- From: Harrison <harrison@spokeo.com>
- Date: Sun, 20 Mar 2022 11:56:03 -0700
- To: David Chadwick <d.w.chadwick@verifiablecredentials.info>
- Cc: public-credentials@w3.org
- Message-ID: <CAFYh=43HpEjuqQP2-bm45BkEfouZwCY5a_Pkxs8i1YPLGSM=3g@mail.gmail.com>
Love this thread. I am new to this space, so please feel free to clarify my potential misunderstanding. Centralization is defined as "the concentration of control of an activity under a single authority", and decentralization is where that control is not held by a single or few entities. With this definition, the ultimate decentralization is when the control resides in each and every entity (e.g. tens of billions of users in this case). I think VC best advances decentralization because VC's trust model empowers users/holders to intermediate identity-related transactions. In any multi-sided platform (e.g. identity), the middleman holds the power. In VC, user/holder is the middleman intermediating between verifiers and issuers, so each user/holder holds the power, and the decentralization of the identity platform could be achieved. In OIDC, the identity provider is the middleman between users and relying parties, so the identity provider holds the power. While anyone can be the identity provider, I think there will be less identity providers than users, so OIDC is probably not going to be as decentralized as VC unless OIDC empowers users to be the middleman. Different technologies have different applications, and different problems require different solutions. OIDC has been tremendously successful in authentication/authorization use cases, and I think OIDC's social login implementation could be one of the factors in multi-factor authentication (or at least a proxy to knowledge, possession, inherence, and location factors). In identity verification use cases, I think VC is probably the way to go if we want to achieve self-sovereign and decentralized identity due to its decentralized trust model. Sincerely, Harrison On Sun, Mar 20, 2022 at 10:55 AM David Chadwick < d.w.chadwick@verifiablecredentials.info> wrote: > On 20/03/2022 16:21, Daniel Hardman wrote: > > The entire phishing industry exists because institutions don't > authenticate themselves the same way people do. > > that's because institutions don't use un/pws :-) > > Moving users to VCs is actually moving users more nearly to what > institutions already do. > > I go to a web site on my browser and its sends me a credential containing > its identity (DNS name) signed by a TTP. > > With OIDC4VPs I return a credential containing my identity signed by a TTP. > > So we are moving towards a more equal world. > > Footnote 1. An X.509 PKC is only a specialised VC encoded differently. > > Footnote 2. S/MIME tried to get everyone to send signed emails and it > failed miserably. > > Kind regards > > David > -- *Harrison Tang* CEO LinkedIn <https://www.linkedin.com/in/theceodad/> • Instagram <https://www.instagram.com/spokeo/> • Facebook <https://www.facebook.com/TheCEODad>
Received on Sunday, 20 March 2022 18:57:28 UTC