- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Wed, 30 Nov 2022 11:44:27 +0000
Thanks to Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2022-11-29/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2022-11-29/audio.ogg ---------------------------------------------------------------- W3C CCG Weekly Teleconference Transcript for 2022-11-29 Agenda: https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Nov&period_year=2022&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date Organizer: Mike Prorock, Kimberly Linson, Harrison Tang Scribe: Our Robot Overlords Present: Bob Wyman, Harrison Tang, Steve Magennis, Mike Prorock, Jeff O - HumanOS, JP, Charles E. Lehner, Brent Shambaugh, Greg Bernstein, Will, Keith Kowal, David Mason, Kerri Lemoie, Erica Connell, Limari (DIF), David I. Lehn, Paul Dietrich GS1, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Marty Reed, kristina, Dmitri Zagidulin, Geun-Hyung Kim, Drummond Reed, John Kuo, Kimberly Linson, nick, Phil L (P1), Kaliya Young, Adrian Gropper, Paul Fuxjaeger, Juan Caballero, Brent Zundel, Leo, James Chartrand, Adam, Nis Jespersen , Andrew Whitehead, Nikos Fotiou, pchampin, Kayode Ezike, Rishi, Joe Andrieu, BrentZ, Orie Steele, Nate Otto, Ted Thibodeau Our Robot Overlords are scribing. Mike Prorock: Hey all we’re going to wait a minute or two as folks trickling in there was a special topic call for the VC working group before this so I know a few folks are still hopping over from that. Mike Prorock: Be mindful since recording has started that it's going to be transcribing anything that gets said prior to us officially starting the meeting. Mike Prorock: We typically do JP are you new to this call not recognizing the initial yeah yeah and we can if there is any objection to recording we can actually stop recording and just take minutes the old-fashioned way we're totally good with that so if you have an objection from your side do let me know so. Mike Prorock: Yeah we typically publish up on our GitHub and then publish to the list etcetera so it that way it's preserved if we need to come back and double-check something. JP: Okay cool Harrison_Tang: I'll send I'll send a link so recently we've been a little bit delay like take us like a week or two we'll try to get it within a few weeks a few days thanks. Mike Prorock: https://lists.w3.org/Archives/Public/public-credentials/2022Nov/0136.html <harrison_tang> here are the meeting recordings: https://w3c-ccg.github.io/meetings/ JP: Gotcha thank you Mike Prorock: Cool all right well with that I'm going to go ahead and post the mailing list link to the agenda here the actual agenda for today is discussion of dids in relation to Federated social media and potential obviously other particular items that we may be working on at the CCG directly or things that have evolved and obviously also things that cross over into other areas like get especially at w3c so that is the. Mike Prorock: Topic for today the just a. Mike Prorock: https://www.w3.org/Consortium/cepc/ Mike Prorock: Quick reminder that our meeting is covered under the w3c code of ethics and professional conduct so basically be nice to other people be mindful be responsible like we normally are here on this call so quick note that anyone can participate in these calls but if you're contributing to an actual work item then you must be a member of the ccg with IPR agreement signed Etc and that's. Mike Prorock: You know like actually committing work into a. Mike Prorock: https://www.w3.org/community/credentials/join Mike Prorock: Work item not having discussions or asking questions all this call but if you wish to do so there is the joint link please join us. Mike Prorock: https://w3c-ccg.github.io/meetings/ Mike Prorock: The as noted as we were starting out the conversation we do post all of our meeting stuff and take recordings ecetera not subjected to so that is the case we do use the chat so if you click on the chat button if this is your first time on Jitsi you'll see a stream of transcription people making snarky comments Etc we use that chat to actually queue people so if you. Mike Prorock: Want to get on the queue to speak something. <mprorock> In IRC type “q+” to add yourself to the queue, with an optional Mike Prorock: You just type the letters Q+ Etc and the moderator in this case me for today will acknowledge you in the timely fashion I'm just pasting the basic instructions there with that let's move on to intros and reintros I saw at least one new person on so I'm going to put you on the spot JP if you want to intro yourself real quick. Mike Prorock: Or not as the case may be. Mike Prorock: Alright any any intros anyone new to the call want to introduce themselves to the group change jobs recently you want to reintroduce etcetera. Limari_(DIF): Yeah I'm new to the group can you hear me okay. Mike Prorock: Yeah yup coming through. <harrison_tang> Hi Limari ! Limari_(DIF): Yeah so my name is Limari I'm the community manager at dif and so yeah I've been there about six months so I just want to say hello it's my first time on this call I met Harrison at iiw recently so hello everyone. <dmitri_zagidulin> yeyyy hi Limari! <cel> hello Limari Mike Prorock: Hello and awesome to have you and I yeah I know quite a few of us like myself included spend a fair amount of time with dif especially in the dif slack so feel free to Ping chairs directly over here and let us know any way we can support and vice versa. JP: Hi my name is JP and I’m actually a freelance journalist and I’m trying to write an article about like federated social media particularly the activitypub protocol I talked to Dmitri if you guys know him he’s actually the one who told me about this call so I wanted to know more like about decentralized identifiers and like I guess the activitypub protocol or like decentralized media and stuff so yeah that’s why I’m here so I’ll just be here in the background <harrison_tang> Hi JP !! Mike Prorock: Cool no great great to have you and really appreciate it and just be mindful everyone on the call that there's there's one of them journalist type people here listening and learning yeah no awesome to have you Drummond. Juan Caballero: https://twitter.com/jazzy_snake/status/1597613122969571329 Drummond Reed: Hey I just wanted to share of course I’ve been a member of ccg for a long time but now under the new combined brand of avast and Norton LifeLock which is Gen Gen digital and so folks are wondering you know is that is that a new company whatever it is I just want to make sure it's clear it's simply the name of the newly merged entity of avast and lifelock. Drummond Reed: Those Brands will continue as product brands. Drummond Reed: Under but the new company brand is is Gen digital or you know Gen as the GEN is the trademark so we have we all have new email addresses at gendigital.com just in case anyone's wondering at all. <bumblefudge> (new wired piece about social media and geotagging, if you scroll up from the funny response from the comments section) <harrison_tang> Thanks, Drummond Mike Prorock: Yes indeed and thank you for that update no one ever would make any snarky remarks around your branding or name changes or anything like that at all and so but no great great to have you as always great for grateful for your continued support from you and the team over there so