- From: Bob Wyman <bob@wyman.us>
- Date: Mon, 18 Sep 2023 13:56:01 -0400
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- Cc: Bumblefudge von CASA <virtualofficehours@gmail.com>, public-swicg@w3.org
- Message-ID: <CAA1s49Umdd8eLQdZuFXHZmRGowv3Sqv39_vsJo_A97i6KKafLw@mail.gmail.com>
Melvin, You wrote: "Absolutely, DID is out of scope." Do you feel the same way about WebFinger? If so, why? As we all know, many ActivityPub systems today rely in part on WebFinger. Can you explain key fundamental differences between WebFinger and the did:web did method? If a did:webfinger did-method were defined, would you object to its use or discussion in this context? It seems to me that it should be possible to write profiles of other standards that allow us to encourage their use in some ways but discourage their use in others. Thus, with something like the DID stuff, we may find some parts that are useful but others that are not. Perhaps I'm missing something, but while I've heard many people object to all sorts of did-related stuff, I haven't seen any particularly convincing arguments that the entire effort is misguided. If such arguments exist, please let me know. bob wyman On Mon, Sep 18, 2023 at 10:34 AM Melvin Carvalho <melvincarvalho@gmail.com> wrote: > > > po 18. 9. 2023 v 11:55 odesÃlatel Bumblefudge von CASA < > virtualofficehours@gmail.com> napsal: > >> On 16/09/2023 01:51, Bob Wyman wrote: >> > For instance, it might include things like "secure private messaging," >> > "integration of verifiable credentials," etc. rather than identifying >> > errors in spec examples. >> >> On 17/09/2023 17:31, Melvin Carvalho wrote: >> > I think the "identity" folks will look to insert new identity systems, >> > this should be out of scope. Getting the existing Actor model working >> > and documented should be priority. Out of scope for the charter DID / >> > VC. >> Melvin, are you calling Bob one of "the identity folks" whose toxic >> technosolutionism you want to protect AP from because he wants to >> include key-management problems in the CG's to-do list? I've met him and >> I think he is far too sensible to self-identity as a rabblerouser in the >> populist identity Volkstimme. Conversely, are you requesting that we put >> interop with key-based identity systems (like Nostr), E2EE, and >> data-signing/data-integrity completely out of scope as problem spaces, >> or just that the specific word "DID" be barred from the corresponding >> set of solutions to consider for each? >> > > Absolutely, DID is out of scope. Tantek has highlighted valid concerns > with the DID work, and formally objected to it. Given his role as a former > chair of the SWWG, his insights are valuable. Looking back, I should have > supported his viewpoint. Please consider this message a formal objection to > including DID-related identity items in any future social web charter. It > risks jeopardizing the success of a WG. Let's focus on activitypub, > fediverse, and the current Actor models. > > >> >> Similarly, in your other message about Evan's OAuth profile proposal, >> you bring the valuable historical opinion that OAuth underdelivered for >> the Solid community, and I have to ask a similar question: can we >> document an OAuth profile as a extension or an interop profile without >> bringing AuthN into the scope of AP itself and without making OAuth the >> mandated solution to AP's AuthN needs? In my opinion we should *neither* >> mandate indieauth *nor* mandate OAuth, but I'm happy if this CG can >> document both and provide guidance and actionable interop profiles for >> both to assist implementors who select either technology quickly get >> federating and interoping with everyone else who made the same choice. >> AuthN is one of the most daunting industry-wide problemsets and no >> system as complex as AP is really "accessible" to any but the most elite >> devs if they have to grope blindly in the authN trenches without an >> interop profile. Having multiple AuthN profiles to read before deciding >> which empire to join would also be an unalloyed good for implementers, I >> believe. >> >> Overall, I feel like we need to be precise about what is a documentation >> of already-adopted practice, which supports communities of >> implementations, versus what is mandating single solutions to general >> problems (like AuthN or key management). In W3C, the former is >> traditionally the domain of CGs, and the latter is traditionally the >> domain of WGs, which might explain lots of the knee-jerk responses to a >> WG charter being scoped in the first place. There might already be >> consensus that more of the former is an unalloyed good, but the latter >> seems harder to achieve consensus on until the problem-spaces are better >> defined (in this I fully support Bob's suggestion that maybe socialhub >> threads are not quite robust or multidimensional *enough* a genre for >> shared documentation of use-cases and problem spaces to assist in a WG >> scope being defined). >> >> Thanks, >> __bumble "I have an identity.com sticker on my laptop" fudge >> >>
Received on Monday, 18 September 2023 17:56:23 UTC