W3C home > Mailing lists > Public > public-credentials@w3.org > March 2018

Re: DIDs, DID Auth & Browser Cookies

From: =Drummond Reed <drummond.reed@evernym.com>
Date: Tue, 20 Mar 2018 21:38:25 -0700
Message-ID: <CAAjunnZjh_A6a4U+XcorrBBy+iBkXgM--JkmqRtLt4cw_bzX_g@mail.gmail.com>
To: "Jordan, John CITZ:EX" <John.Jordan@gov.bc.ca>
Cc: Dennis Yurkevich <dennis@mediaiqdigital.com>, "public-credentials@w3.org" <public-credentials@w3.org>
+1 to John's reply. DIDs essentially inverse the traditional cookie
relationship, i.e., rather than a site handing you a cookie (over which you
have no control other than to delete it), you hand the site a DID. Because
you control the private key, you can always prove control of that DID. You
can even rotate the public/private key pair associated with the DID and
still prove control.

That's why they are sea change in both identification and authentication
(and, in conjunction with verifiable credentials, in authorization as well).

=D

On Tue, Mar 20, 2018 at 5:08 AM, Jordan, John CITZ:EX <John.Jordan@gov.bc.ca
> wrote:

> Hi Dennis
>
> There are deeper experts here however my thinking is there is no more
> “remember me” as there will no longer be a “login”.  One will simply
> connect to a service at which point DID Auth will occur. You will already
> be authenticated via the device you are using to control your private keys.
> Ideally DIDs are pairwise unique so I guess a site could use your DID for
> preferences and so forth.
>
> Remember me and cookies a hack to solve user experience issues around user
> logon and sessions.
>
> Not sure what to say about tracking. I think there needs to be consent and
> withdrawal of consent at least :) ... maybe DIDs can help with user control
> of consent.
>
> J
>
> On Mar 20, 2018, at 05:06, Dennis Yurkevich <dennis@mediaiqdigital.com<
> mailto:dennis@mediaiqdigital.com>> wrote:
>
> Hello All,
>
> I have quite a general question on which I am yet to find an answer
> anywhere on the github repo.
>
> How does this group see DIDs and specifically DID Auth interacting with
> traditional browser cookies, specifically my questions are:
>
>   *   If a user checks the "remember me" button on a site which uses DID
> Auth, what would be the implementation flow?
>   *   In the scenarios where a site uses various third party analytics
> systems which set tracking cookies, is there a better way to do this using
> DIDs?
>
> Thanks!
> Dennis
>
> --
> [Vital Design]<http://www.mediaiqdigital.com/>
> Dennis Yurkevich
>
> 5th Floor | High Holborn House | 52-54 High Holborn | London | WC1V 6RL
> dennis@mediaiqdigital.com<mailto:dennis@mediaiqdigital.com>
> tel +44 (0)20 700 0420 | mobile +44 (0) 7794 597783
> [Twitter]<http://www.mediaiqdigital.com> [Blog] <https://www.facebook.com/
> MediaiQDigital>  [Facebook] <https://twitter.com/mediaiqdigital>
> [LinkedIn] <https://www.instagram.com/mediaiqdigital>  [Foursquare] <
> https://www.linkedin.com/company/media-iq-digital-ltd>  [Pinterest] <
> http://www.mediaiqdigital.com/inspirethroughinsights>
>
> Disclaimer: This email and its attachments may be confidential and are
> intended solely for the use of the individual to whom it is addressed. Any
> views or opinions expressed are solely those of the author and do not
> necessarily represent those of Media iQ Digital Limited. If you are not the
> intended recipient of this email and its attachments, you must take no
> action based upon them, nor must you copy or show them to anyone. No
> contracts or official orders shall be concluded by means of this email.
> Please contact the sender if you believe you have received this e-mail in
> error.
>
> Media iQ Digital Limited is a company registered in England and Wales |
> Company Number 07321732 | VAT No: GB995910763
>
Received on Wednesday, 21 March 2018 04:39:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:25 UTC