- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sat, 13 Nov 2021 10:58:54 -0500
- To: Credentials Community Group <public-credentials@w3.org>, "public-vc-edu@w3.org" <public-vc-edu@w3.org>
On 11/12/21 5:52 PM, Adrian Gropper wrote: > What are the human rights implications of a "more capable" wallet? The question is too nebulous to answer. What are the human rights implications of a physical wallet? What are the human rights implications of a slice of Bologna? :) > Is it a "certified" wallet that Apple or Google provides to pretty much > everyone with a certified biometric lock? No, it is not. That is the anti-thesis of what this community is after. At least, not the sort of "more capable" wallet I'm talking about. > Allow me to stipulate that Apple and Google will adopt any (W3C) standard > that allows them to keep their wallet franchise just like Apple almost > introduced coerced "local scanning" for illegal content in end-to-end > secure messaging. Yes, of course they will and corrupt it just like they did with the Web Payments Payment Request API -- which started out as an open ecosystem and now only supports wallets supported by the browser manufacturers. > Once that becomes the norm and we're all expected to have such a capable > biometric wallet for our cryptographically secure "papers please" what is > left for the SSI community to do? We have to build competitive alternatives to closed ecosystems. This has always been a part of the mission (and will continue to be into the foreseeable future). We have to make sure closed wallet ecosystems don't become the norm by building competitive alternatives and voting against anything of the sort at W3C. Most likely by pushing back hard against a chartering vote for anything that looks like a play for a non-competitive digital wallet ecosystem. The new FedCM work at W3C by Google looks like such a trap, IMHO. > Do we have some kind of regulation or governance system or technology in > mind to mitigate this risk? Yes, the Credential Handler API (CHAPI), which currently needs the permission of no trillion dollar corporation to deploy across the Web/Internet. It has been in operation since 2015: https://github.com/digitalbazaar/credential-handler-polyfill#features Certain DIDComm-based solutions could also be a viable "no permission needed to innovate" alternative. I'll note that some of the other federated solutions that some in this community are dangerously suggesting we use as a stop-gap falls into this "certified wallet/ecosystem" trap. If we get to a future where every individual isn't making a coerced decision on what digital wallet to use, we know we've achieved another milestone in this community. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Saturday, 13 November 2021 15:59:14 UTC