- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Tue, 19 Sep 2023 09:38:40 +0200
- To: Bob Wyman <bob@wyman.us>
- Cc: Bumblefudge von CASA <virtualofficehours@gmail.com>, public-swicg@w3.org
- Message-ID: <CAKaEYh+Dn-xqi1gvXcxsF_YC6qvzmu1SpMjLckN_PPR8x6KKZw@mail.gmail.com>
po 18. 9. 2023 v 19:56 odesÃlatel Bob Wyman <bob@wyman.us> napsal: > Melvin, > You wrote: "Absolutely, DID is out of scope." > Do you feel the same way about WebFinger? If so, why? As we all know, many > ActivityPub systems today rely in part on WebFinger. Can you explain key > fundamental differences between WebFinger and the did:web did method? If a > did:webfinger did-method were defined, would you object to its use or > discussion in this context? > No strong view on Webfinger, a consensus based approach is fine. > > It seems to me that it should be possible to write profiles of other > standards that allow us to encourage their use in some ways but discourage > their use in others. Thus, with something like the DID stuff, we may find > some parts that are useful but others that are not. Perhaps I'm missing > something, but while I've heard many people object to all sorts of > did-related stuff, I haven't seen any particularly convincing arguments > that the entire effort is misguided. If such arguments exist, please let me > know. > There have been multiple high profile formal objections to this item in the past, including from the former chair of the SWWG. Highly controversial items put a charter at risk, so we should avoid that. Let's stick to ActivityPub, ActivityStreams and fediverse in general. > > bob wyman > > On Mon, Sep 18, 2023 at 10:34 AM Melvin Carvalho <melvincarvalho@gmail.com> > wrote: > >> >> >> po 18. 9. 2023 v 11:55 odesÃlatel Bumblefudge von CASA < >> virtualofficehours@gmail.com> napsal: >> >>> On 16/09/2023 01:51, Bob Wyman wrote: >>> > For instance, it might include things like "secure private messaging," >>> > "integration of verifiable credentials," etc. rather than identifying >>> > errors in spec examples. >>> >>> On 17/09/2023 17:31, Melvin Carvalho wrote: >>> > I think the "identity" folks will look to insert new identity systems, >>> > this should be out of scope. Getting the existing Actor model working >>> > and documented should be priority. Out of scope for the charter DID / >>> > VC. >>> Melvin, are you calling Bob one of "the identity folks" whose toxic >>> technosolutionism you want to protect AP from because he wants to >>> include key-management problems in the CG's to-do list? I've met him and >>> I think he is far too sensible to self-identity as a rabblerouser in the >>> populist identity Volkstimme. Conversely, are you requesting that we put >>> interop with key-based identity systems (like Nostr), E2EE, and >>> data-signing/data-integrity completely out of scope as problem spaces, >>> or just that the specific word "DID" be barred from the corresponding >>> set of solutions to consider for each? >>> >> >> Absolutely, DID is out of scope. Tantek has highlighted valid concerns >> with the DID work, and formally objected to it. Given his role as a former >> chair of the SWWG, his insights are valuable. Looking back, I should have >> supported his viewpoint. Please consider this message a formal objection to >> including DID-related identity items in any future social web charter. It >> risks jeopardizing the success of a WG. Let's focus on activitypub, >> fediverse, and the current Actor models. >> >> >>> >>> Similarly, in your other message about Evan's OAuth profile proposal, >>> you bring the valuable historical opinion that OAuth underdelivered for >>> the Solid community, and I have to ask a similar question: can we >>> document an OAuth profile as a extension or an interop profile without >>> bringing AuthN into the scope of AP itself and without making OAuth the >>> mandated solution to AP's AuthN needs? In my opinion we should *neither* >>> mandate indieauth *nor* mandate OAuth, but I'm happy if this CG can >>> document both and provide guidance and actionable interop profiles for >>> both to assist implementors who select either technology quickly get >>> federating and interoping with everyone else who made the same choice. >>> AuthN is one of the most daunting industry-wide problemsets and no >>> system as complex as AP is really "accessible" to any but the most elite >>> devs if they have to grope blindly in the authN trenches without an >>> interop profile. Having multiple AuthN profiles to read before deciding >>> which empire to join would also be an unalloyed good for implementers, I >>> believe. >>> >>> Overall, I feel like we need to be precise about what is a documentation >>> of already-adopted practice, which supports communities of >>> implementations, versus what is mandating single solutions to general >>> problems (like AuthN or key management). In W3C, the former is >>> traditionally the domain of CGs, and the latter is traditionally the >>> domain of WGs, which might explain lots of the knee-jerk responses to a >>> WG charter being scoped in the first place. There might already be >>> consensus that more of the former is an unalloyed good, but the latter >>> seems harder to achieve consensus on until the problem-spaces are better >>> defined (in this I fully support Bob's suggestion that maybe socialhub >>> threads are not quite robust or multidimensional *enough* a genre for >>> shared documentation of use-cases and problem spaces to assist in a WG >>> scope being defined). >>> >>> Thanks, >>> __bumble "I have an identity.com sticker on my laptop" fudge >>> >>>
Received on Tuesday, 19 September 2023 07:38:58 UTC