- From: Michael Herman (Parallelspace) <mwherman@parallelspace.net>
- Date: Sun, 14 Apr 2019 02:00:57 +0000
- To: Tim Bouma <trbouma@gmail.com>, Steven Rowat <steven_rowat@sunshine.net>
- CC: Markus Sabadello <markus@danubetech.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <BYAPR13MB2837F51F2D08408BCABE194FC32A0@BYAPR13MB2837.namprd13.prod.outlook.com>
Initially, I believe virtually every web site that supports authenticated logins/sign-ins today will have their own DID Scheme …with high probability. My favorite example is http://www.meetup.com. Every meetup.com member will likely have their own meetup.com DID in their wallet. Why would meetup.com risk trusting anything/anyone else’s DIDs? What’s the incentive? Another example: Mike Brown is doing a great job at the Alberta provincial government owned ATB but why will anyone outside the province of Alberta trust an ATB DID? Prepare to have a wallet with lots and lots of DIDs …at the beginning and for a long time afterwards: Social Evolution and Technology Adoption (https://hyperonomy.com/2019/04/08/social-evolution-and-technology-adoption/). Best regards, Michael Herman (Toronto/Calgary/Seattle) Independent Blockchain Developer Hyperonomy Business Blockchain / Parallelspace Corporation W: http://hyperonomy.com<http://hyperonomy.com/> C: +1 416 524-7702 From: Tim Bouma <trbouma@gmail.com> Sent: April 13, 2019 5:28 PM To: Steven Rowat <steven_rowat@sunshine.net> Cc: Markus Sabadello <markus@danubetech.com>; W3C Credentials CG (Public List) <public-credentials@w3.org> Subject: Re: Materials from 2019-04-11 combined DID Spec and DID Resolution Spec meeting Hi, Acceptance of DIDs will be something that the various trust frameworks will determine. See section 5.6.1 on the IMSC Pan-Canadian Trust Framework Draft below https://canada-ca.github.io/PCTF-CCP/ You will see Vectors of Trust as qualifiers. We could add DID methods as another qualifier; it will likely be a qualifier added to conformance criteria for the credential authentication trusted process. As for trusting Facebook, Microsoft, etc., we will need to see how the ecosystem sorts itself out based on fair standards. Trusting a DID is only one piece as there are many other pieces that need to be trusted. Tim On Sat, Apr 13, 2019, 6:44 PM Steven Rowat, <steven_rowat@sunshine.net<mailto:steven_rowat@sunshine.net>> wrote: On 2019-04-12 2:05 pm, Markus Sabadello wrote: > Slides, recording and notes for the 2019-04-11 combined DID Spec and DID > Resolution Spec meeting is here: > https://github.com/w3c-ccg/meetings/tree/gh-pages/2019-04-11-did-spec-and-resolution > In these notes there's a fairly long discussion of the possibility of "did:facebook" etc, and what those silo's methods might mean. Marcus said at one point: > [2019-04-11T20:18:13.165Z] <dlongley> markus_sabadello: The only argument I heard that I understand a little bit from Joe Andrieu is that ... we could argue that the DID URL scheme as a whole would still be decentralized because you can argue to use which method you want. This would be a big change from how we use DIDs so far, but I could understand a little bit. If you don't want to use a facebook DID you can use Sovrin or Veres One. So the whole space [would be] decentralized though individual methods might not be. As far as I can understand from reading these meeting notes, Markus was pointing out what seems to be a major discrepancy between the original goals (and still current via the DID .012 spec) and the possibility that methods could be written for DID for did:facebook, etc. that don't follow these goals. I'd like some clarification about this because it seems to change a lot that I had assumed was happening in this group. Specifically, does this mean that, say, if Facebook, Google, Microsoft, Apple, (etc.) each write their own DID method, and write them so that they're as silo'd as possible (which they may well do), then it's likely that: a) There is no data portability for all the people using those silo'd DIDs; b) There may be limited (or no) pseudonymity or privacy for the people using those DIDs; and perhaps other limits. Is this accurate? Steven On Sat, Apr 13, 2019, 6:44 PM Steven Rowat, <steven_rowat@sunshine.net<mailto:steven_rowat@sunshine.net>> wrote: On 2019-04-12 2:05 pm, Markus Sabadello wrote: > Slides, recording and notes for the 2019-04-11 combined DID Spec and DID > Resolution Spec meeting is here: > https://github.com/w3c-ccg/meetings/tree/gh-pages/2019-04-11-did-spec-and-resolution > In these notes there's a fairly long discussion of the possibility of "did:facebook" etc, and what those silo's methods might mean. Marcus said at one point: > [2019-04-11T20:18:13.165Z] <dlongley> markus_sabadello: The only argument I heard that I understand a little bit from Joe Andrieu is that ... we could argue that the DID URL scheme as a whole would still be decentralized because you can argue to use which method you want. This would be a big change from how we use DIDs so far, but I could understand a little bit. If you don't want to use a facebook DID you can use Sovrin or Veres One. So the whole space [would be] decentralized though individual methods might not be. As far as I can understand from reading these meeting notes, Markus was pointing out what seems to be a major discrepancy between the original goals (and still current via the DID .012 spec) and the possibility that methods could be written for DID for did:facebook, etc. that don't follow these goals. I'd like some clarification about this because it seems to change a lot that I had assumed was happening in this group. Specifically, does this mean that, say, if Facebook, Google, Microsoft, Apple, (etc.) each write their own DID method, and write them so that they're as silo'd as possible (which they may well do), then it's likely that: a) There is no data portability for all the people using those silo'd DIDs; b) There may be limited (or no) pseudonymity or privacy for the people using those DIDs; and perhaps other limits. Is this accurate? Steven
Received on Sunday, 14 April 2019 02:01:25 UTC