Re: Relationship between WebID and DID (documents)

st 29. 11. 2023 v 17:15 odesílatel Pierre-Antoine Champin <
pierre-antoine@w3.org> napsal:

> Dear all,
>
> this has been on my mind for a while, but what triggered this email is
> Jacopo's recent ping [1] to the Solid Community.
>
> Disclaimer: I have not been following closely the activity of the WebID
> CG, so apologies if I am rehashing a discussion that already happened, or
> inappropriately throwing a cat amongst the pigeons.
>
>
> Solid is highly relying on WebID, to the point that it was consider, in
> the first charter proposal, to adopt WebID as a deliverable of the future
> Solid WG [2]. But in the spirit of improving our charter proposal, and to
> respond to the TAG's (and others') concerns, we need to show that we are
> not stuck on a specific solution, and taking into account what exists
> elsewhere, in particular in other W3C WGs.
>
> Reading the abstract of the WebID spec [3]:
>
> > A global distributed Social Web requires that each person be able to
> control their identity, that this identity be linkable across sites -
> placing each person in a Web of relationships - and that it be possible to
> authenticate globally with such identities.
>
> While the abstract of the DID recommendation [4] states:
>
> > Decentralized identifiers (DIDs) are a new type of identifier that
> enables verifiable, decentralized digital identity. A DID refers to any
> subject (e.g., a person, organization, thing, data model, abstract entity,
> etc.) (...) the design enables the controller of a DID to prove control
> over it without requiring permission from any other party. (...)
> Furthermore, WebID and DIDs have in common that both can be dereferenced
> to a document describing the entity they identify, and that this document
> is Linked Data -- although for DIDs, it is bound to be (a very constrained
> form of) JSON-LD. Note also that the Verifiable Credentials WG is working
> on the notion of Controller Document [5] -- in my understanding, this is a
> generalization of DID documents, focused on the needs of VCs, and *not*
> necessarily retrieved from a DID.
>
> So, here are a few thoughts :
>
> * some people might argue that WebID is trying to solve a problem for
> which we already have a W3C standard (namely, DID); they might be
> encouraged in this thoughts by the similarity between both abstracts, and
> by the fact that WebID largely predates DIDs (and could be seen as an early
> attempt, now superceded). If we disagree, we need to clarify why WebID are
> still needed.
>
> * one possible argument to continue using WebID instead of DIDs is that
> WebIDs are more straightforward, being HTTPS URIs, while DIDs introduce a
> level of indirection via DID methods. A counter argument would be: "use the
> did:web method [6], you will combine the convenience of HTTP with the
> extensibility of DIDs". (I know that a did:solid method [7] was also
> considered, but I don't know how it differs from did:web)
>
> * regardless of the outcome of the previous points (keep using HTTPS
> WebIds vs migrate to did:web DIDs), the similarity between WebID documents
> and DID/Controller documents should be acknowledged. Note that the
> differences should also be emphasized: WebID documents are usually expected
> to contain identifying information about the subject (name, contain
> details...), while the general advice for DID document is to contain
> minimal information (if any) beyond the criptographic material required to
> prove control over the DID. I do not consider these difference to be
> ingerent incompatibilities, I believe they stem from focusing on different
> use-cases. DIDs are focusing on scenarios where privacy / pseudonymity is
> important, so a user is expected to have several DID, and want them to be
> unlinkable. WebIDs are focusing, on the other hand, on reusing a single
> identity across several services (linkability being a feature, not a bug).
> But both solutions could be used in both categories of use-cases.
>

Other way round.  The scope of solid is too broad.  DID spec is a
controversial spec with multiple, formal objections from major W3C players,
against it.  Inclusion of DID in the charter will almost certainly lead to
legitimate formal objections down the line, which is an unnecessary risk.
WebID is a perfectly good standards compliant identity system, and it's
going to be more than enough work to standardize that, in this WG.


>
> To conclude: my goal here is not to dismiss anyone's work, but to try and
> clarify our position w.r.t. other (published or in-progress) W3C standards.
> This will be useful for chargering the Solid WG, but this is a good thing
> to do in general, IMO.
>
>     best
>
>
>
> [1]
> https://github.com/solid/solid-wg-charter/issues/39#issuecomment-1829420164
> [2] https://github.com/solid/solid-wg-charter/issues/39
> [3] https://www.w3.org/2005/Incubator/webid/spec/identity/
> [4] https://www.w3.org/TR/did-core/
> [5] https://w3c.github.io/vc-controller-document/
> [6] https://w3c-ccg.github.io/did-method-web/
> [7] https://solid.github.io/did-method-solid/
>