Re: PDS/IdH/EDV Discussion - Suggested proposals and clarifications (was Re: PDS/IdH/EDV Discussion - 2019-11-22 Minutes)

What are the next steps regarding DIF - W3C Coordination for EDV/Hubs?

Who has the ball? Are there counter proposals?

Please use the public email list to convey any updates to everyone.

I'm planning on discussing our recent blog post / demo on EDVs:
https://medium.com/transmute-techtalk/encrypted-data-vaults-c794055b170e

On the next W3C CCG Call (assuming this is possible), here is some call
information for anyone who wants to attend:

Description:Date/Time: Every Tuesday, 12pm ET, 9am PT, 16:00 GMT
Phone: 1 (540) 274-1034 x6306
VoIP: sip:ccg@96.89.14.196
Web: http://irc.w3.org/?channels=ccg
IRC: irc://irc.w3.org/#ccg

I can't speak to the legal obstacles, but I'm happy to elaborate on the
technical ones : )

Regards,

OS
ᐧ

On Fri, Nov 29, 2019 at 3:09 PM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> Hi all, you should have received an invite by now for the Personal Data
> Stores Superfriends call for Dec 6th at 1pm ET. As a reminder, this is
> not a free form discussion, it's focused time to drive to consensus on
> specific proposals.
>
> In an attempt to prepare for that call, here are a few proposals that we
> could try to drive to consensus as well as a few clarifications for
> points made on the last call that were preventing us from coming to
> consensus.
>
> PROPOSAL: The Identity Hubs and Encrypted Data Vaults documents will
> be used as use case, requirements, and technical input for
> the collaborative effort. The DID Comm, UMA, and OAuth2 work will
> continue in parallel and are acknowledged as important related work that
> might influence the direction of the collaborative effort.
>
> PROPOSAL: The intent is to eventually standardize the W3C-specific work
> -- at a minimum, data models, syntax, CRUD API, and a minimum viable
> HTTP-based interface -- at W3C under W3C's Royalty-Free Patent policy.
> Regular Task Force calls will be hosted under the W3C Credentials
> Community Group under the aforementioned IPR policy.
>
> The reasoning behind these proposals is clarified below, for those that
> have the time and motivation to read about the details. Responses are
> encouraged so we can try to get to consensus more quickly on the call
> next week.
>
> --------------------------------
>
> There was some confusion during the last call that I'll try to highlight
> and clarify so that the next call goes a bit more smoothly and with the
> hope that we can get to closure on where to have regular meetings and
> under which IPR policy. Here were the points of confusion/contention:
>
> 1. The work item being proposed for standardization is not clear and
>    therefore where it should be incubated isn't clear.
> 2. DIF provides more protection against companies that may try to
>    disrupt the standardization effort.
> 3. DIF policies enable things to easily be incubated at DIF and moved to
>    W3C.
>
> ------------------------------
>
> > The work item being proposed for standardization is not clear and
> > therefore where it should be incubated isn't clear.
>
> There is only one work item being proposed for pre-standardization. It's
> some yet-to-be finalized combination of the Identity Hubs and Encrypted
> Data Vaults documents:
>
>
> https://github.com/decentralized-identity/identity-hub/blob/master/explainer.md
> https://digitalbazaar.github.io/encrypted-data-vaults/
>
> That is it. All other items, such as DIDComm, remain in their respective
> communities and groups. Yes, we may talk about UMA, DIDComm, and other
> work items, but they are not DIRECTLY a part of what is being proposed.
> What is being proposed is much more narrow (only the two specifications
> above and only the parts of those specifications that the group came to
> consensus on during the last call).
>
> ------------------------------
>
> > DIF provides more protection against companies that may try to
> > disrupt the standardization effort.
>
> Google and Facebook were named directly as organizations that would be
> actively hostile to the PDS/IdH/EDV work and a reason why the work
> shouldn't be done at W3C or IETF.
>
> For DIF to provide more protection against companies attempting to
> disrupt the standardization effort, it would have to have policies in
> place (and the membership support) to prevent such a thing from
> happening. So, the question becomes how would DIF be able to prevent
> large organizations from disrupting the work? Not allow them to join DIF?
>
> We do have multiple data points of large organizations throwing their
> weight around at W3C and IETF. One of those large organizations *is* a
> DIF member and actively attacked the Verifiable Credentials work and
> the DID work. While that member seems to be behaving now, there is
> nothing that would prevent that from happening at DIF.
>
> The reality of standards is that there is nothing to prevent large
> organizations from joining a standards effort and throwing their weight
> around. The only protection against that is a cohesive community of
> member organizations that can push back (by stating that they will
> implement a given specification, even if the large organization says
> that they will not).
>
> DIF is more susceptible to this sort of attack than W3C or IETF because
> it has never dealt with this sort of thing and it's membership numbers
> aren't as great as W3C or IETF. W3C and IETF often deal with this sort
> of thing - there are processes in place to mitigate this sort of behaviour.
>
> ------------------------------
>
> > DIF policies enable things to easily be incubated at DIF and moved
> > to W3C.
>
> If this is true, then it doesn't matter where the work is incubated.
>
> We do know that the PDS/IdH/EDV work could start in a W3C CCG next week
> if we agreed to that (an initial spec exists under W3C IPR and many of
> us are already members of the W3C CCG). So, starting and transition
> costs are already paid. It was not clear that this is true for DIF. The
> trepidation is that we'd be testing this approach with PDS/IdH/EDV for
> the first time and because it's the first time, we're bound to hit snags
> that will slow the work down.
>
> So, the only thing that needs to be done is for DIF to produce proof
> that they can provide the same things as the W3C CCG, which means:
>
> * Membership in the PDS/IdH/EDV group MUST be accessible to the general
>   public at no cost to fully participate.
> * The PDS/IdH/EDV group MUST do its work in the open and record work
>   products (meeting transcriptions, specs, notes) on a publicly
>   accessible and archived website. It should clearly articulate where
>   the work products will go and who will do the work to make that
>   happen.
> * The PDS/IdH/EDV group MUST keep transcriptions of every meeting so
>   that those not able to attend and those with accessibility needs
>   can follow the conversation.
> * The PDS/IdH/EDV group MUST be be covered by an IPR policy that does
>   not require IPR sign-off to be repeated once transferred to W3C/IETF.
>   While it has been asserted that this is true, W3C legal counsel has
>   not weighed in on that assertion, and that needs to happen.
>
> The first three are easy - we just need the DIF Executive Director to
> make a legally binding statement to that effect. The last one may take
> time, but needs to happen so we don't hit a snag half way through.
>
> If all of that can be done on an acceptable time frame to the
> communities participating, then we might be able to achieve consensus
> from the group during the call next week.
>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches
>


-- 
*ORIE STEELE*
Chief Technical Officer
www.transmute.industries

<https://www.transmute.industries>

Received on Friday, 17 January 2020 22:29:39 UTC