- From: David I. Lehn <dil@lehn.org>
- Date: Fri, 8 Sep 2023 00:00:26 -0400
- To: Orie Steele <orie@transmute.industries>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CADcbRRMx8wU1MqO1ciqUDDGxZH_L6VJ2RYxbsxZt6Vutrv3upw@mail.gmail.com>
On Thu, Sep 7, 2023 at 10:18 PM Orie Steele <orie@transmute.industries> wrote: > I was reading > https://w3c.github.io/sustyweb/#manage-dependencies-appropriately > > Perhaps the credentials community group would be interested in measuring > the emissions / CPU costs associated with issuing and verify various > competing credential formats, such as data integrity proofs, mDoc and > sd-jwt? > > I imagine this could be somewhat accomplished with a benchmark suite covering a wide variety of use cases. Benchmark metrics likely map to sustainability metrics in some ever-changing way as tech changes. It would be useful to have such a thing as long as all the caveats are clearly explained. It's probably a challenge to do this in a way where results are easy to compare. Different formats have different capabilities, features, and tradeoffs and a single benchmark result alone is unlikely to tell the full story. Even a large suite might not, but would be interesting. There's also the common benchmarking issue that for some use cases a naive solution might benchmark far far away from optimized code. And while some formats may optimize well for some use cases but not others, there's more to consider than CPU costs. Any study should also include data size as that is important for active memory, storage, and transport metrics as they likely map to sustainability metrics as well. Different formats likely compare differently and have memory tradeoffs that may change with use cases and optimizations. Also hard to measure are other costs related to additional credential processing, developer time and effort, interop, and so on. Yet those also have sustainability implications. > The VCWG could recommend against wasteful cryptographic operations or > dependencies that consume more CPU than is needed to sign or verify. > > What is "wasteful" or "needed" is certainly dependent on more than raw sign and verify speed. While speed is a priority in some contexts, there are also other requirements and concerns that may have a higher importance. General advice to not do wasteful things would seem somewhat obvious, so a sustainability discussion here would be more complex than simple recommendations. Other use case requirements, regulations, security level requirements, and many more factors need to be considered. And scale may play a big factor as well. Recommendations and tradeoffs may be wildly different if you are processing a million credentials per year vs per hour vs per minute. It's always all about the tradeoffs and it might be hard to provide recommendations that always apply. -dave
Received on Friday, 8 September 2023 04:00:44 UTC