w3c-ccg / did-wg-charter

An EXPERIMENTAL charter for the W3C Decentralized Identifier Working Group
https://w3c-ccg.github.io/did-wg-charter/
Other
10 stars 4 forks source link

Are there any strong use cases? #10

Closed sandhawke closed 5 years ago

sandhawke commented 5 years ago

It remains unclear to me what DIDs can do that can't be done much simpler by https URLs and/or public keys. It remains especially unclear what purpose blockchain technology serves in any of this.

I read some of the use cases document, but I didn't see any that actually justified this work. A proper use case should tell a story of a problem being solved by DIDs that isn't reasonably solved without them. The ones I read were not doing that at all. They were fairly vague, talking about some problem around identity or decentralization, and suggesting that somehow DIDs would help.

A use cases document should not waste the reader's time with any stories that do not hold water, but for now I'd be okay with a pointer one that does. It should tell me about a realistic situation where someone would reasonably put in real effort or money to be able to use a DID, because it really solves their problem, and does it better than alternatives.

If I sound a little grumpy here, it's because this is not a new request. https://github.com/w3ctag/design-reviews/issues/216

sandhawke commented 5 years ago

I've been trying without success to address this issue myself.

Here's why it's hard, I think:

  1. A DID is an identifier which includes a mechanism for securely obtaining certain additional associated data. In various protocols & formats, one might encounter a DID, and then, yay, one can securely find the associated data (like end-point URLs for various interactions, etc).
  2. In any of those protocols & formats, I expect, instead of using a DID, one could instead use a normal identifier, and also include that associated data. This is generally simpler.

In other words, whatever you're trying to do with a DID is probably simpler without it.

Following this logic, two cases where this doesn't necessarily hold:

A. If the data is being passed around through untrusted channels. But in that case, including some kind of digital signature technology is probably still a simpler solution. Maybe if this happened a lot, a DID would be an elegant way to factor out that common tech. Does this happen a lot? Is there a system where aggregated signed data is passed around, that might be able to use DIDs instead?

B. If the protocol or format has to no way to carry additional data. Are there real cases of this, where someone want this functionality? In general, the places where I can think of identifiers being used are metadata/KR formats, where additional data can be easily included.

So, what am I missing? What's a situation where using a DID is super helpful?

Drabiv commented 5 years ago

DIDs distinguishing promise is to enable digitally sovereign and everlasting (undeletable) identities.

We need such everlasting and sovereign identities for the long-term high stakes cooperation, for example: storing and transferring money (blockchain-based tokens); signing digital documents that represent property or political rights, contractual obligations, etc.

Here is a use case, describing one of such high stakes cooperation projects (The United Humans project) - https://docs.google.com/document/d/1wz8sakevXzO2OSMP341w7M2LjAMZfEQaTQEm_AOs3_Q/edit#heading=h.8y5okfv1x2gg

The United Humans is just one potential example of a long term and high stakes cooperation projects. There are many more cooperation projects, processes and events where longevity and sovereignty of the identities that take part in them is desirable, highly desirable or required.

sandhawke commented 5 years ago

Thanks for the response @Drabiv (here and on twitter).

To my eye, the "United Humans" entry is more of a problem space or project idea, with many different aspects, than a specific use case. Maybe we can narrow it down to one specific problem within that space? Let me try narrowing it a bit.

I see the description talks about money. What does United Humans propose to do with DIDs to enable commerce, or whatever it is with money, that BTC, ETH, etc, do not provide? Those communities don't seem to be wanting DIDs; what specific problem would DIDs solve that they do not?

Or maybe it's simpler to stay away from commerce and dig into "humane social networking". What would DIDs provide that ActivityPub (eg Mastodon) or IndieWeb (eg Known) or Diaspora or whatever do not provide? I haven't heard those communities asking for DID either. What current or anticipated problem in humane social networking tech is solved by DIDs?

Drabiv commented 5 years ago

What does United Humans propose to do with DIDs to enable commerce, or whatever it is with money, that BTC, ETH, etc, do not provide? Those communities don't seem to be wanting DIDs; what specific problem would DIDs solve that they do not?

The successful funding of the organization of the United Humans depends on its ability to directly and continuously distribute its money (the UH blockchain token) to people in a fair way (equally to all people who wants to participate in the distribution). To establish this direct, continuous and equal distribution of money we need sovereign digital identities that uniquely represent humans.

