Re: Ideals meet Implementations - Blockchains, NFTs, Decentralization, Oh My!

Here, FWIW, is Vitalik's comment on Moxie's post that started this thread:
https://twitter.com/VitalikButerin/status/1479815125955715072

On Thu, Jan 20, 2022 at 5:23 PM Adrian Gropper <agropper@healthurl.com>
wrote:

> Thanks, Kyle, for your thoughtful perspective.
>
> My hope was / is that GNAP could form the bridge to "champion the other
> side of the work". GNAP as a technical foundation for protocols involving
> VCs and DIDs could shift the "legal" or regulatory discussions out of CCG.
> The problem, as I understand it, is that adopting GNAP as a MUST in VC-API
> and a few other protocols such as Confidential Storage, would invalidate a
> lot of implementers' pre-standards work.
>
> - Adrian
>
> On Thu, Jan 20, 2022 at 4:19 PM Kyle Den Hartog
> <kyle.denhartog@mattr.global> wrote:
>
>> I think it's worth pointing out that in a technical sense delegation is
>> not that tricky of a problem, since it's mainly focused on establishing
>> patterns of usage in either the DID or VC layer and evaluating the
>> different tradeoffs that come with the chosen patterns. However, I don't
>> believe enough of us haven't had time or business cases that have driven
>> the priority for us to standardize a solution for this problem quite yet.
>> That's not to say we haven't thought about the issue or started to explore
>> it. I know many people in the ToIP ecosystem have, there's some brief
>> mention of capabilities mentioned in the VC spec already, and there's
>> aspects of consideration that I know have been brought up in the past based
>> on credential transferability and whether it should be acceptable or not.
>>
>> With this in mind, I think Moxie's original points are very important to
>> us. They're not outside the realm of possibility for us to extend the VC or
>> DID Core data model to make our work aligned with his description and
>> potentially standardize on the designs in future working groups. The two
>> key methods I see being usable here are either via the addition of
>> non-controller based verification methods for the did document or via some
>> method of transferring of credentials between holders. My thinking is that
>> the VC credential transfer method is probably the better option because it
>> serves the purpose of credential portability and multi-device flows. The
>> downside is that this could run up against the requirements that come from
>> subject authenticity and needing to understand acceptable usages of
>> transfer and unacceptable usages.In any case, I think we're well positioned
>> to address these concerns if we choose to focus on enabling transparent
>> portability in a way that avoids confused deputy issues, balances the
>> desires of the user (as Moxie points out not wanting to run their own
>> server which implies the need of custodial services), and takes a balanced
>> and measured approach to get there that will apply broadly to many
>> different use cases and deployment patterns.
>>
>> Furthermore, by combining these aspects with other legal approaches like
>> terms of services and other methods I believe we're slowly on track to
>> aligning with the human rights described by Adrian.  Unfortunately, I only
>> have the knowledge to contribute on the technical levels. I assume many
>> others in this forum are likely caught in the same boat with a few people
>> here able to champion the other side of the work. However, It may be that
>> there's too few of people here who do have that level of legal expertise to
>> keep that moving forward here and so those discussions need to be had else
>> where. I'm not certain but what I can say is that for the technical aspects
>> we are heading in the right direction (even if it takes longer than
>> expected) to align with Moxie's thinking to set up the technical rails for
>> broader decentralization of systems.
>>
>> -Kyle
>> ------------------------------
>> *From:* Adrian Gropper <agropper@healthurl.com>
>> *Sent:* Friday, January 21, 2022 7:17 AM
>> *To:* W3C Credentials Community Group <public-credentials@w3.org>
>> *Subject:* Re: Ideals meet Implementations - Blockchains, NFTs,
>> Decentralization, Oh My!
>>
>> EXTERNAL EMAIL: This email originated outside of our organisation. Do not
>> click links or open attachments unless you recognise the sender and know
>> the content is safe.
>>
>> Manu, thank you for the blunt response and your focused suggestion. I
>> also thank Anil and the others that have contributed to this thread.
>>
>> I hear you and I will keep my CCG comments to this thread as I try to
>> find a co-lead and write something as Manu is suggesting. I will work hard
>> to avoid introducing this issue into other discussions on CCG. In VC-API, I
>> will stick with the authorization/delegation related Issues and avoid
>> discussing human rights or burdens except in the context of specific
>> issues.
>>
>> This thread is specific to the broad decentralization issues raised by
>> https://moxie.org/2022/01/07/web3-first-impressions.html so I hope it
>> continues to the extent any of the 450+ people in CCG find it useful.
>>
>> In an attempt to name and scope a CCG Work Item, I would point to two
>> relevant calls today. ToIP discussed the relationship between KERI (and
>> did:peer) as it relates to DIDComm. The notes are superb:
