Rebooting the Web of Trust VIII: Barcelona (March 2019)
This repository contains documents related to RWOT8, the eighth Rebooting the Web of Trust design workshop, which ran in Barcelona, Spain on March 1st to 3rd, 2019. The goal of the workshop was to generate five technical white papers and/or proposals on topics decided by the group that would have the greatest impact on the future.
Dan Burnett, Ken Ebert, Amy Guy, Drummond Reed, Manu Sporny
The Decentralized Identifier (DID) specification describes a new type of URL that is globally unique, highly available, and cryptographically verifiable and which has no central authority. The DID spec document describes the expected ecosystem, data model, and syntaxes for DIDs. In December 2018, the W3C held a Strong Authentication and Identity Workshop that determined that a reasonable next step would be to create a W3C Working Group to standardize the DID specification. As a result, the W3C Credentials Community Group, which has been incubating the specification, will eventually need to hand the specification over to the newly formed W3C DID Working Group. In preparation for this hand off, a group at Rebooting the Web of Trust triaged issues related to the DID specification, refined existing proposals related to the specification, and gathered new features and requirements from the community. The result of this work is outlined in this document.
Sam Mathews Chase, Joni McKervey, Carsten Stöcker, and Daniel C. Burnett
This paper investigates two primary forces that have the potential to drive adoption of decentralised technology by both individuals and enterprises: safety and security. Among the most basic human needs, safety and security are fundamental to the functioning of society, and without them collective existence would fall into chaos. By protecting the sovereignty of each individual and ensuring access to secured shared resources, governments maintain a state in which its citizens may thrive.
Sean Gilligan, Peg, Adin Schmahmann, Andrew Hughes, Christopher Allen
As systems where people are required to manage their own cryptographic keys become more popular, social recovery or reissuance of keys increases in importance. Such systems are inherently empowering to users but safeguarding keys is a hard problem.
We focus on the social recovery of control of an identifier. There are several techniques to re-assert control over identifiers including key recovery and issuance of a new key. In many situations it is preferrable to establish a new key than recover the old one.
We propose a rubrik for evaluating such schemes, and give a brief overview of possible schemes to consider.
Adrian Gropper, Michael Shea, Martin Riedel
The Self-Sovereign Identity (SSI) community has described several groundbreaking properties that arise from the adoption of its principles. Governance, as in business and financing structure, is arguably the most challenging of these properties, captured succinctly by Shoshana Zuboff as: "Who decides? Who decides who decides?" However, even though the technology has matured greatly over recent years, bootstrapping an SSI product within the existing capitalistic market environment is complicated and has not been achieved at scale within any functional domain.
A RWOT6 paper explored the challenges to a sustainable commons. In this paper, we apply the SWOT framework (Strengths, Weaknesses, Opportunities, and Threats) to identify potential paths to adoption. For example, what are the general implications of introducing a credential holder into existing issuer/verifier relationships? Our analysis leads to cooperative (in the legal sense) governance with focus on the holder (the wallet) as the key innovation, since issuers and verifiers already exist. The healthcare industry is used as an example.
Brent Zundel, Timo Welde, Mike Varley, Marton Csernai
This paper consists of objectives, use cases and observations around a "peer" DID method, based off a draft specification submitted to RWOT8. The following abstract is from that draft specification, located here.
"This DID method spec conforms to the requirements in the DID specification currently published by the W3C Credentials Community Group. For more information about DIDs and DID method specifications, please see the DID Primer and DID Spec.
"This document defines a 'peer' DID Method that can be used independent of any source of truth external to the relationship in which it is used. The method is cheap, fast, scalable, and secure. It is suitable for most private relationships between people, organizations, and IoT things. DIDs associated with this method are also promotable to a more public context. That is, blockchains with different DID methods can graft some or all peer DIDs into their namespace(s) with no risk of accidental collision, and no loss of meaning. Peer DID will have a recognizable and consistent identity in all of them."
Joe Andrieu,Eric Welton, Will Abramson, Ganesh Annan
Ivan Basart, Egido Casati, Michael B. Jones, Andrés Junge, David Stark, Oliver Terbu, and Dmitri Zagidulin
Proving control of a DID requires proving ownership of a private key corresponding to a public key for the DID. Of course, this could be done with a new DID-specifc protocol. However, standard protocols for proving ownership of a public/private key pair already exist.
This paper describes how to reuse the Self-Issued OpenID Connect (SIOP) specifcation and related protocol messages to prove control of a DID. It describes both why and how to do this. Related topics, such as release of claims, are also touched upon.
Complete Rebooting the Web of Trust Listing
A different repository is available for each of the Rebooting the Web of Trust design workshops:
- Rebooting the Web of Trust I: San Francisco (November 2015)
- Rebooting the Web of Trust II: ID2020 (May 2016)
- Rebooting the Web of Trust III: San Francisco (October 2016)
- Rebooting the Web of Trust IV: Paris (April 2017)
- Rebooting the Web of Trust V: Boston (October 2017)
- Rebooting the Web of Trust VI: Santa Barbara (March 2018)
- Rebooting the Web of Trust VII: Toronto (September 2018)
- Rebooting the Web of Trust VIII: Barcelona (March 2019)
- Rebooting the Web of Trust IX: Prague (September 2019)
- Rebooting the Web of Trust X: Buenos Aires (March 2020)
All of the contents of this directory are licensed Creative Commons CC-BY their contributors.