Re: Materials from 2019-04-11 combined DID Spec and DID Resolution Spec meeting from Tim Bouma on 2019-04-13 (public-credentials@w3.org from April 2019)

From: Tim Bouma <trbouma@gmail.com>
Date: Sat, 13 Apr 2019 19:27:40 -0400
To: Steven Rowat <steven_rowat@sunshine.net>
Cc: Markus Sabadello <markus@danubetech.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAPzZSkin34GB8ZnJqWYav1G2EisPd3Nx2odrgFJRn0q7cWpE9w@mail.gmail.com>
Hi,

Acceptance of DIDs will be something that the various trust frameworks will
determine.

See section 5.6.1 on the IMSC Pan-Canadian Trust Framework Draft below

https://canada-ca.github.io/PCTF-CCP/

You will see Vectors of Trust as qualifiers.

We could add DID methods as another qualifier; it will likely be a
qualifier added to conformance criteria for the credential authentication
trusted process. As for trusting Facebook, Microsoft, etc., we will need to
see how the ecosystem sorts itself out based on fair standards.

Trusting a DID is only one piece as there are many other pieces that need
to be trusted.


Tim



On Sat, Apr 13, 2019, 6:44 PM Steven Rowat, <steven_rowat@sunshine.net>
wrote:

> On 2019-04-12 2:05 pm, Markus Sabadello wrote:
> > Slides, recording and notes for the 2019-04-11 combined DID Spec and DID
> > Resolution Spec meeting is here:
> >
> https://github.com/w3c-ccg/meetings/tree/gh-pages/2019-04-11-did-spec-and-resolution
> >
>
> In these notes there's a fairly long discussion of the possibility of
> "did:facebook" etc, and what those silo's methods might mean. Marcus
> said at one point:
>
> > [2019-04-11T20:18:13.165Z] <dlongley> markus_sabadello: The only
> argument I heard that I understand a little bit from Joe Andrieu is that
> ... we could argue that the DID URL scheme as a whole would still be
> decentralized because you can argue to use which method you want. This
> would be a big change from how we use DIDs so far, but I could understand a
> little bit. If you don't want to use a facebook DID you can use Sovrin or
> Veres One. So the whole space [would be] decentralized though individual
> methods might not be.
>
> As far as I can understand from reading these meeting notes, Markus
> was pointing out what seems to be a major discrepancy between the
> original goals (and still current via the DID .012 spec) and the
> possibility that methods could be written for DID for did:facebook,
> etc. that don't follow these goals.
>
> I'd like some clarification about this because it seems to change a
> lot that I had assumed was happening in this group.
>
> Specifically, does this mean that, say, if Facebook, Google,
> Microsoft, Apple, (etc.) each write their own DID method, and write
> them so that they're as silo'd as possible (which they may well do),
> then it's likely that:
>
> a) There is no data portability for all the people using those silo'd
> DIDs;
> b) There may be limited (or no) pseudonymity or privacy for the people
> using those DIDs; and perhaps other limits.
>
> Is this accurate?
>
>
> Steven
>
>
>
On Sat, Apr 13, 2019, 6:44 PM Steven Rowat, <steven_rowat@sunshine.net>
wrote:

> On 2019-04-12 2:05 pm, Markus Sabadello wrote:
> > Slides, recording and notes for the 2019-04-11 combined DID Spec and DID
> > Resolution Spec meeting is here:
> >
> https://github.com/w3c-ccg/meetings/tree/gh-pages/2019-04-11-did-spec-and-resolution
> >
>
> In these notes there's a fairly long discussion of the possibility of
> "did:facebook" etc, and what those silo's methods might mean. Marcus
> said at one point:
>
> > [2019-04-11T20:18:13.165Z] <dlongley> markus_sabadello: The only
> argument I heard that I understand a little bit from Joe Andrieu is that
> ... we could argue that the DID URL scheme as a whole would still be
> decentralized because you can argue to use which method you want. This
> would be a big change from how we use DIDs so far, but I could understand a
> little bit. If you don't want to use a facebook DID you can use Sovrin or
> Veres One. So the whole space [would be] decentralized though individual
> methods might not be.
>
> As far as I can understand from reading these meeting notes, Markus
> was pointing out what seems to be a major discrepancy between the
> original goals (and still current via the DID .012 spec) and the
> possibility that methods could be written for DID for did:facebook,
> etc. that don't follow these goals.
>
> I'd like some clarification about this because it seems to change a
> lot that I had assumed was happening in this group.
>
> Specifically, does this mean that, say, if Facebook, Google,
> Microsoft, Apple, (etc.) each write their own DID method, and write
> them so that they're as silo'd as possible (which they may well do),
> then it's likely that:
>
> a) There is no data portability for all the people using those silo'd
> DIDs;
> b) There may be limited (or no) pseudonymity or privacy for the people
> using those DIDs; and perhaps other limits.
>
> Is this accurate?
>
>
> Steven
>
>
>
Received on Saturday, 13 April 2019 23:28:14 UTC