Re: [EXTERNAL] Re: did:webs vs did:tdw from Stephen Curran on 2024-06-26 (public-did-wg@w3.org from June 2024)

From: Stephen Curran <swcurran@cloudcompass.ca>
Date: Wed, 26 Jun 2024 12:06:31 -0700
To: Julien Fraichot <Julien.Fraichot@hyland.com>
Cc: "Jordan, John CITZ:EX" <John.Jordan@gov.bc.ca>, "public-did-wg@w3.org" <public-did-wg@w3.org>
Message-ID: <CAFLTOV4-8L+iOdYg=+t6xVuMGAEez7oxP6LUYfC9Ozg2MorcfQ@mail.gmail.com>
Hi Julien,

Thanks for the questions.  Here is a quick summary of our next steps that
should get to what you are interested in:

   - An internal walkthrough of the spec. to ensure alignment across the
   spec and implementations, to enumerate the features and which ones exist in
   each implementation. Updates to the spec. and implementations to follow.
      - Nothing secret there -- just making sure things are consistent for
      everyone else.
   - Initial public meetings about the spec. to solicit interactive
   feedback and for putting the DID Method onto a standards track.
      - In the meantime -- GitHub issues, emails, and calls are welcome to
      provide feedback. This is an open effort.
      https://github.com/bcgov/trustdidweb
      - At these meetings, we'll also identify/propose features that
      could/should go into DID Core spec.
   - Fleshing out the practical deployment of did:tdw for production usage.
   What components are needed outside of the registrar/resolver/witness code
   components.
      - We'll do that for a BC Gov deployment, but would welcome input as
      we move forward on that. Documentation will come out of that --
updates to
      the "Implementers Guide".
   - Deployment in a couple of scenarios at BC Gov -- an Aries stack using
   AnonCreds, and a supply chain transparency use case where VCs are published
   for all to see/verify.

For timing -- we're starting on the first item tomorrow, and expect any
spec writing and coding from that to be done by July 15. Meetings are
planned to start in mid-July (second item), and will progress as the
community contributes. The deployment activities at BC Gov will happen over
the summer and into the early fall.

All that said, this is a completely open process and we welcome
collaborators, advisors, and contributors on every step of the way. Join us!

I hope that helps and please let us know if you have any further questions.

John Jordan and Stephen Curran

On Tue, Jun 25, 2024 at 11:39 PM Julien Fraichot <Julien.Fraichot@hyland.com>
wrote:

