Re: DID WG Special Topic Call (Service Endpoints) from Daniel Hardman on 2020-08-27 (public-did-wg@w3.org from August 2020)

From: Daniel Hardman <daniel.hardman@evernym.com>
Date: Thu, 27 Aug 2020 09:38:29 -0600
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: W3C DID Working Group <public-did-wg@w3.org>
Message-ID: <CAFBYrUox=sg=YcCFWjOtUgU11E2942hTs0GxqRys=fmG=pDwzg@mail.gmail.com>

>
> PROPOSAL: Remove Service Endpoints from the specification and rely on
> Verifiable Credentials (e.g., transmitted during DID Auth) to
> communicate Service Endpoints.
>

I may not understand this proposal fully or correctly. However, my gut
reaction is to be concerned about the implication that we must do DID Auth
before we could know how to talk to a DID controller. That feels *very*
undesirable to me. We aren't even clear about how to do DID auth (there
have been a variety of approaches to it over the past 3 years, and I'm not
aware of any of them being standardized).

The privacy rationale also doesn't resonate with me. For institutions,
service endpoint privacy doesn't matter much, and for individuals, I think
that's what herd privacy (many individuals at a single endpoint) should
solve.

Received on Thursday, 27 August 2020 15:38:55 UTC