Skip to content


Repository files navigation

Rebooting the Web of Trust VIII: Barcelona (March 2019)

This repository contains documents related to RWOT8, the eighth Rebooting the Web of Trust design workshop, which ran in Barcelona, Spain on March 1st to 3rd, 2019. The goal of the workshop was to generate five technical white papers and/or proposals on topics decided by the group that would have the greatest impact on the future.

Final Papers

RWoT8 DID Specification Refinement (Text)

Dan Burnett, Ken Ebert, Amy Guy, Drummond Reed, Manu Sporny

The Decentralized Identifier (DID) specification describes a new type of URL that is globally unique, highly available, and cryptographically verifiable and which has no central authority. The DID spec document describes the expected ecosystem, data model, and syntaxes for DIDs. In December 2018, the W3C held a Strong Authentication and Identity Workshop that determined that a reasonable next step would be to create a W3C Working Group to standardize the DID specification. As a result, the W3C Credentials Community Group, which has been incubating the specification, will eventually need to hand the specification over to the newly formed W3C DID Working Group. In preparation for this hand off, a group at Rebooting the Web of Trust triaged issues related to the DID specification, refined existing proposals related to the specification, and gathered new features and requirements from the community. The result of this work is outlined in this document.

Driving Adoption with Focus on Basic Human Needs: Safety and Security (Text)

Sam Mathews Chase, Joni McKervey, Carsten Stöcker, and Daniel C. Burnett

This paper investigates two primary forces that have the potential to drive adoption of decentralised technology by both individuals and enterprises: safety and security. Among the most basic human needs, safety and security are fundamental to the functioning of society, and without them collective existence would fall into chaos. By protecting the sovereignty of each individual and ensuring access to secured shared resources, governments maintain a state in which its citizens may thrive.

Evaluating Social Schemes for Recovering Control of an Identifier (Text)

Sean Gilligan, Peg, Adin Schmahmann, Andrew Hughes, Christopher Allen

As systems where people are required to manage their own cryptographic keys become more popular, social recovery or reissuance of keys increases in importance. Such systems are inherently empowering to users but safeguarding keys is a hard problem.

We focus on the social recovery of control of an identifier. There are several techniques to re-assert control over identifiers including key recovery and issuance of a new key. In many situations it is preferrable to establish a new key than recover the old one.

We propose a rubrik for evaluating such schemes, and give a brief overview of possible schemes to consider.

How SSI Will Survive Capitalism (Text)

Adrian Gropper, Michael Shea, Martin Riedel

The Self-Sovereign Identity (SSI) community has described several groundbreaking properties that arise from the adoption of its principles. Governance, as in business and financing structure, is arguably the most challenging of these properties, captured succinctly by Shoshana Zuboff as: "Who decides? Who decides who decides?" However, even though the technology has matured greatly over recent years, bootstrapping an SSI product within the existing capitalistic market environment is complicated and has not been achieved at scale within any functional domain.

A RWOT6 paper explored the challenges to a sustainable commons. In this paper, we apply the SWOT framework (Strengths, Weaknesses, Opportunities, and Threats) to identify potential paths to adoption. For example, what are the general implications of introducing a credential holder into existing issuer/verifier relationships? Our analysis leads to cooperative (in the legal sense) governance with focus on the holder (the wallet) as the key innovation, since issuers and verifiers already exist. The healthcare industry is used as an example.

Peer DID Method Specification Report (Text)

Brent Zundel, Timo Welde, Mike Varley, Marton Csernai

This paper consists of objectives, use cases and observations around a "peer" DID method, based off a draft specification submitted to RWOT8. The following abstract is from that draft specification, located here.

"This DID method spec conforms to the requirements in the DID specification currently published by the W3C Credentials Community Group. For more information about DIDs and DID method specifications, please see the DID Primer and DID Spec.

"This document defines a 'peer' DID Method that can be used independent of any source of truth external to the relationship in which it is used. The method is cheap, fast, scalable, and secure. It is suitable for most private relationships between people, organizations, and IoT things. DIDs associated with this method are also promotable to a more public context. That is, blockchains with different DID methods can graft some or all peer DIDs into their namespace(s) with no risk of accidental collision, and no loss of meaning. Peer DID will have a recognizable and consistent identity in all of them."

Satyrn: A Markdown-based JavaScript Sandbox (Text)

Joe Andrieu,Eric Welton, Will Abramson, Ganesh Annan

We set out to create a JavaScript native interpretation of Jupyter, a notebook for both static narrative and interactive code.

Using OpenID Connect Self-Issued to achieve DID Auth (Text)

Ivan Basart, Egido Casati, Michael B. Jones, Andrés Junge, David Stark, Oliver Terbu, and Dmitri Zagidulin

Proving control of a DID requires proving ownership of a private key corresponding to a public key for the DID. Of course, this could be done with a new DID-specifc protocol. However, standard protocols for proving ownership of a public/private key pair already exist.

This paper describes how to reuse the Self-Issued OpenID Connect (SIOP) specifcation and related protocol messages to prove control of a DID. It describes both why and how to do this. Related topics, such as release of claims, are also touched upon.

Complete Rebooting the Web of Trust Listing

A different repository is available for each of the Rebooting the Web of Trust design workshops:


All of the contents of this directory are licensed Creative Commons CC-BY their contributors.


RWOT8 in Barcelona, Spain (March 2019)






No releases published


No packages published