Avatar
Mike Brock 2y ago šŸ’¬ 52

Come to realize one of the reasons people don't get DIDs, is they think they're just glorified pubkeys, or they're glorified decentralized Apple Wallets. This is just a wrong mental model.

The way to think about what DIDs and Verifiable Credentials from an engineering and application developer perspective, is to view them as a wholesale replacement for DNS and Certificate Authorities. They decentralize away from ICANN.

They are a new universal identity layer for the internet. But because they are open an extensible protocols, we can do everything from validate that website is legitimately owned by a company or individual. Or they can be used to model a driver's license, where a government agency issues the credential. The protocol doesn't care.

I think people who think they're "too complex" and add nothing that pubkeys don't, haven't thought too deeply about the totality of problem of identity on the internet, and are likely taking DNS (a highly centralized form of identity) for granted. When they probably shouldn't.

Reply to this note

Please Login to reply.

Discussion

Avatar
simulx 2y ago

I think it could have been made a lot easier

and I think an identity layer might wind up being built on top of NOSTR instead

Avatar
Ryan 2y ago

Some of us are working on just that šŸ‘€

Avatar
simulx 2y ago

where?

Avatar
Mike Brock 2y ago

I repeat my claim that people who casually say this, haven't carefully thought through the problem. Particularly the problem of DNS. DID addresses this problem, and even has the concept of DID-relative URLs.

Avatar
simulx 2y ago

But I have thought through the problem

and I've made concrete proposals to nostr

It's merely a set of signed structured claims and a set of signed structured certifications of those claims

and since every event is signed and is unique then we can not worry about the signatures and just use events to create structured claims and certifications of those claims

Avatar
Mike Brock 2y ago

Can you articulate why you think DIDs and VCs are a bad solution in technical terms?

Avatar
simulx 2y ago

I articulated precisely what was needed for a pki infrastructure. can you articulate in technical terms how DIDs and VCs satisfy that and only that?

Avatar
simulx 2y ago

indeed the embedding of proofs just makes dids broken, imo

The whole system is based on a premise of identity that isn't necessary for anyone in this ecosystem

Avatar
simulx 2y ago

The entire system was authored without actually thinking about what people needed or wanted and instead it was authored with a series of intents instead of coming from industry coming from protocol designers

The proper way to build a protocol is to observe what's happening in the wild in the chaos of something like an NOSTR and then look what most people are doing and codify it so that new people coming on board can be compatible

Avatar
simulx 2y ago

in nostr anyone can publish a structured event with some public claims

anyone can respond to that event with public structured assertions of those claims

the absurd notions of privacy in the did system and the insistance on using xml reflects everything wrong with the w3c

Avatar
Melvin Carvalho 2y ago

YES!

- the data types are inhertied from XML (xsd)

- there is no first class JSON form

- so-called unregistered terms require a hack

- everything is a Set so arrays can have dups

- arrays are incredibly complex to do

- nested json is hard

- blank nodes in nested json are harder

- circular nested references is an intractable problem

- you inherit a strange language type model form RDF/XML

- you inherit strange datatypes

- the matching of the canoncial form isnt guaranteed

- the so-called Did Document has the wrong range

- it has http dependencies

- it has dependencies on w3.org

- it has dependencies on w3id.org

- w3id.org is a federation nothing to do with w3.org

- it has a problem with httprange14

- relative links are a mess, this will end up being the biggest problem

- it has over 100 methods, how will you support it

- it is largely gate kept by alt coiners

- it is still missing schnorr signatures after 4 years

This is just a 5 minute brain dump, I could probably double that list

Avatar
Mike Brock 2y ago

I believe you have made this fallacious argument about it being dependent on W3C.org before, and I refuted it then.

Avatar
Melvin Carvalho 2y ago

Not going to argue with you, I'm gonna fix it for you! BUT show me your canonical form then!

Avatar
simulx 2y ago

also, the so-called privacy layer is a waste of time

all claims should be public claims about the provenance of public keys

all certificates are also public

Avatar
Melvin Carvalho 2y ago

Bingo, just use the same identity layer of taproot/shnorr and the other problems will melt away ...

Avatar
jack 2y ago šŸ’¬ 10

tl;dr

DIDs replace DNS

VCs replace CA

Both remove dependency on ICANN

#[0]

Avatar
roya ą­Øą­§ 2y ago

slay

Avatar
roya ą­Øą­§ 2y ago

Idk what any of this means but Iā€™m here to support (or not support)

Avatar
preston 2y ago

Wow. Thatā€™s insane.

Avatar
jared 2y ago

@jack, did you overlook the IP address assignment function of ICANN?

f6
nobody 2y ago

Learning so much on here. Its crazy.

