RE: Does the W3C still believe in Tim Berners-Lee's vision of decentralization? from Nikos Fotiou on 2021-10-13 (public-credentials@w3.org from October 2021)

From: Nikos Fotiou <fotiou@aueb.gr>
Date: Wed, 13 Oct 2021 19:39:27 +0300
To: "'Manu Sporny'" <msporny@digitalbazaar.com>, <public-credentials@w3.org>
Message-ID: <021801d7c050$e3aafeb0$ab00fc10$@aueb.gr>

Hi Manu,

You are saying "[...] DID Method you want to, as long as the site supports it". Isn't this the perfect example of fragmentation and divergence? E.g., currently the DID registry has 15 methods that use Ethereum to store information. IMHO it should be trivial to support all them (at least some basic functionality, such as "retrieve the authentication key"). But as far as I understand, it isn't! Even if it is, it is not properly demonstrated. Right now the situation appears like having an OIDC library ("the DID resolver")  that must be modified for every new authorization server!

Best,
Nikos

-----Original Message-----
From: Manu Sporny <msporny@digitalbazaar.com> 
Sent: Wednesday, October 13, 2021 7:07 PM
To: public-credentials@w3.org
Subject: Re: Does the W3C still believe in Tim Berners-Lee's vision of decentralization?

On 10/13/21 11:34 AM, Drummond Reed wrote:
> We don’t want to have web sites that have a list of tens of “Log in with…”
>  buttons.
> 
> On that point, the whole idea of DIDs is that if a site uses a DID 
> resolver, a single "Log in with..." button can service all DIDs that 
> use DID methods supported by that resolver.

... and to further underscore that point, there are already protocols that have existed for years that actively combat the "Login with SuperProviderX"
anti-pattern on the Web. Participants in this community have demonstrated interop using one of them called CHAPI[1] (animations demonstrating it in action):

https://github.com/digitalbazaar/credential-handler-polyfill#features

You will note the complete replacement of "Login with SuperProviderX" buttons with a single button that invoke "Digital Wallets" (really, just a software
application) that an individual gets to choose... just like we get to choose the email clients we use (*gasp* I know, what a concept).

There are other solutions in the works as well -- VC API, WACI/PeX, OIDC extensions, etc. All of them are expected to let you show up with whatever "Digital Wallet" and DID Method you want to, as long as the site supports it.

So, I think we have at least part of your concern covered, Nikos. There still remain open questions on "What DID Methods will become popular?", but hopefully that's a more even playing field than "Choose among the largest companies on the planet".

-- manu

[1]https://w3c-ccg.github.io/credential-handler-api/

--
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/

Attachments

application/pkcs7-signature attachment: smime.p7s

Received on Wednesday, 13 October 2021 16:39:43 UTC