Re: Fwd: New member - and (hopefully) an interesting use case - and a question

Hi Steve,

Let me start by saying, welcome to the W3C CCG! :)

We've been introduced in other venues, and I'm thrilled to see you
engaging here. As you know, a number of the use cases you mention were
funded by DHS S&T and explored by US Customs and Border Protection two
years ago in the NAFTA/CAFTA Blockchain Proof of Concept:

https://www.cbp.gov/trade/ace/whats-new-innovation

The results of that proof of concept can be found here (Digital Bazaar,
who did the build out of the technical system using Verifiable
Credentials, Decentralized Identifiers, Encrypted Data Vaults,
Hashlinks, Authorization Capabilities, etc.) starts on page 16:

https://www.cbp.gov/sites/default/files/assets/documents/2019-Oct/Final-NAFTA-CAFTA-Report.pdf

Lots of lessons learned there that may interest you.

On 5/26/20 11:31 PM, steve capell wrote:
>  1. the method part of the DID is important for interoperability and,
>     although I can see the value in letting anyone setup a new method,
>     there is a risk of explosion -
>     as https://w3c-ccg.github.io/did-method-registry/ seems to already
>     show.  Looking at this list of methods, I really have no idea what
>     problem each is solving, why there are so many, and whether I should
>     re-use one or create another.  I'd be keen to discuss that problem
>     with someone!

Yes, we're seeing a gold rush for DID Methods. A number of people in
this community expect that 90%+ of those DID Methods will fail to gain
market traction within the first 5 years. As Anil mentioned in his
email, a number of them have critical design flaws, security concerns,
privacy concerns, or all of these things. There is currently no
framework to evaluate DID Methods, but the DID WG is tasked with
creating a DID Method Rubrics document that is supposed to outline the
basis of a framework. Other organizations are also working on evaluation
criteria.

The first thing you could do to help the situation is not to create yet
another DID Method... there are enough of them out there and the
differences between many aren't so great. The biggest differences tend
to be the network the DID Method is built upon (many of them are built
on blockchain networks), the governance model for the blockchain
(non-profit foundation, private company, shadow corporation, etc.). For
example, here's the information for Veres One (which was used in the
NAFTA/CAFTA PoC mentioned above):

https://veres.one/summary/

There is no easy answer... it takes doing your due diligence to figure
out which solution is snake oil and which one seems like it might be a
good fit in production. At present, determining that is close to a full
time job... but there are a number of people in this community that have
done that work and would be happy to share their findings. All you need
to do is determine the precise questions you want answers for and I'm
sure folks in this community would be happy to chime in and give you
their informed opinions.

Again, welcome to the community, I look forward to discussing your use
cases here.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Wednesday, 27 May 2020 14:39:58 UTC