thanks and thanks so much Drummond. Brent <bshambaugh> canno unmute <bshambaugh> sorry <bshambaugh> *cannot Juan Caballero: I think he’s having mic problems he q-. <phil_l_(p1)> someone's mic is on Harrison_Tang: I think Mike might have drop off. Mike Prorock: And now of course my mic is muted and is now back on so hopefully you can hear me now. Harrison_Tang: Yep everything's good. Mike Prorock: Okay cool Greg I see you on the queue there. Greg Bernstein: Hello Greg Bernstein recent member of the community group and also looking at the dif stuff previously done a lot of networking stuff and interested in the cryptographic and protocol aspects. <harrison_tang> Hi Greg Mike Prorock: Awesome great to have you and if you overlap at all with any of the if you're interested in the cryptographic side obviously a number of us also overlap over at ietf on things ranked BBS to post Quantum etcetera so. Greg Bernstein: I was just looking at the BBS plus stuff and attended the dif meeting where we heard some new results from some professors so very exciting cool stuff so yes I did a lot of a lot of networking stuff at the ietf about 10 years ago so look forward to helping out. <bumblefudge> 🎉💪 Mike Prorock: Cool awesome great to have you anyone else from an intro side. Mike Prorock: Sweet well with that let's just go ahead and dive into the main topic for the day and I I'm just going to kind of it tip it off with hopefully some controversial statements or whatever and get the conversation going and once just sit back and actually listen to people that know what they're doing quite a few of them are actually in the audience here so I'm going to be looking for a lot of very active q+ in your oils or I wind up close the meeting early but you know we I was having a side conversation. Mike Prorock: With someone who's been in the tech industry for quite a while and. Mike Prorock: You know one of the one of the things that came up was this thing where you know web3 web5 whatever else you want to call it right in all the SSI stuff and all the Social Web stuff activitypub but then especially on the decentralized side of the world has been I think as long as either of us could remember which is literally from like day one hearing pitches either on the VC side or working with other startups and stuff like that positioned is like oh well it's going to be this great. Mike Prorock: Great answer to owning your own identity and so in. Mike Prorock: Social media when something goes wrong or there's a takeover or a platform goes under suddenly you'll be able to just carry your identity around it it won't be in control of you know whether it's the twitterers or whatever else right and while we are seeing a very interesting and large influx of folks over to some of the Federated stuff like mastodons and certainly some other things like post coming up and stuff like that that really doesn't conform to the Notions of. Mike Prorock: Decentralized or Federated type stuff that we see. Mike Prorock: Elsewhere it seemed like a timely topic to come back and say well look why you know one are we achieving what we want here at ccg and then two are we actually seeing the adoption of facilitating adoption Tech that actually could help with some of these issues and wanted to just kind of throw it out there because ultimately at the end of the day doesn't matter how good we think our specs are if we're not getting this stuff out and in wide usage we're not going to go through and actually see. Mike Prorock: Broad adoption of the tech and then ultimately in this case look. Mike Prorock: At things like decentralized identifiers in a really practical way now you could obviously also argue that like the meeting from a couple of weeks ago where you're seeing from Microsoft large deployments of decentralized identifiers Etc that maybe that is happening maybe it's not and so that's really the kind of the question for the group is what applications do we have of dids and other ccg tech and to social media does it solve problems and what are we doing or not doing that's either helping adoption or preventing adoption. Mike Prorock: And what are the crossovers. Mike Prorock: That we should. <kristina> DIDs or VCs? those are very different Mike Prorock: Be looking at as a community group with other areas in w3c ietf and elsewhere in Tech so that's just kind of the big old problem statement that's out there and I am now going to just sit back and watch the queue and create uncomfortable silence until someone like Dmitri jumps and well Kristina that's a very good question. Mike Prorock: Adrian fire away. Adrian Gropper: So one perspective to consider is that the social media problem at least is not related to Identity but rather to accountability and to be more specific for all the times that recent times that I've been going to rebooting you know at least every time somebody especially including me has raise the. Adrian Gropper: Issue of reputation. Adrian Gropper: And every time more recently Chris Allen basically puts a red dot on that proposal and says it's really important but it's it's a it's a dead end nobody ever solves this it's too hard I'm paraphrasing what Christopher says so I'm trying to say is not that there's anything wrong with VCS and dids and and what we've done from an. Adrian Gropper: Identity perspective. Adrian Gropper: But the problem lies with accountability and not identity and especially in the context of social media thank you. Mike Prorock: I think that's an interesting take Drummond I see you on the queue. Mike Prorock: Drummond I see you on the queue. <kaliya_identitywoman> I don't think you can have accountability without identity <dmitri_zagidulin> the eternal search for the unmute button! Steve Magennis: +1 Kaliya <bumblefudge> I'm with Kaliya here-- identity is necessary but insufficient for accountability :D Drummond Reed: Okay I finally got it unmuted I'm on an iPad and it put something in front of this anyway I wanted to just address Kristina's question she said dids or vcs I want to submit that even though the topic today was dids for you know for social media that the powerful the real power is in a combination they both play a role I think they both play potentially a huge. Drummond Reed: Roll I know Gen is. Drummond Reed: Looking hard at not just what digital wallets but digital agents that use those wallets will be able to do in a social media social networks style context but every every path we're looking at involves both dids and VCs so all I want to do is just say I don't think it's one or the other I think it's the combination of both that will be magical that's all. Mike Prorock: Yep that I think the why not both is a really good good way to possibly look at it Dmitri. Mike Prorock: Yep come through loud and clear. Dmitri Zagidulin: Hi everyone can you hear me okay right on Okay so. <kristina> If the problem is having identifiers not namespaced to the Identity Providers, in the context of what decentralized identity is trying to achieve, DIDs are not only things that solve that problem, bare keys (whatever the representation is - JWK, COSE_Key, etc) solve the same problem too. and clarifying how DIDs are better to solve this problem would help A LOT Dmitri Zagidulin: I'm really excited about this call because I really think that current decentralized social