W3C home > Mailing lists > Public > public-credentials@w3.org > April 2020

Re: Different Verifiable Credential protocols? (was: Re: Please vote to approve/disapprove the new charter)

From: Daniel Hardman <daniel.hardman@evernym.com>
Date: Fri, 10 Apr 2020 09:42:06 -0600
Message-ID: <CAFBYrUpMdoW=9tpAnoRZ2W-c1YhQ7CpCE36q+Arni-eY2ZBqhQ@mail.gmail.com>
To: Orie Steele <orie@transmute.industries>
Cc: Manu Sporny <msporny@digitalbazaar.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Manu and Orie:

The question isn't the theoretical definition or possibilities. It's the
mindset of the group.

I have repeatedly tried to get the group to think beyond HTTP, and
encountered friction. If the group wants to adopt the broader definition,
that's fine. But let's really adopt it. Let's not say the scope is really
broad, but turn around and view most of our interesting topics (EDV, CHAPI,
polyfills, issuer API, verifier API) through HTTP lenses, as if it's okay
to have one standard for HTTP, and then we can get around to the other
transports later, or with separate standards. Let's quit proposing to
describe our standards with Swagger docs. Let's quit thinking that
synchronous request-response is adequate to model our interactions. Let's
quit ignoring Aries RFC 0036 and 0037, which provide a format-independent,
standards-compatible means to exchange credentials that is HTTP compatible
but not HTTP dependent. Let's quit claiming that the asymmetric security
model of standard HTTPS deployments is consistent with the decentralized
ethos of DID-based security. Let's quit treating DIDComm as an irrelevancy.
Etc.

On Fri, Apr 10, 2020 at 9:26 AM Orie Steele <orie@transmute.industries>
wrote:

> +1 If you want to see a demo of a progressive web application, which can
> be installed on your mobile home screen, works offline, and uses a camera
> to scan QR Codes, and can sign and verify see:
>
> https://did-key.web.app/
>
> I've been experimenting with using service workers to intercept requests
> for webkms, so that webkms can be run fully in browser, with software
> isolation for keys... it's totally hacky, but gives you an idea of just how
> powerful PWAs can be:
>
> https://github.com/OR13/react-pwa
>
> And here is a P2P implementation of the Game of Go, built with OrbitDB /
> IPFS / WebRTC...
>
> https://g0.or13.io/
>
> Using Web RTC Rendezvous servers are particularly interesting to consider
> wrt VCs / DIDs... because you can show up on a web page (as is the case
> with the go demo), announce yourself as an identifier, and then
> immediately switch to e2e encrypted communication between peers... I don't
> have a demo of that with dids, but it's on my weekend project list for a
> couple months...
>
> OS
>
>
>
>
>
>
>
> On Fri, Apr 10, 2020 at 10:06 AM Manu Sporny <msporny@digitalbazaar.com>
> wrote:
>
>> On 4/10/20 10:31 AM, Daniel Hardman wrote:
>> > Should we understand by this that presenting credentials via QR code,
>> > via BlueTooth/NFC, via sneakernet, and so forth is out of scope?
>>
>> I'll note that Web-browsers can get access to the camera phone and scan
>> QR Codes:
>>
>> https://github.com/schmich/instascan
>>
>> and Web Bluetooth is released in many of the latest/popular browsers:
>>
>> https://caniuse.com/#feat=web-bluetooth
>>
>> ... and WebNFC just went into Origin trials in Chrome:
>>
>> https://developers.chrome.com/origintrials/#/view_trial/236438980436951041
>>
>> There continues to be confusion around the colloquial use of the word
>> "Web", which among developers, is mired in the historical protocol that
>> spawned the Web -- HTTP. The colloquial use is often outdated and wrong.
>>
>> The W3C is about the "Web Platform", which is not limited to HTTP.
>> Wikipedia has a decent definition here:
>>
>> https://en.wikipedia.org/wiki/Web_platform
>>
>> ... but here are the other protocols that are not HTTP that are viewed
>> as being part of the Web platform:
>>
>> * TLS
>> * Geolocation (and by extension, the Global Positioning System,
>>   protocols and data formats)
>> * Web Sockets (which are not HTTP!)
>> * Web Of Things (IoT, CoAP, etc.)
>> * WebRTC (and a whole bunch of IETF specs on signalling
>>   and media encoding/transmission protocols)
>> * Web Bluetooth (Bluetooth and its data formats and protocols)
>> * NFC (again, data formats and protocols)
>> * Media Capture API (audio and video formats and protocols)
>>
>> The W3C is not solely about HTTP, and you learn that pretty quickly when
>> you go to a W3C Technical Plenary, or participate in various standards
>> groups at W3C. I understand that it's difficult for many to participate
>> in that way. Fundamentally, the Web Platform is a bridging technology,
>> connecting all of these disparate data formats and protocols into a
>> cohesive application development environment.
>>
>> So communication of Verifiable Credentials over NFC, Bluetooth, WebRTC,
>> Web Sockets, QR Codes... IMHO, all very much in scope.
>>
>> -- manu
>>
>> --
>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>> Founder/CEO - Digital Bazaar, Inc.
>> blog: Veres One Decentralized Identifier Blockchain Launches
>> https://tinyurl.com/veres-one-launches
>>
>>
>
> --
> *ORIE STEELE*
> Chief Technical Officer
> www.transmute.industries
>
> <https://www.transmute.industries>
>
Received on Friday, 10 April 2020 15:42:32 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:58 UTC