- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Wed, 27 May 2020 10:39:43 -0400
- To: steve capell <steve.capell@gmail.com>, public-credentials@w3.org
Hi Steve, Let me start by saying, welcome to the W3C CCG! :) We've been introduced in other venues, and I'm thrilled to see you engaging here. As you know, a number of the use cases you mention were funded by DHS S&T and explored by US Customs and Border Protection two years ago in the NAFTA/CAFTA Blockchain Proof of Concept: https://www.cbp.gov/trade/ace/whats-new-innovation The results of that proof of concept can be found here (Digital Bazaar, who did the build out of the technical system using Verifiable Credentials, Decentralized Identifiers, Encrypted Data Vaults, Hashlinks, Authorization Capabilities, etc.) starts on page 16: https://www.cbp.gov/sites/default/files/assets/documents/2019-Oct/Final-NAFTA-CAFTA-Report.pdf Lots of lessons learned there that may interest you. On 5/26/20 11:31 PM, steve capell wrote: > 1. the method part of the DID is important for interoperability and, > although I can see the value in letting anyone setup a new method, > there is a risk of explosion - > as https://w3c-ccg.github.io/did-method-registry/ seems to already > show. Looking at this list of methods, I really have no idea what > problem each is solving, why there are so many, and whether I should > re-use one or create another. I'd be keen to discuss that problem > with someone! Yes, we're seeing a gold rush for DID Methods. A number of people in this community expect that 90%+ of those DID Methods will fail to gain market traction within the first 5 years. As Anil mentioned in his email, a number of them have critical design flaws, security concerns, privacy concerns, or all of these things. There is currently no framework to evaluate DID Methods, but the DID WG is tasked with creating a DID Method Rubrics document that is supposed to outline the basis of a framework. Other organizations are also working on evaluation criteria. The first thing you could do to help the situation is not to create yet another DID Method... there are enough of them out there and the differences between many aren't so great. The biggest differences tend to be the network the DID Method is built upon (many of them are built on blockchain networks), the governance model for the blockchain (non-profit foundation, private company, shadow corporation, etc.). For example, here's the information for Veres One (which was used in the NAFTA/CAFTA PoC mentioned above): https://veres.one/summary/ There is no easy answer... it takes doing your due diligence to figure out which solution is snake oil and which one seems like it might be a good fit in production. At present, determining that is close to a full time job... but there are a number of people in this community that have done that work and would be happy to share their findings. All you need to do is determine the precise questions you want answers for and I'm sure folks in this community would be happy to chime in and give you their informed opinions. Again, welcome to the community, I look forward to discussing your use cases here. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Wednesday, 27 May 2020 14:39:59 UTC