R: Propose vc-examples-registry work item.

I would like to reinforce the point Leonard is making:
we are likely to work in environments when resolution is performed in different ways, according to the situation:


  *   via a centrlaized did registry, e.g. in enterprise environments where such a trustworthy registry is available
  *   via a distributed did registry in open environements – no central authority
  *   via local resolution e.g. in p2p off-network interactions. I may provide myself the resolution of my  DID to my peer
  *   …

Btw, something alike “local resolution” is regularly used  in CMS/PDF/XML digital signature, when the X509certificate (=not dissimilar from a DID document) is embedded in the signed document (keyInfo-->X509Data).
I beleive a resolution framework encompassing all different modes would be extremely powerful.

Best,

--luca


Da: Leonard Rosenthol <lrosenth@adobe.com>
Inviato: giovedì 19 marzo 2020 18:53
A: Markus Sabadello <markus@danubetech.com>; Orie Steele <orie@transmute.industries>; Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl>
Cc: daniel.hardman@evernym.com; W3C Credentials CG (Public List) <public-credentials@w3.org>; Christopher Allen <ChristopherA@AlacrityManagement.com>; Joe Andrieu <joe@legreq.com>
Oggetto: Re: Propose vc-examples-registry work item.

And I assume that something like `did:git` or `did:github` (https://github.com/decentralized-identity/github-did), both of which are listed in the DID Method Registry (https://w3c-ccg.github.io/did-method-registry/) also fall into that “no simple yes/no”.

> Nevertheless, the original intention of the whole DID work remains to enable identifiers that can be created and used without a central authority.
>
I get that.  But that doesn’t mean that it has to be the current intention.

I would put forth that (in reference to what the NOTE in the introduction of spec says) *we need a bridge* between the two models (Centralized & DeCentralized).  As someone implementing general support for identity references in an open system, having multiple ways to refer to/store an identity is going to make me choose just one…and to be honest, since the *vast majority* of identities today are in centralized systems – I’ll pick that one.

What I believe we should be working towards – and I think that DID addresses – is a model/standard for serialization of an identity reference (DID URI Scheme & data model) and resolution (DID Methods) of that serialization into something useful (DID documents).  And guess what – that is EXACTLY what the WG Charter says the mission of the DID WG is:

The mission of the Decentralized Identifier Working Group<https://www.w3.org/2019/did-wg/> is to standardize the DID URI scheme, the data model and syntax of DID Documents, which contain information related to DIDs that enable the aforementioned initial use cases, and the requirements for DID Method specifications.

But as above, I *strongly* believe that it has to work for all types.  I am willing to put my (and my company’s) time & $$ to make that happen.

Leonard

From: Markus Sabadello <markus@danubetech.com<mailto:markus@danubetech.com>>
Date: Thursday, March 19, 2020 at 9:34 AM
To: Leonard Rosenthol <lrosenth@adobe.com<mailto:lrosenth@adobe.com>>, Orie Steele <orie@transmute.industries<mailto:orie@transmute.industries>>, "Joosten, H.J.M. (Rieks)" <rieks.joosten@tno.nl<mailto:rieks.joosten@tno.nl>>
Cc: "daniel.hardman@evernym.com<mailto:daniel.hardman@evernym.com>" <daniel.hardman@evernym.com<mailto:daniel.hardman@evernym.com>>, "W3C Credentials CG (Public List)" <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: Re: Propose vc-examples-registry work item.


We have had this discussion a few times before.

Yes it is technically possible to define DID methods based on centralized systems (e.g. the not-really-serious did:facebook method<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fpeacekeeper%2Fdid-method-facebook%2Fblob%2Fmaster%2Fdid-method-facebook.md&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812147749&sdata=FpKbAHKz2VbJ88OSQTPnSXxUgXZvsI24Yw5WjMM3IoE%3D&reserved=0>).
There are many DID methods where there is no simple yes/no answer if they are "decentralized" or not (e.g. the did:web method)<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c-ccg%2Fdid-method-web&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812147749&sdata=uIr7VA%2BvEXyRWeVhlVoGsMdmDwFAxYxofTOfz0T%2BzH0%3D&reserved=0>.

Nevertheless, the original intention of the whole DID work remains to enable identifiers that can be created and used without a central authority.

