- From: Orie Steele <orie@transmute.industries>
- Date: Mon, 18 Sep 2023 11:19:34 -0500
- To: Brian Richter <brian@aviary.tech>
- Cc: Greg Bernstein <gregb@grotto-networking.com>, Manu Sporny <msporny@digitalbazaar.com>, Markus Sabadello <markus@danubetech.com>, W3C VC Working Group <public-vc-wg@w3.org>, Wayne Cutler <wcutler@gsma.com>
- Message-ID: <CAN8C-_KkxzS-0t0Ot1dKtx4hQ4zC1fWvX6=2VEDxdh2iTKMk8A@mail.gmail.com>
Inline: On Sun, Sep 17, 2023 at 4:20 PM Brian Richter <brian@aviary.tech> wrote: > Having resparked the conversation in > https://github.com/w3c/vc-di-bbs/issues/84 > I have been listening intently and believe this technique can be the basis > for a cryptosuite that allows for unlinkability of selectively disclosed > verifiable credentials. This is a powerful tool that everyone has been > looking forward to since I got into the space. The development of it over > the coming weeks and months really excites me along with many others (as > proven by the subject of this email) and I will do my best to make it a > reality. > > Orie, having worked closely with you on this exact thing a couple years > ago I’m bewildered by your quick about face at the 11th hour. > You are probably missing the context from several IETFs, and years worth of W3C meetings (where the work item was never discussed). > I understand your disagreements with the data integrity work. I understand > the crypto isn’t entirely hardened at ietf. Obviously you’ve been bringing > systems online and have learned new things in that time but I believe there > is tremendous value in vc-di-bbs. > As an experiment I agree! As a "new standard that governments might mandate".... I don't agree... W3C working groups should have a bar that is far above community groups. Adoption of W3C TR's have great power, and with it comes great responsibility. Another factor would be knowing that vendors are committed to implementing it. I believe Digital Bazaar is the only party that has commented publicly about planned implementation. Speaking for Transmute, we're fine implementing / experimenting with various technologies, especially in community groups. When it comes to contributing to technical standards at W3C and IETF, we tend to prefer standardization of approaches that are successful in the market, where interoperability is starting to cause real problems because of the scale of adoption. We tend to be wary of standardizing something that is not widely used, in order to refer to it or mandate it. Different SDOs tend to have different cultures around this topic, sometimes the standard comes before adoption, sometimes there is no adoption, and sometimes the adoption comes first. Of course unlinkability and selective disclosure are so valuable to privacy and user consent / data control that there is tremendous pressure to mandate them, even if they are relatively immature. This is where technical debate and trade offs come into play, and the working group needs experts to debate the benefits, risks, maturity, costs, environmental impact, social impact, etc... We tend to treat silence (in the official W3C contribution context), not as consent / approval, but as a lack of awareness or interest, and as a signal to not progress work. For the past several months there has been relatively little commentary on this work item, but as Manu pointed out, that has changed recently. Thank you for getting the document to the place it is now. > > The commit history on the repo is where credit is due: https://github.com/w3c/vc-di-bbs/graphs/commit-activity As you can see, I've done very little to advance the work item, the working group is overloaded with higher priority work. > Brian > > On Sun, Sep 17, 2023 at 3:08 PM Orie Steele <orie@transmute.industries> > wrote: > >> Is there a JS implementation that can run in the browser, of BBS >> selective disclosure with data integrity that I can compare against >> ecdsa-sd and sd-jwt? >> > As I said, Greg is the expert to comment on the maturity of the work in >> implementations. >> >> Seems like we probably have a reference implementation to update the spec >> text from though, that seems like a good thing. >> >> Only need 2 codebases to make a W3C standard, so it's not inconceivable >> that it could still make it to TR. >> >> Regards, >> >> OS >> >> >> >> On Sun, Sep 17, 2023, 1:51 PM Manu Sporny <msporny@digitalbazaar.com> >> wrote: >> >>> On Sun, Sep 17, 2023 at 12:33 PM Orie Steele <orie@transmute.industries> >>> wrote: >>> > When they collude (assuming they both understand RDF) they both learn, >>> the other saw "_:uXqefD0KC4zrzEbFJhvdhYTGzRYW3RhjcQvfkpkWqDpc" >>> >>> As I suspected, your information is out of date, the identifiers of >>> the form you are using as examples above are not generated for BBS >>> (for the reasons you outline). See the following thread: >>> >>> https://github.com/w3c/vc-di-bbs/issues/84#issuecomment-1719859829 >>> >>> > Most of the commentary still applies to the approach being taken today >>> with Data Integrity Proofs, its just JSON-LD instead of XML. >>> >>> That's already been responded to here (at the bottom): >>> >>> >>> https://github.com/w3ctag/design-reviews/issues/850#issuecomment-1666291319 >>> >>> Your comments regarding how "green" an algorithm is have already been >>> responded to here: >>> >>> https://lists.w3.org/Archives/Public/public-credentials/2023Sep/0025.html >>> >>> -- manu >>> >>> -- >>> Manu Sporny - https://www.linkedin.com/in/manusporny/ >>> Founder/CEO - Digital Bazaar, Inc. >>> https://www.digitalbazaar.com/ >>> >> -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
Received on Monday, 18 September 2023 16:19:52 UTC