- From: Henry Story <henry.story@gmail.com>
- Date: Wed, 4 Sep 2019 10:50:21 +0200
- To: Dave Longley <dlongley@digitalbazaar.com>
- Cc: Credentials Community Group <public-credentials@w3.org>, Manu Sporny <msporny@digitalbazaar.com>
Hi, I put together a very short outline of how one can extend HttpSignature so that the keyId becomes an https dereferenceable identifier. https://github.com/bblfish/authentication-panel/blob/master/HttpSignature.md Would be interested in feedback on this, or perhaps a pointer to the right place to discuss this. This would be along the line of ”What’s before DIDs” rather than what is after Did’s. Henry Story > On 1 Aug 2019, at 10:43, Henry Story <henry.story@gmail.com> wrote: > > > >> On 30 Jul 2019, at 18:03, Dave Longley <dlongley@digitalbazaar.com> wrote: >> >> >> On 7/30/19 8:23 AM, Henry Story wrote: >>>> On 30 Jul 2019, at 13:16, Henry Story <henry.story@gmail.com <mailto:henry.story@gmail.com>> wrote: >>>> >>>> Would it be possible to make a minor extension to HttpSignature >>>> so that one can use https WebIDs [0] just as a way to get a simple >>>> thing going? That could be completely compatible with DIDs, but >>>> would allow one to get going in cases where one does not need >>>> all of the extra goodies that DIDs give one. >>>> >>>> I did some work on that to implement a server side HTTP-Signatures >>>> and before that I worked on how one could use JS Crypto to create >>>> keys in the browser. >>> Actually I think one could get the two to get quite close by adding a >>> notion of a KeyId ie perhaps an URI for a key that could be linked to >>> a WebID. One could then have >>> - https:// KeyIds. These could be located in the WebID Profile, >>> in a different document on the same server, or perhaps even on >>> a different server. >>> - or dids. >>> A WebID could point to the KeyID or DID (or perhaps these are >>> the same?), and authentication using Https Signature could then >>> pass both in the header. The DID for authentication, the WebID for >>> social network type identifier, and the link from the WebID to the >>> Did/KeyId in the Profile Document would be the proof. >> >> My understanding is that HTTP signatures already supports something like >> WebID-style authentication. Just use a URI for the `keyId` parameter. >> >> We already use HTTP signatures in conjunction with LD proofs and DIDs. >> To my knowledge, it wouldn't work any differently if the `keyId` pointed >> at a key that resolved to a document that referenced a WebID as its >> `controller`. You'd then dereference that WebID to ensure its profile >> document had an appropriate back link to the key. (This is generally how >> LD proofs work, so it is agnostic to DIDs or WebIDs). > > Yes, it would probably just need a short spec to make clear how that is meant > to work. > > I am currently out of funds to be able to put time into it, but would definitely > love to do it when I get time. > > Henry Story > > PS. If anyone has some money to do push that further here is my CV > https://bblfish.net/cv.pdf > >> >> >>> Henry >>>> >>>> Henry >>>> >>>> [0] https://www.w3.org/2005/Incubator/webid/spec/identity/ >>>> [1] https://github.com/read-write-web/akka-http-signature >>>> [2] https://github.com/read-write-web/solid-client >>>> >>>>> On 30 Jul 2019, at 04:22, Manu Sporny <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com>> wrote: >>>>> >>>>> On 7/29/19 1:35 PM, Joe Andrieu wrote: >>>>>> TL;DR What’s after DIDs? >>>>> >>>>> From a technical standards perspective, these are currently pain points >>>>> for Digital Bazaar and our customers that seem like we might be able to >>>>> collaborate on with other developers / companies in this group: >>>>> >>>>> * True multi-DID interop >>>>> * True multi-wallet/issuer/verifier interop >>>>> * Collaboration on the Credential Handler API >>>>> * Linked Data Proofs/Signatures (W3C WGs for these) >>>>> * Secure Data Hubs (or, how do we make storage privacy-aware >>>>> and self-sovereign) >>>>> * Verifiable Credentials 1.1 (we're not done yet) >>>>> * Verifiable Credentials Extensions >>>>> * VC/DID/LDP Registries >>>>> >>>>> There are non-technical things we should do as well: >>>>> >>>>> * Non-Violent Communication (and other approaches) to mend some of the >>>>> damage across the identity community >>>>> * Field Work - More Use Cases from real people/customers >>>>> * Bite sized material to communicate our work to the general public >>>>> >>>>> -- manu >>>>> >>>>> -- >>>>> Manu Sporny (skype: msporny, twitter: manusporny) >>>>> Founder/CEO - Digital Bazaar, Inc. >>>>> blog: Veres One Decentralized Identifier Blockchain Launches >>>>> https://tinyurl.com/veres-one-launches >>>>> >>>> >> >> >> -- >> Dave Longley >> CTO >> Digital Bazaar, Inc. >> http://digitalbazaar.com >
Received on Wednesday, 4 September 2019 08:50:48 UTC