BTC, ETH communities do not require identities as they are primarily focused on trade (short-term, one-time cooperation) and hoarding. Unlike them The United Humans community needs identities for the continuous distribution of money to identities that can accrue and maintain "unique human" reputation (proved to uniquely represent living human individuals).

Or maybe it's simpler to stay away from commerce and dig into "humane social networking". What would DIDs provide that ActivityPub (eg Mastodon) or IndieWeb (eg Known) or Diaspora or whatever do not provide? I haven't heard those communities asking for DID either. What current or anticipated problem in humane social networking tech is solved by DIDs?

Actually, humane social networking service has more to do with understanding psychology of digital social networking, answering questions "Why people hate current social networking experience? Why current social networking is "inhumane"?". It is not directly related to DIDs. DIDs enable the funding of The United Humans, that can be used to build humane social networking service, either using decentralized technology (like ActivityPub or SOLID) or traditional centralized web technology. In this case, IMO decentralization is not crucial.

sandhawke commented 5 years ago

Okay. It sounds like this is a scenario where DIDs would be useful:

  1. Alice wants to donate N Satoshi per day to each of the residents of her small home town.
  2. On a visit, she collects the DIDs of several people in the town, people she trusts.
  3. She asks them to help her maintain a list of DIDs of each person in the town, one DID per town resident. They do this by linking from their own DID documents to a list of DIDs and names and other disambiguation info (like name, address, birth date, parents), which they each maintain. The disambiguation info allows Alice to merge all their lists and avoid duplicate residents. In that culture, this is not a privacy issue.
  4. If people have a preferred BTC address in their DID document, she makes her donation there each day. (I'm assuming a future where BTC transaction costs are small again.)

In this situation, DIDs are one step removed from BTC addresses, which allows people to change their addresses, and maybe change which cryptocurrency they are using. That seems somewhat useful, I guess. They could change that info anyway, but this way they can change it without talking to their friends around town.

A bigger advantage is the social/identity mechanism allows Alice to securely learn and manage the BTC addresses of people she's never met. If someone lost their DID, they could presumably get another one by talking to enough of Alice's friends in the town. I'm not quite sure the advantage here over HTTPS URLs; I guess it's that DIDs can be more secure; HTTPS URLs have a significant attack surface these days.

Okay. So this does look like a scenario where DIDs would add some value. It's a far-fetched scenario, and the value isn't enormous, but perhaps there's a more realistic scenario that's very similar which will occur to someone, and while the value isn't enormous, it's concrete enough to actually debate.

(This is, IMHO, the kind of detail needed for a Use Case.)

Drabiv commented 5 years ago

@sandhawke thanks for the comment and "Alice-Bob" interpretation of the UH use case. I think you are wrong in the perception of a few properties of this use case, which lead you to the wrong interpretation the use case over all. I'll shortly comment a few of yours quotes that I think are wrong (and hopefully, tomorrow I'll write mine Alice-Bob interpretation of the UH use case).

  1. Alice wants to donate N Satoshi per day to each of the residents of her small home town.

All small towns are connected to other towns/communities via many, many edges. Hence, if Alice can distribute money in her own town she can distribute them globally as well. (If she would want to do this is the another question.)

  1. ...They do this by linking from their own DID documents to a list of DIDs and names and other disambiguation info (like name, address, birth date, parents), which they each maintain. The disambiguation info allows Alice to merge all their lists and avoid duplicate residents. In that culture, this is not a privacy issue.

Disambiguation info would help, but it is not strictly required. Certainly, information like address, birth date, parents names, legal names are not required. People need to disclose only that information that will help their social group to recognize and vouch for them. This is the information that people already commonly share on Facebook, Twitter - name by which they are know to their social group, image of their face. This information disclosure is OK, practically everywhere now. Some people with strong web-of-trust will be able to get away without disclosing their face image.

4. ... (I'm assuming a future where BTC transaction costs are small again.)

Just a side comment, the lightning network is already on BTC main net - so we can say that this future has already come.

In this situation, DIDs are one step removed from BTC addresses, which allows people to change their addresses, and maybe change which cryptocurrency they are using. That seems somewhat useful, I guess.

The main point to have identities is to be able to accumulate reputation on this identity (collect documents signed by other people, vouching for your identity to uniquely represent you). The convenience of addresses change is a minor benefit indeed.

It's a far-fetched scenario, and the value isn't enormous...

