Re: AS2/AP tasks for a chartered social web working group

Melvin,
You wrote: "Absolutely, DID is out of scope."
Do you feel the same way about WebFinger? If so, why? As we all know, many
ActivityPub systems today rely in part on WebFinger. Can you explain key
fundamental differences between WebFinger and the did:web did method? If a
did:webfinger did-method were defined, would you object to its use or
discussion in this context?

It seems to me that it should be possible to write profiles of other
standards that allow us to encourage their use in some ways but discourage
their use in others. Thus, with something like the DID stuff, we may find
some parts that are useful but others that are not. Perhaps I'm missing
something, but while I've heard many people object to all sorts of
did-related stuff, I haven't seen any particularly convincing arguments
that the entire effort is misguided. If such arguments exist, please let me
know.

bob wyman

On Mon, Sep 18, 2023 at 10:34 AM Melvin Carvalho <melvincarvalho@gmail.com>
wrote:

>
>
> po 18. 9. 2023 v 11:55 odesílatel Bumblefudge von CASA <
> virtualofficehours@gmail.com> napsal:
>
>> On 16/09/2023 01:51, Bob Wyman wrote:
>> > For instance, it might include things like "secure private messaging,"
>> > "integration of verifiable credentials," etc. rather than identifying
>> > errors in spec examples.
>>
>> On 17/09/2023 17:31, Melvin Carvalho wrote:
>> > I think the "identity" folks will look to insert new identity systems,
>> > this should be out of scope.  Getting the existing Actor model working
>> > and documented should be priority.  Out of scope for the charter DID /
>> > VC.
>> Melvin, are you calling Bob one of "the identity folks" whose toxic
>> technosolutionism you want to protect AP from because he wants to
>> include key-management problems in the CG's to-do list? I've met him and
>> I think he is far too sensible to self-identity as a rabblerouser in the
>> populist identity Volkstimme. Conversely, are you requesting that we put
>> interop with key-based identity systems (like Nostr), E2EE, and
>> data-signing/data-integrity completely out of scope as problem spaces,
>> or just that the specific word "DID" be barred from the corresponding
>> set of solutions to consider for each?
>>
>
> Absolutely, DID is out of scope. Tantek has highlighted valid concerns
> with the DID work, and formally objected to it. Given his role as a former
> chair of the SWWG, his insights are valuable. Looking back, I should have
> supported his viewpoint. Please consider this message a formal objection to
> including DID-related identity items in any future social web charter. It
> risks jeopardizing the success of a WG. Let's focus on activitypub,
> fediverse, and the current Actor models.
>
>
>>
>> Similarly, in your other message about Evan's OAuth profile proposal,
>> you bring the valuable historical opinion that OAuth underdelivered for
>> the Solid community, and I have to ask a similar question: can we
>> document an OAuth profile as a extension or an interop profile without
>> bringing AuthN into the scope of AP itself and without making OAuth the
>> mandated solution to AP's AuthN needs? In my opinion we should *neither*
>> mandate indieauth *nor* mandate OAuth, but I'm happy if this CG can
>> document both and provide guidance and actionable interop profiles for
>> both to assist implementors who select either technology quickly get
>> federating and interoping with everyone else who made the same choice.
>> AuthN is one of the most daunting industry-wide problemsets and no
>> system as complex as AP is really "accessible" to any but the most elite
>> devs if they have to grope blindly in the authN trenches without an
>> interop profile.  Having multiple AuthN profiles to read before deciding
>> which empire to join would also be an unalloyed good for implementers, I
>> believe.
>>
>> Overall, I feel like we need to be precise about what is a documentation
>> of already-adopted practice, which supports communities of
>> implementations, versus what is mandating single solutions to general
>> problems (like AuthN or key management).  In W3C, the former is
>> traditionally the domain of CGs, and the latter is traditionally the
>> domain of WGs, which might explain lots of the knee-jerk responses to a
>> WG charter being scoped in the first place.  There might already be
>> consensus that more of the former is an unalloyed good, but the latter
>> seems harder to achieve consensus on until the problem-spaces are better
>> defined (in this I fully support Bob's suggestion that maybe socialhub
>> threads are not quite robust or multidimensional *enough* a genre for
>> shared documentation of use-cases and problem spaces to assist in a WG
>> scope being defined).
>>
>> Thanks,
>> __bumble "I have an identity.com sticker on my laptop" fudge
>>
>>

Received on Monday, 18 September 2023 17:56:23 UTC