Re: Relationship between WebID and DID (documents)

Hey all,

I personally think that DIDs is the logical step for identities on Solid,
and would support a transition to that. Just a heads up that I'll probably
be working more officially on this Q2 of 2024. The work required to make
DID/Solid compatibility happen would be:

   - Spec work (of course. I definitely foresee a spirited discussion over
   the spec)
      - We'd need to determine which DID methods MUST be supported by solid
      - Possibly a spec should be developed for an intermediary that
      supports even more DID methods
      - Solid OIDC needs to be updated to handle DID
      - Backwards compatibility should be considered where WebIds become
      did:web documents.
      - A Pod server reference implementation needs to be made that can use
   DID for authentication.
   - An IDP reference implementation may need to be built that lets you use
   DIDs as your identity rather than WebIds
   - A client implementation could be made that doesn't require interaction
   with an IDP because it works with DIDs.

It would take work and funding to do, but I'd support the transition.

On Wed, Nov 29, 2023 at 11:15 AM Pierre-Antoine Champin <> wrote:

> Dear all,
> this has been on my mind for a while, but what triggered this email is
> Jacopo's recent ping [1] to the Solid Community.
> Disclaimer: I have not been following closely the activity of the WebID
> CG, so apologies if I am rehashing a discussion that already happened, or
> inappropriately throwing a cat amongst the pigeons.
> Solid is highly relying on WebID, to the point that it was consider, in
> the first charter proposal, to adopt WebID as a deliverable of the future
> Solid WG [2]. But in the spirit of improving our charter proposal, and to
> respond to the TAG's (and others') concerns, we need to show that we are
> not stuck on a specific solution, and taking into account what exists
> elsewhere, in particular in other W3C WGs.
> Reading the abstract of the WebID spec [3]:
> > A global distributed Social Web requires that each person be able to
> control their identity, that this identity be linkable across sites -
> placing each person in a Web of relationships - and that it be possible to
> authenticate globally with such identities.
> While the abstract of the DID recommendation [4] states:
> > Decentralized identifiers (DIDs) are a new type of identifier that
> enables verifiable, decentralized digital identity. A DID refers to any
> subject (e.g., a person, organization, thing, data model, abstract entity,
> etc.) (...) the design enables the controller of a DID to prove control
> over it without requiring permission from any other party. (...)
> Furthermore, WebID and DIDs have in common that both can be dereferenced
> to a document describing the entity they identify, and that this document
> is Linked Data -- although for DIDs, it is bound to be (a very constrained
> form of) JSON-LD. Note also that the Verifiable Credentials WG is working
> on the notion of Controller Document [5] -- in my understanding, this is a
> generalization of DID documents, focused on the needs of VCs, and *not*
> necessarily retrieved from a DID.
> So, here are a few thoughts :
> * some people might argue that WebID is trying to solve a problem for
> which we already have a W3C standard (namely, DID); they might be
> encouraged in this thoughts by the similarity between both abstracts, and
> by the fact that WebID largely predates DIDs (and could be seen as an early
> attempt, now superceded). If we disagree, we need to clarify why WebID are
> still needed.
> * one possible argument to continue using WebID instead of DIDs is that
> WebIDs are more straightforward, being HTTPS URIs, while DIDs introduce a
> level of indirection via DID methods. A counter argument would be: "use the
> did:web method [6], you will combine the convenience of HTTP with the
> extensibility of DIDs". (I know that a did:solid method [7] was also
> considered, but I don't know how it differs from did:web)
> * regardless of the outcome of the previous points (keep using HTTPS
> WebIds vs migrate to did:web DIDs), the similarity between WebID documents
> and DID/Controller documents should be acknowledged. Note that the
> differences should also be emphasized: WebID documents are usually expected
> to contain identifying information about the subject (name, contain
> details...), while the general advice for DID document is to contain
> minimal information (if any) beyond the criptographic material required to
> prove control over the DID. I do not consider these difference to be
> ingerent incompatibilities, I believe they stem from focusing on different
> use-cases. DIDs are focusing on scenarios where privacy / pseudonymity is
> important, so a user is expected to have several DID, and want them to be
> unlinkable. WebIDs are focusing, on the other hand, on reusing a single
> identity across several services (linkability being a feature, not a bug).
> But both solutions could be used in both categories of use-cases.
> To conclude: my goal here is not to dismiss anyone's work, but to try and
> clarify our position w.r.t. other (published or in-progress) W3C standards.
> This will be useful for chargering the Solid WG, but this is a good thing
> to do in general, IMO.
>     best
> [1]
> [2]
> [3]
> [4]
> [5]
> [6]
> [7]

- Jackson

Received on Wednesday, 29 November 2023 16:35:18 UTC