W3C home > Mailing lists > Public > public-vc-edu@w3.org > November 2021

Re: [EXTERNAL] Re: Using Email as an Identifier

From: Adrian Gropper <agropper@healthurl.com>
Date: Sat, 13 Nov 2021 12:14:45 -0500
Message-ID: <CANYRo8hCaNL0YRn4NHfk6a7r0ZtW+1452ZKRMiyVvuMurP7Gbw@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Credentials Community Group <public-credentials@w3.org>, "public-vc-edu@w3.org" <public-vc-edu@w3.org>
Thanks, Manu for acknowledging the dangers.


On Sat, Nov 13, 2021 at 11:01 AM Manu Sporny <msporny@digitalbazaar.com>

> On 11/12/21 5:52 PM, Adrian Gropper wrote:
> > What are the human rights implications of a "more capable" wallet?
> The question is too nebulous to answer.
> What are the human rights implications of a physical wallet? What are the
> human rights implications of a slice of Bologna? :)
> > Is it a "certified" wallet that Apple or Google provides to pretty much
> > everyone with a certified biometric lock?
> No, it is not. That is the anti-thesis of what this community is after. At
> least, not the sort of "more capable" wallet I'm talking about.
> > Allow me to stipulate that Apple and Google will adopt any (W3C) standard
> > that allows them to keep their wallet franchise just like Apple almost
> > introduced coerced "local scanning" for illegal content in end-to-end
> > secure messaging.
> Yes, of course they will and corrupt it just like they did with the Web
> Payments Payment Request API -- which started out as an open ecosystem and
> now
> only supports wallets supported by the browser manufacturers.
> > Once that becomes the norm and we're all expected to have such a capable
> > biometric wallet for our cryptographically secure "papers please" what is
> > left for the SSI community to do?
> We have to build competitive alternatives to closed ecosystems. This has
> always been a part of the mission (and will continue to be into the
> foreseeable future).
> We have to make sure closed wallet ecosystems don't become the norm by
> building competitive alternatives and voting against anything of the sort
> at
> W3C. Most likely by pushing back hard against a chartering vote for
> anything
> that looks like a play for a non-competitive digital wallet ecosystem.
> The new FedCM work at W3C by Google looks like such a trap, IMHO.
> > Do we have some kind of regulation or governance system or technology in
> > mind to mitigate this risk?
> Yes, the Credential Handler API (CHAPI), which currently needs the
> permission
> of no trillion dollar corporation to deploy across the Web/Internet. It has
> been in operation since 2015:
> https://github.com/digitalbazaar/credential-handler-polyfill#features
> Certain DIDComm-based solutions could also be a viable "no permission
> needed
> to innovate" alternative.
> I'll note that some of the other federated solutions that some in this
> community are dangerously suggesting we use as a stop-gap falls into this
> "certified wallet/ecosystem" trap. If we get to a future where every
> individual isn't making a coerced decision on what digital wallet to use,
> we
> know we've achieved another milestone in this community.
> -- manu
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021)
> https://www.digitalbazaar.com/
Received on Saturday, 13 November 2021 17:15:10 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 13 November 2021 17:15:11 UTC