media landscape could really benefit from and I agree with Drummond here the combination of dids and verifiable credentials as Adrian mentioned his thesis that the problem is accountability and not identity and I think especially for us in the credentials community group and the did working group and all this stuff we're. Dmitri Zagidulin: So used to really advanced. Dmitri Zagidulin: Identity infrastructures and debating their you know like historical and downstream implications that we forget that in actual implementation in in deployment. <drummond> Also, I wanted to add that Adrian is correct — the problem they solve is accountability and ALSO *portability* — the ability to control one's social media data and relationships. Dmitri Zagidulin: The vast majority of the decentralized Social Web landscape is still in username and password lab. <drummond> +++1 to Dmitry's point. <kristina> DID + VC might be powerful, but we have to be clear, they solve very different problems, especially when talking about their "applications" which is I think where MikeP is trying to get Dmitri Zagidulin: The number of pain points that can be addressed by just adding a better authentication mechanism by just adding a better identity mechanism it cannot be overstated we have huge huge benefits to bring before we even get into questions of accountability which I thought about is important problem to solve but I just want to say don't forget how much how many good tools we've come up with with regards to. Dmitri Zagidulin: To persistent identifiers. Dmitri Zagidulin: Authentication and due to persistent identifiers account recovery so one of the main pain points in the centralized social media landscape or the feta verse doesn't have a slang term for it one of the pain points is well one is being tied to particular servers. Dmitri Zagidulin: The awkwardness of username and password everywhere but the one of the real main pain points that people complain about is the difficulty of migrating to a different to different server and the I remember seeing Kaliya’s post on Twitter when when when talking about the fediverse. Dmitri Zagidulin: And the difficulty of. Dmitri Zagidulin: Migrating from Twitter to the fediverse Kaliya said something to the extent of. Dmitri Zagidulin: Shouldn't we be owning our own social graph by now shouldn't this be a solved problem like we've been we've been battling this this whole thing of not being locked into one companies silo. Dmitri Zagidulin: Shouldn’t we be able to take our Twitter followers and go over to the fediverse without too much without too much friction and while there are some excellent tools by the way that have come up with like movetoDon and Deburdify and some others where like you enter your Twitter address and it scans your followers and following list and tries to look for their forwarding address where they've gone. Dmitri Zagidulin: Gone to on the fediverse. Dmitri Zagidulin: Those tools are fantastic and really helpful but Kaliya is right in the sense of. <smagennis> Technology is NOT the limiting factor r.e. portability!!!! <mprorock> that collect really interesting information about people Dmitri Zagidulin: We should be owning that data our identifiers should be cross-domain cross server and I strongly believe that verifiable credentials and dids offer an excellent mechanism. <kerri_lemoie> q_ Dmitri Zagidulin: To be able to do that so long story short I think the fediverse has strong pain points that we have some of the tools and experience to be able to address and what's interesting is that I've already noticed some enhancement proposals to the fediverse from I think members not part of the ccg community not. Dmitri Zagidulin: https://codeberg.org/fediverse/fep/src/branch/main/feps/fep-c390.md Dmitri Zagidulin: Part of any of the w3c working groups so our work is being noticed out there and is being proposed to at least for example the activitypub world so I'm going to post a link to a proposed spec in activityPub world that uses dids in the same Tech that we have for verifiable credentials for authentication and identity in activitypub thanks. Mike Prorock: Cool I see Kerri drop herself off the queue unfortunately because I wanted to hear from her but maybe she’ll coax back in later Ted. <kerri_lemoie> I can come back <dmitri_zagidulin> please do Kerri! <kerri_lemoie> Loud puppy here <kim_duffy> Dmitri can you talk to the proposal more? <mprorock> :) <dmitri_zagidulin> @Kim - sure! TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Wow yeah a big reason why we don't currently own our data is because we're not paying for these services and you know what we're talking about right now is not moving from server to server but rather moving from service to service and we're moving from services that other people are writing the checks for and the basis on which they're writing their checks is. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): the data they get from us. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): They have no incentive to develop a way for us to move from today Twitter to tomorrow twatter it's. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): There's no gain for them. <kim_duffy> also would love to hear the perspective of anyone currently maintaining mastodon servers. Q yourself up! TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): And in fact there's gain for them in making it harder to make that migration it was oh a decade or more ago that we tried to have an open specification for microblogging which is the terminology that got applied to Twitter and things like it it didn't work for a bunch of reasons and one of the big ones was. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): writing those checks. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Microblogging was actually an open spec it's an open standard I don't think it got through full W3 process but it's out there. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): And it's tiny because the Federation problem is large even today even with people who are actually willing to write the checks having a service that Aggregates all of the microblogs that you are trying to follow it was a thing called RSS a thing called Atom that those aggregated macro blogs. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): And that was still difficult. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Aggregating microblogs is more difficult because also you want to track the comments on everything and those are also spread around so every query is really a bunch of queries and they all take time to resolve through the network this is this is a big problem to be solved and I'll leave it there. Mike Prorock: Awesome thank you Ted Adrian I think you beat oh no you dropped off so long and have at it Juan Caballero: I was just going to mention that I can link the stories in the chat or something but according to TechCrunch the CEO of Tumblr and I believe someone from Flickr both announced that they want to support activityPub as a protocol so in that sense. Juan Caballero: To me it's a little less Juan Caballero: Apples and oranges to say to talk about moving from a commercial Network to a non-commercial Federation of networks if some you know maybe smaller maybe shrinking maybe challengers in that commercial Marketplace are open to federating and you can probably guess that guess at the incentives for Flickr and Tumblr which are both somewhat legacy. Juan Caballero: Compared to say TikTok or something but if they if they are open to federating to me almost like the most urgent strategic short-term goal would be to move towards helping them or figuring out from them what would make the this open Federation worth joining with their existing business models paying customers advertising. Juan Caballero: Moderation services etc. Juan Caballero: To sort of close the gap between commercial and non-commercial but anyways I want to reiterate Kim's request that people working on the protocol or implementations would be great to hear from. <bobwyman> If everything is a comment on something else, then perhaps we should be looking more at W3C Annotation. <bumblefudge> Kim Duffy Juan Caballero: https://techcrunch.com/2022/11/28/flickr-weighs-support-for-activitypub-the-social-protocol-powering-twitter-alternative-mastodon/ Mike Prorock: Yeah absolutely and I agree with all of that so thanks so much and I and and I can confirm yes definitely from both Flickr and I just mental blanked but yes they as you mentioned they did confirm they are going to activityPub that is in progress there's a few others I'm aware of just watching interested GitHub issues etcetera Adrian. Mike Prorock: Get back up. Adrian Gropper: So I I want to double down and and. Adrian Gropper: On what. Juan Caballero: https://techcrunch.com/2022/11/21/tumblr-to-add-support-for-activitypub-the-social-protocol-powering-mastodon-and-other-apps/ Adrian Gropper: Ted was saying that the problem is well let's call it surveillance capitalism if we want to give it a single name and add and again it's not identity so just that two small things number one having to put a deposit the way people talk about having to put a small deposit to prevent spam as opposed to letting Google you know run ai to do the same thing and being. Adrian Gropper: Tied to that as a. <kristina> identity, or rather identifier, is what enables "surveillance capitalism" - the ability to aggregate the data around one user's identifier that is long-living Adrian Gropper: Service is a form of accountability separate from reputation so reputation is only one form of accountability the other thing that I want to say and others have mentioned this is that at this point in time social networking could start to be considered a digital public good which means that it doesn't need a business model in order to exist. Adrian Gropper: Once we all these various communities including the activityPub bunch and us and everybody else decides to look at what part of the stuff we are concerned about in identity world or social activity Pub world or whatever is a digital public good and what isn't we will make progress in this area because I don't. Adrian Gropper: Think we could. Adrian Gropper: Compete with surveillance capitalism no matter what we do. Mike Prorock: Good luck with the funding Dmitri. <drummond> Adrian, why do you believe we can't compete with surveillance capitalism? Dmitri Zagidulin: Thanks I wanted to say a couple words about so Ted's comment reminded me that the group might not be familiar with the sort of state of the art and the decentralized Social Web landscape in terms of what are the Open Standards and open specs that people are using so a couple years ago I think it was in 2016 2017 there was a w3c working group called Social Web working group that. Mike Prorock: https://www.w3.org/TR/activitypub/#social-web-working-group Dmitri Zagidulin: That standardized a number of really interesting specifications on which Mastodon was built we were just viewing the sort of current wave of popularity and that is informed some of the other non-activity Pub derived Social Web project like secure scuttlebutt so the one that you hear about the most probably in the press protocol. Dmitri Zagidulin: That the Social Web working group standardized is called activitypub. Dmitri Zagidulin: It also standardized Google's pubsubhubbub into specification called Web sub for like web subscription events it's standardized activity streams to vocabulary basically a general-purpose data model for if you were going to do social networking this is what you would use as a data model so this is what a post would look like this is what a follow event would look like this is how you like somebody's Post in a sort of cross domain. Dmitri Zagidulin: Decentralized way. Dmitri Zagidulin: So it's a really good data model. Dmitri Zagidulin: So activity Pub is a we're all probably familiar with RSS from like the previous generation of blogging and microblogging an RSS is a pull based. Mike Prorock: https://en.wikipedia.org/wiki/Secure_Scuttlebutt Dmitri Zagidulin: Protocol it's where you subscribe to the blog you follow someone and then your client pulls that person's server every five minutes every 15 minutes whatever you set it right so and that actually lends itself really well to caching because the server can cache those posts and everybody's client hits that server looks for updates there are updates get. Dmitri Zagidulin: Received and then they read everybody's blog updates. Dmitri Zagidulin: Activitypub takes sort of the opposite approach that prime it is primarily push-based so that if I have a blog or a microblog like Twitter and I make a post my server delivers to the inbox of every follower the new post so it's very much like email except. Dmitri Zagidulin: It's slightly simple protocol and as the data model it uses these activity streams to specification what's interesting is that Activitypub also supports pull just like RSS it's just that the current iteration of limitations like mastodons and from several of the others don't rely on it as much they mostly rely on push. Dmitri Zagidulin: So I'll stop there see if people have questions. <kristina> what's the security model for PUSH? how does the receiving server authenticates who is pushing? <phil_l_(p1)> @Dmitri - you might speak to the performance differences these to comm strategies impose Mike Prorock: No I think that's an excellent history and I did link into the spec called activityPub and some others in it because I think that history is really important and I think the pub sub models like we go back old-school networking stuff there are very key differences between the pulling mechanisms that we're following going on at a technical level prior to kind of more of this push oriented mode by default and that's where things get really interesting I think as Kristina’s commenting on in the chat. Mike Prorock: Things like that right there's a lot rolled into that. <bobwyman> When there is diversity of service providers for a single service, names like "<name>@<service>" do double-duty as "advertisements" for the services and also allow users to publicize their association with a particular community. Mike Prorock: No this keyboard drives me nuts sorry about that Bob I see you on the Queue there. <orie> has Mastodon switched to CBOR yet? <dmitri_zagidulin> Orie - nope :) not yet Bob Wyman: Yeah actually I love to comment on the pub/sub stuff but I but my reason for getting on the Queue is for earlier comments I just wanted to point out that one of the attributes of names non did names or names that people