W3C home > Mailing lists > Public > public-credentials@w3.org > February 2022

Re: DID methods as W3C standards - a happy compromise?

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Wed, 23 Feb 2022 12:38:17 +0100
Message-ID: <CAKaEYhJS_NOrcOzMuRgM3tKyherTUfsM4YZjZqfgGNhcTopmxA@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: W3C Credentials Community Group <public-credentials@w3.org>
On Tue, 22 Feb 2022 at 15:43, Manu Sporny <msporny@digitalbazaar.com> wrote:

> I agree with much of what Markus has said. It may seem like a "simple
> matter
> of...", but given the debates that have been raging in the DID WG over the
> past two years, it's anything but that.
> Asking W3C to standardize most DID Methods is the equivalent of asking W3C
> to
> "Standardize Microsoft SQL Server" or "Standardize MongoDB". I'm sure all
> of
> us can appreciate why doing such a thing would be misguided.
> There are a few DID Methods where we can probably all agree that
> standardizing
> the DID Method favours no one... for example, did:key is probably the
> easiest
> one to drop into that category.
> did:web could probably be done as well, as long as some of us can hold our
> nose wrt. favouring the current commercial and governmental interests that
> run
> both the Certificate Authority systems, the browser vendors that impose
> their
> will wrt. "valid" and "invalid certificate authorities, and the commercial
> interests that run the global DNS root servers and other name server
> infrastructure.
> So, even did:web is controversial to some... I wouldn't touch some of the
> other ones you listed with a ten foot pole in W3C standardization space.
> That
> you're mentioning them demonstrates that you might not be seeing the full
> picture wrt. the dangers that they bring to the ecosystem. :)
> On 2/22/22 6:32 AM, Steve Capell wrote:
> > Of course “web” or “dns” is a technology but nobody could reasonably
> claim
> > that you are preferencing some specific commercial interests
> Oh, if only that were true. :) By using did:web or did:dns, you are
> preferring:
> * A government's ability to secretly MiTM your did:dns
>   record; there are national firewalls that do a great
>   job at this today.
> * A government's ability to take those identifiers away
>   from you by coercing hosting and DNS providers.
> * A corporations ability to take those identifiers
>   away from you if you don't serve their commercial
>   interests (leasing identifiers).
> Now, I don't personally hold the positions above for all use cases, but I
> do
> find them logically sound.
> Standardizing DID Methods is more fraught than it may seem at first,
> second,
> or third glance.
> Now, a generalized HTTP API for DID operations... that might actually have
> a
> fighting chance at W3C and result in broader interoperability than just
> picking a few winners. I believe Markus is already working on some
> variation
> of that now.

The web is already baked into DID Core

The website w3.org occurs 40 times
The website w3id.org occurs 19 times

These are not simply name spaces (like in Turtle), they pull in the
definitive data model and validation logic

So, I dont see that using the web should be controversial, as DID stands
today, since it's already in DID Core

> -- manu
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021)
> https://www.digitalbazaar.com/
Received on Wednesday, 23 February 2022 11:38:41 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:29 UTC