- From: Alan Karp <alanhkarp@gmail.com>
- Date: Wed, 30 Jul 2025 08:29:33 -0700
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CANpA1Z2Wseg8G4tS66Gt6aeMrPEFW9q9uEJYAFPGTOqTpW59jQ@mail.gmail.com>
I'm happy to hear that the work of you and your colleagues is being adopted. One concern I have is how it is being adopted. I've read several papers/specs over the past few months where agentic AI systems are using VCs for permissions. I believe this choice is a mistake for reasons that I have articulated several times. There are so many of these projects from so many organizations that there's no way I can explain the issues to them one by one. Is there something the VC standards group can do? -------------- Alan Karp On Wed, Jul 30, 2025 at 7:33 AM Manu Sporny <msporny@digitalbazaar.com> wrote: > One signal of a successful specification is when people start building > on it without any engagement with the original community. This is > usually a good sign because it means that the people building on it 1) > conceptually understand why the specification is useful -- that is, > you didn't have to convince them of anything, they understood the > value by just reading the spec/docs, and 2) it's specified well enough > to not need hand-holding for a developer to implement and deploy it. > > We've seen this happen twice over the past month or so with > specifications that were incubated in the Credentials Community Group > for market verticals that are typically not represented in this > community. > > The first is that Cloudflare has integrated HTTP Message Signatures > for their Verified Bots program. That specification was incubated in > the Credentials Community Group for 8+ years before being placed onto > the standards track at IETF with AnnabelleB and JustinR doing the > lionshare of shepherding it through the IETF process: > > https://blog.cloudflare.com/verified-bots-with-cryptography/ > > It took 11 years from when the spec was introduced in this community > to it getting into production at Cloudflare. HTTP Message Signatures > is a good reminder of how long it can take for a good idea to get > traction. > > The second is that agntcy.org, founded by Google, Dell, Red Hat, > Oracle, and Cisco, has just launched their AI Agent protocols program > as a Linux Foundation project. They're using W3C Decentralized > Identifiers and W3C Verifiable Credentials to identify AI agents and > provide digital credentials to them so that they can express their > capabilities to humans and other AI agents in a way that's > cryptographically verifiable: > > https://docs.agntcy.org/identity/identity/#standards > > Both of those surprised me (in a good way) -- they were not on my > radar at all until they were in production. > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > https://www.digitalbazaar.com/ > >
Received on Wednesday, 30 July 2025 15:29:50 UTC