Re: AS2/AP tasks for a chartered social web working group

po 18. 9. 2023 v 19:56 odesílatel Bob Wyman <bob@wyman.us> napsal:

> Melvin,
> You wrote: "Absolutely, DID is out of scope."
> Do you feel the same way about WebFinger? If so, why? As we all know, many
> ActivityPub systems today rely in part on WebFinger. Can you explain key
> fundamental differences between WebFinger and the did:web did method? If a
> did:webfinger did-method were defined, would you object to its use or
> discussion in this context?
>

No strong view on Webfinger, a consensus based approach is fine.


>
> It seems to me that it should be possible to write profiles of other
> standards that allow us to encourage their use in some ways but discourage
> their use in others. Thus, with something like the DID stuff, we may find
> some parts that are useful but others that are not. Perhaps I'm missing
> something, but while I've heard many people object to all sorts of
> did-related stuff, I haven't seen any particularly convincing arguments
> that the entire effort is misguided. If such arguments exist, please let me
> know.
>

There have been multiple high profile formal objections to this item in the
past, including from the former chair of the SWWG.  Highly controversial
items put a charter at risk, so we should avoid that.  Let's stick to
ActivityPub, ActivityStreams and fediverse in general.


>
> bob wyman
>
> On Mon, Sep 18, 2023 at 10:34 AM Melvin Carvalho <melvincarvalho@gmail.com>
> wrote:
>
>>
>>
>> po 18. 9. 2023 v 11:55 odesílatel Bumblefudge von CASA <
>> virtualofficehours@gmail.com> napsal:
>>
>>> On 16/09/2023 01:51, Bob Wyman wrote:
>>> > For instance, it might include things like "secure private messaging,"
>>> > "integration of verifiable credentials," etc. rather than identifying
>>> > errors in spec examples.
>>>
>>> On 17/09/2023 17:31, Melvin Carvalho wrote:
>>> > I think the "identity" folks will look to insert new identity systems,
>>> > this should be out of scope.  Getting the existing Actor model working
>>> > and documented should be priority.  Out of scope for the charter DID /
>>> > VC.
>>> Melvin, are you calling Bob one of "the identity folks" whose toxic
>>> technosolutionism you want to protect AP from because he wants to
>>> include key-management problems in the CG's to-do list? I've met him and
>>> I think he is far too sensible to self-identity as a rabblerouser in the
>>> populist identity Volkstimme. Conversely, are you requesting that we put
>>> interop with key-based identity systems (like Nostr), E2EE, and
>>> data-signing/data-integrity completely out of scope as problem spaces,
>>> or just that the specific word "DID" be barred from the corresponding
>>> set of solutions to consider for each?
>>>
>>
>> Absolutely, DID is out of scope. Tantek has highlighted valid concerns
>> with the DID work, and formally objected to it. Given his role as a former
>> chair of the SWWG, his insights are valuable. Looking back, I should have
>> supported his viewpoint. Please consider this message a formal objection to
>> including DID-related identity items in any future social web charter. It
>> risks jeopardizing the success of a WG. Let's focus on activitypub,
>> fediverse, and the current Actor models.
>>
>>
>>>
>>> Similarly, in your other message about Evan's OAuth profile proposal,
>>> you bring the valuable historical opinion that OAuth underdelivered for
>>> the Solid community, and I have to ask a similar question: can we
>>> document an OAuth profile as a extension or an interop profile without
>>> bringing AuthN into the scope of AP itself and without making OAuth the
>>> mandated solution to AP's AuthN needs? In my opinion we should *neither*
>>> mandate indieauth *nor* mandate OAuth, but I'm happy if this CG can
>>> document both and provide guidance and actionable interop profiles for
>>> both to assist implementors who select either technology quickly get
>>> federating and interoping with everyone else who made the same choice.
>>> AuthN is one of the most daunting industry-wide problemsets and no
>>> system as complex as AP is really "accessible" to any but the most elite
>>> devs if they have to grope blindly in the authN trenches without an
>>> interop profile.  Having multiple AuthN profiles to read before deciding
>>> which empire to join would also be an unalloyed good for implementers, I
>>> believe.
>>>
>>> Overall, I feel like we need to be precise about what is a documentation
>>> of already-adopted practice, which supports communities of
>>> implementations, versus what is mandating single solutions to general
>>> problems (like AuthN or key management).  In W3C, the former is
>>> traditionally the domain of CGs, and the latter is traditionally the
>>> domain of WGs, which might explain lots of the knee-jerk responses to a
>>> WG charter being scoped in the first place.  There might already be
>>> consensus that more of the former is an unalloyed good, but the latter
>>> seems harder to achieve consensus on until the problem-spaces are better
>>> defined (in this I fully support Bob's suggestion that maybe socialhub
>>> threads are not quite robust or multidimensional *enough* a genre for
>>> shared documentation of use-cases and problem spaces to assist in a WG
>>> scope being defined).
>>>
>>> Thanks,
>>> __bumble "I have an identity.com sticker on my laptop" fudge
>>>
>>>

Received on Tuesday, 19 September 2023 07:38:58 UTC