Re: DID-Auth from Brett McDowell on 2018-03-05 (public-credentials@w3.org from March 2018)

From: Brett McDowell <brett@fidoalliance.org>
Date: Mon, 5 Mar 2018 10:06:43 -0500
To: Markus Sabadello <markus@danubetech.com>
Cc: Credentials Community Group <public-credentials@w3.org>
Message-ID: <CAHo-YTkFNEoef6fAajCWEWm9_WBG-OScMMmQqJDdhcT=fTF-Mg@mail.gmail.com>

Is anyone here also participating in the W3C Web Authentication Working
Group <https://www.w3.org/blog/webauthn/>?  The work they are doing seems
to fit DID-Auth use cases.  I can try to recruit someone from that effort
to come help this group if we don't already have that expertise engaged.  A
full understanding of Webauthn/fido2 should make progress against the
following next step pretty easy:


*DID Auth work should focus on the following:*


   - *Agree on scope of DID Auth.*
      - *Agree on supported formats for challenges and responses.*
      -
*Agree on supported protocols and flows. *


Brett McDowell, Executive Director, FIDO Alliance
<https://fidoalliance.org/> | +1 (413) 404-5593

On Sat, Mar 3, 2018 at 10:31 AM, Markus Sabadello <markus@danubetech.com>
wrote:

> Just a quick note on the DID Auth topic, I submitted a RWoT#6 topic
> paper that summarizes the many different ideas, data formats, flows,
> etc. I've seen in relation to "DID Auth".
>
> https://github.com/WebOfTrustInfo/rebooting-the-
> web-of-trust-spring2018/blob/master/topics-and-advance-
> readings/DID%20Auth:%20Scope,%20Formats,%20and%20Protocols.md
>
> (Sorry for doing this so late, maybe it can serve as an outline for
> discussions next week).
>
> Markus
>
> On 02/06/2018 04:06 PM, Manu Sporny wrote:
> > On 02/06/2018 08:20 AM, Markus Sabadello wrote:
> >> But I wanted to quickly report that I was selected for this BCGov
> >> opportunity to design and implement a DID authentication (DID-Auth)
> >> and authorization mechanism across 4 concrete scenarios:
> > Congratulations, Markus! That's great news!
> >
> >> I would love this group's input on how to approach this in a way that
> >> is re-usable and complementary with other community efforts.
> > ... and thank you for seeking input from the community in an attempt to
> > align what you create with what we're doing.
> >
> >> I am aware there is already a lot of existing work from RWoT and
> >> other sources on DID/TLS, HTTP Signatures, Credentials Browser API,
> >> etc. that can be used.
> > Yes, let's please re-use all the work that has been done to date. For
> > example, HTTP Signatures were designed to be compatible with DID-based
> > authentication since we introduced the spec way back in 2013.
> >
> > A tremendous amount of work has gone into the Credential Handler demo in
> > order to align it with browser initiatives from Google Chrome and others:
> >
> > https://credential-repository.demo.digitalbazaar.com/
> >
> > I'm concerned that deviating greatly from these directions will result
> > in derailing some of this work... or at least, if anyone plans to
> > deviate, please understand why the designs are as they are today and
> > make sure you're deviating for a very good reason.
> >
> > That said... this is all great news Markus! Looking forward to
> > discussing it during the calls.
> >
> > -- manu
> >
>
>
>
>

Received on Monday, 5 March 2018 15:11:51 UTC