W3C home > Mailing lists > Public > public-credentials@w3.org > January 2022

Re: FedId CG at W3C and GNAP

From: Adrian Gropper <agropper@healthurl.com>
Date: Sat, 8 Jan 2022 12:08:48 -0500
Message-ID: <CANYRo8ipP6EYtaOhq-zW=9dQ-1NRV0JUuVN1nQf3y1YqpUuR4w@mail.gmail.com>
To: Steve Magennis <steve.e.magennis@gmail.com>
Cc: Orie Steele <orie@transmute.industries>, Justin P Richer <jricher@mit.edu>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Yes, Steve: "Perhaps it is that human rights can be a more tangible
endeavor (better suited to standards work) whereas ethics is more of a
philosophical pursuit?"

Although my career as an engineer and entrepreneur is similar to most of my
colleagues in standards work, I have now spent over a decade as a full-time
volunteer advocate with _dozens_ of tech standards groups and health tech
policy forums. Almost without exception, the SDOs are designed for
regulatory capture of the policy forums. It's an investment by a funded
entity to influence policy for profit just like a lobbyist would be, only
with engineers. Yes, I'm oversimplifying to make a point but I will be
happy to respond to counter-examples.

Human rights are like wht has been said of pornography: "You know it when
you see it." Ethics are like art. SDO discussion threads, for example,
don't take kindly to mentions of "motive". Statements like the one I just
made about regulatory capture are obviously motive and, if I had directed
that to an individual, folks would let me know.

Ethics, in my experience, are like motives in the SDO context. They may or
may not be relevant but need not be questioned. Writing about ethics in an
SDO is as useful as discussing religion.

Adrian



On Sat, Jan 8, 2022 at 11:47 AM <steve.e.magennis@gmail.com> wrote:

> Adrian,
>
>
>
> On a number of recent threads you have highlighted a bold contrast between
> the concept of human rights and that of ethics. I have always thought of
> human rights as something that emerges (or at least tries to emerge) out of
> the ethics held by society so I’m having trouble understanding your
> statements of comparison (e.g. why dealing with the issue in this thread is
> a matter of one but not the other). Could you humor me and unpack your
> definitions a bit. I’d really like to better understand your point. Perhaps
> it is that human rights can be a more tangible endeavor (better suited to
> standards work) whereas ethics is more of a philosophical pursuit?
>
>
>
> Thanks & apologies for the digression
>
>
>
> -S
>
>
>
> *From:* Adrian Gropper <agropper@healthurl.com>
> *Sent:* Friday, January 7, 2022 12:42 PM
> *To:* Orie Steele <orie@transmute.industries>
> *Cc:* Justin P Richer <jricher@mit.edu>; W3C Credentials CG (Public List)
> <public-credentials@w3.org>
> *Subject:* Re: FedId CG at W3C and GNAP
>
>
>
> Thanks, Orie for starting this important thread. I will defer the
> technical comments entirely to Justin and others.
>
>
>
> From my perspective, the failure of SIOP in the wild needs to be
> understood and rectified whether it involves GNAP or not. I tried to
> participate in FedId CG from this perspective but quickly realized that
> they really were only scoped to federated cases and trying to introduce
> self-sovereign perspective in that CG would be torture for all involved.
>
>
>
> I would also hope that Sam Smith contributes to this thread. His
> perspective on decentralization seems important.
>
>
>
> The other thing I've been trying to understand in the context of
> self-sovereign authentication is biometrics.
>
>    - Facial recognition is almost free and works well enough to be
>    entirely passive and ambient for many use-cases. Like
>    license plate scanners for people. Not necessarily a good thing.
>    - Iris biometrics work even better and with appropriate hardware can
>    be almost passive. How do we control that in a DID context?
>    - Palm biometrics (as introduced by Amazon) are less passive and
>    somewhat expensive but could also enter widespread use.
>    - Local biometrics like Apple FaceID is already used to authenticate
>    into Apple Wallet. Will it be used as an ankle bracelet analog? The answer
>    seems to be yes, because that's how Apple Watch is used to interact with
>    the wallet.
>    - DNA readers get cheaper all the time...
>
> Notice also that dealing with these issues is a matter of human
> rights, not ethics.
>
>
>
> I think self-sovereign authentication might be a worthwhile CCG work item.
>
>
>
> - Adrian
>
>
>
> On Fri, Jan 7, 2022 at 3:22 PM Orie Steele <orie@transmute.industries>
> wrote:
>
> I asked them whether they considered GNAP via slack.
>
> https://w3ccommunity.slack.com/archives/C02355QUL73/p1641585415001900
>
> They are chartered here: https://fedidcg.github.io/
>
> To look at AuthN that breaks when browser primitives are removed.
>
> They are currently focused on OIDC, SAML, WS-Fed.
>
> The reason I asked them was in relation to the questions we have
> discussed regarding "What can GNAP replace".
>
> Clearly GNAP can replace OAuth, but I think you both have now confirmed
> that GNAP does not replace OIDC, or federated identity...
>
> I am confirming this one more time, just in case I got that wrong.
>
> Has there yet been discussion on what some kind of OIDC built on GNAP
> instead of OAuth would look like?.
>
> OS
>
>
>
> --
>
> *ORIE STEELE*
>
> Chief Technical Officer
>
> www.transmute.industries
>
>
>
> <https://www.transmute.industries/>
>
> ᐧ
>
>
Received on Saturday, 8 January 2022 17:09:15 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 8 January 2022 17:09:16 UTC