- From: <ben@bengo.co>
- Date: Sat, 6 May 2023 19:05:02 -0700
- To: Johannes Ernst <johannes.ernst@gmail.com>
- Cc: Bob Wyman <bob@wyman.us>, public-swicg@w3.org
- Message-Id: <458ED758-174B-42A2-9B30-593B2F5C122D@bengo.co>
It seems like it is more human-centric to accommodate resolving via a service chosen by the human doing the resolving, not a service chosen by the author or controller of the identifier. Only accommodating the latter has the downside of all resolutions being surveillable by the author of the identifier (or their chosen service providers). My understanding is that this “phone home problem” was one of the reasons some folks chose to work on DIDs eg for educational credentials. Just because my school created the identifier of my academic credential, that doesn’t mean it’s in my best interest for my school to know every time someone wants to verify my presentation of that credential. I don’t have any academic credentials. This is just an example. It seems to me that the same principle of least privilege applies to identifiers on the social web too, and I’m glad people are using DIDs et al to enhance privacy of the identifier-resolution process beyond what’s offered by acct URIs (or the thing similar to them that mastodon does) > > On May 6, 2023, at 5:21 PM, Johannes Ernst <johannes.ernst@gmail.com> wrote: > > >> >>> On May 6, 2023, at 17:15, Bob Wyman <bob@wyman.us> wrote: >>> I think that works. What am I missing? >> >> I don’t think you are missing anything, just that the intent, as it is usually described is that you go the identifier’s preferred webfinger endpoint (construct the endpoint from the identifier) instead of always going to the webfinger service that you prefer — which, then, presumably would delegate resolution to the authoritative source. >> >> Cheers, >> >> >> >> >> Johannes. >> >> Johannes Ernst >> Blog: https://reb00ted.org/ >> FediForum: https://fediforum.org/ >> Dazzle: https://dazzle.town/ >>
Received on Sunday, 7 May 2023 02:05:20 UTC