- From: Daniel Hardman <daniel.hardman@gmail.com>
- Date: Thu, 8 Jul 2021 12:55:30 +0200
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
- Message-ID: <CACU_chm6V0efdXoMdChMQkHCGmMD+rGtTipCxgq89BmX3V-c=Q@mail.gmail.com>
> > > A1 - VC-HTTP API is *the one place* where the asymmetry of power between > > issuers and subjects comes to a head. > > You have yet to demonstrate why and how. This seems to be the basis of your > position, so it's hard to even consider your other points because the > foundation of your argument hasn't been established yet. > > Why is the VC HTTP API the one place where the asymmetry of power between > issuers and subjects comes to a head? > > Where exactly in the VC HTTP API is this concretely realized? You should be > able to point to and endpoint and say "right there". I beg to differ with your characterization, Manu. I gave a concrete example of why the VC HTTP perpetuates a power asymmetry when I came to this group on April 30 with slides <https://docs.google.com/presentation/d/1VhTcthBwDppKB-k71YOtoB6F-32vJNeXKF5P_hScshM/edit> and 20 minutes of commentary about it. It is not an example of an endpoint; it's in the architectural mindset that frames the standard as endpoint-centric in the first place, guaranteeing for all practical purposes that the standard can be implemented only by an entity having a stable point of presence on the internet. (And I made the same argument a year before, on the CCG mailing list and in issues in the VC http repos, when the DHS SVIP project first raised the possibility of a "standardised" API for issuance, before the API was intended to service external interactions. You commented on some of those issues, so I know you have thought about them.) In my most recent tilt at the windmills, I made a concrete counter-proposal, too (to reframe this API as derivative of a higher-level standard that does not perpetuate the client-server assumption that locks institutions in as identity power brokers and as controllers of the standards around them). And I pointed out how something bigger than HTTP is fundamental to the integration of VCs with digital cash, with governments on every continent demanding strong identity + offline support right now. The group dismissed my counter-proposal without a vote, and its engagement with my argument was relatively light. My conclusion was that I was wasting my time because the group had little interest in the power asymmetry problem. Indeed, the way I received Dave Longley's response to my concern was essentially, "I don't care about those problems because they're not use cases of my customers. If somebody besides online institutions wants a standard for credential exchange, let them find their own money and write their own standard." (Note my careful language "the way I received" -- I may have received it wrong. I'm not claiming my perception is objective reality--only that I received it that way.) And, if the group continues to insist that its only priorized use cases flow from institutions that pay the proximate bills, I can't see how it can reach any other conclusion. So I have largely withdrawn from this group, except to lurk. I will make my appeal about the architectural and idealogical flaws in your approach in the court of public opinion and the court of government contracts, since it could not be made in the CCG. It is your privilege to continue, and it is my privilege to disengage. But it is not reasonable to claim that you've never received a coherent, concise, actionable articulation of the problem or its solution. --Daniel
Received on Thursday, 8 July 2021 10:57:41 UTC