are using for instance on Mastodon and this is something that that occurs Whenever there are sort of multiple providers for a single service is that if the name is structured something like you know . Bob Wyman: A personal name at service. <mprorock> orie is my favorite directed troll Bob Wyman: Then everybody's idea essentially becomes an advertisement for the service for instance if I'm right now I'm BobWyman@Macedon.social every time anybody sees that Mastodon.social is essentially being advertised the name also sort of these names that are being used that on did names now are things like let’s say. Bob Wyman: I was Bobwyman@journos.host. Bob Wyman: I can't remember what they're journalists.something or other essentially what I'd be doing is I'd be declaring in my name my association with a particular community and I think that's a different set of needs that are addressed by a lot of what I see in the in the did discussions where the where the goal is to have you know a unique name which is persistent which can be ported etcetera Etc I just want to just want to point out. Bob Wyman: That the kinds of names. Bob Wyman: That people are using right now in the in the fediverse provide some some interesting additional information in that you know they are valuable to the people who write the checks as advertisements and they're also valuable to the people who who used the names because they they get to do this group format they have this group formation function or group declaration group Allegiance declaration. Bob Wyman: Functions that come. Bob Wyman: That are implied by the by the service names that's all. Mike Prorock: And absolutely it's almost kind of like declaring a default subreddit attached to your name or something like that it's definitely been interesting to watch and I queued myself and I lack myself to say you know I've heard some comments that like hey identity isn't the issue whatever else I'll tell you what is the end-user right if I take my tech hat off to take any other hat off you know go and chase him down and other folks you know who sure made it Easy by posting in there you know Twitter. Mike Prorock: Descriptions or bios what Mastodon server they're hitting off of or whatever else. <orie> 🍿 https://twitter.com/CISAJen/status/1595114055588810752 Mike Prorock: Cool great but I'll tell you what if I wanted then go jump from Mastodon party over to w3c social or whatever else yeah that identity in the things attached to me as a user that's almost impossible and I've heard that from folks that are you know Tech writers from other folks right and it's become a very complicated and painful thing as folks are trying to work through what do they want to do so identity is genuinely an issue right and that's and if we can solve that and facilitate that then we actually might be. Mike Prorock: Getting at some of the you know providing the tools to go answer some of those other things you know that are deeper. Mike Prorock: Go ahead Bob yeah. Bob Wyman: If I could just add quickly add I just wanted to add that I've seen people on Mastodon say they are moving from one instance to an and the reason they are moving isn't because of features or better service or whatever they say they are moving because they are looking for a more appropriate name or essentially service to associate with their name okay like Mastodon.social social for instance is pretty ambiguous on the other hand. Bob Wyman: You know journos.something or infosec or. Bob Wyman: Whatever that's a name you may wish and may want to have associated with yourself so people are moving in order to get new names and that's a that's a that's something of value that I think we need to remember. Mike Prorock: Yeah absolutely and should you have Accounts at multiples Etc right it's a weird thing that I don't think anyone's answered yet and a lot of questions get asked both on Mastodon on the bird site and other sites right now Keith. Keith Kowal: Yeah thank you great conversation I mean I'd like to maybe just go back to the beginning and you know I think we came in with a premise that dids and verifiable credentials are better for social media and I mean on the verifiable credential side I mean it always strikes me that verifiable credentials is a data model is quite heavy for social media I mean I'm still would I'm not convinced it like verifiable credentials the data model is the ideal thing for social media and then I think maybe it's not that I'm not fan I mean I'm a big. Keith Kowal: Fan of verifiable credentials for I think a lot of the use cases were working on and I think for dids. Keith Kowal: I mean I think my. <kaliya_identitywoman> SBTs!!!! <dmitri_zagidulin> kaliya... :) <kim_duffy> Useful for a subset , small it may be Keith Kowal: Challenge with that is like of course I love dids dids are great but it's not like every user is super good about like storing their word list in a safe or something I mean I'm curious how many lost password request Facebook and Twitter get everyday I mean there's a reason like they strengthen their authentication model I'm sure they have good business rationale for that just to say like you know just to say well data is better yes but also if you were a platform dids introduce a lot of problems when people like lose control. Keith Kowal: Of their keys can't recover and then you know also lose their entire social media feed like is that an acceptable. Keith Kowal: User experience so I just like to maybe come back and I think we jumped right into well dids and VC's are certainly better for social media and I guess I'm curious maybe we need to articulate more why it's better. <kaliya_identitywoman> (that was a joke - the SBT reference) Dmitri Zagidulin: This is awesome this is really great points being made and a great questions so one of the greatest regrets of many people in the Social Web working group is that by the time the charter ran out and in fact fun fact the charter was extended by a year because somebody implemented Mastodon and it was growing about the popularity and w3c's like all right let's give these people some more time because this is actually taking off in the world but one of the greatest. Dmitri Zagidulin: Regrets of everybody from The Social Web working group is that one the charter ran out. <smagennis> joke == parody?? Dmitri Zagidulin: Authentication and access controls were not specified so we punted on those we said all right we it's amazing enough that we managed to agree on a protocol and a data model somebody else is going to have to figure out authentication identity and access control and you're all probably horrified hearing this because you know what that leads to and at least exactly what we have right now of the points that Bob Wyman mentioned it led to username and passwords. Dmitri Zagidulin: On servers. <orie> did@server qed. Dmitri Zagidulin: So you for your identifier is you know your username at a server and all the things that it leads to so to to answer the previous speakers question Keith's why do we think that dids and verifiable credentials can benefit to the decentralized social part of it has to do with to get away from. Dmitri Zagidulin: Having our identifier. Dmitri Zagidulin: Be bound to a particular server but I want to answer Kristina’s question on so how does given this email light push