> Hi John,
>
>
>
> I think your answer covers the questions I had left about context for
> did:tdw. Thanks for that.
>
>
>
> A few more questions:
>
>
>
>    - The TS repo lists pre-rotation, whois and DID URL as TODO. Is it
>    actively being worked on at the moment and do you have an estimate as to
>    their release? In simpler terms my question is can I plan on implementing
>    did:tdw starting in the next few weeks or should I wait 6 more months or
>    more before doing so?
>    - I understand the spec is somewhat in a Beta stage and that the ToIP
>    task force could potentially bring some changes, but what is the expected
>    time frame before a proper v1 (6 months, 1 year, 2 years, forever)?
>
>
>
> I ask those questions because I have a legitimate interest in a secure
> did:web implementation and I both methods hold interesting promises.
>
>
>
> Thank you
>
>
>
> *From: *Jordan, John CITZ:EX <John.Jordan@gov.bc.ca>
> *Date: *Tuesday, 25 June 2024 at 21:45
> *To: *public-did-wg@w3.org <public-did-wg@w3.org>
> *Subject: *[EXTERNAL] Re: [EXTERNAL] Re: did:webs vs did:tdw
>
> *CAUTION: *This email originated from outside of Hyland. Do not click
> links or open attachments unless you recognize the sender and know the
> content is safe.
>
>
>
> Hi Julian,
>
> Thanks for the questions.  I thought I would offer thoughts from our team
> as the business sponsor for this proposed did method.
>
> did:webs and did:tdw have different design intents. While they both aim to
> be “a better web-based DID method than did:web” they have independent
> implementations. What we can offer, to the best of our abilities,  is a
> description of the design intent and key features of did:tdw. It will be up
> to individual adopters to make their own determination as to the
> appropriateness of the did method they choose for their services.
>
> A key design intent of did:tdw is full compliance with the DID Core
> specification, allowing a DID Controller to include any desired information
> directly into their DIDDoc, treating the DIDDoc as the primary data model
> for the DID Method.
>
>
>
> Additionally, we aimed for the DID method to be significantly more useful
> and secure than did:web, without increasing the complexity of deployment.
> The following list, largely sourced from the spec introduction, provides
> more details (currently available here – https://bcgov.github.io/trustdidweb/
> [bcgov.github.io]
> <https://urldefense.com/v3/__https:/bcgov.github.io/trustdidweb/__;!!C8mu0vCj!cV48YCdojaKTYxZ4ymz68EsM_oEQwHpUzv57Ppxk5KQOBNYOTkrzOFe_dtE1JMyHH8BgxG08qIbC4ZCv9klEfH2ZYtG_vA$>
> ):
>
>
>
>    - Ongoing publishing of all DID Document (DIDDoc) versions for a DID
>    instead of, or alongside a current did:web DID/DIDDoc.
>    - The same DID-to-HTTPS transformation as did:web.
>    - Capable of using the same High Assurance DID-to-DNS mechanism (https://datatracker.ietf.org/doc/draft-carter-high-assurance-dids-with-dns/
>    [datatracker.ietf.org]
>    <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-carter-high-assurance-dids-with-dns/__;!!C8mu0vCj!cV48YCdojaKTYxZ4ymz68EsM_oEQwHpUzv57Ppxk5KQOBNYOTkrzOFe_dtE1JMyHH8BgxG08qIbC4ZCv9klEfH3yV-Em_w$>
>    ).
>    - The ability to resolve the full history of the DID using a
>    verifiable chain of updates to the DIDDoc from genesis to deactivation.
>    - A self-certifying identifier (SCID) for the DID that is globally
>    unique, embedded in the DID, and derived from the initial DIDDoc. The SCID
>    enables DID portability, such as moving the DID’s web location (and so
>    changing the DID string itself) while retaining a connection to the
>    predecessor DID(s) and the DID’s verifiable history.
>    - DIDDoc updates contain a proof signed by the controller(s)
>    authorized to update the DID.
>    - An optional mechanism for publishing “pre-rotation” keys to prevent
>    the loss of control of a DID in cases where an active private key is
>    compromised.
>    - DID URL path handling that defaults (but can be overridden) to
>    automatically resolving <did>/path/to/file by using a comparable
>    DID-to-HTTPS translation as for the DIDDoc.
>    - A DID URL path <did>/whois that defaults to automatically returning
>    (if published by the DID controller) a Verifiable Presentation containing
>    Verifiable Credentials with the DID as the credentialSubject, signed by the
>    DID.
