brentzundel
commented
4 years ago Recommend closing this issue as it seems to be a duplicate of issue #63
Open nadalin opened 4 years ago
brentzundel
commented
4 years ago Recommend closing this issue as it seems to be a duplicate of issue #63
nadalin
commented
4 years ago @brentzundel not a duplicate, this was raised on the draft charter and never addressed and this is on the proposed charter, and this includes 2 sections of the charter in question whereas #63 was just the later part.
ChristopherA
commented
4 years ago The decision by W3C-CCG to include a non-normative, self-certifying rubric document as part of the DID-WG charter deliverables was already part of the compromise to address Anthony's other objections by those who feel that we are moving too far away from the "decentralization" in Decentralized Identifiers. As Anthony has not been active in the CCG activities nor was involved in the compromise discussion in the CCG, many felt this compromise already was too generous and did not represent the will of the larger CCG community.
Removing this document puts at risk a number of currently non-W3C sub-communities of developers (such as blockchain developers) that desire to contribute to the DID-WG standards process. These communities and individuals would likely depart from the W3C process if W3C is not committed to decentralization, which would be demonstrated by not supporting this document as a work item.
As a co-chair of the CCG, I believe I speak for the other co-chairs and for the larger decentralized identity community that removing rubrics could sabotage the success of DID Working Group.
-1 on this proposal.
-- Christopher Allen (co-chair W3C Credentials CG)
stonematt
commented
4 years ago Recognizing that "Decentralized" is in the title of the specification and the working group and that decentralized as a concept may be implemented to varying degrees on a spectrum between decentralized and centralized, it seems entirely appropriate for the group to help normalize the language and understanding of "how decentralized is this". I'm strong +1 to keep this in the charter.
csuwildcat
commented
4 years ago I'll repost an extended recitation of my overarching question here to try and better understand the strategy behind including this non-normative work item as an actual activity/output of the WG:
I'd argue (and would be honestly surprised if folks didn't agree) that I am probably the most radically pro-decentralization person on this thread. But even I, the libertarian Voluntaryist who passionately disdains authoritarian/centralized power of all kinds, can't figure out why adding an inherently vague, non-normative rubric requirement to this spec is an intelligent strategy for our shared goal. Ironically, if I personally (stepping outside of being a MSFT employee) was to define "decentralization" in the context of DIDs, I would happily write in language to this rubric that negatively flags many of the approaches I see in the current ecosystem of implementations (even some of the more well known ones) for what I believe are significant, foundational centralizing components of their architectures. (but to be clear: I wouldn't do that, because I don't want to offend good, well-meaning people who have done generally great work in this space)
All that to say: folks, as a person who is 100% on the side of decentralization, what is this really doing other than making life harder for us? If it's non-normative, no one who actually implements a DID Method has to give a single lick what it says, and 99.99% of people will never even know it exists. Further, if we do it, and it sufficiently downgrades approaches that are more centralized (even if rightly so), will it generate a tide of opposition/blockade by W3C members who may not have opposed us if we hadn't? I'm just asking why we're playing what seems to be non-normative checkers instead of thoughtful, strategic chess.
I could be wrong about everything I wrote above - this set of rubrics could be the non-normative garlic that repels the vampires of centralization in powerful ways, but as a rational person who has sat and thoughtfully considered the game theoretical outcomes of each route, I doubt it. Happy to be convinced otherwise.
brentzundel
commented
4 years ago The addition of a rubric for decentralized characteristic arose in response to this previous issue. The question was appropriately asked, "what makes a DID decentralized?" It was also pointed out that mandating decentralized roots of authority for DID methods will be outside of the scope of the DID specification, i.e., there will be no way to prohibit "did:facebook," for example. What the rubric will enable is a systematic and agreed-upon way to say "I disagree with 'did:facebook' for the following reasons." The reason keeping the rubric as one of the deliverables of the DIDWG is so important, is because without it, we may lose the concept of decentralization entirely. The DID data model itself will not be able to normatively require that any did methods adhere in any way to the principles of self-sovereign identity. At a minimum, the rubric will provide a means for evaluating did methods. It may be that a different deliverable which accomplishes this same goal would be preferable to a rubric, but no other deliverable has been suggested. If we remove the ability of the WG to define what they mean by decentralized, then we essentially remove the notion of decentralization as a primary desired characteristic of DIDS, which would then open up DIDs to the argument that such identifiers provide nothing new and therefore shouldn't be worked on at all. The fact that a DID is an Identifier that is decentralized is important. The decentralized aspect of DIDs is core to the new capabilities they provide.
csuwildcat
commented
4 years ago What the rubric will enable is a systematic and agreed-upon way to say "I disagree with 'did:facebook' for the following reasons."
The DID data model itself will not be able to normatively require that any did methods adhere in any way to the principles of self-sovereign identity. At a minimum, the rubric will provide a means for evaluating did methods.
