RE: Does the W3C still believe in Tim Berners-Lee's vision of decentralization?

Hi Drummond,

 

I just wanted to comment on the following

 

“The DID WG has discussed the hypothetical "did:facebook" as an example for the last two years. If Facebook (or Google, or Apple, or choose-your-large-provider) decided that it wanted to try to compete with other DID methods that do not have a dependency on a single company, that's a choice the market can make.”

 

This is exactly what I mean that the “responses to the “divergence” and the “interoperability” comments are not convincing”. To me, this sounds that you are describing multiple isolated silos and the market will decide which silo(s) to win. It shouldn’t be like that however. 

 

Think for example, domain names to be the equivalent of DIDs, and digital certificates to be the equivalent of DID documents: the market has decided which are the trusted CA; however, anybody can freely choose any of these CAs and be sure that its certificate will be interoperable with most systems. Moreover, (and more importantly) an entity can choose to move from a CA to another without having to change its domain name!

 

Best,

Nikos

 

From: Drummond Reed <drummond.reed@evernym.com> 
Sent: Wednesday, October 13, 2021 6:35 PM
To: Nikos Fotiou <fotiou@aueb.gr>
Cc: Credentials Community Group <public-credentials@w3.org>
Subject: Re: Does the W3C still believe in Tim Berners-Lee's vision of decentralization?

 

On Wed, Oct 13, 2021 at 2:48 AM Nikos Fotiou <fotiou@aueb.gr <mailto:fotiou@aueb.gr> > wrote:

Hi,

My 2c

- IMHO trying to diminish the objections based on the supposedly motives of the objectors can fire back. E.g., what are really the motives of Evernym for supporting DID spec?

 

Nick, I wasn't trying to diminish the objections on that basis. The arguments against the objections are each handled separately. I was only trying to shine a light on the possible motivations for the misunderstandings about the DID spec.

 

Evernym is happy to be very transparent about our motivations. We are an SSI tech vendor. DIDs are integral to our software and services because we believe deeply in decentralization and so do our customers.

 

- The responses to the “divergence” and the “interoperability” comments are not convincing. The DID specification registry includes tens of methods that try to “lock” users in their respective registries. IMHO, we don’t want to end up in a situation where there is did:google, and the only way to use it is by interacting with google servers; 

 

The whole idea of a registry of DID methods is to let the market choose from among independent DID methods as long as they are spec compliant. The DID WG has discussed the hypothetical "did:facebook" as an example for the last two years. If Facebook (or Google, or Apple, or choose-your-large-provider) decided that it wanted to try to compete with other DID methods that do not have a dependency on a single company, that's a choice the market can make.

 

it is better to have something that has similar properties to DNS names, where you are free to choose your registrar, you can host your DID even by yourself, you can use any DID resolution service you like, and you can change any of these providers without having to change your DID.

 

There are in fact some DID methods that have that quality (did:keri is one example). And others like did:peer do not need any "registrar" at all. You control all your own peer DIDs in your own digital wallet. 

 

But should we require all DID methods to have those properties? The DID spec was designed to let the market innovate the best DID methods. That's why the DID Rubric <https://w3c.github.io/did-rubric/>  is important as a tool to help the public evaluate DID methods. 

 

If you feel strongly that there is a clear line in the sand that can be drawn about what DID methods should be excluded, please feel free to suggest it as a policy the DID Spec Registries <https://www.w3.org/TR/did-spec-registries/>  could adopt. 

 

We don’t want to have web sites that have a list of tens of “Log in with…” buttons.

 

On that point, the whole idea of DIDs is that if a site uses a DID resolver, a single "Log in with..." button can service all DIDs that use DID methods supported by that resolver. 

 

Best,

=Drummond  

 

 

Best,

Nikos

 

From: Drummond Reed <drummond.reed@evernym.com <mailto:drummond.reed@evernym.com> > 
Sent: Wednesday, October 13, 2021 9:58 AM
To: Credentials Community Group <public-credentials@w3.org <mailto:public-credentials@w3.org> >
Subject: Does the W3C still believe in Tim Berners-Lee's vision of decentralization?

 

I want to share this email I just sent to the W3C Advisory Committee regarding the DID 1.0 formal objection (FO) issue.

 

The Evernym blog post it links to is here:  <https://www.evernym.com/blog/w3c-vision-of-decentralization/> https://www.evernym.com/blog/w3c-vision-of-decentralization/ 

 

Best,

=Drummond  

---------- Forwarded message ---------
From: Drummond Reed < <mailto:drummond.reed@evernym.com> drummond.reed@evernym.com>
Date: Tue, Oct 12, 2021 at 11:54 PM
Subject: Does the W3C still believe in Tim Berners-Lee's vision of decentralization?
To: W3C AC Forum < <mailto:w3c-ac-forum@w3.org> w3c-ac-forum@w3.org>

 

AC Members,

 

Let me start by saying I appreciate the extensive discussion about the Formal Objection process over the past few days. I suspect it has helped educate many of us who are not involved in the intricacies of the W3C process (and how it needs to evolve to become "director-free"). It has also given me, as one editor of the DID 1.0 spec, a modicum of reassurance that the FO's lodged against it will be handled via a reasonable process.


Assuming that good faith, I'd like to turn the AC's attention to the substance of those FOs. Specifically, I want to follow the advice Tobie Langel gave yesterday in response to a suggestion by David Singer:

 

Anchoring decision-making into shared values and principles is critical for W3C’s long-term credibility and for W3C to stay functional once “director-free.”

 

I could not agree more. In the case of these FOs, I believe the principle at stake is decentralization.

 

Evernym joined the W3C four years ago specifically to work on standards for decentralized digital trust infrastructure, starting with verifiable credentials and DIDs. To be frank, we were skeptical that W3C was the right place for that work. The issue of centralization of the Web was already looming large—specifically  <https://foundation.mozilla.org/en/insights/internet-health-report/> as raised by Mozilla in their 2017 Internet Health Report. But Manu Sporny and other leaders of the W3C Credentials Community Group convinced us that the W3C was serious about decentralization. So we agreed to contribute our efforts here.

 

Four years later, the FOs lodged by Google, Apple, and Mozilla against the DID 1.0 spec have shaken our confidence. It would be one thing if these objections had serious merit. But we were frankly stunned at how much they reflected misunderstandings not only about the purpose and design of the DID 1.0 spec, but also about the other deliverables of the DID WG.

 

I realize that's a strong statement. So over the past week we worked to fully document this  <https://www.evernym.com/blog/w3c-vision-of-decentralization/> in a blog post we published tonight.

 

I urge you to read it and to share your thoughts on the topic of decentralization with the rest of the AC.

 

=Drummond 

 

P.S. The conclusion of the blog post raises some questions about the motivations for these FOs. This is not meant to impugn Google's, Apple's, and Mozilla's intentions. It is meant to underscore that decentralization is about avoiding concentrations of power. There is no way around that issue—which is why it is so important that we discuss it here.

 

 

 

 

 

Received on Wednesday, 13 October 2021 16:22:59 UTC