W3C home > Mailing lists > Public > public-credentials@w3.org > November 2021

Re: [EXTERNAL] Re: Using Email as an Identifier

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sat, 13 Nov 2021 10:58:54 -0500
To: Credentials Community Group <public-credentials@w3.org>, "public-vc-edu@w3.org" <public-vc-edu@w3.org>
Message-ID: <3ed799fd-f586-0227-a443-b766a161609b@digitalbazaar.com>
On 11/12/21 5:52 PM, Adrian Gropper wrote:
> What are the human rights implications of a "more capable" wallet?

The question is too nebulous to answer.

What are the human rights implications of a physical wallet? What are the
human rights implications of a slice of Bologna? :)

> Is it a "certified" wallet that Apple or Google provides to pretty much 
> everyone with a certified biometric lock?

No, it is not. That is the anti-thesis of what this community is after. At
least, not the sort of "more capable" wallet I'm talking about.

> Allow me to stipulate that Apple and Google will adopt any (W3C) standard
> that allows them to keep their wallet franchise just like Apple almost
> introduced coerced "local scanning" for illegal content in end-to-end
> secure messaging.

Yes, of course they will and corrupt it just like they did with the Web
Payments Payment Request API -- which started out as an open ecosystem and now
only supports wallets supported by the browser manufacturers.

> Once that becomes the norm and we're all expected to have such a capable 
> biometric wallet for our cryptographically secure "papers please" what is
> left for the SSI community to do?

We have to build competitive alternatives to closed ecosystems. This has
always been a part of the mission (and will continue to be into the
foreseeable future).

We have to make sure closed wallet ecosystems don't become the norm by
building competitive alternatives and voting against anything of the sort at
W3C. Most likely by pushing back hard against a chartering vote for anything
that looks like a play for a non-competitive digital wallet ecosystem.

The new FedCM work at W3C by Google looks like such a trap, IMHO.

> Do we have some kind of regulation or governance system or technology in
> mind to mitigate this risk?

Yes, the Credential Handler API (CHAPI), which currently needs the permission
of no trillion dollar corporation to deploy across the Web/Internet. It has
been in operation since 2015:

https://github.com/digitalbazaar/credential-handler-polyfill#features

Certain DIDComm-based solutions could also be a viable "no permission needed
to innovate" alternative.

I'll note that some of the other federated solutions that some in this
community are dangerously suggesting we use as a stop-gap falls into this
"certified wallet/ecosystem" trap. If we get to a future where every
individual isn't making a coerced decision on what digital wallet to use, we
know we've achieved another milestone in this community.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/
Received on Saturday, 13 November 2021 15:59:12 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:24 UTC