- From: Rouven Heck <rouven@identity.foundation>
- Date: Thu, 5 Dec 2019 11:26:52 -0500
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: public-credentials@w3.org, Daniel Buchner <daniel.buchner@microsoft.com>, Sam Curren <telegramsam@gmail.com>, aries@lists.hyperledger.org, indy@lists.hyperledger.org, Rouven Heck <rouven.heck@consensys.net>, tobias.looker@mattr.global, daniel.hardman@evernym.com, Orie Steele <orie@transmute.industries>, dzagidulin@gmail.com, "David Rudin (CELA)" <David.Rudin@microsoft.com>, Balázs Némethi <balazs@identity.foundation>, Oliver Terbu <oliver.terbu@consensys.net>
- Message-ID: <CACx+mnYbLK106qJk5h-2rXs5EpV-fpzFOdqmkZwwud8nk5LbAA@mail.gmail.com>
Sorry for reposting - my DIF email address has bounced back from the various mailing lists. On Thu, Dec 5, 2019 at 11:17 AM Rouven Heck <rouven@identity.foundation> wrote: > Hi Manu & all, > > sorry for the delayed response. > > Due to a filter for mailing lists, I only saw the email yesterday evening > when Daniel mentioned it. > > I would like to clarify some misunderstandings and add some comments: > > 1) Scope > > >> The work item being proposed for standardization is not clear and > > >> therefore where it should be incubated isn't clear. > > > There is only one work item being proposed for pre-standardization. It's > > > some yet-to-be finalized combination of the Identity Hubs and Encrypted > > > Data Vaults documents: > > > That is it. All other items, such as DIDComm, remain in their respective > > > communities and groups. Yes, we may talk about UMA, DIDComm, and other > > > work items, but they are not DIRECTLY a part of what is being proposed. > > > What is being proposed is much more narrow (only the two specifications > > > above and only the parts of those specifications that the group came to > > > consensus on during the last call). > > Based on the conversation on Nov 22nd and discussion in the ecosystem over > the last months, it seems to be useful to define the interface & scope > between DIDComm, Aries Agents, Solid, and others in more detail. It might > be clear for certain people, but I don't have the impression the scope & > context are clear enough to avoid confusion going forward. > > I suggested during the call that we use the next few months to figure out > these details together; yes - it might be a little slower now but likely > will allow us to move much faster going forward and being better aligned. > > > > 2. DIF provides more protection against companies that may try to > disrupt the standardization effort. > > DIF, like W3C and other organizations, face similar risks. > > The difference I wanted to highlight is the DIF's mission & governance. > DIFs mission is focused on enabling the development of decentralized > Identity solutions. > > The organization is governed by companies who are all actively building > decentralized identity solutions - therefore the incentives are strongly > aligned to make fast and aligned progress towards since it's > mission-critical for many of these companies. > > > > 3. DIF policies enable things to easily be incubated at DIF and moved to > W3C. > > DIF is set up as a JDF project (http://www.jointdevelopment.org) which > provides the structure to move items to other SDOs (or likely develop ISO > conform standards itself). Therefore incubating the ideas or specifications > within DIF gives the chance to define the specific work items and their > interfaces to each other and then move these items to W3C, IETF or other > places where it's most appropriate. > > DIF already uses ‘W3C Mode’ as its Patent Policy. As individual > contributions, JDF uses a ‘Feedback Agreement’ designed to provide a more > rigorous IP regime than W3C’s CLA. Since I’m not a lawyer or IP expert, I’m > looping in David Rudin (https://www.linkedin.com/in/drudin/) who is the > legal expert for JDF and wrote both the original CLA for W3C and the > ‘Feedback Agreement’ for JDF. > > Operational aspects like recording meetings, transcripts, public posting, > etc. are possible. DIF would provide the infrastructure, but the group > members would need to make sure they transcript, record, and post (which > should be the same everywhere). > > > > I hope this clarified some of the points. Looking forward to the > conversation on Friday. > > > > Best, > > Rouven > > > > > > >> ---------- Forwarded message --------- >> From: Manu Sporny <msporny@digitalbazaar.com> >> Date: Fri, Nov 29, 2019 at 10:10 PM >> Subject: PDS/IdH/EDV Discussion - Suggested proposals and clarifications >> (was Re: PDS/IdH/EDV Discussion - 2019-11-22 Minutes) >> To: <public-credentials@w3.org> >> Cc: Daniel Buchner <daniel.buchner@microsoft.com>, Sam Curren < >> telegramsam@gmail.com>, aries@lists.hyperledger.org < >> aries@lists.hyperledger.org>, indy@lists.hyperledger.org < >> indy@lists.hyperledger.org>, Rouven Heck <rouven.heck@consensys.net>, >> Tobias Looker <tobias.looker@mattr.global>, Daniel Hardman < >> daniel.hardman@evernym.com>, Orie Steele <orie@transmute.industries>, >> Dmitri Zagidulin <dzagidulin@gmail.com> >> >> >> Hi all, you should have received an invite by now for the Personal Data >> Stores Superfriends call for Dec 6th at 1pm ET. As a reminder, this is >> not a free form discussion, it's focused time to drive to consensus on >> specific proposals. >> >> In an attempt to prepare for that call, here are a few proposals that we >> could try to drive to consensus as well as a few clarifications for >> points made on the last call that were preventing us from coming to >> consensus. >> >> PROPOSAL: The Identity Hubs and Encrypted Data Vaults documents will >> be used as use case, requirements, and technical input for >> the collaborative effort. The DID Comm, UMA, and OAuth2 work will >> continue in parallel and are acknowledged as important related work that >> might influence the direction of the collaborative effort. >> >> PROPOSAL: The intent is to eventually standardize the W3C-specific work >> -- at a minimum, data models, syntax, CRUD API, and a minimum viable >> HTTP-based interface -- at W3C under W3C's