Avatar
Davitoäø°āš” 2y ago

bro just imagine you lose your private keys....

Avatar
Mike Brock 2y ago

Which can be solved with credential revocation and reissuance in the DID/VC model.

Avatar
oo 2y ago

Imagine trying to survive in life w/out small tribe you trust

Ring signature trusted friends fam can restore ID if key lost, no?

74
renato 2y ago

Whatā€™s DIDs?

Avatar
nothenry 2y ago

I donā€™t get DIDs because I have no idea what they are

Avatar
Rosalia 2y ago

Lol same

Avatar
Melvin Carvalho 2y ago

Interesting take

They are actually pretty centralized. This very morning I tried to decentralize the thing, mainly for you guys (and myself!) and remove the very hacky http dependency and w3.org dependency.

https://github.com/w3c/vc-data-model/issues/1058

You, Dan and Gabe have been fighting a great fight. But you're in store for 20 years of technical debt. Especially if you're going to want to use JSON, which I think you do.

It's an OK enough starting point. And I will fix all of this stuff for you, coz I like you guys. But honestly boy is it a mess. Have a look at the canonicalized form of the claims you're signing. Compare it to nostr. Nostr is better and decentralized.

Glad you are trying stuff tho, looking forward to seeing what you make!

Avatar
mchotbot 2y ago

Your post is making an impact.

Added to the https://member.cash/hot feed

Avatar
Saloil 2y ago

So who/what entity becomes the (VC) issuer? As i understand it now, you need a bank account to get a credit card to get a dns account. How will that "get started" process change w DIDs?

Avatar
Mike Brock 2y ago

Anyone.

Avatar
Saloil 2y ago

Okay but there must be some steps to the issuance, else the value of the verication is nil

Avatar
w3tester 2y ago

Check out valid3.id, an effort to rebuild the Web of Trust witn DID and VC.

Avatar
CamerišŸ¦ā€šŸ”„ 2y ago

Basically y'all made ICANN2ā€¦

Avatar
jack 2y ago

ICANN5

Avatar
gandlaf21 2y ago

this guy knows how to count šŸ¤

Avatar
Bitcoin Odie 2y ago

The golden triangle rule applies

#[0]

Avatar
Bitcoin Odie 2y ago

any educational link how to get a did n use it?

Avatar
w3tester 2y ago

You can check out the videos made by zCloak Network. https://www.youtube.com/watch?v=jm5lBBGjSpw&ab_channel=zCloakNetwork

Avatar
Martin 2y ago

to be honest, your post still doesn't make it any clearer what DIDs are and why they are nice. It's still all very vague claims so far.

Avatar
w3tester 2y ago

A DID is a unique identifier of an entity. This identifier is generated by cryptographic method, just like a Nostr key, and you hold the private key. So you can say it is self-sovereign because only you ave control over this DID. In reality, this identifier is linked to a series of keys for you to use in different scenarios.

Avatar
Martin 2y ago

This much was already clear to me. So isn't it the same as a PGP key? What is new and special about DIDs?

Avatar
w3tester 2y ago

I think compared to PGP, the W3C got most of the stuff standardized, especially the part with verifiable data registryā€”the storage of the identifier and associated public keys. But the most important part is actually verifiable credentials and DID is like setting up a stage for it. I guess we don't have that with PGP.

Avatar
jared 2y ago

Yes and with DID we all share the identity fabric.

Today, the big cloud providersā€™ identity fabrics are separate walled gardens that donā€™t naturally interoperate due to different standards / approaches (e.g - OAuth vs SigV4, gRPC vs REST/OpenAPI, etc)

Highly centralized id fabrics are extremely enticing targets for attackers, too.

The DID identity fabric will enable new levels of interoperability and integration between applications while also being more robust and secure than the centralized provider fabrics of now.

Avatar
Carsten Keutmann 2y ago

Nostr current data model can support a decentralized web of trust identity implementation without any modification.

DID is a complex schema definition and verbose compared to Nostr.

Nostr's job is to be a social media platform and not a decentralized identity verification and credential hosting platform.

Therefore, I think currently there is little for Nostr to gain from implementing DID and it will require a lot of extra work for the developers.

6d
Daniel Norman 2y ago

How do you get human friendly naming with DIDs?

Letā€™s not forget that DNS is an open protocol, and DIDs together with DNS makes for a neat set up ā€” see how Bluesky approaches this https://blueskyweb.xyz/blog/3-6-2023-domain-names-as-handles-in-bluesky

Avatar
Special 2y ago

Once DIDs proliferate and are linked to valuable identities/entities, they will be traded as nftā€™s since they are actually rare and non fungible. A DID is like a deed and a key to a house but this house is an identity and all its reputation.

Someone correct me if Iā€™m mistaken.