- From: Martynas Jusevičius <martynas@atomgraph.com>
- Date: Thu, 30 Nov 2023 10:00:04 +0100
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- Cc: Pierre-Antoine Champin <pierre-antoine@w3.org>, public-webid@w3.org, public-solid@w3.org
On Wed, Nov 29, 2023 at 9:43 PM Melvin Carvalho <melvincarvalho@gmail.com> wrote: > > > > st 29. 11. 2023 v 17:15 odesílatel Pierre-Antoine Champin <pierre-antoine@w3.org> napsal: >> >> Dear all, >> >> this has been on my mind for a while, but what triggered this email is Jacopo's recent ping [1] to the Solid Community. >> >> Disclaimer: I have not been following closely the activity of the WebID CG, so apologies if I am rehashing a discussion that already happened, or inappropriately throwing a cat amongst the pigeons. >> >> >> Solid is highly relying on WebID, to the point that it was consider, in the first charter proposal, to adopt WebID as a deliverable of the future Solid WG [2]. But in the spirit of improving our charter proposal, and to respond to the TAG's (and others') concerns, we need to show that we are not stuck on a specific solution, and taking into account what exists elsewhere, in particular in other W3C WGs. >> >> Reading the abstract of the WebID spec [3]: >> >> > A global distributed Social Web requires that each person be able to control their identity, that this identity be linkable across sites - placing each person in a Web of relationships - and that it be possible to authenticate globally with such identities. >> >> While the abstract of the DID recommendation [4] states: >> >> > Decentralized identifiers (DIDs) are a new type of identifier that enables verifiable, decentralized digital identity. A DID refers to any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) (...) the design enables the controller of a DID to prove control over it without requiring permission from any other party. (...) >> >> Furthermore, WebID and DIDs have in common that both can be dereferenced to a document describing the entity they identify, and that this document is Linked Data -- although for DIDs, it is bound to be (a very constrained form of) JSON-LD. Note also that the Verifiable Credentials WG is working on the notion of Controller Document [5] -- in my understanding, this is a generalization of DID documents, focused on the needs of VCs, and not necessarily retrieved from a DID. >> >> So, here are a few thoughts : >> >> * some people might argue that WebID is trying to solve a problem for which we already have a W3C standard (namely, DID); they might be encouraged in this thoughts by the similarity between both abstracts, and by the fact that WebID largely predates DIDs (and could be seen as an early attempt, now superceded). If we disagree, we need to clarify why WebID are still needed. How is that a point when the WebID spec is almost 10 years old and DID came around just a few years ago? >> >> * one possible argument to continue using WebID instead of DIDs is that WebIDs are more straightforward, being HTTPS URIs, while DIDs introduce a level of indirection via DID methods. A counter argument would be: "use the did:web method [6], you will combine the convenience of HTTP with the extensibility of DIDs". (I know that a did:solid method [7] was also considered, but I don't know how it differs from did:web) >> >> * regardless of the outcome of the previous points (keep using HTTPS WebIds vs migrate to did:web DIDs), the similarity between WebID documents and DID/Controller documents should be acknowledged. Note that the differences should also be emphasized: WebID documents are usually expected to contain identifying information about the subject (name, contain details...), while the general advice for DID document is to contain minimal information (if any) beyond the criptographic material required to prove control over the DID. I do not consider these difference to be ingerent incompatibilities, I believe they stem from focusing on different use-cases. DIDs are focusing on scenarios where privacy / pseudonymity is important, so a user is expected to have several DID, and want them to be unlinkable. WebIDs are focusing, on the other hand, on reusing a single identity across several services (linkability being a feature, not a bug). But both solutions could be used in both categories of use-cases. > > > Other way round. The scope of solid is too broad. DID spec is a controversial spec with multiple, formal objections from major W3C players, against it. Inclusion of DID in the charter will almost certainly lead to legitimate formal objections down the line, which is an unnecessary risk. WebID is a perfectly good standards compliant identity system, and it's going to be more than enough work to standardize that, in this WG. This is a rare occasion where I agree with Melvin. There are enough disagreements re. the WebID specs as they are, the last thing they need is to be derailed and feature-bloated with something vaguely related like DID. > >> >> >> To conclude: my goal here is not to dismiss anyone's work, but to try and clarify our position w.r.t. other (published or in-progress) W3C standards. This will be useful for chargering the Solid WG, but this is a good thing to do in general, IMO. >> >> best >> >> >> >> [1] https://github.com/solid/solid-wg-charter/issues/39#issuecomment-1829420164 >> [2] https://github.com/solid/solid-wg-charter/issues/39 >> [3] https://www.w3.org/2005/Incubator/webid/spec/identity/ >> [4] https://www.w3.org/TR/did-core/ >> [5] https://w3c.github.io/vc-controller-document/ >> [6] https://w3c-ccg.github.io/did-method-web/ >> [7] https://solid.github.io/did-method-solid/
Received on Thursday, 30 November 2023 09:00:23 UTC