model with activity Pub where when I make a post my server delivers it to people's inboxes how does that get authenticated what's the identity model like there. Dmitri Zagidulin: And basically at the moment the majority of the community uses HTTP signatures. Dmitri Zagidulin: So Keith mentioned that verifiable credentials is heavy data model I look at it the opposite I look what's verifiable credential it's just the Json object with a signature and that's exactly what the Fediverse uses right now so each post is essentially signed. Dmitri Zagidulin: By a public key right so we're still not in did land where we have one level of indirection where a stable identifier can resolve to a bag of rotatable keys No so at the moment the fediverse just has like one public key links to an identity with all of the rotation recovery problems than that that brings but and if you look at that SCP proposal that I linked to later and I'm happy to throw another. Dmitri Zagidulin: Link into the chat. <orie> Why not use DPOP? Dmitri Zagidulin: There's there's an example there of what a post looks like just a Json object with a signature and the signature demonstrates the proof of possession of a key and in The Proposal proof possession of a did so that's the that's the general sort of state of the Arts authentication authorization thing so it's a real quick what can what can dids bring to the fediverse. <drummond> I'm about to speak to this ToIP spec that just went into public review two weeks ago: https://trustoverip.org/news/2022/11/14/toip-tech-arch-first-public-review/ Dmitri Zagidulin: Easier account migration if I own my social graph meaning if my contacts list has everybody’s dids then regardless of what server they move to I can resolve their dids look at the service endpoint and say okay now their Twitter is at such-and-such domain and continue following them painlessly back okay that's it. Mike Prorock: Awesome Drummond I think you're next. <kim_duffy> well said Dmitri <dmitri_zagidulin> oh noooo! haha un-intentional, Drummong :) Drummond Reed: Yeah yeah actually Dmitri stole a bunch of my thunder but that's all I wanted to say was that when I was suggesting earlier that dids and vcs are you know are both needed it wasn't to suggest that either one the the protocols for for certainly did resolution or for VC exchange are the protocols that we should be using for decentralized social media. <bshambaugh> He's a storm! <orie> TRUST OVER IP. Drummond Reed: It was it was to say they can address the it precisely those issues of identification and authentication and authorization that we need for decentralized social media when we want to look at the protocol stack for decentralized social media and I know half the people in the call will know what I'm going to say you know we've been working on a stack that would work for that puts trust first and it is at trust over IP so I put it into the. Drummond Reed: The chat already linked to the trust over IP technical architecture spec. <dmitri_zagidulin> here's the identity proposal (upgrading from just public keys to DIDs) that I mentioned: https://codeberg.org/fediverse/fep/src/branch/main/feps/fep-c390.md Drummond Reed: That that we put out two weeks ago before IIW and had great conversations at IIW and all I want to do is point out to folks that these social media protocols things like activityPub could fit very nicely at layer 3 of that stack that's what we call Trust and they could take advantage of the whole stack so I think we're at the early stages of figuring out the protocols we’ll use and and all the you know challenging things building a. Drummond Reed: Decentralized Network that will scale the way that Twitter or Facebook does. Drummond Reed: But we have a path to get there and I just wanted to point towards that that's all. <orie> Maybe use MLS instead of TOIP... https://datatracker.ietf.org/wg/mls/about/ ? <dmitri_zagidulin> orie - why not both! :) TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Yeah forgive me the last thing you said Drummond just scale the way Twitter or Facebook does is throw more machines at it whether they're physical or virtual and they're mostly physical at this point which is not a cheap proposition scaling to the web is a big challenge trying to provide a service that's available. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): to everybody all the time. <orie> lets add protocol buffers too... better to be inclusive /s TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Is semi solved but the solution again is a bunch of money and a bunch of hardware and the more that people talk about individuals doing this for themselves gets back to the priesthood of the sis op and and do you know enough about the operating system and the hardware and oh the security things that come in with firewalls and the. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): List goes on and on. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Asking everyone to be there on sis op is heavy and I question whether that's going to be really the way to go. <dmitri_zagidulin> also yeyy solid! <davidm> bittorrent and other media sharing networks didn't have that overhead and were wildly popular TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): The mode the moral code behind solid is the freedom to run your own but it doesn't mandate that you do but the way most people are building that thing the standards that are underlying the solid project they do basically assume that people will be running their own and that's I think that's going to be a big hill in the way. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): as far as. <dmitri_zagidulin> which, incidentally, there's interest in the Solid community to support DIDs, as well <orie> imagine trying to survive without credit... thats what trying to be a hardcore ssi player is like. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): The web of accountability or the accountable web or the blamable web or something like that there is in existence today and it's been there for a while the Credible web community group which is trying to answer the questions of what are the questions that need to be solved in order to make the web credible in order to make it easier to ferret out false posts and misleading posts and even if they’re. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): trying to be truthful. <dmitri_zagidulin> orie - credit? <drummond> I totally agree that 99.9% of the population will not run their own servers. <orie> credit ~= trust a server operator. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Because they were based on somebody else's misleadingness how do you deal with that stuff and sort of the Baseline of everything is sign everything I can't sign my Twitter feed I can't sign the individual post there it's just too small I can sign all my e-mails and that's semi useful because then we have mail clients that don't necessarily handle a signature on it but that's the only verified piece that's there. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): that's available is verifiable credentials are based. