DID Benefits

[nadalin]

"DIDs have benefits over more traditional URLs" this section says nothing about CONS like not being able to use the same DID across different implementations with different methods

[brentzundel]

I don't have a problem with adding potential CONS to the charter. Could you provide more examples?

[brentzundel]

In response to the specific CON you have suggested, I am not understanding how it is a CON. Conceptually, the relationship of the DID specification and a DID method specification is similar to the relationship of the IETF generic URI specification ([RFC3986]) and a specific URI scheme ([IANA-URI-SCHEMES] (such as the http: and https: schemes specified in [RFC7230]).

Pointing out that one is not able to use the same DID across different implementations with different methods is like pointing out that I cannot resolve an https URI using the imap URI scheme. Claiming that this is a CON would feel nonsensical.

Perhaps this conceptual relationship between the DID specification and and DID method specifications should be highlighted in the charter in order to clarify this better.

[nadalin]

@brentzundel because it may cause issues like, no interoperability between implementations that have different methods, may cause the user to have multiple DIDs since crypto may different or relationship may be 1:1 or 1:n

[brentzundel]

@nadalin I see. I've begun a PR to introduce these cons, but would appreciate any more you are aware of so that the section can be more complete.

[nadalin]

@brentzundel The other issue is crypto, since the charter just seems to be a data model proposal, the issue about crypto interoperability comes up where I generate an ID with one algorithm and now I can't use this with some sites since they don't support the algorithm, and now I have to generate a new ID and pretty soon I get a too many IDs to manage and not sure which one goes where

[msporny]

The success criteria in the DID WG Charter contains the following text:

In order to advance to Proposed Recommendation, each specification is expected to have ... a section detailing any known security or privacy implications for implementers, Web authors, and end users.

Also, note that the specification already contains those sections, which will be expanded during the WG's operation:

• https://w3c-ccg.github.io/did-spec/#security-considerations
• https://w3c-ccg.github.io/did-spec/#privacy-considerations

Those are the appropriate sections for concerns/cons related to specifications, not a W3C WG Charter.

Suggest we close this issue with no changes to the DID WG Charter.

[nadalin]

@msporny Then I suggest that you remove the statement in my initial post above

[jandrieu]

@nadalin But DIDs do have benefits over more traditional URLs.

That's the point.

If there weren't benefits, we wouldn't be doing all this work.

+1 to closing this with no changes to the charter.

[nadalin]

@jandrieu list the benefits then. They also have disadvantages.

[jandrieu]

The benefits are, in fact, listed immediately after the text you quote:

DIDs have various benefits over more traditional URIs:

• DIDs are controlled by individuals, organizations, and machines.
• DIDs enable cryptographic authentication of a DID controller (e.g., DID-based website login using a WebAuthn/FIDO token).
• DIDs provide discovery information for bootstrapping into secure and privacy preserving communication protocols (e.g., encrypted messaging endpoints).
• DIDs provide a path to service-agnostic data portability (including, but not limited to, switching between Verifiable Credential digital wallet providers).

Unless you have meritorious objections, I recommend closing this issue.

[peacekeeper]

@brentzundel The other issue is crypto, since the charter just seems to be a data model proposal, the issue about crypto interoperability comes up where I generate an ID with one algorithm and now I can't use this with some sites since they don't support the algorithm, ...

It's true that different DID methods may support different crypto, but you'd still have interoperability on the data model level. You could compare this to TLS where different implementations and configurations may use different cipher suites, but TLS as a whole is still standardized and interoperable across sites and implementations.

[brentzundel]

I think the best place for my PR #41 is in the spec, rather than in the charter.

[msporny]

The group discussed this on the 2019-07-02 call and agreed with the comments in https://github.com/w3c-ccg/did-wg-charter/issues/36#issuecomment-507453496. Closing.