>> https://wiki.trustoverip.org/display/HOME/2022-01-20+TATF+Meeting+Notes My
>> takeaway, as it relates to this thread, is that the reputation associated
>> with an identifier needs to be handled at a different layer from the
>> messaging associated with the identifier. Although the meeting ended
>> without a conclusion, I urge everyone in CCG to listen or at least read the
>> notes whether you have a direct interest in ToIP or not. That is
>> particularly important for Anil and others that hope to regulate the
>> interaction between non-repudiable (as in, for example, biometric)
>> identities and pseudonymous identifiers as they are used in CCG-related
>> protocols.
>>
>> The other relevant call today was a GNAP interim meeting where Dmitri
>> Zagidulin presented on the applicability of the GNAP interaction model to
>> VC-API.
>> https://docs.google.com/presentation/d/1fCUvUHo_x34rHfjvd4YSMcnuSqM-94V-ds_V7Lyc-Sc/edit#slide=id.p
>> The minutes will be posted here
>> https://datatracker.ietf.org/wg/gnap/meetings/ This conversation is
>> exactly what I have been hoping for, as it makes explicit support for
>> delegation of access to a VC and the  privacy considerations for requests
>> that might include a VC and/or result in access to a VC.
>>
>> So, this reply is not yet a formal work item proposal but if anyone
>> thinks there's a relationship between Moxie's delegation to servers
>> perspective, KERI's clarification of reputation relative to messaging, and
>> the way GNAP handles requests to an authorization server, then we're making
>> progress.
>>
>> And yes, I do apologize to all for my circuitous path on the way to being
>> able to reference specific technical concerns that are hopefully relevant
>> to CCG.
>>
>> Adrian
>>
>> On Thu, Jan 20, 2022 at 10:54 AM Manu Sporny <msporny@digitalbazaar.com>
>> wrote:
>>
>> Adrian, I'm going to try and speak directly below. It might come off as
>> rude,
>> but that's not my intent.
>>
>> The responses to your questions on the mailing list from others have gone
>> out
>> of their way to be polite in their framing. Since I've worked with you for
>> going on five years now, having met you in person and shared a number of
>> nice
>> meals and conversation, I'm going to take the approach of being politely
>> blunt. There was a time where your input was helpful, but it has
>> degenerated
>> into commentary that is largely unhelpful over the past year or so. You
>> have
>> been harming your cause by continuing to engage in the way that you are
>> and
>> people are starting to increasingly ignore your input.
>>
>> I'm saying this because I respect your time and the time of everyone else
>> that
>> is responding to you.
>>
>> On 1/18/22 9:50 PM, Adrian Gropper wrote:
>> > CCG rules require two leads for the work item. Ideally, the two people
>> > structuring the work item should both represent implementers and I
>> could
>> > continue to play my advisor role.
>>
>> Adrian, you need to step up and become ONE of the co-leads for the work
>> item.
>> You can't continue to insist that other people do the work that you want
>> done.
>>
>> The best work items tend to have ONE technical lead and ONE non-technical
>> lead. My suggestion to you is to find a technical lead to help you with
>> the
>> work item, while taking lead.
>>
>> > If there aren't two separate people in CCG that are concerned about the
>> > burdens of standardized digital credentials and/or the relationship to
>> > biometrics in DIDs and VCs, then pushing a work item seems pointless.
>>
>> There are 450+ people in this community group. You are not the only one
>> that
>> cares about the things that you do.
>>
>> This has been repeatedly stated to you, but it does not seem to be
>> sinking in.
>> There's a certain amount of social unawareness at play here that is
>> frustrating to many of us, as well as you, I'm sure.
>>
>> I know others are deeply concerned about "the burdens of standardized
>> digital
>> credentials on those that hold them" and "the relationship to biometrics
>> in
>> DIDs and VCs". I know I am and I've spoken with others that have the same
>> concerns, but your continued insistence that this is not a priority for
>> everyone but you pushes people to not want to work with you. That you keep
>> asking vague questions and citing passages in United Nations documents
>> that
>> have tenuous links to the vague questions you're asking are not helping
>> make
>> your case.
>>
>> A number of us have had one-on-one conversations w/ you and continue to
>> try to
>> guide your input in a positive direction. You have been reminded, multiple
>> times, on calls to find a way to contribute in a way that is positive and
>> at
>> least to stop derailing conversations that have nothing to do with
>> delegation
>> or "digital slavery" or GNAP or biometrics or "digital burdens".
>>
>> Please step up, Adrian, and write something that you can get others on the
>> mailing list to rally behind. Until you do that, your pleas for others to
>> care
>> as much about this stuff as you do will continue to result in nothing
>> actionable and wasted effort on everyone's part, including yours.
>>
>> -- manu
>>
>> --
>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>> Founder/CEO - Digital Bazaar, Inc.
>> News: Digital Bazaar Announces New Case Studies (2021)
>> https://www.digitalbazaar.com/
>>
>>
>>

Received on Thursday, 20 January 2022 22:38:37 UTC