Open wyc opened 3 years ago
I think we should check with people already working on x509 systems -- I believe an x509 method was promised to be registered in the method spec registry this month, I'll chase that up
We use X.509 infrastructures in our VC ecosystem and we don't need DIDs for this. Since X.509 and the web are already widely in use, why introduce DIDs and blockchains to slow down implementation and adoption? Its not necessary.
@David-Chadwick a few points:
Why would anyone use DIDComm? Its an experimental, complex specification that is years away from becoming a standard, The message spec is only a personal IETF draft that has expired. OTOH, client server using OIDC-SIOP, with the VP extensions that are currently being defined, is much more likely to succeed as the VC protocol. It has a low learning curve and barrier to entry, as OIDC is already widely deployed.
Those are all good points that may be more constructively directed at the DIDComm and SIOP working groups. I’m also aware that the current SIOP revision is intended to provide facilities for both VCs and DIDs, e.g. use of DIDs as a cryptographically verifiable identifier.
https://openid.net/specs/openid-connect-self-issued-v2-1_0.html
In this thread, any additional comments about the proposed implementation are still welcome.
There's a draft did:x509 spec out with two implementations (Python and C++). Would be great to get some more eyes on the spec for extra scrutiny before registering it . (Disclaimer: I'm one of the authors of the spec.)
@letmaik looking for spec contributors too? :)
@wyc Absolutely!
FYI per a conversation with @letmaik in January, the Trust Over IP Foundation is continuing work on the previous draft specification through the X.509 VID Task Force, which I co-chair.
Relevant links, for those interested:
We are encountering users who want to utilize traditional CA infrastructure in conjunction with DIDs/VCs. A DID method may be an appropriate way to ensure this interoperability.
I think an ultimate demo of this would be X.509-based DIDs talking to
did:onion
-based DIDs over TorGap as per https://github.com/spruceid/didkit/issues/68Possible examples of DIDs based on X.509:
The finger/thumbprints (md5/sha1/sha2) can be defined as per:
Uncurated and undirected dump of prior and related work: https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/topics-and-advance-readings/X.509-DID-Method.md https://www.researchgate.net/publication/342027346_Distributed-Ledger-based_Authentication_with_Decentralized_Identifiers_and_Verifiable_Credentials https://hyperledger-fabric.readthedocs.io/en/release-2.2/identity/identity.html https://arxiv.org/pdf/2003.05106.pdf https://www.ndss-symposium.org/wp-content/uploads/diss2019_05_Lagutin_paper.pdf https://github.com/WebOfTrustInfo/rwot1-sf/blob/master/draft-documents/Decentralized-Public-Key-Infrastructure-CURRENT.md https://arxiv.org/pdf/2004.07063.pdf
This would be a good candidate specification for a CCG work item.