Re: [External] Pop Quiz: Where do DIDs belong from an Enterprise Architecture perspective?

Based on what I’ve seen in browsers, I lean more towards this is something like a “power user” configuration. So let me explain how I see that aligning with DIDs.

For example, in chromium based browsers (it’s likely very similar in Firefox) you’ve got kind of 3 main tiers of controls (there’s likely even more) and for most they use 1 maybe 2 of them. They are:

1. UI alerts that appear to control specific settings on a per site basis. This is things like permissions data and being able to clear cookies. This is the permissions in the top left part of the URL bar.

2. Settings configurations that are accessible via chrome://settings (or edge://settings, brave://settings, etc) this is for more advanced user focused controls like changing default site settings, configuring DNS, etc.

3. We have chrome://flags which is useful to enable very specific features and code paths or overrides to really configure what your browser can do. An example of this is controlling secure context origins or right now enabling the digital credentials API.

So, in the context of this question, I think the answer for most people is they aren’t going to care too much about this (until they need to). At most, I could see in level 1 something like a site specific default like “user pairwise DID” or “use this persona DID” and that encapsulates the magic for the user. Other forms of encapsulation may be “sync my connections to new device” which rather than syncing keys does a method of adding new controller keys to the did document so the new device has the same controls.

However, for the “power users” they may want to clear and reset a DID for a specific origin, or they might want to rotate a key for a DID for a specific origin via a UI exposed in their built in password manager.

Finally, I could see someone wanting to control a specific default access control model via the verification methods because a persona DID is used both within the context of a browser and other software which they need this control and doing this via chrome://flags so it recognizes the DID properly.

In summary, all of these are focused on outcomes, but still grant points of control to various degrees depending on how involved the user wishes to be. This seems to work reasonably well within browsers which are probably one of the more complicated pieces of software we use on a daily basis. So my leading question to answer this in my PoV would be, how might DIDs and VCs architecture fit within a 3 tier model in the context of a wallet? Or to frame it a bit differently, if you were building this into a browser how might you think it fits within the current paradigm that browsers use and does it change if the DIDs are managed by the browser versus by an extension of the browser?

-Kyle

On Wed, Jan 1, 2025 at 6:38 AM, Daniel Hardman <[daniel.hardman@gmail.com](mailto:On Wed, Jan 1, 2025 at 6:38 AM, Daniel Hardman <<a href=)> wrote:

> A part of me is in violent agreement with the sentiment that DIDs are low-level details. I think I get all of the reasons why it's desirable for this to be the answer.
>
> However, another part of me is sounding a little bit of a dissonant bell, at the back of my brain. I think we might be ignoring some important nuance.
>
> DIDs are points of control. We talk about "DID controllers". If a user has points of control but doesn't know she has them, in what sense(s) is she really in control? Pet names make points of control tractable from a human memory perspective, but if the mental model of a user doesn't have a place for the control point that they name, do we truly understand what we are accomplishing? Do we need to? How does this relate to sovereignty?
>
> Each of us has many "points of control" over our physical body. Understanding and using these points of control is an important developmental task, and it is never "complete", only "mastered to level X". We're born blinking autonomously, but we also have conscious control over our eyelids very early and without instruction. We typically learn to wink a few years later -- not hard, but takes a little focused intent that we don't spontaneously come up with until we see it modeled. Eventually we learn to ride bikes and play musical instruments and juggle and dance samba with a partner and slow our heartbeats during meditation. These learnings require us to discover and take advantage of control points...
>
> I'm wondering if intentional use of DIDs -- not *all* DIDs under a person's control, but the subset of them that a person deems interesting enough to pay attention to -- is an important outcome of a good "system". I'm also wondering if a good "system" ought to understand which DIDs need to be under conscious control early, which ones ought to be like eyelids that are both consciously and automatably controllable, and which ones should remain unconscious except in rare cases of troubleshooting or weird requirements.
>
> On Tue, Dec 31, 2024 at 9:20 AM Alan Karp < alanhkarp@gmail.com> wrote:
>
>> On Tue, Dec 31, 2024 at 3:41 AM Merul Dhiman < me@merul.org> wrote:
>>
>>> This is a very interesting question which often gets asked to me. We have always thought of DIDs and VCs as low level architecture details, and that is where they shall belong its just a technology which allows us to issue and digitally verify data.
>>>
>>> I think we never even need to tell the user about the technology which lies underneath, as it is, for them totally not relevant. However we tell them what we solve for them and address their pain points and empathise with them.
>>
>> That's the right approach, a lesson we learned from one of our projects. We built a file sharing application that used opaque identifiers (not DIDs) under the covers. The user only saw petnames except in one place. Wouldn't you know it? Almost every user complained about it.
>>
>> --------------
>> Alan Karp
>>
>> On Tue, Dec 31, 2024 at 3:41 AM Merul Dhiman < me@merul.org> wrote:
>>
>>> This is a very interesting question which often gets asked to me. We have always thought of DIDs and VCs as low level architecture details, and that is where they shall belong its just a technology which allows us to issue and digitally verify data.
>>>
>>> I think we never even need to tell the user about the technology which lies underneath, as it is, for them totally not relevant. However we tell them what we solve for them and address their pain points and empathise with them.
>>>
>>> Best Wishes,
>>>
>>> Merul Dhiman
>>> CTO
>>> AuvoDigital OÜ
>>>
>>> https://auvo.io
>>>
>>> On Sun, Dec 29, 2024 at 15:57 Michael Herman (Trusted Digital Web) < mwherman@parallelspace.net> wrote:
>>>
>>>> An interesting related question for a UX expert is: If DIDs are low-level technology artifacts, what are the best/most appropriate UX metaphors to surface in real apps?
>>>>
>>>> Get [Outlook for Android](https://aka.ms/AAb9ysg)
>>>> ---------------------------------------------------------------
>>>>
>>>> From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
>>>> Sent: Sunday, December 29, 2024 8:13:29 AM
>>>> To: Kishore Rajasekharuni <kishore.rajasekharuni@jukshio.com>
>>>>
>>>> Cc: public-credentials (public-credentials@w3.org) <public-credentials@w3.org>
>>>> Subject: Re: [External] Pop Quiz: Where do DIDs belong from an Enterprise Architecture perspective?
>>>>
>>>> Thank you for your analysis Kishore.When I say "DIDs", I'm being very literal:
>>>> A DID = decentralized identifier = "did:wxyz:1234" character string.
>>>>
>>>> The answer to the question gets into the subtleties of decentralized identifiers (e.g. did:wxyz:1234).. They are not intended to be human-friendly or comprehensible (like a checksum or a GUID); hence in my mind, they are low-level technical/infrastructure concepts/elements - at the very most, the lowest levels of your application architecture (admitting this is actually going too far IMO).
>>>>
>>>> It would be interesting to revisit how a platform like .NET abstracts an identifier up the chain into higher level application objects like an Identity or Principal (.NET terminology).
>>>>
>>>> Michael Herman
>>>> CEO and First Principles Thinker
>>>> Web 7.0 Foundation / Trusted Digital Web (TDW)
>>>>
>>>> Get [Outlook for Android](https://aka.ms/AAb9ysg)
>>>> ---------------------------------------------------------------
>>>>
>>>> From: Kishore Rajasekharuni <kishore.rajasekharuni@jukshio.com>
>>>> Sent: Friday, December 27, 2024 8:34:31 AM
>>>> To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
>>>> Cc: public-credentials (public-credentials@w3.org) <public-credentials@w3.org>
>>>> Subject: Re: [External] Pop Quiz: Where do DIDs belong from an Enterprise Architecture perspective?
>>>>
>>>> My understanding - DiD can be part of Party Management in the Business architecture layer. At the application architecture layer, it can be the Digital Identity module exposing APIs for Onboarding, Identity Proofing and Fraud Detection. The underlying Digital Identity Apps / Portals can be part of the Technology / Infrastructure architecture.
>>>>
>>>> regards
>>>> Kishore
>>>>
>>>>> On 27 Dec 2024, at 12:07 PM, Michael Herman (Trusted Digital Web) < mwherman@parallelspace.net> wrote:
>>>>>
>>>>> Are DIDs part of the:
>>>>> - Business architecture/layer/domain
>>>>> - Application architecture/layer/domain
>>>>> - Technology/Infrastructure architecture/layer/domain?
>>>>>
>>>>> Get [Outlook for Android](https://www.google.com/url?q=https://aka.ms/AAb9ysg&source=gmail-imap&ust=1735886469000000&usg=AOvVaw3dZOsMm5uX8vKzgHgmZY6E)

Received on Tuesday, 31 December 2024 18:27:56 UTC