This is reflected in various places in the DID WG charter<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2F2019%2F09%2Fdid-wg-charter.html&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812157697&sdata=794A6LPqVSOuUjcMAQy6tOch2uSVuu27QnJ0WjMCdPs%3D&reserved=0> and the DID Core<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fw3c.github.io%2Fdid-core%2F&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812157697&sdata=JSyVSsjrti9euYRG810c5sqVIveFRD%2BLyY%2BfqCHu4LY%3D&reserved=0> spec.
Attempts to change this will likely result in significant resistance.

Regarding the use of the term "distributed ledger", personally I feel it's worth keeping that, since this is the technology that originally enabled DIDs and continues to be very important for it, even if not required. The DID Core spec currently uses the term "DID registry" for the thing where DIDs exist. Note that there is an open Github issue<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fdid-core%2Fissues%2F162&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812167653&sdata=9IvB9gnkNF%2FltZGQrfy3fLPIFRlNDqaXYebbjXM5pTA%3D&reserved=0> for discussing alternative terms that may be a better fit.

Markus
On 3/18/20 10:58 PM, Leonard Rosenthol wrote:
I would be happy to do that…and I think it can be done w/o too much argument.

There is one other issue that Steve raises that we may also want to consider….which I am pretty sure is going to have stepping into a HUGE moat of alligators…Changing what the first ‘D’ in DID stands for.  It is indeed confusing to have a standard around Decentralized things that also supports Centralized things.

Could we change that ‘D’ to something like “Dedicated” or “Distributed” or ??

Also, is this the right mailing list to discuss changing the DID spec on?  Is there a DID WG or related group and/or list??

Leonard

From: Orie Steele <orie@transmute.industries><mailto:orie@transmute.industries>
Date: Wednesday, March 18, 2020 at 4:05 PM
To: "Joosten, H.J.M. (Rieks)" <rieks.joosten@tno.nl><mailto:rieks.joosten@tno.nl>
Cc: Leonard Rosenthol <lrosenth@adobe.com><mailto:lrosenth@adobe.com>, "daniel.hardman@evernym.com"<mailto:daniel.hardman@evernym.com> <daniel.hardman@evernym.com><mailto:daniel.hardman@evernym.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org><mailto:public-credentials@w3.org>
Subject: Re: Propose vc-examples-registry work item.

I'd welcome a PRs that removed the concept of ledgers from the did core spec entirely... its an answer to "How" it belongs in the implementation guide, it does not belong in the did core spec IMO.

OS

On Wed, Mar 18, 2020 at 11:01 AM Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl<mailto:rieks.joosten@tno.nl>> wrote:
I guess I fell for the suggestions in the spec that emphasize ledgers. I based my statement on texts such as the following from the current spec<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812167653&sdata=EMKrmQbdxgu8BvVIXjD7oJp8VpBJfbfiRI%2FDJSJ2kEc%3D&reserved=0>:

  *   Chapter 1, Introduction, paragraph 2 (entire text) states that DLTs provide the opportunity for fully decentralized identity management, and further elaborates on this, thereby strongly suggesting a focus on DLT's. I agree that this does not imply the converse.
  *   Chapter 1, Introduction, paragraph 4: "DID methods<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23dfn-did-methods&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812177610&sdata=gDp3OMWVD4INiqkLvZiGBTu%2Bzte7f7KdA6JFfJLXxmA%3D&reserved=0> are the mechanism by which a DID<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23dfn-decentralized-identifiers&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812177610&sdata=n%2FPkJNGZOZXMLOniPpxdvd2K8OYpEhMfAagC7%2BFhOWs%3D&reserved=0> and its associated DID document<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23dfn-did-documents&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812177610&sdata=mDHiSGufWEfnl%2BoF3YvwXziAz41QsYBA%2B%2Fyjgu2i6cA%3D&reserved=0> are created, read, updated, and deactivated on a specific distributed ledger<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23dfn-distributed-ledger-technology&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812187565&sdata=BiKCAaC%2BqdtVrjms77R3GeMmMdYgsTWTa1KVefFmYNY%3D&reserved=0> or network." The 'or network' is the escape here that seems to allow for different things than ledgers, but what that would mean does not become clear from the text itself.
  *   Chapter 2, Terminology, decentralized identifier (DID): "A globally unique identifier that does not require a centralized registration authority because it is registered with distributed ledger technology<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23dfn-distributed-ledger-technology&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812197522&sdata=LlKyOu5ybAPVmkptIQtfoJais1DRqawONwVxMqdVjg0%3D&reserved=0> (DLT) or other form of decentralized network." Same as previous bullet.
  *   Chapter 2, Terminology, DID method): " A definition of how a specific DID scheme<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23dfn-did-schemes&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812197522&sdata=ROIlvKr2XZcL%2FPDYApVrtgdIw1TDYT3qXwzFfNbmX%2Bg%3D&reserved=0> can be implemented on a specific distributed ledger<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23dfn-distributed-ledger-technology&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812207478&sdata=4OUxDEkrH3256oAW9hRwXvgjXAmPO%2FCms7u4O7Q1%2Bks%3D&reserved=0> or network". Same as previous bullet.
So you are right, while the use of DLT-stuff is (strongly) suggested by the standard, it is not required.