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): On signing the things. <kaliya_identitywoman> the Accountable WEb paper - from way way back - https://papers.ssrn.com/sol3/papers.cfm?abstract_id=529022 TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): It's a big big Tangled knot I think one of the the alternate social groups social networks that's trying to get out there is called gordian and gordian is about a knot that is basically untiable untiable it is perpetual and that's sort of where I think we're going to be for a while. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): that's it for now. <tallted> a couple things that may be of interest for later... <tallted> - Credible Web Community Group -- https://www.w3.org/groups/cg/credibility <tallted> - OpenLink YouID -- https://youid.openlinksw.com/ <orie> The irony of the gordion knot is the alexander the great solved it, by cutting it. Bob Wyman: Yeah on the on the thing about everybody having to be their own sis op or many people having to be sis Ops with Mastodon I think. Orie Steele: https://github.com/BlockchainCommons/Gordian Bob Wyman: An old Story I Heard years ago I think turns out to be a useful metaphor or analogy or whatever and that is apparently there was a Black & Decker sales convention Black & Decker made a lot of drills and tools and things like that and the the president of the company gets up and he talks to this he's addressing the Salesforce and he says I've got some good news and I've got some bad news and the bad news is we've done a lot of research on the market and nobody wants drills. Bob Wyman: The good news is a lot of people want holes and I think the that sort of very much like what's going on with Mastadon a lot of people are becoming sis Ops not because they want to be sis Ops but because being a sis op is the mechanism by which you create a community but which you establish sort of a local filtering and content moderation regime.. Bob Wyman: It's the mechanism by which you can build it build a community tie yourself to others Etc so being a sis op essentially becomes a cost of achieving these other purposes and and I think we have to be you know aware of that we have to be thinking about sort of the question is like why are these people going and becoming sis Ops they are not going to enjoy the well some of them will but they're kind of Twisted. Bob Wyman: But most of them are not going to enjoy the. Bob Wyman: The process of being a sis op on the other hand they very much want the sort of the the benefits that come from being one. <nate_otto_(he/him)> Sysops evolution to "site reliability engineering" creates some really exciting job descriptions. Mike Prorock: Yeah I mean if I think about Tor exit nodes and who likes to operate those fediverse man create some really interesting opportunities Dmitri. Dmitri Zagidulin: I want to give a big +1 to Bob and Tall Teds’ points that absolutely right nobody wants to be a sysop nobody wants to be running a server not even the sysops they also don't want to be doing it one of the analogies that I've that I've always liked to throw out there both in terms of the … project and in terms of activity Pub is that we're trying to do for Facebook and Twitter what email did for sending messages. Dmitri Zagidulin: We're trying to standardize it make it. Dmitri Zagidulin: Interoperable understandable and cheap so email’s both a good and a bad example because because of Gmail because even though it is the canonical decentralized protocol it's sort of drifted towards aggregation and and centralization on the one hand on the other hand email’s an excellent analogy of the kind of world where we want to be because it comes free with your box of breakfast cereal email is really cheap like so your your school gives you an email your work gives you an email your ISP gives you a free email. Dmitri Zagidulin: You know there's lots of players that are able to do that so and that's what we're trying to get to. <bobwyman> We shouldn't be designing systems that require you to become a sysop in order to enjoy the benefits of the system. (i.e. it should be possible to build a distinct community without having to be the sysop for that community.) Dmitri Zagidulin: With with the fediverse to bring it back to the subject of our call in terms of like dids and VCs with regards to do so I genuinely think that having a portable identity such as that that dids provide. <adam> There can be many products and services for the Fediverse, including a sysop service. Dmitri Zagidulin: Allows for the lessening of the role of sysops allow makes it so that the server on which you're operating doesn't matter you can pick it on whatever criteria you can move it at any time and take everything so that's definitely the kind of world that we want to be in where people are not running their own servers where they just like with email can choose their favorite provider that is compatible with others and can move it at any point oh one quick thing. Dmitri Zagidulin: I wanted to mention at the beginning of the call. Dmitri Zagidulin: https://lists.w3.org/Archives/Public/public-swicg/ Dmitri Zagidulin: With Community announcements but I completely forgot and that is so we're restarting the Social Web community group over at w3c and so I highly encourage everybody to join or at least follow the subscribe to the mailing list because we can continue a lot of this conversation of both protocols and identity and so on over there thanks. Dmitri Zagidulin: And I just dropped a link in the chat. <paul_fuxjaeger> thanks so much for that effort Dmitri! Mike Prorock: Awesome thank you just being mindful of time here because I'm don't want to run us right up to the hour again I know we felt and try to like actually close off and give people sanity breaks in between meetings here anyone else want to hop on the queue for kind of closing thoughts around this topic I mean you know and I’ll spur it this way which is obviously a few folks in this audience are doing something about it but like what are you going to do about it and. Mike Prorock: And what update could. <bshambaugh> I thought that the growth of Bitcoin and Web3 was built on F.O.M.O, and greed. What other incentives are there? Mike Prorock: We potentially expect to come back and see back to the ccg and say yeah you know we had this meeting stuff was messed up or there was an opportunity there or we hadn't figured out the market side or how to get this adopted etcetera and this is now what's going on as a result that's not be really curious to see here so anyways any anyone on the Queue I'm going to leave it open for another minute or two here and then we'll close it out at five till the hour. Mike Prorock: But pretty good opportunity to go. Mike Prorock: See some shots here. <bumblefudge> idunno, say what you will about bluesky it is a DWN/DID-based pubsub mechanism... Mike Prorock: Yeah can we avoid some fomo and greed and you know I don't know dare I say things like Ponzi schemes avoidance in this case all right well with that I do want to thank especially Dmitri and Drummond and others that have been working hard on this topic and getting some great technical stuff out there obviously. Mike Prorock: Also for the did folks. <orie> Web5 is Mastodon LD right? <bumblefudge> ^other way around <dmitri_zagidulin> @Orie - YESSSS Mike Prorock: For showing up I really frankly don't want to go migrate my users from yet another Mastodon server to another one so I'm just looking for answers from a practical user