RE: Propose vc-examples-registry work item.

I agree with @Markus Sabadello<mailto:markus@danubetech.com> that the original intention of the DID work, i.e. its ability to create and use them without a central authority, is the crucial element.
This intention is what makes DIDs different from say the earlier openID work, and it has consequences.
One consequence is that there no longer is a central authority that you can rely on to CRUD the HTML Page (in case of openID) or the DID Doc; DID-core has introducing the concept of 'controller' in order to resolve this.
Another consequence is that you no longer really know who controls the component that authenticates the user (this used to be the central authority). Of course, we all say that the user controls that component, but there is no real guarantee that (s)he does.

Rieks

From: Markus Sabadello <markus@danubetech.com>
Sent: donderdag 19 maart 2020 14:35
To: Leonard Rosenthol <lrosenth@adobe.com>; Orie Steele <orie@transmute.industries>; Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl>
Cc: daniel.hardman@evernym.com; W3C Credentials CG (Public List) <public-credentials@w3.org>
Subject: Re: Propose vc-examples-registry work item.


We have had this discussion a few times before.

Yes it is technically possible to define DID methods based on centralized systems (e.g. the not-really-serious did:facebook method<https://github.com/peacekeeper/did-method-facebook/blob/master/did-method-facebook.md>).
There are many DID methods where there is no simple yes/no answer if they are "decentralized" or not (e.g. the did:web method)<https://github.com/w3c-ccg/did-method-web>.

Nevertheless, the original intention of the whole DID work remains to enable identifiers that can be created and used without a central authority.

This is reflected in various places in the DID WG charter<https://www.w3.org/2019/09/did-wg-charter.html> and the DID Core<https://w3c.github.io/did-core/> spec.
Attempts to change this will likely result in significant resistance.

Regarding the use of the term "distributed ledger", personally I feel it's worth keeping that, since this is the technology that originally enabled DIDs and continues to be very important for it, even if not required. The DID Core spec currently uses the term "DID registry" for the thing where DIDs exist. Note that there is an open Github issue<https://github.com/w3c/did-core/issues/162> for discussing alternative terms that may be a better fit.

Markus
On 3/18/20 10:58 PM, Leonard Rosenthol wrote:
I would be happy to do that…and I think it can be done w/o too much argument.

There is one other issue that Steve raises that we may also want to consider….which I am pretty sure is going to have stepping into a HUGE moat of alligators…Changing what the first ‘D’ in DID stands for.  It is indeed confusing to have a standard around Decentralized things that also supports Centralized things.

Could we change that ‘D’ to something like “Dedicated” or “Distributed” or ??

Also, is this the right mailing list to discuss changing the DID spec on?  Is there a DID WG or related group and/or list??

Leonard

From: Orie Steele <orie@transmute.industries><mailto:orie@transmute.industries>
Date: Wednesday, March 18, 2020 at 4:05 PM
To: "Joosten, H.J.M. (Rieks)" <rieks.joosten@tno.nl><mailto:rieks.joosten@tno.nl>
Cc: Leonard Rosenthol <lrosenth@adobe.com><mailto:lrosenth@adobe.com>, "daniel.hardman@evernym.com"<mailto:daniel.hardman@evernym.com> <daniel.hardman@evernym.com><mailto:daniel.hardman@evernym.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org><mailto:public-credentials@w3.org>
Subject: Re: Propose vc-examples-registry work item.

I'd welcome a PRs that removed the concept of ledgers from the did core spec entirely... its an answer to "How" it belongs in the implementation guide, it does not belong in the did core spec IMO.

OS

On Wed, Mar 18, 2020 at 11:01 AM Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl<mailto:rieks.joosten@tno.nl>> wrote:
I guess I fell for the suggestions in the spec that emphasize ledgers. I based my statement on texts such as the following from the current spec<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F&data=02%7C01%7Clrosenth%40adobe.com%7C4d75d1c8c30d4d73b1e508d7cb77c1fc%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637201587528295518&sdata=Z1PAmdMoFCY4JGPQdoC5FLhGg7dSjrNoLImB4d0NhO4%3D&reserved=0>:

  *   Chapter 1, Introduction, paragraph 2 (entire text) states that DLTs provide the opportunity for fully decentralized identity management, and further elaborates on this, thereby strongly suggesting a focus on DLT's. I agree that this does not imply the converse.
  *   Chapter 1, Introduction, paragraph 4: "DID methods<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23dfn-did-methods&data=02%7C01%7Clrosenth%40adobe.com%7C4d75d1c8c30d4d73b1e508d7cb77c1fc%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637201587528295518&sdata=tOZ3N4xiq7k6U2fWuaVgzd4ZnXF40eJNkSNEGPm2ayw%3D&reserved=0> are the mechanism by which a DID<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23dfn-decentralized-identifiers&data=02%7C01%7Clrosenth%40adobe.com%7C4d75d1c8c30d4d73b1e508d7cb77c1fc%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637201587528305510&sdata=UxO7UZ2GchWQrBaiLSuGOrLOwY4WFU4t%2B%2FCw6p51wT4%3D&reserved=0> and its associated DID document<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23dfn-did-documents&data=02%7C01%7Clrosenth%40adobe.com%7C4d75d1c8c30d4d73b1e508d7cb77c1fc%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637201587528305510&sdata=wZdTOem4RWGz9fdu1xn13pA91nnCOrUS8CqwTeQSUMI%3D&reserved=0> are created, read, updated, and deactivated on a specific distributed ledger<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23dfn-distributed-ledger-technology&data=02%7C01%7Clrosenth%40adobe.com%7C4d75d1c8c30d4d73b1e508d7cb77c1fc%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637201587528305510&sdata=XuStfzFl2n0GFJN4hc1PWBG9IusAZjVH%2BKceV%2B3Frvw%3D&reserved=0> or network." The 'or network' is the escape here that seems to allow for different things than ledgers, but what that would mean does not become clear from the text itself.
  *   Chapter 2, Terminology, decentralized identifier (DID): "A globally unique identifier that does not require a centralized registration authority because it is registered with distributed ledger technology<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23dfn-distributed-ledger-technology&data=02%7C01%7Clrosenth%40adobe.com%7C4d75d1c8c30d4d73b1e508d7cb77c1fc%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637201587528315510&sdata=2Z47LFucxmmEg7wE%2FebCD2LDe52%2BtB2P1z%2F99Tv0ob8%3D&reserved=0> (DLT) or other form of decentralized network." Same as previous bullet.
  *   Chapter 2, Terminology, DID method): " A definition of how a specific DID scheme<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23dfn-did-schemes&data=02%7C01%7Clrosenth%40adobe.com%7C4d75d1c8c30d4d73b1e508d7cb77c1fc%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637201587528315510&sdata=%2Bq0od1cEGS7azkmoqEM1rSW6XCTEgaU4PXf%2BWC5hIJQ%3D&reserved=0> can be implemented on a specific distributed ledger<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23dfn-distributed-ledger-technology&data=02%7C01%7Clrosenth%40adobe.com%7C4d75d1c8c30d4d73b1e508d7cb77c1fc%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637201587528325504&sdata=6tHPjg3W1m6cXaiuM6gP8CtjafWaA94RbuKKIVFhgnE%3D&reserved=0> or network". Same as previous bullet.
So you are right, while the use of DLT-stuff is (strongly) suggested by the standard, it is not required.

With respect to

  *   > the DID-stuff aims to enable interaction (communication) with the entity identified by the DID
  *   That’s also not something that I see mentioned anywhere in the DID spec.  Can you please quote a source?
That's the 4th sentence of the Abstract.

Rieks

From: Leonard Rosenthol <lrosenth@adobe.com<mailto:lrosenth@adobe.com>>
Sent: woensdag 18 maart 2020 13:31
To: Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl<mailto:rieks.joosten@tno.nl>>; daniel.hardman@evernym.com<mailto:daniel.hardman@evernym.com>
Cc: Orie Steele <orie@transmute.industries><mailto:orie@transmute.industries>; W3C Credentials CG (Public List) <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: Re: Propose vc-examples-registry work item.

> And rightfully so since the core DID spec  explicitly states that DID-stuff belongs on DLTs
>
I think you need to re-read the spec again, as that is clearly *NOT* the case.

Right in Section 1 (Introduction), the first note is very clear on the topic:

NOTE: DID methods can also be developed for identifiers registered in federated or centralized identity management systems. Indeed, all types of identifier systems can add support for DIDs. This creates an interoperability bridge between the worlds of centralized, federated, and decentralized identifiers.

> the DID-stuff aims to enable interaction (communication) with the entity identified by the DID
>
That’s also not something that I see mentioned anywhere in the DID spec.  Can you please quote a source?

Leonard

From: "Joosten, H.J.M. (Rieks)" <rieks.joosten@tno.nl<mailto:rieks.joosten@tno.nl>>
Date: Wednesday, March 18, 2020 at 4:27 AM
To: "daniel.hardman@evernym.com<mailto:daniel.hardman@evernym.com>" <daniel.hardman@evernym.com<mailto:daniel.hardman@evernym.com>>, Leonard Rosenthol <lrosenth@adobe.com<mailto:lrosenth@adobe.com>>
Cc: Orie Steele <orie@transmute.industries<mailto:orie@transmute.industries>>, "W3C Credentials CG (Public List)" <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: Re: Propose vc-examples-registry work item.

And rightfully so since the core DID spec  explicitly states that DID-stuff belongs on DLTs. Also, according to the same spec (see the abstract), the DID-stuff aims to enable interaction (communication) with the entity identified by the DID, which is quite different from schemas.

So why specify that you need a DID to refer to a schema if we can generalize this to a URI? Doing so does not exclude DIDs since they are a specialization of URIs so you can still use the examples.

Rieks
________________________________
Van: Daniel Hardman <daniel.hardman@evernym.com<mailto:daniel.hardman@evernym.com>>
verzonden: woensdag 18 maart 2020 01:32
Aan: Leonard Rosenthol
Cc: Orie Steele; W3C Credentials CG (Public List)
Onderwerp: Re: Propose vc-examples-registry work item.

There is a clear bias there towards DIDs (and VC’s in general) that are based on ledgers of some fashion.

Touché. :-)

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages.


--
ORIE STEELE
Chief Technical Officer
www.transmute.industries<http://www.transmute.industries>

[Image removed by sender.]<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.transmute.industries%2F&data=02%7C01%7Clrosenth%40adobe.com%7C4d75d1c8c30d4d73b1e508d7cb77c1fc%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637201587528325504&sdata=9VsOWbcbM5uaIPYsQ3YrpijdlhSCSzWFKqPblJc6gkE%3D&reserved=0>

Received on Friday, 20 March 2020 07:54:47 UTC