Re: Different Verifiable Credential protocols? (was: Re: Please vote to approve/disapprove the new charter) from Ian Smith on 2020-04-11 (public-credentials@w3.org from April 2020)

From: Ian Smith <ian@vidicode.pro>
Date: Sat, 11 Apr 2020 13:46:41 -0600
To: "Joosten, H.J.M. (Rieks)" <rieks.joosten@tno.nl>
Cc: Manu Sporny <msporny@digitalbazaar.com>, Credentials Community Group <public-credentials@w3.org>, Daniel Hardman <daniel.hardman@evernym.com>
Message-ID: <CAG=j93DHCx=XNk_Eded0zs+BnAXbApaiC0bi9JcbVYmoGQDz_w@mail.gmail.com>

There is a lot of incorrect conclusions and misinformation in this thread
about how technologies work. For example, web sockets are clearly http
traffic. This isn't even a debate item to my knowledge. Yes a bidirectional
binary TCP socket is created, but the session starts with an HTTP/1.1
request. I am willing to provide network stack dumps for people who want to
verify themselves.

HTTP/1.1 101 Switching ProtocolsUpgrade: websocketConnection: Upgrade


My lack of participation is mostly due to feeling like I am being unhelpful
by providing corrections. I don't want to be the technology hall monitor.

Websockets are also pure browser technology. I use them inside browsers and
embedded devices to push and pull data, while breaking out of a NAT proxy
without using a STUN server. (Because there was a known IP.)

If someone wants a purist definition of "web" to include no mime data,
please try to use lynx to render HTML as a pure HTTP browser. I am still
waiting for more people to accept the PUT and DELETE requests on their
webservers. (Some RESTful servers do.)

Although this discussion is very detailed, I would suggest the RFC and
actual session for protocols if there are further questions about protocol
definitions.

Ian Smith

On Sat, Apr 11, 2020, 4:45 AM Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl>
wrote:

> Just for clarification: would work items be in the charter's scope if they
> relate to digital credentials such as Attribute Based Credentials (ABCs),
> X.509 attribute certificates, (signed) JWTs - or in general: anything that
> is created by an issuer that contains claims about a (or more) subject(s),
> that has proofs of provenance and that it hasn't been tampered with?
>
> B.t.w., as @Daniel mentioned, imho the web mindset is perhaps a bit too
> restricitive. Since credentials are basically just the envelopes around
> business-information artefacts (claims), I would like to see the CCG focus
> on items that make businesses happy, regardless of the envelopes that are
> being used. But then, the charter has a path where such work items can be
> proposed and accepted, albeit that that process is a bit more cumbersome.
>
> Rieks
>
> -----Original Message-----
> From: Manu Sporny <msporny@digitalbazaar.com>
> Sent: vrijdag 10 april 2020 17:04
> To: public-credentials@w3.org
> Subject: Different Verifiable Credential protocols? (was: Re: Please vote
> to approve/disapprove the new charter)
>
> On 4/10/20 10:31 AM, Daniel Hardman wrote:
> > Should we understand by this that presenting credentials via QR code,
> > via BlueTooth/NFC, via sneakernet, and so forth is out of scope?
>
> I'll note that Web-browsers can get access to the camera phone and scan QR
> Codes:
>
> https://github.com/schmich/instascan
>
> and Web Bluetooth is released in many of the latest/popular browsers:
>
> https://caniuse.com/#feat=web-bluetooth
>
> ... and WebNFC just went into Origin trials in Chrome:
>
> https://developers.chrome.com/origintrials/#/view_trial/236438980436951041
>
> There continues to be confusion around the colloquial use of the word
> "Web", which among developers, is mired in the historical protocol that
> spawned the Web -- HTTP. The colloquial use is often outdated and wrong.
>
> The W3C is about the "Web Platform", which is not limited to HTTP.
> Wikipedia has a decent definition here:
>
> https://en.wikipedia.org/wiki/Web_platform
>
> ... but here are the other protocols that are not HTTP that are viewed as
> being part of the Web platform:
>
> * TLS
> * Geolocation (and by extension, the Global Positioning System,
>   protocols and data formats)
> * Web Sockets (which are not HTTP!)
> * Web Of Things (IoT, CoAP, etc.)
> * WebRTC (and a whole bunch of IETF specs on signalling
>   and media encoding/transmission protocols)
> * Web Bluetooth (Bluetooth and its data formats and protocols)
> * NFC (again, data formats and protocols)
> * Media Capture API (audio and video formats and protocols)
>
> The W3C is not solely about HTTP, and you learn that pretty quickly when
> you go to a W3C Technical Plenary, or participate in various standards
> groups at W3C. I understand that it's difficult for many to participate in
> that way. Fundamentally, the Web Platform is a bridging technology,
> connecting all of these disparate data formats and protocols into a
> cohesive application development environment.
>
> So communication of Verifiable Credentials over NFC, Bluetooth, WebRTC,
> Web Sockets, QR Codes... IMHO, all very much in scope.
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches
>
> This message may contain information that is not intended for you. If you
> are not the addressee or if this message was sent to you by mistake, you
> are requested to inform the sender and delete the message. TNO accepts no
> liability for the content of this e-mail, for the manner in which you use
> it and for damage of any kind resulting from the risks inherent to the
> electronic transmission of messages.
>

Received on Saturday, 11 April 2020 19:47:07 UTC