Royalty-Free Patent policy. >> Regular Task Force calls will be hosted under the W3C Credentials >> Community Group under the aforementioned IPR policy. >> >> The reasoning behind these proposals is clarified below, for those that >> have the time and motivation to read about the details. Responses are >> encouraged so we can try to get to consensus more quickly on the call >> next week. >> >> -------------------------------- >> >> There was some confusion during the last call that I'll try to highlight >> and clarify so that the next call goes a bit more smoothly and with the >> hope that we can get to closure on where to have regular meetings and >> under which IPR policy. Here were the points of confusion/contention: >> >> 1. The work item being proposed for standardization is not clear and >> therefore where it should be incubated isn't clear. >> 2. DIF provides more protection against companies that may try to >> disrupt the standardization effort. >> 3. DIF policies enable things to easily be incubated at DIF and moved to >> W3C. >> >> ------------------------------ >> >> > The work item being proposed for standardization is not clear and >> > therefore where it should be incubated isn't clear. >> >> There is only one work item being proposed for pre-standardization. It's >> some yet-to-be finalized combination of the Identity Hubs and Encrypted >> Data Vaults documents: >> >> >> https://github.com/decentralized-identity/identity-hub/blob/master/explainer.md >> https://digitalbazaar.github.io/encrypted-data-vaults/ >> >> That is it. All other items, such as DIDComm, remain in their respective >> communities and groups. Yes, we may talk about UMA, DIDComm, and other >> work items, but they are not DIRECTLY a part of what is being proposed. >> What is being proposed is much more narrow (only the two specifications >> above and only the parts of those specifications that the group came to >> consensus on during the last call). >> >> ------------------------------ >> >> > DIF provides more protection against companies that may try to >> > disrupt the standardization effort. >> >> Google and Facebook were named directly as organizations that would be >> actively hostile to the PDS/IdH/EDV work and a reason why the work >> shouldn't be done at W3C or IETF. >> >> For DIF to provide more protection against companies attempting to >> disrupt the standardization effort, it would have to have policies in >> place (and the membership support) to prevent such a thing from >> happening. So, the question becomes how would DIF be able to prevent >> large organizations from disrupting the work? Not allow them to join DIF? >> >> We do have multiple data points of large organizations throwing their >> weight around at W3C and IETF. One of those large organizations *is* a >> DIF member and actively attacked the Verifiable Credentials work and >> the DID work. While that member seems to be behaving now, there is >> nothing that would prevent that from happening at DIF. >> >> The reality of standards is that there is nothing to prevent large >> organizations from joining a standards effort and throwing their weight >> around. The only protection against that is a cohesive community of >> member organizations that can push back (by stating that they will >> implement a given specification, even if the large organization says >> that they will not). >> >> DIF is more susceptible to this sort of attack than W3C or IETF because >> it has never dealt with this sort of thing and it's membership numbers >> aren't as great as W3C or IETF. W3C and IETF often deal with this sort >> of thing - there are processes in place to mitigate this sort of >> behaviour. >> >> ------------------------------ >> >> > DIF policies enable things to easily be incubated at DIF and moved >> > to W3C. >> >> If this is true, then it doesn't matter where the work is incubated. >> >> We do know that the PDS/IdH/EDV work could start in a W3C CCG next week >> if we agreed to that (an initial spec exists under W3C IPR and many of >> us are already members of the W3C CCG). So, starting and transition >> costs are already paid. It was not clear that this is true for DIF. The >> trepidation is that we'd be testing this approach with PDS/IdH/EDV for >> the first time and because it's the first time, we're bound to hit snags >> that will slow the work down. >> >> So, the only thing that needs to be done is for DIF to produce proof >> that they can provide the same things as the W3C CCG, which means: >> >> * Membership in the PDS/IdH/EDV group MUST be accessible to the general >> public at no cost to fully participate. >> * The PDS/IdH/EDV group MUST do its work in the open and record work >> products (meeting transcriptions, specs, notes) on a publicly >> accessible and archived website. It should clearly articulate where >> the work products will go and who will do the work to make that >> happen. >> * The PDS/IdH/EDV group MUST keep transcriptions of every meeting so >> that those not able to attend and those with accessibility needs >> can follow the conversation. >> * The PDS/IdH/EDV group MUST be be covered by an IPR policy that does >> not require IPR sign-off to be repeated once transferred to W3C/IETF. >> While it has been asserted that this is true, W3C legal counsel has >> not weighed in on that assertion, and that needs to happen. >> >> The first three are easy - we just need the DIF Executive Director to >> make a legally binding statement to that effect. The last one may take >> time, but needs to happen so we don't hit a snag half way through. >> >> If all of that can be done on an acceptable time frame to the >> communities participating, then we might be able to achieve consensus >> from the group during the call next week. >> >> -- manu >> >> -- >> Manu Sporny (skype: msporny, twitter: manusporny) >> Founder/CEO - Digital Bazaar, Inc. >> blog: Veres One Decentralized Identifier Blockchain Launches >> https://tinyurl.com/veres-one-launches >> >> >> >> -- >> >> Balázs Némethi >> Operations @ DIF >> >
Received on Thursday, 5 December 2019 16:56:05 UTC