>    - A mechanism for supporting the concept of witnesses -- collaborating
>    parties that approve DIDDoc versions before publication (planned, but not
>    yet in the spec or implementations).
>
> Combined, the additional features enable greater trust and security
> without (we think) compromising the simplicity of did:web.
>
>
>
> In parallel with developing the spec, we created two implementations, one
> in TypeScript, one in Python, and the implementation learnings contributed
> substantially to the specification. Both implementations have most of the
> features listed above and are less than 1500 lines of code each. After our
> presenting the DID Method at IIW in April, we understand a Rust
> implementation has been developed that will be open sourced Real Soon Now.
> An implementer's guide (currently in the spec, but to be separated)
> provides guidance on deploying did:tdw.
>
>
>
> The spec and implementations were created in the Government of British
> Columbia GitHub repos, and there is an approved Trust Over IP task force
> that has been formed, with meetings to begin shortly. To be determined is
> where to take the spec. further, and what, if any relationship it has with
> the did:web specification.
>
> Thanks again for your question, and we hope this offers some information
> for your contemplation.
>
>
>
> Links:
>
>    - Presentation at DICE 2024: Trust DID Web - A New Web-Based DID Method
>
>
>    - https://docs.google.com/presentation/d/1WvE3w_7C_umR_aDX87Mje-qcRU8o2PNMs4eRAOssHR0/edit?usp=sharing
>       [docs.google.com]
>       <https://urldefense.com/v3/__https:/docs.google.com/presentation/d/1WvE3w_7C_umR_aDX87Mje-qcRU8o2PNMs4eRAOssHR0/edit?usp=sharing__;!!C8mu0vCj!cV48YCdojaKTYxZ4ymz68EsM_oEQwHpUzv57Ppxk5KQOBNYOTkrzOFe_dtE1JMyHH8BgxG08qIbC4ZCv9klEfH3jTEc_rg$>
>
>
>    - Specification: https://bcgov.github.io/trustdidweb [bcgov.github.io]
>    <https://urldefense.com/v3/__https:/bcgov.github.io/trustdidweb__;!!C8mu0vCj!cV48YCdojaKTYxZ4ymz68EsM_oEQwHpUzv57Ppxk5KQOBNYOTkrzOFe_dtE1JMyHH8BgxG08qIbC4ZCv9klEfH0SuKFA9A$>
>    - Trust over IP Task Force Page: https://wiki.trustoverip.org/display/HOME/Trust+DID+Web+%28did%3Atdw%29+DID+Method+Task+Force
>    [wiki.trustoverip.org]
>    <https://urldefense.com/v3/__https:/wiki.trustoverip.org/display/HOME/Trust*DID*Web**A28did*3Atdw*29*DID*Method*Task*Force__;KysrJSUlKysrKw!!C8mu0vCj!cV48YCdojaKTYxZ4ymz68EsM_oEQwHpUzv57Ppxk5KQOBNYOTkrzOFe_dtE1JMyHH8BgxG08qIbC4ZCv9klEfH0hNKIUfQ$>
>    - Typescript Implementation: https://github.com/bcgov/trustdidweb-ts/
>    [github.com]
>    <https://urldefense.com/v3/__https:/github.com/bcgov/trustdidweb-ts/__;!!C8mu0vCj!cV48YCdojaKTYxZ4ymz68EsM_oEQwHpUzv57Ppxk5KQOBNYOTkrzOFe_dtE1JMyHH8BgxG08qIbC4ZCv9klEfH34vNF87A$>
>    - Python Implementation: https://github.com/bcgov/trustdidweb-py
>    [github.com]
>    <https://urldefense.com/v3/__https:/github.com/bcgov/trustdidweb-py__;!!C8mu0vCj!cV48YCdojaKTYxZ4ymz68EsM_oEQwHpUzv57Ppxk5KQOBNYOTkrzOFe_dtE1JMyHH8BgxG08qIbC4ZCv9klEfH3j1e6hbQ$>
>
>
>
> John Jordan
>
> Executive Director, Digital Trust
>
> Cybersecurity and Digital Trust
>
> Government of British Columbia
>
>
> ----------------------------------------- Please consider the environment
> before printing this e-mail -----------------------------------------
>
> CONFIDENTIALITY NOTICE: This message and any attached documents may
> contain confidential information from Hyland Software, Inc. The information
> is intended only for the use of the individual or entity named above. If
> the reader of this message is not the intended recipient, or an employee or
> agent responsible for the delivery of this message to the intended
> recipient, the reader is hereby notified that any dissemination,
> distribution or copying of this message or of any attached documents, or
> the taking of any action or omission to take any action in reliance on the
> contents of this message or of any attached documents, is strictly
> prohibited. If you have received this communication in error, please notify
> the sender immediately by e-mail or telephone, at +1 (440) 788-5000, and
> delete the original message immediately. Thank you.
>


-- 

Stephen Curran
Principal, Cloud Compass Computing, Inc. (C3I)
Chair - Sovrin Foundation (sovrin.org)

*Schedule a Meeting: **https://calendly.com/swcurran
<https://calendly.com/swcurran>*
Received on Wednesday, 26 June 2024 19:06:48 UTC