- From: heather vescent <heathervescent@gmail.com>
- Date: Wed, 6 Jun 2018 10:55:14 -0700
- To: Adrian Gropper <agropper@healthurl.com>
- Cc: "Liam R. E. Quin" <liam@w3.org>, christoph@christophdorn.com, W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CA+C6qMxbFZj5cZWn1YOohMrBduCEXF+3FiEHy1boOPBjd4DF2A@mail.gmail.com>
During all this conversation about DIDs and use cases, I keep being reminded of the final comment by Stina of Yubico of the IIW film. (I directed/produced it, so I have much of the content in my brain thanks to long nights of editing.) I very consciously chose this comment to end the documentary. It starts around 9:00: https://vimeo.com/207961532 It kinda perfectly describes what we are doing here. This was released over a year ago, and the interviews happened over two years ago... which goes to show how long we in the community have been hungry for a technological solution. -H On Tue, Jun 5, 2018 at 2:53 PM, Adrian Gropper <agropper@healthurl.com> wrote: > (I'm starting this thread because I'm having a hard time following the > "Focal" DID Use Cases) > > A Decentralized IDentifier (DID) is a self-issued IDENTIFIER that is > globally unique within a governance domain called a Method. A DID is > self-sovereign if it is not tied to any particular institution, > jurisdiction, or federation and if the issuer can substitute or choose > among multiple Methods of governance without loss of control of the DID. An > IPFS address is an example of a DID. > > To be practical, a DID associates three essential components: > (i) Zero or more public keys to be used for authentication, digital > signatures, etc... > (ii) Zero or more service endpoints to receive messages or issue access > authorization tokens. > (iii) Zero or more public claims. > > A DID that has neither public keys or service endpoints is merely a > persistent tag with some public claims and with the potential to add public > keys or service endpoints at some point in the future. From a privacy > perspective, it is safe to assume that the public claims will be cataloged > by others and will persist, along with the tag, forever. > > DIDs are de-duplicated (unique) within their Method. They are not a > de-duplicated IDENTITY. A DID can be associated with a de-duplicated > identity at any time just as it can be associated with any other claim or > credential. > > As defined above, the privacy footprint of a DID is negligible. > Self-issuance means that they can be issued at negligible cost. Public keys > can also be self-issued at negligible cost. Service endpoints can be > self-issued to some extent (e.g. .onion and ?maybe? IPv6 addresses) Because > service endpoints are routable, they do have some privacy footprint and > this should be considered as part of any use-case. > > Adrian > > > > > > On Tue, Jun 5, 2018 at 5:13 PM, Liam R. E. Quin <liam@w3.org> wrote: > >> On Tue, 2018-06-05 at 17:57 +0000, Christoph Dorn wrote: >> > I have serious concerns that DIDs will be used to bring online, in a >> > central/correlating fashion, what was in the past spread around many >> > parties which by law or inconvenience could not correlate/share >> > information. >> >> These are valid concerns and i'm glad that you are raising them. >> >> A possible mitigation is that an individual can choose to have multiple >> sets of identifiers and multiple third-party repositories as well as >> self-held identifiers. The same applies to Verifiable Credentials. >> >> > I find that this group is skewed towards technology for government >> > and big business (understandably so since it is a W3C group) >> >> One of the unusual aspects of W3C is that individuals can have as loud >> a voice in most respects as governments and large companies. >> >> > I have decided not to contribute individual-empowering use-cases as >> > I >> > think the problem does not lie with DIDs but how they are leveraged >> > by >> > authorities and corporations which is completely out of our hands. I >> > feel like this group is the wrong venue to discuss the layers of >> > abstraction that need to be built on top of DIDs to realize self >> > sovereign identity as it is not purely a technical problem. I don't >> > know if there is a venue for such discussions and if such a venue >> > can >> > actually effectively affect anything. >> >> I think you *should*, if you are willing, contribute them. >> >> We don't do enough at W3C to discuss, think about, encourage discussion >> of wider implications of the technologies we crare, nor contextualize >> them socially. That we could do more doesn't mean we should do nothing. >> >> Liam >> >> -- >> Liam Quin, W3C, http://www.w3.org/People/Quin/ >> Staff contact for Verifiable Claims WG, SVG WG, XQuery WG >> Improving Web Advertising: https://www.w3.org/community/web-adv/ >> Personal: Web-slave for https://www.FromOldBooks.Org/ >> >> > > > -- > > Adrian Gropper MD > > PROTECT YOUR FUTURE - RESTORE Health Privacy! > HELP us fight for the right to control personal health data. > DONATE: https://patientprivacyrights.org/donate-3/ > -- Heather Vescent <http://www.heathervescent.com/> The Purple Tornado, Inc ~ The Future in Present Tense ~ @heathervescent <https://twitter.com/heathervescent> | Film Futures <https://vimeo.com/heathervescent> | Medium <https://medium.com/@heathervescent/> | LinkedIn <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates <https://app.convertkit.com/landing_pages/325779/>
Received on Wednesday, 6 June 2018 17:56:04 UTC