Relationship between WebID and DID (documents) from Pierre-Antoine Champin on 2023-11-29 (public-solid@w3.org from November 2023)

From: Pierre-Antoine Champin <pierre-antoine@w3.org>
Date: Wed, 29 Nov 2023 17:14:37 +0100
To: public-webid@w3.org, public-solid@w3.org
Message-ID: <7b658476-9b66-4273-a97c-9215c9399c8c@w3.org>
Dear all,

this has been on my mind for a while, but what triggered this email is 
Jacopo's recent ping [1] to the Solid Community.

Disclaimer: I have not been following closely the activity of the WebID 
CG, so apologies if I am rehashing a discussion that already happened, 
or inappropriately throwing a cat amongst the pigeons.


Solid is highly relying on WebID, to the point that it was consider, in 
the first charter proposal, to adopt WebID as a deliverable of the 
future Solid WG [2]. But in the spirit of improving our charter 
proposal, and to respond to the TAG's (and others') concerns, we need to 
show that we are not stuck on a specific solution, and taking into 
account what exists elsewhere, in particular in other W3C WGs.

Reading the abstract of the WebID spec [3]:

 > A global distributed Social Web requires that each person be able to 
control their identity, that this identity be linkable across sites - 
placing each person in a Web of relationships - and that it be possible 
to authenticate globally with such identities.

While the abstract of the DID recommendation [4] states:

 > Decentralized identifiers (DIDs) are a new type of identifier that 
enables verifiable, decentralized digital identity. A DID refers to any 
subject (e.g., a person, organization, thing, data model, abstract 
entity, etc.) (...) the design enables the controller of a DID to prove 
control over it without requiring permission from any other party. (...)

Furthermore, WebID and DIDs have in common that both can be dereferenced 
to a document describing the entity they identify, and that this 
document is Linked Data -- although for DIDs, it is bound to be (a very 
constrained form of) JSON-LD. Note also that the Verifiable Credentials 
WG is working on the notion of Controller Document [5] -- in my 
understanding, this is a generalization of DID documents, focused on the 
needs of VCs, and /not/ necessarily retrieved from a DID.

So, here are a few thoughts :

* some people might argue that WebID is trying to solve a problem for 
which we already have a W3C standard (namely, DID); they might be 
encouraged in this thoughts by the similarity between both abstracts, 
and by the fact that WebID largely predates DIDs (and could be seen as 
an early attempt, now superceded). If we disagree, we need to clarify 
why WebID are still needed.

* one possible argument to continue using WebID instead of DIDs is that 
WebIDs are more straightforward, being HTTPS URIs, while DIDs introduce 
a level of indirection via DID methods. A counter argument would be: 
"use the did:web method [6], you will combine the convenience of HTTP 
with the extensibility of DIDs". (I know that a did:solid method [7] was 
also considered, but I don't know how it differs from did:web)

* regardless of the outcome of the previous points (keep using HTTPS 
WebIds vs migrate to did:web DIDs), the similarity between WebID 
documents and DID/Controller documents should be acknowledged. Note that 
the differences should also be emphasized: WebID documents are usually 
expected to contain identifying information about the subject (name, 
contain details...), while the general advice for DID document is to 
contain minimal information (if any) beyond the criptographic material 
required to prove control over the DID. I do not consider these 
difference to be ingerent incompatibilities, I believe they stem from 
focusing on different use-cases. DIDs are focusing on scenarios where 
privacy / pseudonymity is important, so a user is expected to have 
several DID, and want them to be unlinkable. WebIDs are focusing, on the 
other hand, on reusing a single identity across several services 
(linkability being a feature, not a bug). But both solutions could be 
used in both categories of use-cases.


To conclude: my goal here is not to dismiss anyone's work, but to try 
and clarify our position w.r.t. other (published or in-progress) W3C 
standards. This will be useful for chargering the Solid WG, but this is 
a good thing to do in general, IMO.

     best



[1] 
https://github.com/solid/solid-wg-charter/issues/39#issuecomment-1829420164

[2] https://github.com/solid/solid-wg-charter/issues/39

[3] https://www.w3.org/2005/Incubator/webid/spec/identity/

[4] https://www.w3.org/TR/did-core/

[5] https://w3c.github.io/vc-controller-document/

[6] https://w3c-ccg.github.io/did-method-web/

[7] https://solid.github.io/did-method-solid/
Attachments

application/pgp-keys attachment: OpenPGP public key
Received on Wednesday, 29 November 2023 16:14:41 UTC