W3C home > Mailing lists > Public > public-credentials@w3.org > January 2022

Re: FedId CG at W3C and GNAP

From: Steve Magennis <steve.e.magennis@gmail.com>
Date: Sat, 8 Jan 2022 12:45:33 -0800
Message-ID: <CAHM8=usXdaCTmPxc-kC215bxfjEvJX+9ZfukFaVt7T-NA3rH+Q@mail.gmail.com>
To: Adrian Gropper <agropper@healthurl.com>
Cc: Orie Steele <orie@transmute.industries>, Justin P Richer <jricher@mit.edu>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Thanks for the context Adrian
-S

On Sat, Jan 8, 2022, 9:09 AM Adrian Gropper <agropper@healthurl.com> wrote:

> Yes, Steve: "Perhaps it is that human rights can be a more tangible
> endeavor (better suited to standards work) whereas ethics is more of a
> philosophical pursuit?"
>
> Although my career as an engineer and entrepreneur is similar to most of
> my colleagues in standards work, I have now spent over a decade as a
> full-time volunteer advocate with _dozens_ of tech standards groups and
> health tech policy forums. Almost without exception, the SDOs are designed
> for regulatory capture of the policy forums. It's an investment by a funded
> entity to influence policy for profit just like a lobbyist would be, only
> with engineers. Yes, I'm oversimplifying to make a point but I will be
> happy to respond to counter-examples.
>
> Human rights are like wht has been said of pornography: "You know it when
> you see it." Ethics are like art. SDO discussion threads, for example,
> don't take kindly to mentions of "motive". Statements like the one I just
> made about regulatory capture are obviously motive and, if I had directed
> that to an individual, folks would let me know.
>
> Ethics, in my experience, are like motives in the SDO context. They may or
> may not be relevant but need not be questioned. Writing about ethics in an
> SDO is as useful as discussing religion.
>
> Adrian
>
>
>
> On Sat, Jan 8, 2022 at 11:47 AM <steve.e.magennis@gmail.com> wrote:
>
>> Adrian,
>>
>>
>>
>> On a number of recent threads you have highlighted a bold contrast
>> between the concept of human rights and that of ethics. I have always
>> thought of human rights as something that emerges (or at least tries to
>> emerge) out of the ethics held by society so I’m having trouble
>> understanding your statements of comparison (e.g. why dealing with the
>> issue in this thread is a matter of one but not the other). Could you humor
>> me and unpack your definitions a bit. I’d really like to better understand
>> your point. Perhaps it is that human rights can be a more tangible endeavor
>> (better suited to standards work) whereas ethics is more of a philosophical
>> pursuit?
>>
>>
>>
>> Thanks & apologies for the digression
>>
>>
>>
>> -S
>>
>>
>>
>> *From:* Adrian Gropper <agropper@healthurl.com>
>> *Sent:* Friday, January 7, 2022 12:42 PM
>> *To:* Orie Steele <orie@transmute.industries>
>> *Cc:* Justin P Richer <jricher@mit.edu>; W3C Credentials CG (Public
>> List) <public-credentials@w3.org>
>> *Subject:* Re: FedId CG at W3C and GNAP
>>
>>
>>
>> Thanks, Orie for starting this important thread. I will defer the
>> technical comments entirely to Justin and others.
>>
>>
>>
>> From my perspective, the failure of SIOP in the wild needs to be
>> understood and rectified whether it involves GNAP or not. I tried to
>> participate in FedId CG from this perspective but quickly realized that
>> they really were only scoped to federated cases and trying to introduce
>> self-sovereign perspective in that CG would be torture for all involved.
>>
>>
>>
>> I would also hope that Sam Smith contributes to this thread. His
>> perspective on decentralization seems important.
>>
>>
>>
>> The other thing I've been trying to understand in the context of
>> self-sovereign authentication is biometrics.
>>
>>    - Facial recognition is almost free and works well enough to be
>>    entirely passive and ambient for many use-cases. Like
>>    license plate scanners for people. Not necessarily a good thing.
>>    - Iris biometrics work even better and with appropriate hardware can
>>    be almost passive. How do we control that in a DID context?
>>    - Palm biometrics (as introduced by Amazon) are less passive and
>>    somewhat expensive but could also enter widespread use.
>>    - Local biometrics like Apple FaceID is already used to authenticate
>>    into Apple Wallet. Will it be used as an ankle bracelet analog? The answer
>>    seems to be yes, because that's how Apple Watch is used to interact with
>>    the wallet.
>>    - DNA readers get cheaper all the time...
>>
>> Notice also that dealing with these issues is a matter of human
>> rights, not ethics.
>>
>>
>>
>> I think self-sovereign authentication might be a worthwhile CCG work item.
>>
>>
>>
>> - Adrian
>>
>>
>>
>> On Fri, Jan 7, 2022 at 3:22 PM Orie Steele <orie@transmute.industries>
>> wrote:
>>
>> I asked them whether they considered GNAP via slack.
>>
>> https://w3ccommunity.slack.com/archives/C02355QUL73/p1641585415001900
>>
>> They are chartered here: https://fedidcg.github.io/
>>
>> To look at AuthN that breaks when browser primitives are removed.
>>
>> They are currently focused on OIDC, SAML, WS-Fed.
>>
>> The reason I asked them was in relation to the questions we have
>> discussed regarding "What can GNAP replace".
>>
>> Clearly GNAP can replace OAuth, but I think you both have now confirmed
>> that GNAP does not replace OIDC, or federated identity...
>>
>> I am confirming this one more time, just in case I got that wrong.
>>
>> Has there yet been discussion on what some kind of OIDC built on GNAP
>> instead of OAuth would look like?.
>>
>> OS
>>
>>
>>
>> --
>>
>> *ORIE STEELE*
>>
>> Chief Technical Officer
>>
>> www.transmute.industries
>>
>>
>>
>> <https://www.transmute.industries/>
>>
>> ᐧ
>>
>>
Received on Saturday, 8 January 2022 20:45:59 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 8 January 2022 20:46:00 UTC