W3C home > Mailing lists > Public > public-credentials@w3.org > September 2022

Re: Open Wallet Foundation (and how it might fail)

From: Brent Shambaugh <brent.shambaugh@gmail.com>
Date: Wed, 21 Sep 2022 20:27:45 -0500
Message-ID: <CACvcBVrUzO4dacqPZ1HN80cyQTnwtGRh-khQpg1N8Kd2hyUiSg@mail.gmail.com>
To: Kyle Den Hartog <kyle@pryvit.tech>
Cc: Torsten Lodderstedt <torsten@lodderstedt.net>, Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials Community Group <public-credentials@w3.org>
I threw my hat into the ring for the DIF Interop WG, and got elected as
co-chair. I certainly hope I can keep track of what I need to and help in
the best way possible.

-Brent Shambaugh

GitHub: https://github.com/bshambaugh
Website: http://bshambaugh.org/
LinkedIN: https://www.linkedin.com/in/brent-shambaugh-9b91259
Skype: brent.shambaugh
Twitter: https://twitter.com/Brent_Shambaugh
WebID: http://bshambaugh.org/foaf.rdf#me

On Wed, Sep 21, 2022 at 7:50 PM Kyle Den Hartog <kyle@pryvit.tech> wrote:

> Is anyone else concerned with the homogenization of wallets if we take
> this approach of multiple companies building and contributing to a common
> code base? I certainly get that the incentives are useful and generally
> agree with what OWF is trying to achieve. With that in mind let's consider
> the "when not if" scenario of some of this code having a vulnerability so
> we can avoid a heartbleed scenario like OpenSSL faced.
> -Kyle
> On Thu, Sep 22, 2022 at 5:22 AM Torsten Lodderstedt <
> torsten@lodderstedt.net> wrote:
>> Hi Manu,
>> thanks for sharing your thoughts.
>> There have been a lot of discussions about the best way to fund and
>> organise the work of the OWF in the last couple of days, especially how we
>> get started. An important caveat of the original proposal is around scoping
>> and feature prioritisation. Who would decide what features the staff would
>> develop first (VCs, AnonCreds, ISO mDL, SD-JWT, …)? A committee? I’m pretty
>> sure that would not work.
>> I’m now perceiving a mind shift towards a community driven approach. The
>> OWF should be open for anyone to contribute code and the prioritisation is
>> pretty simple. Those who contribute code influence what the OWF will
>> produce. There is a need for some governance, e.g. all projects need to
>> adhere to the same principles (e.g. code quality & security). Since we are
>> aiming for multi-format, multi-protocol wallets, I would also assume there
>> will be joined work on a core design that wires different modules (e.g.
>> formats & protocols) together.
>> Drummond Reed, Andre Kudra, and myself have drafted this proposal how to
>> bootstrap and govern the technical work.
>> https://docs.google.com/document/d/1X7K33COKOovExJS_Cw_vL1eLQNSej431OfNpTEtXh2g/edit#
>> @anyone on the list: please review and comment/propose changes.
>> The proposal aims at kickstarting a discussion among the people
>> interested in the OWF, especially those intending to contribute.
>> Would you consider to contribute?
>> best regards,
>> Torsten.
>> > Am 20.09.2022 um 16:30 schrieb Manu Sporny <msporny@digitalbazaar.com>:
>> >
>> > On Tue, Sep 20, 2022 at 9:25 AM Orie Steele <orie@transmute.industries>
>> wrote:
>> >> I'm confident that we can keep things aligned, and you can count on me
>> to point out risks very publicly if I see something harmful emerging.
>> >
>> > I'm not as confident about alignment. We have all been through this
>> > before, with W3C VCs, ISO mDL, IIW, RWoT, Sovrin, Hyperleder, DIF,
>> > ToIP, and now OWF. Every time one of these new "Foundations" pops up,
>> > it dilutes focus in the technical specification work and ultimately
>> > slows things down. It is, also, inevitable -- innovation and
>> > standardization are chaotic.
>> >
>> > I've spoken with DanielG about my concerns here, so this will mostly
>> > be a repeat of what I conveyed to him a few weeks ago, after attending
>> > one of the OWF meetings.
>> >
>> > To start, I believe DanielG (and others that are trying to put OWF
>> > together) have their hearts in the right place. The vision is
>> > compelling, which is effectively "We don't want a proprietary
>> > Apple/Google wallet duopoly to take hold, like has happened for mobile
>> > payments." Almost no one wants that. So, yes, most everyone is excited
>> > by that vision to come together and defend an open wallet ecosystem.
