Re: DID considerations from Melvin Carvalho on 2021-10-28 (public-rww@w3.org from October 2021)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Thu, 28 Oct 2021 20:04:54 +0200
To: Kingsley Idehen <kidehen@openlinksw.com>
Cc: public-rww <public-rww@w3.org>
Message-ID: <CAKaEYh+-EEeJBRW_AXrkNTX05hd7-voFErPD_r794_Fug6F83g@mail.gmail.com>
On Thu, 28 Oct 2021 at 19:15, Kingsley Idehen <kidehen@openlinksw.com>
wrote:

> On 10/28/21 9:28 AM, Melvin Carvalho wrote:
>
>
>
> On Wed, 27 Oct 2021 at 19:14, Kingsley Idehen <kidehen@openlinksw.com>
> wrote:
>
>> On 10/27/21 6:42 AM, Melvin Carvalho wrote:
>>
>>
>>
>> On Sat, 23 Oct 2021 at 01:59, Timothy Holborn <timothy.holborn@gmail.com>
>> wrote:
>>
>>>
>>>
>>> On Sat, 23 Oct 2021 at 00:28, Melvin Carvalho <melvincarvalho@gmail.com>
>>> wrote:
>>>
>>>>
>>>>
>>>> On Fri, 22 Oct 2021 at 06:30, Timothy Holborn <
>>>> timothy.holborn@gmail.com> wrote:
>>>>
>>>>> Heya,
>>>>>
>>>>> Long time ago, work was being done mostly via RWW, that considered
>>>>> HTTPa & an array of other ecosystem considerations.
>>>>>
>>>>> Since then DID work has developed.
>>>>>
>>>>> There's an objection going on ATM.
>>>>>
>>>>
>>>> AFAIK, there's an objection from Mozilla / Tantek.  Then again Tantek
>>>> objected to Solid being part of the SWWG too.  I get the impression that he
>>>> really dislikes Linked Data, but I dont fully understand why
>>>>
>>>> See:
>>>>
>>>> https://www.evernym.com/blog/w3c-vision-of-decentralization/
>>>>
>>>> Not been following it closely, but I'm sure DID will get through the
>>>> w3c process.  Just politics at play
>>>>
>>>
>>> Per the lists: Formal objections raised by Apple & Google also.  (not
>>> sure about Tantek?)
>>>  https://lists.w3.org/Archives/Public/public-did-wg/
>>> apparently
>>> https://web.archive.org/web/*/https://www.w3.org/2001/tag/doc/ethical-web-principles/
>>> related issues were raised.  looks like that started to evolve around the
>>> time i mocked-up some of https://github.com/webcivics/ontologies
>>> whereby the delivery of
>>> https://github.com/WebCivics/ontologies/blob/master/humanrights.owl
>>> into production should probably live (imo) on DID:UN or similar. (sadly
>>> no one appears to have advanced these works, if i am mistaken - please let
>>> me know the link to the ontology online)
>>>
>>> Vaccine Passports seemingly started in California
>>>
>>> https://leginfo.legislature.ca.gov/faces/billCompareClient.xhtml?bill_id=201920200AB2004&showamends=false
>>>
>>> and many are now built using this technology
>>>
>>> https://www.ibm.com/watson/health/resources/digital-health-pass-blockchain-explained/
>>>
>>>
>>>  https://www.iata.org/en/iata-repository/pressroom/presentations/travel-pass/
>>>
>>>
>>>
>>> https://www.prnewswire.com/news-releases/worlds-airports-and-leading-airlines-join-commontrust-network-and-begin-roll-out-of-commonpass-in-december-in-support-of-safer-border-reopening-301179752.html
>>>
>>> https://trustoverip.org/get-involved/good-health-pass-implementation/
>>>
>>> Microsoft (which often provides infrastructure for governments) is also
>>> deploying a version of it; but afaik, its using JSON not JSON-LD.
>>>
>>> https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/decentralized-identifier-overview
>>>
>>>
>>> SO, there may be a future DID:MSFT Web, that isn't interoperable with
>>> the broader web.
>>>
>>> There's widespread reports (and 'common knowledge') of persons being
>>> excluded from society based upon the status of their 'vaccine passport'.
>>>
>>> So, ‘the web’ (‘internet’) has become a mandatorily required appendage
>>> for socio-economic participation as is now consequential to the global
>>> commercialisation of ‘vaccine passports’. Digital Identity infrastructure
>>> is now increasingly vital for any human being who seeks to have agency.
>>>
>>> There are different meanings different groups use when they speak about
>>> ‘identity’ or ‘digital identity’. Some definitions seem to mean
>>> 'property'.
>>>
>>> having been granted some assistance to get a better look into the
>>> situation (with thanks); my considerations are that there's an ethics /
>>> sustainability - impact on humanity problem (not new).
>>>
>>> W3C has traditionally not had scope like other groups, for example:
>>>
>>> https://en.wikipedia.org/wiki/IEEE_Society_on_Social_Implications_of_Technology
>>>
>>> DID Methods are presently 'platform' or 'platform company' centric.
>>> https://w3c.github.io/did-spec-registries/#did-methods
>>>
>>> This may result in different 'webs' forming where platform providers
>>> have a vested interest in making them not work with other online resources.
>>> A means to address that problem may be to change the URI DID Method
>>> Construct (and governance framework) to support societal groups.
>>>
>>> in effect -Change the DID methods to support the notations based on
>>> legal stewards of the methods (and underlying content on whatever DLT
>>> technology employed, including means to migrate to another).
>>>
>>> - DID:UN, DID:WHO, DID:EU, DID:NL, DID:UK, DID:ITU, DID:W3C
>>> etc.
>>>
>>
>> Re: different "webs" that is already the case.  The idea of web
>> architecture is that all the URI schemes can interact with one another via
>> hyperlinks forming a multi protocol web
>>
>> https://en.wikipedia.org/wiki/List_of_URI_schemes
>>
>> Two of biggest are http: and file: so that's good if you want a network
>> effect, others are likely more niche
>>
>> DID is just a set of schemes, and sub schemes with a common JSON format
>> and some agreed common structure, and set of functions
>>
>> It would be interesting to see if that can lead to a standardized way to
>> write to the web, that is something more than HTTP POST, because that's
>> something of a black box
>>
>> One reason is that, standardized ways to write to the web quickly become
>> Turing Complete and in turn can lead to an web operating system
>>
>> In some sense, we're still a long way from standardizing that (a web
>> OS).  In other ways, it's happening in lots of places simultaneously with
>> different groups
>>
>>
>>
>> Here's my understanding:
>>
>> WebID -- an HTTP URI scheme based Identifier for a Person or Agent that
>> resolves to a Profile Document (a Credentials Store).
>>
>> WebID+TLS -- an authentication protocol in the form of a TLS-handshake
>> extension that adds a Profile Document lookup facilitated by a WebID
>> incorporated into an X.509 Certificate via its Subject Alternative Name
>> (SAN) slot.
>>
>> DiD or DID -- a Resolvable URI scheme (i.e., HTTP and others) based
>> Identifier for a Person or Agent that resolves to a Profile Document.
>>
>> DiD or DID Methods -- various methods for authenticating credentials in a
>> Profile Document.
>>
>
> Sounds about right, Kingsley
>
> The did refers to a "controller", which could be a person, organization,
> thing etc.
>
> https://www.w3.org/TR/did-core/#did-controller
>
>
> I was referring to
> https://www.w3.org/TR/did-core/#dfn-decentralized-identifiers which is
> analogous to a WebID, but not HTTP scheme specific i.e., it is resovable,
> but doesn't mandate HTTP as the resolution mechanism. Basically, entity
> denoted by said identifier.
>
> (Distributed) ID vs (Web)ID .
>
> https://www.w3.org/TR/did-core/#did-controller denotes an entity with
> create, read, write, delete privileges over a DID, not the Subject denoted
> by a DID.
>
>
>
> The controller can make changes to the DID Document.  Now we need to be
> careful with this term "Document" as defined in that spec.
>
>
> Note my comments above.
>
> A Document comprise content structured using a variety of content-types.
> Ultimately, said content is some form of Data Representation.
>
> Documents as Content Locations.
>
>
>
> Because it ("A set of data describing the DID subject") might not 100%
> match what we think of as a web document
>
>
> A Web Document is simply a Docuemnt that's accessible via HTTP.
> Unfortunately, there is a general misconcpetion that this implies an HTML
> document.
>

I think there might be something more subtle going on here

ie document vs data

Data is written ON a document, but it is not the document itself

So there's a difference between writing and paper

I could be wrong here, but I think it would be very interesting to compare
the DID Document concept with the HTTP Document concept and see what
matches, and what's different

For example how do headers apply to one versus another, meta data, head vs
body etc.