standpoint and it's irritating me so I'd love an answer to it really appreciate the conversation questions and the great Insight from a large variety of different backgrounds on the call last chance for any closing statements here. <kaliya_identitywoman> Thanks for the conversation! Drummond Reed: Just really glad you brought it up Mike I think this is good and it's a rich new area for us to be discussing. <kim_duffy> Thanks all! <dmitri_zagidulin> thanks mike!! <econnell> Thank you - great conversation! <limari_(dif)> Thank you, it was great to attend and educational <adam> Thanks all Mike Prorock: A it absolutely is and I and I part of this too is the you know just kind of prodding that seed of like hey as VCS and dids are kind of moving on in their work group side we're going to see some interesting potential ccg work items Etc right that may be related to this Rishi I think I see you on the queue. <phil_l_(p1)> :+1: Dmitri Zagidulin: I think it’s Kaliya. <rishi> no that was a mistake :) Kaliya Young: I just had a I had a thought and since we have we're not quite at the top of the hour I had a thought as I was listening to the call and somebody mentioned the accountable web and I pulled up this ancient paper called the accountable net and there are several other quote unquote ancient papers that actually may be worth having like the thought that came to mind was like should we take in the sense that there is a bunch of literature that is. Dmitri Zagidulin: +1 Kaliya, ancient papers is where it's at!! :) <mprorock> there is nothing new under the sun ;) Kaliya Young: Informative of these questions and maybe there's some people who want to read some of these ancient papers that still have wisdom in them for us or maybe contemporary papers whatever and then talk about them so that there's some sense making of not just our thoughts which this conversation was great with some thoughts anchored to some specific work that help us as a group. Kaliya Young: Engage with the material. Mike Prorock: Yeah that'd be awesome and thank you for bringing that up by I'm a big believer and I know I've had this conversation with Bob and Ted and some others in the group you know just about how you know there's a lot of reinvention and relabeling and we always think it's new the first time it comes up and in reality there's a lot of these things have been very well thought out historically and we should learn from that stuff and not forget it Bob you're up. Bob Wyman: Yeah sort of following on that ancient ideas thing you know I'm I'm intrigued tremendously by the fact that a lot of what people seem to be getting excited about today are essentially things that we were talking about literally 20 25 or more years ago but for a variety of reasons like for instance the arrival of say Twitter Facebook is these massive you know highly capitalized services that just blew everybody away. Bob Wyman: They kind of layed dormant for a. <tallted> ( we're at closing time ) <mprorock> que closed <mprorock> *queue - man i can't type or spell or function today Bob Wyman: Long time but the reality is is the stuff that was being written and thought about and documented 20 25 30 or more years ago it's all good stuff and it's finally now having its opportunity to see the light and I've been in a number of conversations where people have talked about standards for those say oh you know it's not worth our time to work on this because the the incumbents you know the big guys just aren't going to accept it and if nothing. Bob Wyman: Else just like to suggest is a strategy strategic thing for people to understand. <kim_duffy> Yesss Bob Wyman: Is that you know even if it looks like figuring out what their correct solution is today won't get you any great benefit today remember there are events like this where we're potentially decades later the window opens and and it becomes really important to have the correct or at least a more correct solution available for deployment to take advantage of of the kind of situation we’ve seen. Bob Wyman: In the last few weeks I don't think anybody could have imagined that something like Twitter would be taken down because of the behavior of its owner but but these are the kinds of opportunities that can one day make a lot of work that may be ignored today exceptionally important tomorrow. Mike Prorock: Yep that good old tide in the Affairs of men Shakespeare etcetera JP you're going to get the final because I closed the queue and. JP: Yeah can you guys hear me okay so just to make sure before like I say something when you say dids you mean like decentralized identifiers or just like persistent or can be verified across like whatever website that <drummond> Bob is SO right. SMTP email came out of nowhere to completely displace the 800 lb gorilla email services of their time (AOL, MCI, Compuserve) <tallted> "Chief Twit" was a (surprisingly?) apt appellation... Mike Prorock: Yeah things in compliant yeah decentralized identifiers as compliant with the did core specification from w3c so and yeah that notion of you know persistent usability across I mean there's a lot of different aspects in a lot of different ways of implementing that data model right some more centralized than others so that it's kind of a complex topic unfortunately right it makes it hard for end-users to grasp but I think the end that folks are. Mike Prorock: After here is that I is a user going to have my identifiers that oh. Mike Prorock: I want to go pick it up and move to another site or maybe interact the same way across all my sites but without necessarily putting say Google in control of that or someone else like that so yeah or for that matter. <bumblefudge> CCG thread! JP: One thing that I like heard about like as a concern was some guys’ blog I forgot his name and he also I don’t think really understood activitypub as much as I wish he would’ve but like one thing that he brought up was that like it’s the idea that like if people have your identifier like let’s say that you’re in a federated like network or whatever and like all of these I guess these instances have your identifier if you do something that’s like really controversial, like they could like strategically I guess like block you from the whole network like based on that so I think there’s like a concern about like how like decentralized identifiers can like be used against like its users Mike Prorock: Yeah I think I think it's a great question I think there are some folks on this call that would be great to dive into that because that gets into some really nuanced and practical implementation side but there are ways to avoid that problem as well as to encourage that problem and I would love to see some discussion on the list on that as well on as throwing out there as let's get it on the list anyways Harrison I think you started recording so you'll have to end it and actually be the last. Mike Prorock: Last one out of the meeting. Mike Prorock: Unfortunately so since you beat me and that's what you get so thank you all really appreciate it awesome conversation today really enjoyed it once again the challenges go build something and get it adopted so. <pchampin> great discussion :) <harrison_tang> Thanks, Mike and everyone! <rishi> Thank you Mike <bshambaugh> Thanks Mike!
Received on Wednesday, 30 November 2022 11:44:27 UTC