I was under the impression (from my chat with @jandrieu) that we wouldn't be adding explicit evaluation facets (which I actually like on a personal level), and instead the rubric would be a series of high-level questions. This was the doc I was directed to examine: https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/topics-and-advance-readings/rubrics.md
Following on, are you saying these rubrics can include things like:
Are you saying the rubric can include the type of specific examples above to determine inferred decentralization demerits? Again, as an individual, speaking completely on my own, I would personally love to distinguish DID Methods/networks in this way, but surely folks realize this will be contentious for any of the DID Method/network approaches the rubrics calls into question, right? I'm just weary of turning passive observers into active opposition, that's all 🤷♂️
jandrieu
commented
4 years ago I don't know what you mean by "explicit evaluation facets" but any question that allows one to evaluate an aspect of how decentralized a DID method is, is fair game. The point is to provide a straightforward set of questions that anyone can use to evaluate whether or not a particular DID method meets their needs wrt to some benefit provided by decentralization.
This does not bubble up to a singular score reflecting how decentralized a method is, nor can one even determine whether or not any particular answer is "good". The goodness of a particular answer depends entirely on the appropriateness of that question to the use the evaluator is considering.
Case in point: BTCR (and other BTC DID methods) are going to score horribly on network governance (how the rules of the underlying network are managed). That's just a fact. Satoshi intentionally made governance hard, so if open, transparent governance by known, accountable entities is important to you, then BTCR is going to take a hit on your evaluation. On the other hand, if you see governance mechanisms and governors as an attack vector, then you may very well LIKE bitcoin's ill-defined governance.
As Christopher Allen has pointed out, it is inevitable that these questions are going to be mutually exclusive. For example, by some arguments, you can't be fully decentralized when you have a singular global ledger.
The point of the exercise is to put in terms that other people can evaluate, exactly what about decentralization motivated this community to put the effort into DIDs. So, if you, @csuwildcat have a question that would illuminate a facet of decentralization that YOU care about, we want to include it.
csuwildcat
commented
4 years ago Pokémon voice "A wild Rubric Conflict appeared!"
I'd argue for the exact opposite question/evaluation language for this example:
Case in point: BTCR (and other BTC DID methods) are going to score horribly on network governance (how the rules of the underlying network are managed). That's just a fact. Satoshi intentionally made governance hard, so if open, transparent governance by known, accountable entities is important to you, then BTCR is going to take a hit on your evaluation.
The fact that nodes, not some cabal of governance authorities, decide the network rules of robust public blockchains is a massive advantage that aids in maintaining the decentralized state of their networks. This was made eminently clear during the Congressional hearings about Libra: when they wanted to pressure the principal authorities who control the Libra network rules, they simply sent a demand letter to David Marcus at Facebook's corporate address. For some reason they haven't bothered doing the same with Mr. Nakamoto, to express their concerns about his network 🤔
jandrieu
commented
4 years ago Yes. That's exactly what I said:
On the other hand, if you see governance mechanisms and governors as an attack vector, then you may very well LIKE bitcoin's ill-defined governance.
To you, that question's positive valence is inverted relative to some people's desire for clear and transparent governance. THAT's the whole point of the rubric(s)[1]. The questions do not stand in judgment, they ask questions which give illumination so that the evaluator can stand in judgment based on their own use cases, priorities, and politics. The rubrics are a judgment free scalpel, which only attains moral authority when wielded by an evaluator considering a specific set of desiderata.
[1] Is it plural or is it one rubric with a bunch of questions? I don't know, but we should decide one way or the other.
csuwildcat
commented
4 years ago So let me get this straight: we're either going to allow two questions about the same topic/issue, like the example you introduced above, which can be worded differently to argue for the exact opposite conclusion simultaneously, or we're going to craft one question that deftly argues both directions in the same breath - and we're going to do all this without: 1) people throwing fits and gridlocking over the connotations, and/or 2) generating angst in any parties who may feel the questions have been skewed against them, then subsequently act against our efforts?
Again, I understand the goal, and even like the idea of (ahem - PC voice) sorting the wheat from the chaff, so to speak, but I definitely think we're opening a can of worms that makes stamping a CR on the data format that much harder. It could either go relatively OK, or it could be highly contentious and cause us a slew of headaches from external parties. I honestly hope the former, but the latter scares me a bit.
Since the charter does not include actually defining DID methods and is only defining mandatory operations and since the data model is driven from the usecases that the WG derives it seems out of place and potentially limiting the usage and deployment of DIDs by specifying a “rubric” as URLs (RFC 3986) have no rubrics attached to them neither should these identifiers as they are just identifiers. Suggest that “rubrics” creation be removed from the charter and if there is interest in doing this it be done outside the W3C DID WG (i.e. Decentralized Identity Foundation) and let the usecase drive and not limit how these identifiers will be used.
This deliverable does not foster transparency or inclusivity that anyone can use this identifier per their usecase.
REMOVE the following from the charter: “Recommend a rubric of decentralized characteristics for DID Method specifications. This allows the DID Method specifications to self-certify, or independent third parties to evaluate, the DID Method specification's level of adherence to principles of decentralization.
“Decentralized Characteristics Rubric v1.0 The Working Group will develop a rubric of decentralized characteristics for DID Method specifications. This rubric will provide reference points according to which a DID Method specification may self-certify, or an independent third party may evaluate, the DID Method specification's level of adherence to principles of decentralization.”