- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Mon, 11 Aug 2025 12:45:21 -0400
- To: "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
On Sat, Aug 9, 2025 at 5:48 PM Pryvit NZ <kyle@pryvit.tech> wrote: > Yes, we're definitely on the same page here and this is a very succinct summary of what I was hoping to articulate. Ok, good, I have a good handle of where you're coming from now. > I think the primitives grant us the flexibility we need to appropriately represent the proper power dynamics as they best suit. Ok, also good, that makes me feel much better about where the discussion is going. I would like to hear if Christopher, and anyone else saying "We need a differen architecture" is aligned with the above as well or not. Again, I'm trying to ferret out if folks feel like there is new technical work that needs to be done/abandoned in this community, or if this is a matter of "higher-level" technical architecture -- how we put the pieces together (which can, in itself, be technical work). > This is the main takeaway I hope people can take away from this discussion is that the tools we build are ambivalent to how we use them, but we inherently will always express our values as we do. I just hope we all have the ability to reflect early enough to recognize when we're doing this and make sure to change as needed. If our tools are built correctly, this should be easier to do too. Yes, agreed. We do need constant reflection -- the community intervention on "no phone home" with mDL was a good example of that. Though in the "no phone home" case, it was this community intervening with another community that had gone down a bad path; but there was some community overlap there and hopefully the right privacy outcome will materialize over the coming months. I wouldn't go as far as saying the tools we are building are ambivalent to how we use them. Some of us are very consciously trying to ensure that decentralization is not only possible, but preferred if it makes sense in a particular ecosystem. There are ecosystems that are far more centralized than they need to be, which has led to security and privacy failures, and we're actively trying to improve those ecosystems. Take Decentralized Identifiers for example, which some of the large tech companies, and a variety of x509 diehards railed against, and actively attempted to prevent from being standardized, for years. Even to this day the technology is snubbed in some circles with the hopes that it will just go away. I don't think that the people working on DIDs are ambivalent about the future they're trying to build towards. Similarly, for verifiable credentials -- use cases around individual empowerment and decentralization are top of mind for many of us. For example, when I scan the latest PR on the VCWG specs, I'm actively looking for things that would prevent decentralization or prefer centralization. That said, the technology has to also fit into society today; there has to be some benefit for "traditional" credential issuers to move towards verifiable credentials, and a fair number of those issuers tend to have practices that are decades (to centuries) old, some of which is codified in law that prefers the centralization of government authority. While some of us might not like every instance of that, these systems are not "purely bad", and in fact, if these systems didn't exist as they do today, we wouldn't have some of the benefits from these systems (as well as the drawbacks that comes with centralization). All that to say, I don't think I agree that many of us are ambivalent to how these systems are put together, nor that the technology this community works on is ambivalent to how it is deployed. Signal has an architectural aesthetic, and so do Decentralized Identifiers, Verifiable Credentials, and the various Data Integrity cryptosuites. > Yup, exactly this. I think it's important to point out too, the only way I was able to reach that conclusion was by acknowledging the power dynamics of the use case. I had to first determine why it felt incorrect and then working backwards from what felt like a more accurate representation of how we model the problem from a first principles perspective. I hope others are able to achieve the same with their particular use cases. Yes, agreed; this is good guidance when addressing any use case, but is often not done when just trying to recreate the current power dynamics that exist today. I will note that many large institutions approach this new technology in that way, which might be the only place they can start and the hope is that they will jump to the adjacent possible if it makes sense for them to do so... or, maybe they never do and are instead replaced by other more decentralized institutions that win the hearts and minds of the people that depend on them. > ++ - I think as long as we make it possible (which I think we're doing a good job at it), then we've built the technology properly. The rest is to be decided by those who use it, and that's the paradox of building tech but not being able to fully prevent the unintended consequences of how it's used. Yes, I do agree with the above as well. Even for "those that use it" -- we can provide guidance based on our collective expertise on "fit-for-purpose architectures". Again, the "no phone home" intervention by many in this community was a good example of that. All that to say, I do think we have some control over the values embodied in the technology primitives we create here as well as the architectures that we feel are appropriate for particular use cases. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. https://www.digitalbazaar.com/
Received on Monday, 11 August 2025 16:46:02 UTC