>> > It's an excellent vision!
>> >
>> > That said, it's the execution that matters here, and that's what seems
>> > to be deeply flawed  with OWF (today).
>> >
>> > OWF attempting to raise €7.5M to hire a team of software developers to
>> > build NEW open source software components for digital wallets feels
>> > very misguided when there are already companies building open source
>> > software for digital wallets. Starting from scratch and asking those
>> > that have already invested millions of dollars in open source software
>> > (like Digital Bazaar) to now invest in yet another NEW open source
>> > infrastructure and an untested team is the sort of high risk gambling
>> > that gives even the most seasoned entrepreneurs pause.
>> >
>> > I say this as one of the inventors, architects, and standards editors
>> > for a variety of these "digital wallet" technologies -- the "digital
>> > wallet" protocols/technologies/standards are not ready yet. If you
>> > want technical input from industry experts, there it is -- you're
>> > trying to implement a series of things that are rapidly moving
>> > targets, you're trying to implement all of them simultaneously, and
>> > you're trying to fund a team that is not deeply intimate with all the
>> > ways those targets are moving.
>> >
>> > We're still trying to stabilize these standards, so any investment in
>> > a NEW open source digital wallet core is going to churn heavily for
>> > the next year or two. Even more worrying are some organizations
>> > claiming to have stabilized digital wallet protocols as "ready to go"!
>> > Do not believe that for a second -- nobody is ready to go -- that goes
>> > for the mDL protocols, OIDC4VC, VC API, DIDComm, all of them -- high
>> > churn, expect heavy changes over the next year or more. We will get
>> > there, in time, but not this year or possibly next. All of this takes
>> > far longer than any of us want and distractions (like OWF) make things
>> > worse.
>> >
>> > The "open source digital wallet libraries" also presume that you can
>> > get away with a handful of software libraries -- or a single/dual
>> > stack; you can't. These technologies need to be implemented in
>> > multiple languages to be immediately useful to software developers...
>> > you can claim that "we only need to implement in
>> > Rust/Wasm/Javascript/Java" because you're just trying to get to 75%+
>> > of the market, but it rarely happens that way (unless you can hide
>> > everything behind an HTTP API... which you can't with most digital
>> > wallets).
>> >
>> >> I don't think there is any cause for concern right now, other than
>> ensuring that OWF has enough stakeholders to lift off in a way that is
>> useful.
>> >
>> > I don't see how OWF helps dig the trenches that we need digging in the
>> > next several years. We need more people to pick up a shovel and
>> > implement across multiple languages, help with test suites, and other
>> > "boring" work that OWF will need to actually be successful. Until that
>> > stuff stabilizes, OWF will be in a holding pattern waiting for the
>> > standards work around digital wallet protocols to stabilize.
>> >
>> > When we look at where that €7.5M/year is best utilized, it would be to
>> > fund the people already building and releasing the standards, open
>> > source libraries, interoperability test suites, and other things that
>> > are necessary foundations for an open wallet ecosystem. If OWF
>> > redirects that money, instead, to starting from scratch with a new
>> > team (or picking winners), it's just helping to suck even more oxygen
>> > out of the room which only helps ensure the failure of the initial
>> > vision.
>> >
>> > I hope OWF takes all of the above as constructive criticism. I do want
>> > it to succeed, but not at the expense of slowing things down by
>> > splitting everyone's attention. We absolutely need help, just not the
>> > sort of help that has been proposed by OWF to date.
>> >
>> > -- manu
>> >
>> > --
>> > Manu Sporny - https://www.linkedin.com/in/manusporny/
>> > Founder/CEO - Digital Bazaar, Inc.
>> > News: Digital Bazaar Announces New Case Studies (2021)
>> > https://www.digitalbazaar.com/
>> >
Received on Thursday, 22 September 2022 01:28:09 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 22 September 2022 01:28:11 UTC