Re: Goals and Requirements for DID Method Standardization?

Speaking as an individual, not with any official hats, I would also like to see more coverage on biometrics. If anyone has points to projects/efforts that are working on that (w.r.t DIDs) I'd love to read up on it.

Sent via Superhuman ( https://sprh.mn/?vip=kimdhamilton@gmail.com )

On Tue, Nov 26, 2024 at 8:29 AM, Adrian Gropper < agropper@healthurl.com > wrote:

> 
> Manu,
> 
> 
> I agree with your analysis, particularly with the issues around individual
> reputation in various separable contexts. From that perspective, the major
> difference between individuals and organizations is that one has
> biometrics and the other uses biometrics. https:/ / www. technologyreview.
> com/ 2024/ 11/ 20/ 1107002/ clear-airport-identity-management-biometrics-facial-recognition/
> (
> https://www.technologyreview.com/2024/11/20/1107002/clear-airport-identity-management-biometrics-facial-recognition/
> )
> 
> 
> It seems to me that our community should be addressing the role of
> biometrics relative to DIDs as a primary or foundational concern.
> 
> 
> Adrian
> 
> On Tue, Nov 26, 2024 at 9:55 AM Manu Sporny < msporny@ digitalbazaar. com (
> msporny@digitalbazaar.com ) > wrote:
> 
> 
>> On Mon, Nov 25, 2024 at 3:02 PM Steve Capell < steve. capell@ gmail. com (
>> steve.capell@gmail.com ) > wrote:
>> > Long lived VCs need long lived DIDs.  Domain names change, ledgers come
>> and go, hosted DiD web issuers go bust, … lots of reasons why a business
>> or government agency might need to “move” a DID without invalidating
>> previously issued VCs
>> 
>> Thank you, Steven, I've added your requirement here (and invite others
>> to add theirs to the issue tracker):
>> 
>> https:/ / github. com/ decentralized-identity/ did-methods/ issues/ 10#issuecomment-2500827870
>> (
>> https://github.com/decentralized-identity/did-methods/issues/10#issuecomment-2500827870
>> )
>> 
>> I do agree that your requirement is important, but possibly for
>> different reasons:
>> 
>> There is one perspective here where government agencies, or
>> businesses, might not need long-lived DIDs. Their DIDs only need to
>> exist as long as the refresh cycles on their VCs (which might only be
>> a few years). There is a need for them to report their new DID to some
>> sort of trust framework that verifiers use, but one could make the
>> argument that government-based DIDs only need to last a few years (as
>> long as their longest credential). So, maybe the need isn't as strong
>> for government agencies, which have strong control over their domain
>> and refresh cycles?
>> 
>> Now, the reality is that government agencies will probably just go
>> with did:web (or any other web-based DID Method) for now, because they
>> know how to secure a website and it ticks all the security boxes for
>> their IT teams. It's probably also true that most government agencies
>> have had a web domain for as long as their agency has existed as a
>> presence on the Internet (.gov domain has been around for ~41 years).
>> 
>> However, I think the need is stronger for individuals, who live for
>> ~70+ years. More specifically, it's important for individuals to be
>> able to have pairwise and ephemeral DIDs (for privacy reasons), but
>> it's also important for individuals to have long-lived DIDs for public
>> personas (reputation). That is, for things like your social media or
>> other web-presence profiles (LinkedIn, X/Twitter, BlueSky, Instagram,
>> Mastodon, etc.). There are dangers here -- like, never use your public
>> DID when you have some expectation of privacy in the exchange and
>> don't know how the other party will use your identifier over the long
>> term -- it's dicey, and I don't mean to downplay the concern there.
>> 
>> In any case, all that to say -- yes, long lived identifiers are needed
>> for long-lived credentials... but perhaps the need is greater among
>> individuals (who don't have control over the lifetime of VCs issued to
>> them) than among organizations (who do have control over the lifetime
>> of the VCs they issue). Then again, organizations don't have control
>> over the VCs issued to them by individuals and other organizations, so
>> perhaps this has more to do with "public personas" vs. private ones?
>> There is, of course, a counter-argument that we should not be using
>> long-lived identifiers at all... but I don't know how you can ZKP
>> yourself through life -- at some point, people want to refer to you in
>> a long-lived social context... and they prefer to use long-lived
>> identifiers when doing so.
>> 
>> -- manu
>> 
>> --
>> Manu Sporny - https:/ / www. linkedin. com/ in/ manusporny/ (
>> https://www.linkedin.com/in/manusporny/ )
>> Founder/CEO - Digital Bazaar, Inc.
>> https:/ / www. digitalbazaar. com/ ( https://www.digitalbazaar.com/ )
> 
> 
>

Received on Tuesday, 26 November 2024 17:02:30 UTC