W3C home > Mailing lists > Public > public-credentials@w3.org > May 2021

Re: VC HTTP API specification structure

From: Adrian Gropper <agropper@healthurl.com>
Date: Mon, 3 May 2021 13:48:28 -0400
Message-ID: <CANYRo8j=UvP27pKoqGPRDoPFKfoHw1uYuOe_FS09VnR_vzmwUg@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: W3C Credentials Community Group <public-credentials@w3.org>

On Mon, May 3, 2021 at 8:28 AM Manu Sporny <msporny@digitalbazaar.com>

> On 5/2/21 11:11 PM, Adrian Gropper wrote:
> > We seem to be talking past each other.
> I'm not certain of that... It's clear that you want to have a conversation
> around delegation and authorization (and specifically, GNAP), and it's
> clear
> that you believe that splitting the specifications into at least 3 separate
> specifications will benefit a privacy analysis and make it easier to reason
> about the specifications.
> Do I have that right, Adrian?
*AG: Yes.*

> > I am making an outcome argument and the group is making a process
> > argument.
> The group is attempting to pick a starting structure for the specification.
> You are attempting to avoid making that decision now and instead would
> like to
> discuss authorization/delegation and use cases before we pick a document
> structure.
> Is that correct, Adrian?
*AG: Yes.*

> > One solution could be as simple as working on a use-cases document
> before
> > we revisit the document structure discussion.
> That could be a solution, and we could raise it as a proposal, if you'd
> like.
> The group seems to want to work on both in parallel (which is also a
> reasonable approach, given that we have a functional set of HTTP APIs that
> do
> something today and have been used in a variety of interoperability
> plugfests).
*AG: I'm sorry, but the parallel process terrifies me. I genuinely don't
understand where the group is headed and I have over a decade of experience
participating in both authorization and identity standards work. *

*AG: The SVIP "plugfest" approach contributes to my terror. It's built
around an assumption that individual people have no market power. It's the
sovereigns protecting themselves and their interests and giving their
"Subjects" what they say the subjects need. This is not the
bitcoin-inspired self sovereign decentralized vision I signed-up for.*

> > However, ignoring delegation and authorization at this stage will cause
> > irreparable harm to innovation in self-sovereign technologies.
> No one has suggested that we ignore delegation and authorization; just
> that we
> delay that discussion until we have a specification structure in which to
> write things.
*AG: Delegation and authorization IS the specification structure I'm
talking about. The GNAP group is trying to stay compatible with DID and VC
and capabilities and non-HTTP transports and avoid federation and "trust"
assumptions. The SSI community ignores their work at great risk to our own
goals. *

*AG: So, please, no delay, particularly since this group is only talking
about HTTP.  *

> The current proposal assumes different ReSpec files that are combined
> together
> into one document. If we want to split them out into three separate
> documents,
> it will be trivial to do so. This is an initial decision on specification
> structure so that we can parallelize work; not a final decision.
*AG: It's the parallelize thing that paralyzes me. Please don't keep
insisting that it's innocuous. I find it terrifying and the insistence just
makes it more upsetting. *

*- Adrian*

> -- manu
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches
Received on Monday, 3 May 2021 17:48:53 UTC

This archive was generated by hypermail 2.4.0 : Monday, 3 May 2021 17:48:54 UTC