- From: Bohdan Andriyiv <bohdan.andriyiv@validbook.org>
- Date: Wed, 6 Jun 2018 15:23:10 +0300
- To: "Liam R. E. Quin" <liam@w3.org>
- Cc: christoph@christophdorn.com, public-credentials@w3.org
- Message-ID: <CALqw9pUXbxKEQRb01_-2ZckWZpdSBQGX6XxmVqXh5fUpmJKhLA@mail.gmail.com>
Christoph, I'm very glad you are raising these concerns. I'd like to address them as IMO they are a bit too pessimistic, but most importantly, they allow me to show the importance and timeliness of Validbook idea. > I think DIDs are great and a necessary step for the plumbing of a new node-based network. Using DIDs to represent personal identities is inevitable. Claiming that these identities can be self sovereign (whatever that means: there is no common understanding) is a huge stretch. I do not think it is a huge stretch. In simple words self-sovereignty is about giving more control and more privacy to the end user. In practice it means your identity cannot be deleted, your data cannot be altered and no one can view your data without your permission. In more technically practical terms - self-sovereignty means ubiquitous end-to-end encryption and digital signatures. > I have serious concerns that DIDs will be used to bring online, in a central/correlating fashion, what was in the past spread around many parties which by law or inconvenience could not correlate/share information. I think the pairwise-pseudonymous DIDs are the good answer to this concern [1]. Also, ZK-proofs addresses this concern - although I am not sure if it was proved they can be implemented in practice so far. > I have serious concerns that self sovereign identity will turn into a mechanism that simply replaces physical filing folders that hold a person's documents issued by governments and corporations. Self-sovereign identity (in other words implementation of DID and VC standards) will make it easier for individual to interact with organizations, but it will not be reduced to pure functional thing. It will make more evident that governments and corporations are service providers to the individual; at the service of individual, not vice versa. > The use-case discussion thus far confirms my concerns as the focus is primarily on digitizing existing relationships between authorities and individuals. > > I find that this group is skewed towards technology for government and big business (understandably so since it is a W3C group) and that seems to be counter to what DID based identity (especially self sovereign) is envisioned to achieve. As far as I understand it, VC spec is mainly about creating universal standard for documents with digital signatures. DID spec is mainly about answering what that digital signatures mean - "who signed the documents". As documents are related to business activities and regulation this is natural that business and government use cases are among the first discussed. These are the real world use cases. I think this is a good thing. In the same time, consumer facing use cases get a lot of attention as well - see use cases about privacy in health care space and Validbook use case. > I have decided not to contribute individual-empowering use-cases as I think the problem does not lie with DIDs but how they are leveraged by authorities and corporations which is completely out of our hands. ... > My point is that no matter how much you want DIDs to do something it will be driven by one or two leading implementations and everyone will have little choice but to follow these while chasing all the typical low hanging fruit opportunities of what can be done with DIDs. Only much later will there be the energy to transcend the DID layer to start addressing a truly sovereign model of identity. I think there is no need to be too pessimistic. The progress moves faster and faster [they say - singularity is coming;)]. You might be interested to look into Validbook idea. IMO it shows *a practical* way to the wide spread adoption of "a truly sovereign model of identity". > I thus encourage this group to keep a minimal practical and technical focus and leave idealistic and sensational claims of what DIDs can do to other groups that leverage DIDs together with other concepts, professions and law to actually realize what I think we all envision in terms of self sovereign identity. I would not discourage "idealistic and sensational claims", provided these claims are rooted into reality and sound logic. They show possibilities and make discussions interesting for many. Pure technical stuff is great and it is a foundation for everything else - but it is hard to engage with, if you do not understand why it is made. I would encourage to have more discussions on the middle level, that ties "big picture" and low-level technical layers - more functional approach with UI mock-ups. > How the work of this group will be leveraged commercially and by governments cannot be controlled or influenced by this group. > The only thing this group can do is to ensure that the technology *can be leveraged* by centralizing forces *as well as* decentralizing forces. The way I see it that is precisely the responsibility that this group finds itself with at this time. As far as I understood a large part this group consists of representatives from government and commercial organizations, therefore they can influence how these specifications are implemented. Most importantly and what I am leading to – there is a Validbook idea. IMO implementation of it or something very similar to it is inevitable. Cristoph and everyone who wishes to have an impact on how DID and VC specs are going to be leveraged by governments and organizations, I encourage you to look closer at it. Validbook idea has all of the chances to be one of those "one or two leading implementations ... everyone will have little choice but to follow" and here it is - right from the beginning open to be driven, shaped and checked by the community. The current state of Validbook dev implementation and "Proposal to Cooperate" paper is a quite raw, but I ask you to look through it and see the idea and the future behind it. I am open to any critique of the idea in public and private discussions. https://lists.w3.org/Archives/Public/public-credentials/2018May/0024.html http://futurama1x.validbook.org/ -- Bohdan Andriyiv [1] - https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/12fe5a6d2874b177cf437f904e8a09b788abf664/topics-and-advance-readings/did-primer.md#dids-and-privacy-by-design On Wed, Jun 6, 2018 at 12:13 AM, Liam R. E. Quin <liam@w3.org> wrote: > On Tue, 2018-06-05 at 17:57 +0000, Christoph Dorn wrote: > > I have serious concerns that DIDs will be used to bring online, in a > > central/correlating fashion, what was in the past spread around many > > parties which by law or inconvenience could not correlate/share > > information. > > These are valid concerns and i'm glad that you are raising them. > > A possible mitigation is that an individual can choose to have multiple > sets of identifiers and multiple third-party repositories as well as > self-held identifiers. The same applies to Verifiable Credentials. > > > I find that this group is skewed towards technology for government > > and big business (understandably so since it is a W3C group) > > One of the unusual aspects of W3C is that individuals can have as loud > a voice in most respects as governments and large companies. > > > I have decided not to contribute individual-empowering use-cases as > > I > > think the problem does not lie with DIDs but how they are leveraged > > by > > authorities and corporations which is completely out of our hands. I > > feel like this group is the wrong venue to discuss the layers of > > abstraction that need to be built on top of DIDs to realize self > > sovereign identity as it is not purely a technical problem. I don't > > know if there is a venue for such discussions and if such a venue > > can > > actually effectively affect anything. > > I think you *should*, if you are willing, contribute them. > > We don't do enough at W3C to discuss, think about, encourage discussion > of wider implications of the technologies we crare, nor contextualize > them socially. That we could do more doesn't mean we should do nothing. > > Liam > > -- > Liam Quin, W3C, http://www.w3.org/People/Quin/ > Staff contact for Verifiable Claims WG, SVG WG, XQuery WG > Improving Web Advertising: https://www.w3.org/community/web-adv/ > Personal: Web-slave for https://www.FromOldBooks.Org/ > >
Received on Wednesday, 6 June 2018 12:23:37 UTC