jandrieu
commented
6 years ago @dlongley I'm not sure what you're getting at with LD Signatures and the "owner" property. With all respect, that's an emergent draft that isn't on the W3C standards track https://w3c-dvcg.github.io/ld-signatures/ . Although it is a fine foundation for our work, I have a hard time with an argument that a current draft of a non-standards track spec should be read in as "required" and immutable. I would like to think that any lessons learned in the CCG would fold into the next iteration of LD Signatures. Which is to say if we've figured out a clearer, better way to name things, I hope the LD Signatures spec will consider it for adoption.
You make the argument that "The "owner"/"controller" property is on the key, not the DID", but the section on "Binding of Identity" (7.2) makes it fairly clear that "owner" is about DID itself, the identity referred to by the DID, and the key. It is precisely this kind of catch-all use of "owner" and "identity owner" that creates ambiguity and leads to confusion. You can't use a term in one place as glue that holds it all together, then later argue that you only mean it in a limited, single way.
You also say "I don't expect most software developers to see a significant difference between any of those terms." I agree. This is the bane of the industry and the focus of my core work on identity in the last few years: helping all of us speak more clearly and more rigorously because the unrigorous vernacular we use in the industry makes it nearly impossible to have meaningful conversations outside the identerati and those indoctrinated into the jargon-driven tech world. And even within that world, people keep chasing incomplete and unsatisfactory solutions because they build before they fully understand the scope, consequences, and subtlety of how identity manifests, both digitally and in the real world.
IMO, this is precisely when we should lock down this distinction, before we start more widely promoting the work and confusing even more people.
Also, it should be noted that DID ledger implementations are moving forward and will be ahead of even the creation of a WG at W3C. This is quite often the case for standards; a standard isn't always (some may even say rarely) done and out the door before anyone implements it.
That is exactly correct. The specification is not finished. The implementations are not finished. Both will continue to change and both should expect to handle those changes. Certainly, you aren't arguing that Digital Bazaar's implementation should be accepted whole hog without debate or improvement. (I trust your character, Dave. I know that's not what you expect.)
Figuring out how to create a specification that combines the best of what we all bring to the table is why we are here. Of course there will be changes. The question is whether or not we--as a collaborative conversation--are willing to learn from well over a decade of hard-earned lessons on identity from the user-centric identity movement or if we're going to arbitrarily defend early iterations because the initial proof of concepts implemented their version a particular way.
For a great example of the difficulty with "ownership" as a term of consensus, especially wrt identity, there's probably no better reference than the progress-halting meltdown of this conversation: https://github.com/WebOfTrustInfo/self-sovereign-identity/issues/6
Property, and therefore ownership, is a result of the social contract. Until one yields personal power to the public good to protect property from arbitrary theft, possession--not ownership--defines who gets to use what resources. Property and ownership proceed from the social contract and therefore depend on the yielding of sovereignty to social institutions.
In contrast, identity, like language, is innate to human cognition. It predates the social contract and, in fact, may even be necessary for it. Any system that subjugates identity to the social contract robs the individual of fundamental freedoms. Since identity both predates and precludes strict notions of ownership, architectures which depend on "ownership" as a model for individual agency are deeply flawed.
In contrast, "controller" is precisely functional and carries no baggage of the social contract nor human cognition. Either you can control a thing or you can't. It's clear, simple, and free of political and emotional baggage.
Since the specification is to enable functional use of DIDs rather than advocate a political or ideological argument for or against identity ownership, I think we'd do better to use the functional term "controller" rather than the loaded and controversial term "owner".
I also believe it will have a much better chance of earning the support of a wider audience in the W3C and the non-technical world now diving headlong into building, regulating, and using digital forms of identity.
msporny
ChristopherA
OR13
dlongley
mwherman2000
dmitrizagidulin
rhiaro
In addressing #101, it was clear that ownership and owner were used throughout despite the problems cited in the issue: namely that proof of control does not establish ownership, just control.
This PR adjusts the language from owner to controller for better accuracy and understandability, both in the spec-text and in the field name.
Preview | Diff