Will be interesting to track as implementations spring up


>
>
> This leads to the question of whether the document is the data, or whether
> the data is written ON a document, or an HTTP document
>
>
> Documents content takes the form of structured data i.e., the content is
> the data, discernible by a content-type (or mime-type).
>
>
>
> That's a subtle differentiation with I think slighlty different
> constraints.  These I expect will be explored when DID gets to REC status
> and we see some more implementations
>
> I'll add that your idea of NetID
>
> https://www.w3.org/community/rww/wiki/NetID
>
> Has potentially the benefits of both systems, tho we've yet to see this
> fully taken advantage of in terms of user profiles (e.g. with youid and
> fingerprints)
>
> Perhaps it's something we can flesh out and document further
>
>
> A NetID is like a DID, but it doesn't have the notion of DID methods for
> specifying Authentication Protocol mechanics, it leaves authentication in
> the hands of logic.
>
>
> Kingsley
>
>
>
>>
>> The W3C specs seeks to formalize the nature of credentials and how they
>> are authenticated.
>>
>>
>> --
>> Regards,
>>
>> Kingsley Idehen 
>> Founder & CEO
>> OpenLink Software
>> Home Page: http://www.openlinksw.com
>> Community Support: https://community.openlinksw.com
>> Weblogs (Blogs):
>> Company Blog: https://medium.com/openlink-software-blog
>> Virtuoso Blog: https://medium.com/virtuoso-blog
>> Data Access Drivers Blog: https://medium.com/openlink-odbc-jdbc-ado-net-data-access-drivers
>>
>> Personal Weblogs (Blogs):
>> Medium Blog: https://medium.com/@kidehen
>> Legacy Blogs: http://www.openlinksw.com/blog/~kidehen/
>>               http://kidehen.blogspot.com
>>
>> Profile Pages:
>> Pinterest: https://www.pinterest.com/kidehen/
>> Quora: https://www.quora.com/profile/Kingsley-Uyi-Idehen
>> Twitter: https://twitter.com/kidehen
>> Google+: https://plus.google.com/+KingsleyIdehen/about
>> LinkedIn: http://www.linkedin.com/in/kidehen
>>
>> Web Identities (WebID):
>> Personal: http://kingsley.idehen.net/public_home/kidehen/profile.ttl#i
>>         : http://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this
>>
>>
> --
> Regards,
>
> Kingsley Idehen 
> Founder & CEO
> OpenLink Software
> Home Page: http://www.openlinksw.com
> Community Support: https://community.openlinksw.com
> Weblogs (Blogs):
> Company Blog: https://medium.com/openlink-software-blog
> Virtuoso Blog: https://medium.com/virtuoso-blog
> Data Access Drivers Blog: https://medium.com/openlink-odbc-jdbc-ado-net-data-access-drivers
>
> Personal Weblogs (Blogs):
> Medium Blog: https://medium.com/@kidehen
> Legacy Blogs: http://www.openlinksw.com/blog/~kidehen/
>               http://kidehen.blogspot.com
>
> Profile Pages:
> Pinterest: https://www.pinterest.com/kidehen/
> Quora: https://www.quora.com/profile/Kingsley-Uyi-Idehen
> Twitter: https://twitter.com/kidehen
> Google+: https://plus.google.com/+KingsleyIdehen/about
> LinkedIn: http://www.linkedin.com/in/kidehen
>
> Web Identities (WebID):
> Personal: http://kingsley.idehen.net/public_home/kidehen/profile.ttl#i
>         : http://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this
>
>
Received on Thursday, 28 October 2021 18:05:21 UTC