- From: Bumblefudge von CASA <virtualofficehours@gmail.com>
- Date: Mon, 18 Sep 2023 11:54:41 +0200
- To: public-swicg@w3.org
On 16/09/2023 01:51, Bob Wyman wrote: > For instance, it might include things like "secure private messaging," > "integration of verifiable credentials," etc. rather than identifying > errors in spec examples. On 17/09/2023 17:31, Melvin Carvalho wrote: > I think the "identity" folks will look to insert new identity systems, > this should be out of scope. Getting the existing Actor model working > and documented should be priority. Out of scope for the charter DID / > VC. Melvin, are you calling Bob one of "the identity folks" whose toxic technosolutionism you want to protect AP from because he wants to include key-management problems in the CG's to-do list? I've met him and I think he is far too sensible to self-identity as a rabblerouser in the populist identity Volkstimme. Conversely, are you requesting that we put interop with key-based identity systems (like Nostr), E2EE, and data-signing/data-integrity completely out of scope as problem spaces, or just that the specific word "DID" be barred from the corresponding set of solutions to consider for each? Similarly, in your other message about Evan's OAuth profile proposal, you bring the valuable historical opinion that OAuth underdelivered for the Solid community, and I have to ask a similar question: can we document an OAuth profile as a extension or an interop profile without bringing AuthN into the scope of AP itself and without making OAuth the mandated solution to AP's AuthN needs? In my opinion we should *neither* mandate indieauth *nor* mandate OAuth, but I'm happy if this CG can document both and provide guidance and actionable interop profiles for both to assist implementors who select either technology quickly get federating and interoping with everyone else who made the same choice. AuthN is one of the most daunting industry-wide problemsets and no system as complex as AP is really "accessible" to any but the most elite devs if they have to grope blindly in the authN trenches without an interop profile. Having multiple AuthN profiles to read before deciding which empire to join would also be an unalloyed good for implementers, I believe. Overall, I feel like we need to be precise about what is a documentation of already-adopted practice, which supports communities of implementations, versus what is mandating single solutions to general problems (like AuthN or key management). In W3C, the former is traditionally the domain of CGs, and the latter is traditionally the domain of WGs, which might explain lots of the knee-jerk responses to a WG charter being scoped in the first place. There might already be consensus that more of the former is an unalloyed good, but the latter seems harder to achieve consensus on until the problem-spaces are better defined (in this I fully support Bob's suggestion that maybe socialhub threads are not quite robust or multidimensional *enough* a genre for shared documentation of use-cases and problem spaces to assist in a WG scope being defined). Thanks, __bumble "I have an identity.com sticker on my laptop" fudge
Received on Monday, 18 September 2023 09:54:50 UTC