Re: Materials from 2019-04-11 combined DID Spec and DID Resolution Spec meeting

I have the same question as Steven, framed slightly differently.

Different DID methods will be associated with different "vectors of trust"
in the NIST sense of the phrase. For example, some methods may not be
acceptable for DID Auth to cross a border or access a Federal facility. How
are we ensuring that high security credentials, such as those issued by
government agencies are compatible with a choice of DID methods on the part
of the subject? Do we expect a registry of some sort that tells patients if
a DID method is sufficient or do we expect the government issuers to post a
list of acceptable DID methods the way the drivers license bureau posts a
list of acceptable document types that can be used to prove residency?

Adrian

On Sat, Apr 13, 2019 at 6:44 PM Steven Rowat <steven_rowat@sunshine.net>
wrote:

> On 2019-04-12 2:05 pm, Markus Sabadello wrote:
> > Slides, recording and notes for the 2019-04-11 combined DID Spec and DID
> > Resolution Spec meeting is here:
> >
> https://github.com/w3c-ccg/meetings/tree/gh-pages/2019-04-11-did-spec-and-resolution
> >
>
> In these notes there's a fairly long discussion of the possibility of
> "did:facebook" etc, and what those silo's methods might mean. Marcus
> said at one point:
>
> > [2019-04-11T20:18:13.165Z] <dlongley> markus_sabadello: The only
> argument I heard that I understand a little bit from Joe Andrieu is that
> ... we could argue that the DID URL scheme as a whole would still be
> decentralized because you can argue to use which method you want. This
> would be a big change from how we use DIDs so far, but I could understand a
> little bit. If you don't want to use a facebook DID you can use Sovrin or
> Veres One. So the whole space [would be] decentralized though individual
> methods might not be.
>
> As far as I can understand from reading these meeting notes, Markus
> was pointing out what seems to be a major discrepancy between the
> original goals (and still current via the DID .012 spec) and the
> possibility that methods could be written for DID for did:facebook,
> etc. that don't follow these goals.
>
> I'd like some clarification about this because it seems to change a
> lot that I had assumed was happening in this group.
>
> Specifically, does this mean that, say, if Facebook, Google,
> Microsoft, Apple, (etc.) each write their own DID method, and write
> them so that they're as silo'd as possible (which they may well do),
> then it's likely that:
>
> a) There is no data portability for all the people using those silo'd
> DIDs;
> b) There may be limited (or no) pseudonymity or privacy for the people
> using those DIDs; and perhaps other limits.
>
> Is this accurate?
>
>
> Steven
>
>
>

-- 

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: https://patientprivacyrights.org/donate-3/

Received on Saturday, 13 April 2019 22:58:46 UTC