Re: [w3ctag/design-reviews] Review Decentralized identifiers (DIDs) (#216) from Manu Sporny on 2018-10-30 (public-webapps-github@w3.org from October 2018)

From: Manu Sporny <notifications@github.com>
Date: Tue, 30 Oct 2018 20:44:46 +0000 (UTC)
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/216/434461058@github.com>
> 1. We found ourselves struggling to work out what use cases you are trying to support. What is the user need?  When would I need a DID, and what would I do with it? It would be useful for our review if you would produce an explainer. (We've produced a [template](https://github.com/w3ctag/w3ctag.github.io/blob/master/explainers.md), which might be useful).

Yes, we can put this document together. What is the TAGs guidance where there are a very wide range of potential use cases? Would you rather see a specific one, or have us speak in generalities? A set of 2-3 use cases, or 10+ use cases?

For example, here's one for use of DIDs in the Corporate Identifier space:

https://docs.google.com/document/d/1wz8sakevXzO2OSMP341w7M2LjAMZfEQaTQEm_AOs3_Q/edit#heading=h.i145wu1x8b6x

... but that same document has some ones that are more exploratory than mainstream use cases:

https://docs.google.com/document/d/1wz8sakevXzO2OSMP341w7M2LjAMZfEQaTQEm_AOs3_Q/edit#heading=h.4dm04olljqqu

We also have a repository of 50+ papers written with Decentralized Identifiers in mind:

* [Rebooting the Web of Trust I: San Francisco (November 2015)](https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust)
* [Rebooting the Web of Trust II: ID2020 (May 2016)](https://github.com/WebOfTrustInfo/ID2020DesignWorkshop)
* [Rebooting the Web of Trust III: San Francisco (October 2016)](https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016)
* [Rebooting the Web of Trust IV: Paris (April 2017)](https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2017)
* [Rebooting the Web of Trust V: Boston (October 2017)](https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017)
* [Rebooting the Web of Trust VI: Santa Barbara (March 2018)](https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018)
* [Rebooting the Web of Trust VII: Toronto (September 2018)](https://github.com/WebOfTrustInfo/rwot7-fall2018)

I know that pouring through all of this documentation isn't what the TAG has in mind, so I'm trying to understand exactly what sort of summary you want to see (since the DID Primer didn't answer the questions you had wrt. use cases).

>    We didn't find those answers in your primer, since it starts from the explanation of what a DID is.  We would really like to understand the need from a user's perspective, which already exists in daily life, written in clear non-technical language.

Yep, we can do this.

> 2. Also, does the group have or anticipate a mechanism for interoperability with current content loading? 

If you mean "type the DID into the URL bar in a browser", then no, not at this moment. If you mean by anything that "lives on the Web", like server to server communication or in browser Javascript code that resolves DIDs via HTTP, then yes. I'm not certain I'm answering your question, though.

> What relationship to HTTP do you envision? 

HTTP may be used to:

* Resolve DIDs to DID documents (but not always).
* Provide new [DID-based Authentication mechanisms](https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/final-documents/did-auth.md)
* Provide new [DID-based Authorization mechanisms](https://github.com/WebOfTrustInfo/rwot7/blob/master/topics-and-advance-readings/capauth.md)

Note that there is also work on using W3C WebAuthn+DIDs to do authentication via the browser.

> The question of whether DIDs are actually compatible with the web may be different depending on how they interact with HTTP.  And if I were type a DID into a browser, application or user agent -- what would happen?

The general consensus in the group is currently: If everyday people ever see or need to know about DIDs, we will have failed.

DIDs are expected to be used much like IP addresses or content hashes. Developers will use them to build systems, but they are not expected to be bubbled up in the application stack any further than that. So, we suggest that they are not something that you type or enter into a browser, user application, or user agent.

Did that answer your questions?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/216#issuecomment-434461058
Received on Tuesday, 30 October 2018 20:45:09 UTC