- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Mon, 18 Sep 2023 16:33:07 +0200
- To: Bumblefudge von CASA <virtualofficehours@gmail.com>
- Cc: public-swicg@w3.org
- Message-ID: <CAKaEYh+KLY7NVSUYwHnoJatFCR6O5hpXXcG04tEv5ZFh2UHnvg@mail.gmail.com>
po 18. 9. 2023 v 11:55 odesÃlatel Bumblefudge von CASA < virtualofficehours@gmail.com> napsal: > On 16/09/2023 01:51, Bob Wyman wrote: > > For instance, it might include things like "secure private messaging," > > "integration of verifiable credentials," etc. rather than identifying > > errors in spec examples. > > On 17/09/2023 17:31, Melvin Carvalho wrote: > > I think the "identity" folks will look to insert new identity systems, > > this should be out of scope. Getting the existing Actor model working > > and documented should be priority. Out of scope for the charter DID / > > VC. > Melvin, are you calling Bob one of "the identity folks" whose toxic > technosolutionism you want to protect AP from because he wants to > include key-management problems in the CG's to-do list? I've met him and > I think he is far too sensible to self-identity as a rabblerouser in the > populist identity Volkstimme. Conversely, are you requesting that we put > interop with key-based identity systems (like Nostr), E2EE, and > data-signing/data-integrity completely out of scope as problem spaces, > or just that the specific word "DID" be barred from the corresponding > set of solutions to consider for each? > Absolutely, DID is out of scope. Tantek has highlighted valid concerns with the DID work, and formally objected to it. Given his role as a former chair of the SWWG, his insights are valuable. Looking back, I should have supported his viewpoint. Please consider this message a formal objection to including DID-related identity items in any future social web charter. It risks jeopardizing the success of a WG. Let's focus on activitypub, fediverse, and the current Actor models. > > Similarly, in your other message about Evan's OAuth profile proposal, > you bring the valuable historical opinion that OAuth underdelivered for > the Solid community, and I have to ask a similar question: can we > document an OAuth profile as a extension or an interop profile without > bringing AuthN into the scope of AP itself and without making OAuth the > mandated solution to AP's AuthN needs? In my opinion we should *neither* > mandate indieauth *nor* mandate OAuth, but I'm happy if this CG can > document both and provide guidance and actionable interop profiles for > both to assist implementors who select either technology quickly get > federating and interoping with everyone else who made the same choice. > AuthN is one of the most daunting industry-wide problemsets and no > system as complex as AP is really "accessible" to any but the most elite > devs if they have to grope blindly in the authN trenches without an > interop profile. Having multiple AuthN profiles to read before deciding > which empire to join would also be an unalloyed good for implementers, I > believe. > > Overall, I feel like we need to be precise about what is a documentation > of already-adopted practice, which supports communities of > implementations, versus what is mandating single solutions to general > problems (like AuthN or key management). In W3C, the former is > traditionally the domain of CGs, and the latter is traditionally the > domain of WGs, which might explain lots of the knee-jerk responses to a > WG charter being scoped in the first place. There might already be > consensus that more of the former is an unalloyed good, but the latter > seems harder to achieve consensus on until the problem-spaces are better > defined (in this I fully support Bob's suggestion that maybe socialhub > threads are not quite robust or multidimensional *enough* a genre for > shared documentation of use-cases and problem spaces to assist in a WG > scope being defined). > > Thanks, > __bumble "I have an identity.com sticker on my laptop" fudge > >
Received on Monday, 18 September 2023 14:33:25 UTC