- From: Orie Steele <orie@transmute.industries>
- Date: Tue, 20 Jul 2021 14:53:57 -0500
- To: Adrian Gropper <agropper@healthurl.com>
- Cc: Ted Thibodeau Jr <tthibodeau@openlinksw.com>, Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CAN8C-_KB6neSr+V7AxzJ1vMke3NdbpCzYCT2P4JqMma=XS1EnA@mail.gmail.com>
Feels like we are getting somewhere here... Assertion: VC Data Model + OAS3.0 + OAuth2 => digital slavery. Proof: 1. Assume OAuth2.0 leads to digital slavery 2. QED The logic is both incorrect, and offensive. Consider, the implication is that the following folks are "supporting digital slavery" by using OAuth2.0 or similar technologies.... 1. Google - https://developers.google.com/identity/protocols/oauth2 2. Apple - https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api 3. Microsoft - https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow 4. Amazon - https://developer.amazon.com/blogs/home/tag/OAuth+2.0 5. Okta - https://developer.okta.com/docs/concepts/oauth-openid/ 6. Auth0 - https://auth0.com/docs/protocols/protocol-oauth2 7. Ping - https://www.pingidentity.com/en/resources/client-library/articles/oauth.html 8. Login.gov - https://login.gov/ Continuing to assert that OAuth 2.0 leads to digital slavery and GNAP and RAR are the only way to avoid digital slavery appears a very poor strategy for promoting web standards in the W3C which has many of the members I listed above actively involved in standards. I would like to see more engagement from the OpenID Foundation, and established Identity Providers, including Apple, Microsoft and Google. I think we ought to be extra careful using terms like "digital slavery", when we actually mean "enterprise / government approved security technology"... This perpetuates an "Us vs Them" mentality which is harmful. Attempts to exclude or slander key stakeholders should be met with resistance. I object to the attempts to paint OAuth2.0 as "digital slavery enhancing technology"... I don't think the previous email demonstrates an understanding of how OAuth2.0 is used in practice to secure APIs. The reality is that individuals, corporations, not for profits and governments all have a legitimate right to use security and privacy enhancing technology. We are all in this together, trying to use cryptography and standards to build the fabric of digital life, reinforcing all aspects of sovereignty, including personal, profession and international. OS
Received on Tuesday, 20 July 2021 19:59:22 UTC