- From: Andrew Hughes <andrewhughes3000@gmail.com>
- Date: Sun, 27 Mar 2022 21:57:48 -0700
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: public-credentials@w3.org
- Message-ID: <CAGJp9UZ3U7hmPLsMrhSj=NRoJP+ObaibH=+RX9nPJuRvWuDSvw@mail.gmail.com>
Pretty good! I’m not going to challenge any of the potential mischaracterizations and guesses about motives - don’t really care - and it doesn’t advance the discussion. Do you think that it’s possible that the mobile DL standard was done at ISO because the physical DL standards live at ISO? And 18013-5 was simply a new representation of the existing standards? On Sun, Mar 27, 2022 at 1:18 PM Manu Sporny <msporny@digitalbazaar.com> wrote: > On 3/23/22 10:52 PM, Andrew Hughes wrote: > > One could ask why VC isn’t based on ISO specs - but that would be silly, > > wouldn’t it. > > No, it wouldn't be -- that's a great question! > > The reason VCs aren't based on ISO 18013-5 is because: > > 1. They originated in 2012, well before the ISO work > started. We wrote about them publicly[1] in 2014. > ISO 18013-5 just simply didn't exist when the VC > work started. > > 2. VCs were a generalized solution for digital > credentials, and have always been. The ISO 18013-5 work > was a point solution for driver's licenses and > did not have the flexibility necessary to meet the > VC use cases. > > I wish I could share more about what happened at ISO, but as you know, we > can't do that due to ISO confidentiality rules... which is why the VC work > isn't being done at ISO -- we made a conscious decision that the VC work > was > going to benefit from public discourse and debate, the way all W3C > standards do. > > > What year did the VC work start in earnest? How close is it to the same > > degree of specification as exists in the narrow mDL spec? > > > > So fine, bemoan it. But also try to understand why it exists. > > Here's my opinionated hot take on why ISO 18013-5 exists: > > AAMVA, a few state governments, and a bunch of private companies that > wanted > to solve for a digital driver's license use case got together, behind > closed > doors, where the public had no chance to comment on what they were doing, > and > rushed a point solution for driver's licenses into the market. > > They were aware of Verifiable Credentials work (chartered in 2017) during > the > ISO 18013-5 work (which wasn't ratified until 2021... a full 2 years AFTER > VCs > became a global standard), but chose to ignore them and trudge forward > with a > focused, end-to-end solution. That was a smart strategic move, it got them > to > market faster than the more deliberate pace that VCs and DIDs are on. > > However, now the ISO folks are trying to transition the specific ISO > 18013-5 > solution into a more generalized digital credentialing solution WHILE > KNOWING > FULL AND WELL that Verifiable Credentials exist as a global standard > because > 1) the protocol work for VCs isn't done -- because there's real public > debate > going on, and 2) it would be politically disastrous for the ISO 18013-5 > technology vendors and the state governments to back away from their > current > trajectory. > > The problem with end-to-end, point solutions with little architectural > layering, tuned for specific use cases is that they're really hard to > improve > or even change after the ink has dried. I don't envy the ISO 23220 folks > that > have to sort out how to do all of that in a generalized way -- which is > looking likely to compete head-to-head with VCs, DIDs, and wallet protocols > unless people like Andrew can turn the ISO ship away from that collision > course. > > How'd I do, Andrew? :P > > -- manu > > [1] http://manu.sporny.org/2014/credential-based-login/ > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > News: Digital Bazaar Announces New Case Studies (2021) > https://www.digitalbazaar.com/ > > > -- Andrew Hughes CISM CISSP In Turn Information Management Consulting o +1 650.209.7542 m +1 250.888.9474 5043 Del Monte Ave,, Victoria, BC V8Y 1W9 AndrewHughes3000@gmail.com https://www.linkedin.com/in/andrew-hughes-682058a Digital Identity | International Standards | Information Security
Received on Monday, 28 March 2022 04:59:11 UTC