- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sat, 26 Mar 2022 15:56:49 -0400
- To: public-credentials@w3.org
TL;DR: A board game analogy for those of you that might be having a hard time following the discussion about centralization and protocols. On 3/26/22 11:38 AM, Markus Sabadello wrote: > I agree with what Daniel writes, "the nature of the technical choices > enshrines incentives". I found myself happily nodding in agreement with the vast majority of what Daniel said as well. I also agree with Dmitri, JoeA, DaveL, Markus, Anders, and good chunks of what Adrian has been saying. I hope it's clear to everyone that there is disagreement over the current trajectory of OpenID as it pertains to VCs, and it's not just from 1-2 troublemakers -- it's a broader concern. That said, Tobias, Oliver, DavidW, DavidC, TonyN, and MikeJ have also made some solid points and provide key insights on better ways to structure the conversation. CHAPI, nor any of the other protocols, are without their risks, limitations, and downsides. Most everyone seems to continue to have a rational debate, which is great... we're getting somewhere[1]. As a relevant aside for those of you that are not steeped in protocol design or worrying about market centralization, I'm reminded by one of the most important things that Christine Webber taught me. It was in the dead space after a Rebooting the Web of Trust event, the one in Boston, that she said: "Have you ever stopped talking to a friend because of the way they acted in a game before?" And I said, "Yeah! I mean, not permanently, but some of my friends in high school... we used to get into the biggest fights over D&D campaigns and then not talk for days!" To which, Christine responded: "More protocol designers need to study game design." We were talking about protocol centralization, and how some protocols drive certain implementer, and corporation, behaviours. Most everyone on here is probably familiar with social media protocols, like: incite strong negative emotion and polarization so that people will stay more engaged in social media so we can feed more ads to them. More info at: "Angry by design: toxic communication and technical architectures"[2]. We were theorizing that there were similar societal effects wrt. corporations and how they implement technical protocols and how, sometimes, even with the best of intentions, individuals designing protocols result in corporations optimizing for things that the protocol allows for, but was never the intent of the protocol. It's rare to have game designers also design technical protocols, but we could all learn a lot from that particular field of study. When you design a game, you're looking for a particular outcome from the player(s). If it's a group game, do you want people to collaborate? Do you want them to be adversarial? If it's a single person game, do you want the story to progress in an open world (RPG), or on rails (shooter)? How many times a day do you want the player to throw their controller across the room? The rules of a game are a protocol. The player does X, the game responds by doing Y. Similarly, with computers, the protocol client sends X, the server responds with Y. ... and this is where it gets really interesting. There is a LOT of thought put into walking that fine line in a game between frustration and mastery -- you want games to be fun, but if they're too easy, they're boring: https://www.theguardian.com/technology/gamesblog/2013/feb/14/frustration-in-game-design ... and that's just one game mechanic... there are MANY game mechanics to pick from (single player, cooperative, bribery, catch the leader, hexagonal grid movement, rondel skill use, etc.): https://boardgamegeek.com/browse/boardgamemechanic ... and when you put those things together, you drive very different behaviours in players... and it's possible to put the wrong combinations of things together and end up with a game that's not fun for anyone but the winner. ... and that's what we have with OpenID Connect today. It was never intended to have the centralizing social login outcome that it did, but here we are with centralized social login. Why did that happen? That's what we're exploring in this thread so we can try and avoid repeating that w/ DIDs and VCs and digital wallets. There's this beloved Reddit meme that quotes Masahiro Sakurai where he says something to the effect of "No! This isn't how you're supposed to play the game." https://knowyourmeme.com/memes/no-this-isnt-how-youre-supposed-to-play-the-game ... and it's often used to point out ways people duck the intended rules of a situation to achieve an outcome that is the opposite of what the rules were supposed to enforce. Whether or not OpenID Connect was intended to have the outcome it did (social login centralization), while interesting to debate, is a bit of a red herring. That was the outcome -- centralization -- and saying "No! This isn't how you're supposed to play the game." to those corporations that centralized isn't going to get them to change what they're doing. Doubling down on the previous strategy is also highly unlikely to get the decentralized outcome some of us want to see. Just like how game design has "game mechanics", protocol design has "protocol mechanics" -- different rules that we can put together that drive different outcomes. Not everything can be controlled technically, true, but there are SOME things that can nudge behaviours one way or the other, and the more we fine tune these mechanics, the more we can optimize for a particular outcome. That outcome isn't guaranteed, but the OpenID game today is rigged... and some of us don't want to play that game. The good news is that the OpenID game can be fixed, if that community can 1) identify the mechanics that are not working, and 2) find the motivation to fix them. -- manu [1]https://docs.google.com/spreadsheets/d/1Gp5V5lTO3pyQ94hS-UR_WTWg0DkBMv0ubXYaKjIPqnU/edit [2]https://www.nature.com/articles/s41599-020-00550-7 -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Saturday, 26 March 2022 19:57:07 UTC