Your scenario is indeed far fetched, and the value is practically nonexistent. As for the United Humans, its use case, as of now, is futuristic, but not far fetched. If we have The United Nations to protect our peace and rights, why can't we have The United Humans to do the same only in more direct and transparent way, without or with less intermediaries? I think the need for such organization is obvious. And if it is, if this the need for such organization exist indeed, how can it be created? In the long run, such organization, can function only based on the technologies that enable digital sovereignty. One of such technologies is Decentralized Identifiers. Hence, the need for Decentralized Identifiers specification is justified at least by the UH use case.

Regardless of the UH use case, in general, we need or highly desire to have DIDs in any high stakes long-term cooperation situations. And when we have well executed DIDs solutions for high stakes situations, then we can use them for other lower stakes situations, bringing additional, security and privacy there as well.

sandhawke commented 5 years ago

Regardless of the UH use case, in general, we need or highly desire to have DIDs in any high stakes long-term cooperation situations.

My goal here is to get someone to make a solid case for why DIDs are useful. Without that, I don't think a WG can be chartered. You put forward the UH use case as potentially a solid one, and I think it is the most solid I've seen so far (as I interpreted it). We can't take the strongest one, say sure it has problems, but that's okay because there are others. No, the strongest case must be laid out, and if it's not strong enough, then the case fails and I would not expect a DID WG to be chartered.

All small towns are connected to other towns/communities via many, many edges. Hence, if Alice can distribute money in her own town she can distribute them globally as well. (If she would want to do this is the another question.)

Sure, but that makes the use case more complicated. It's important that we simplify to the point where basically any senior developer could understand exactly how it will work. There should not be gaps in the story where the reader can't tell if that part of the technology will work. Connecting every town raises a lot of questions about scaling that we can avoid by just applying it to a "small town".

Not every W3C charter meets the bar where I'm describing it, but I think there's enough earned skepticism around URIs-to-identify-people and blockchains for W3C to be especially careful here.

Disambiguation info would help, but it is not strictly required.

Interesting. Yes, I thought it would be, but on second thought, perhaps not. Here's a revised version without out. I also took out the BTC.

  1. Alice wants to donate $x per day to each of the residents of her small home town.
  2. On a visit home, she picks two people to be her representatives, Sam and Terry. She has faith they will not conspire against her. If she didn't, she could pick additional representatives. As long as one of her representative remains honest, the system will be secure.
  3. Sam and Terry have the job of independently gathering a list of DIDs of everyone in the town. (They should also try to make sure townspeople have information in their DID document which allows them to accept monetary donations.)
  4. Alice looks at the lists from Sam and Terry. She make her donation to anyone (really any DID) who appears on both lists and has donation information in their DID documents.
  5. If any DID appears on only one list, Alice points this out to Sam and Terry, asking them each to confirm whether this person is a town resident. If there is a longstanding lack of agreement, she can return to the town and figure out what's going on.

An interesting aspect of this is that individuals have to be strongly associated with their DID, so that Sam and Terry use the same one for them. In today's world, if you did this with email addresses, it would often fail because someone would give one of their email addresses to Terry and a different one to Sam.

This does raise the question of what happens when someone wants to change DIDs. Perhaps the assumption is that no one should ever have to do that or rationally want to do that, so it's okay if changing DID is a very slow and expensive operation. In this case, changing DIDs without missing a payment would require talking carefully to both Sam and Terry, and coordinating the day of the change.

I should also say, what I'm laying out in 1-5 above isn't exactly a use case. The use case is something like "Alice wants to donate $x per day to each member of a group. She isn't able to track who is in the group, but she has representatives who are. She doesn't trust any one of them sufficiently, so she needs a system where untrustworthy representatives end up combining to form a trustworthy system." That's a problem that is looks like DIDs could help with, etc, etc. Hopefully folks can come up with someone more compelling, though.

jandrieu commented 5 years ago

The current best draft is at https://w3c-ccg.github.io/did-use-cases/

It's still a rough start, but I think it should address your requirements. I'd appreciate any feedback you might have.

sandhawke commented 5 years ago

Thanks @jandrieu - so much better than what was linked from the charter.

msporny commented 5 years ago

so much better than what was linked from the charter.

Charter has been updated to point to the document @jandrieu noted above in https://github.com/w3c-ccg/did-wg-charter/commit/d3a2ae0856f23a354047dc840d3d180ef84f03a5.

sandhawke commented 5 years ago

They could perhaps be stronger, but they no longer strike me as a major problem, so I'm closing this issue.