W3C home > Mailing lists > Public > public-credentials@w3.org > March 2018

Re: DID-Auth

From: Dmitri Zagidulin <dzagidulin@gmail.com>
Date: Wed, 7 Mar 2018 19:26:25 -0500
Message-ID: <CANnQ-L4rragOSyC6+oyXV5eGZaC1R_B-ze9TGh7LKe-NWP9yqw@mail.gmail.com>
To: Brett McDowell <brett@fidoalliance.org>
Cc: Markus Sabadello <markus@danubetech.com>, Credentials Community Group <public-credentials@w3.org>
Hi Brett,

I participate in the Web Authentication WG (mostly in listen-only
capacity), and from everything I've been able to understand, the spec is
tantalizingly to what we're trying to do with DID-Auth, except that you
don't get access to the keys to perform signatures or verify them (you just
have the challenge-response API to work with). I'll re-read the latest
spec, and see if I can explain in more detail.

On Mon, Mar 5, 2018 at 10:06 AM, Brett McDowell <brett@fidoalliance.org>
wrote:

> Is anyone here also participating in the W3C Web Authentication Working
> Group <https://www.w3.org/blog/webauthn/>?  The work they are doing seems
> to fit DID-Auth use cases.  I can try to recruit someone from that effort
> to come help this group if we don't already have that expertise engaged.  A
> full understanding of Webauthn/fido2 should make progress against the
> following next step pretty easy:
>
>
> *DID Auth work should focus on the following:*
>
>
>    - *Agree on scope of DID Auth.*
>       - *Agree on supported formats for challenges and responses.*
>       -
> *Agree on supported protocols and flows. *
>
>
> Brett McDowell, Executive Director, FIDO Alliance
> <https://fidoalliance.org/> | +1 (413) 404-5593 <(413)%20404-5593>
>
> On Sat, Mar 3, 2018 at 10:31 AM, Markus Sabadello <markus@danubetech.com>
> wrote:
>
>> Just a quick note on the DID Auth topic, I submitted a RWoT#6 topic
>> paper that summarizes the many different ideas, data formats, flows,
>> etc. I've seen in relation to "DID Auth".
>>
>> https://github.com/WebOfTrustInfo/rebooting-the-web-of-
>> trust-spring2018/blob/master/topics-and-advance-readings/
>> DID%20Auth:%20Scope,%20Formats,%20and%20Protocols.md
>>
>> (Sorry for doing this so late, maybe it can serve as an outline for
>> discussions next week).
>>
>> Markus
>>
>> On 02/06/2018 04:06 PM, Manu Sporny wrote:
>> > On 02/06/2018 08:20 AM, Markus Sabadello wrote:
>> >> But I wanted to quickly report that I was selected for this BCGov
>> >> opportunity to design and implement a DID authentication (DID-Auth)
>> >> and authorization mechanism across 4 concrete scenarios:
>> > Congratulations, Markus! That's great news!
>> >
>> >> I would love this group's input on how to approach this in a way that
>> >> is re-usable and complementary with other community efforts.
>> > ... and thank you for seeking input from the community in an attempt to
>> > align what you create with what we're doing.
>> >
>> >> I am aware there is already a lot of existing work from RWoT and
>> >> other sources on DID/TLS, HTTP Signatures, Credentials Browser API,
>> >> etc. that can be used.
>> > Yes, let's please re-use all the work that has been done to date. For
>> > example, HTTP Signatures were designed to be compatible with DID-based
>> > authentication since we introduced the spec way back in 2013.
>> >
>> > A tremendous amount of work has gone into the Credential Handler demo in
>> > order to align it with browser initiatives from Google Chrome and
>> others:
>> >
>> > https://credential-repository.demo.digitalbazaar.com/
>> >
>> > I'm concerned that deviating greatly from these directions will result
>> > in derailing some of this work... or at least, if anyone plans to
>> > deviate, please understand why the designs are as they are today and
>> > make sure you're deviating for a very good reason.
>> >
>> > That said... this is all great news Markus! Looking forward to
>> > discussing it during the calls.
>> >
>> > -- manu
>> >
>>
>>
>>
>>
>
Received on Thursday, 8 March 2018 00:27:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:25 UTC