ_jNdDeptVrNEu3groFc/

Melvin, since you have a lot of experience with WebID, your ideas on
this would be interesting too!

Markus

On 02/07/2018 03:04 PM, Melvin Carvalho wrote:
>
>
> On 7 February 2018 at 10:33, Markus Sabadello <markus@danubetech.com
> <mailto:markus@danubetech.com>> wrote:
>
>     I think it was mostly Kyle Den Hartog (who attended RWoT#5) with
>     some input from others who used that Google doc for brainstorming
>     on DID-Auth, and yes we've had some discussions on this during the
>     DIF calls.
>
>     Thanks for your feedback and adding some pointers, +1 to re-using
>     what's already there.
>
>     Personally, think the term DID-Auth has been used quite a bit but
>     is currently not really well-defined.
>     It could be understood as an umbrella term for "proving control
>     over a DID", and perhaps also more broadly as "proving something
>     else such as possession of a credential".
>
>     This high-level concept of DID-Auth can manifest itself in various
>     ways:
>
>     - /Proof of control over a DID on a transport layer/ -> DID-TLS,
>     CurveCP, CurveZMQ
>
>
>
> DID-TLS sounds very interesting -- can I read more about it?
>  
>
>     - /Proof of control over a DID on the HTTP layer/ -> HTTP-Signatures
>
>     - /Proof of control over a DID and proof of possession of a
>     credential inside a browser/ -> Credential Handler API
>
>     - /Proof of control over a DID via more complex flows involving
>     browsers, redirects, mobile apps, etc., potentially
>     transport-agnostic/ -> Some kind of challenge/response pattern
>     using LD-Signatures, see DID-Auth diagrams from RWoT#4
>
>     For the BCGov project, I feel like a mix of these will be
>     required, looking forward to further discussions during the calls
>     and at RWoT.
>
>     Markus
>
>     On 02/06/2018 05:03 PM, Manu Sporny wrote:
>>     On 02/06/2018 08:20 AM, Markus Sabadello wrote:
>>>     I would love this group's input on how to approach this in a way that
>>>     is re-usable and complementary with other community efforts.
>>     Hmm, just found this in the link you sent, Markus:
>>
>>     https://docs.google.com/document/d/1Lt0uMvSuv094Bb-5XvVKNqNFEDrlWm3acy1O5-vVZu4/edit#
>>     <https://docs.google.com/document/d/1Lt0uMvSuv094Bb-5XvVKNqNFEDrlWm3acy1O5-vVZu4/edit#>
>>
>>     Feels like DIF is duplicating work that is also being done in this CG.
>>     We should talk about making sure we're not duplicating effort when we
>>     discuss this in the CG.
>>
>>     -- manu
>>
>
>

Received on Wednesday, 7 February 2018 14:59:32 UTC