With respect to

  *   > the DID-stuff aims to enable interaction (communication) with the entity identified by the DID
  *   That’s also not something that I see mentioned anywhere in the DID spec.  Can you please quote a source?
That's the 4th sentence of the Abstract.

Rieks

From: Leonard Rosenthol <lrosenth@adobe.com<mailto:lrosenth@adobe.com>>
Sent: woensdag 18 maart 2020 13:31
To: Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl<mailto:rieks.joosten@tno.nl>>; daniel.hardman@evernym.com<mailto:daniel.hardman@evernym.com>
Cc: Orie Steele <orie@transmute.industries><mailto:orie@transmute.industries>; W3C Credentials CG (Public List) <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: Re: Propose vc-examples-registry work item.

> And rightfully so since the core DID spec  explicitly states that DID-stuff belongs on DLTs
>
I think you need to re-read the spec again, as that is clearly *NOT* the case.

Right in Section 1 (Introduction), the first note is very clear on the topic:

NOTE: DID methods can also be developed for identifiers registered in federated or centralized identity management systems. Indeed, all types of identifier systems can add support for DIDs. This creates an interoperability bridge between the worlds of centralized, federated, and decentralized identifiers.

> the DID-stuff aims to enable interaction (communication) with the entity identified by the DID
>
That’s also not something that I see mentioned anywhere in the DID spec.  Can you please quote a source?

Leonard

From: "Joosten, H.J.M. (Rieks)" <rieks.joosten@tno.nl<mailto:rieks.joosten@tno.nl>>
Date: Wednesday, March 18, 2020 at 4:27 AM
To: "daniel.hardman@evernym.com<mailto:daniel.hardman@evernym.com>" <daniel.hardman@evernym.com<mailto:daniel.hardman@evernym.com>>, Leonard Rosenthol <lrosenth@adobe.com<mailto:lrosenth@adobe.com>>
Cc: Orie Steele <orie@transmute.industries<mailto:orie@transmute.industries>>, "W3C Credentials CG (Public List)" <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: Re: Propose vc-examples-registry work item.

And rightfully so since the core DID spec  explicitly states that DID-stuff belongs on DLTs. Also, according to the same spec (see the abstract), the DID-stuff aims to enable interaction (communication) with the entity identified by the DID, which is quite different from schemas.

So why specify that you need a DID to refer to a schema if we can generalize this to a URI? Doing so does not exclude DIDs since they are a specialization of URIs so you can still use the examples.

Rieks
________________________________
Van: Daniel Hardman <daniel.hardman@evernym.com<mailto:daniel.hardman@evernym.com>>
verzonden: woensdag 18 maart 2020 01:32
Aan: Leonard Rosenthol
Cc: Orie Steele; W3C Credentials CG (Public List)
Onderwerp: Re: Propose vc-examples-registry work item.

There is a clear bias there towards DIDs (and VC’s in general) that are based on ledgers of some fashion.

Touché. :-)

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages.


--
ORIE STEELE
Chief Technical Officer
www.transmute.industries<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.transmute.industries%2F&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812207478&sdata=NaXidWsHJOr%2BeBbJQZCi4WkDGl53ZJ8mm5Gx3yjW86U%3D&reserved=0>

[Image removed by sender.]<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.transmute.industries%2F&data=02%7C01%7Clrosenth%40adobe.com%7Cf6bf066ff9274ef1785708d7cc0a4607%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637202216812217442&sdata=RqUIq3EmKcR4U%2BBzmaQ8%2BQTwwpa19m2TosZ5UbMbbo0%3D&reserved=0>