- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 29 Nov 2019 16:09:01 -0500
- To: public-credentials@w3.org
- Cc: Daniel Buchner <daniel.buchner@microsoft.com>, Sam Curren <telegramsam@gmail.com>, "aries@lists.hyperledger.org" <aries@lists.hyperledger.org>, "indy@lists.hyperledger.org" <indy@lists.hyperledger.org>, Rouven Heck <rouven.heck@consensys.net>, Tobias Looker <tobias.looker@mattr.global>, Daniel Hardman <daniel.hardman@evernym.com>, Orie Steele <orie@transmute.industries>, Dmitri Zagidulin <dzagidulin@gmail.com>
Hi all, you should have received an invite by now for the Personal Data Stores Superfriends call for Dec 6th at 1pm ET. As a reminder, this is not a free form discussion, it's focused time to drive to consensus on specific proposals. In an attempt to prepare for that call, here are a few proposals that we could try to drive to consensus as well as a few clarifications for points made on the last call that were preventing us from coming to consensus. PROPOSAL: The Identity Hubs and Encrypted Data Vaults documents will be used as use case, requirements, and technical input for the collaborative effort. The DID Comm, UMA, and OAuth2 work will continue in parallel and are acknowledged as important related work that might influence the direction of the collaborative effort. PROPOSAL: The intent is to eventually standardize the W3C-specific work -- at a minimum, data models, syntax, CRUD API, and a minimum viable HTTP-based interface -- at W3C under W3C's Royalty-Free Patent policy. Regular Task Force calls will be hosted under the W3C Credentials Community Group under the aforementioned IPR policy. The reasoning behind these proposals is clarified below, for those that have the time and motivation to read about the details. Responses are encouraged so we can try to get to consensus more quickly on the call next week. -------------------------------- There was some confusion during the last call that I'll try to highlight and clarify so that the next call goes a bit more smoothly and with the hope that we can get to closure on where to have regular meetings and under which IPR policy. Here were the points of confusion/contention: 1. The work item being proposed for standardization is not clear and therefore where it should be incubated isn't clear. 2. DIF provides more protection against companies that may try to disrupt the standardization effort. 3. DIF policies enable things to easily be incubated at DIF and moved to W3C. ------------------------------ > The work item being proposed for standardization is not clear and > therefore where it should be incubated isn't clear. There is only one work item being proposed for pre-standardization. It's some yet-to-be finalized combination of the Identity Hubs and Encrypted Data Vaults documents: https://github.com/decentralized-identity/identity-hub/blob/master/explainer.md https://digitalbazaar.github.io/encrypted-data-vaults/ That is it. All other items, such as DIDComm, remain in their respective communities and groups. Yes, we may talk about UMA, DIDComm, and other work items, but they are not DIRECTLY a part of what is being proposed. What is being proposed is much more narrow (only the two specifications above and only the parts of those specifications that the group came to consensus on during the last call). ------------------------------ > DIF provides more protection against companies that may try to > disrupt the standardization effort. Google and Facebook were named directly as organizations that would be actively hostile to the PDS/IdH/EDV work and a reason why the work shouldn't be done at W3C or IETF. For DIF to provide more protection against companies attempting to disrupt the standardization effort, it would have to have policies in place (and the membership support) to prevent such a thing from happening. So, the question becomes how would DIF be able to prevent large organizations from disrupting the work? Not allow them to join DIF? We do have multiple data points of large organizations throwing their weight around at W3C and IETF. One of those large organizations *is* a DIF member and actively attacked the Verifiable Credentials work and the DID work. While that member seems to be behaving now, there is nothing that would prevent that from happening at DIF. The reality of standards is that there is nothing to prevent large organizations from joining a standards effort and throwing their weight around. The only protection against that is a cohesive community of member organizations that can push back (by stating that they will implement a given specification, even if the large organization says that they will not). DIF is more susceptible to this sort of attack than W3C or IETF because it has never dealt with this sort of thing and it's membership numbers aren't as great as W3C or IETF. W3C and IETF often deal with this sort of thing - there are processes in place to mitigate this sort of behaviour. ------------------------------ > DIF policies enable things to easily be incubated at DIF and moved > to W3C. If this is true, then it doesn't matter where the work is incubated. We do know that the PDS/IdH/EDV work could start in a W3C CCG next week if we agreed to that (an initial spec exists under W3C IPR and many of us are already members of the W3C CCG). So, starting and transition costs are already paid. It was not clear that this is true for DIF. The trepidation is that we'd be testing this approach with PDS/IdH/EDV for the first time and because it's the first time, we're bound to hit snags that will slow the work down. So, the only thing that needs to be done is for DIF to produce proof that they can provide the same things as the W3C CCG, which means: * Membership in the PDS/IdH/EDV group MUST be accessible to the general public at no cost to fully participate. * The PDS/IdH/EDV group MUST do its work in the open and record work products (meeting transcriptions, specs, notes) on a publicly accessible and archived website. It should clearly articulate where the work products will go and who will do the work to make that happen. * The PDS/IdH/EDV group MUST keep transcriptions of every meeting so that those not able to attend and those with accessibility needs can follow the conversation. * The PDS/IdH/EDV group MUST be be covered by an IPR policy that does not require IPR sign-off to be repeated once transferred to W3C/IETF. While it has been asserted that this is true, W3C legal counsel has not weighed in on that assertion, and that needs to happen. The first three are easy - we just need the DIF Executive Director to make a legally binding statement to that effect. The last one may take time, but needs to happen so we don't hit a snag half way through. If all of that can be done on an acceptable time frame to the communities participating, then we might be able to achieve consensus from the group during the call next week. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny) Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Friday, 29 November 2019 21:09:11 UTC