search

w3c-ccg / did-wg-charter

An EXPERIMENTAL charter for the W3C Decentralized Identifier Working Group
https://w3c-ccg.github.io/did-wg-charter/
Other
10 stars 4 forks source link

Change language to not disallow DIDs based on centralized authorities #23

Closed kimdhamilton closed 5 years ago

kimdhamilton commented 5 years ago

There are different schools of thought on this topic, which is being discussed during the Thursday DID specification discussions. In one of these, the DID specification wouldn't preclude DID methods based on centralized authorities. This change reflects that, and is intended to address https://github.com/w3c-ccg/did-wg-charter/issues/16.

(Created during working session with @burnburn and @talltree.)

jandrieu commented 5 years ago

@kimdhamilton I think this language doesn't touch on the actual issue.

You suggest

DIDs may be controlled by individuals, organizations, and machines, so they are not required to be dependent on an external authority (e.g. DNS Registrars).

It is the fact that DIDs are not from a single central authority that assures independent control. This is a different issue than whether or not a DID method needs to be decentralized.

I think we'll need more consensus building before we figure out the best way to capture the fact of decentralization from independent methods without over-prescribing how those methods work.

kimdhamilton commented 5 years ago

This is intended to be dependent on that broader discussion happening in the Thursday meetings. I thought I hedged sufficiently above...

jandrieu commented 5 years ago

Yeah, it's just the causality got reversed. It isn't because they may be controlled by individuals, organizations, and machines that they aren't dependent on central registries. You can have ids "controlled" by individuals that are issued by registries. That's basically how DNS works. The previous draft was contrasting language rather than causal:

DIDs are controlled by individuals, organizations, and machines, not leased from an authority (e.g. DNS Registrars).

And historically, that "controlled" used to be "owned", so it was an even stronger contrast. Ownership proved problematic, though.

Actually, picking up on something @ChristopherA had said about keys, how about:

DIDs are designed to be created and controlled by individuals, organizations, and machines, not leased from an authority (e.g. DNS Registrars).

This doesn't address Tony's possible desire to promote centralized methods, but it does get to the heart of the motivation behind key-based identifiers rather than rented identifiers from root authorities, without precluding centralized methods. In fact, IMO, it would be great if current IDPs would let you attach a key to your account and access it by DID. These sorts of bootstrapping DIDs would likely ease the transition from the IDP defining your identity to user-held keys defining your identity. Facebook, etc., would just vehicles to look up a DID Document based on a traditional user account. Whether or not you pay facebook for that isn't an issue for me.

Perhaps switching to the design goal of creating & controlling instead of leasing smooths out some rough edges.

kimdhamilton commented 5 years ago

Closing; DID spec editors have an action item to define precise language