Add didcomm usecase #100
Add didcomm usecase #100
Conversation
There was a problem hiding this comment.
Thanks Orie, looks good to me.
@jandrieu I'm happy with this BUT I really want it to be merged after you've looked at, and I hope merged, the one that sets up the use case/req matrix. I'll need to add in the hooks so that the reqs from this are also defined and added to the system.
index.html
Outdated
| </p> | ||
|
|
||
| <p> | ||
| Some examples of problems solved by DIDComm-based protocols |
There was a problem hiding this comment.
What is the goal for having these examples? I'm trying to understand why these ones were selected, and particularly the last two. Random or was there some goal in picking these ones vs. others?
There was a problem hiding this comment.
I picked them for variety. The obvious ones about issuing and proving are in the list; the rest are just examples of how to solve interesting problems.
There was a problem hiding this comment.
We also wanted some examples that implied or used the "service" data model in the did document... because we think its fundamental to communication.... in other words, didcomm is one of the strongest reasons to define services from an interop perspective.... this is relevant since there is discussion about their privacy implication / removing them.
|
I like this. |
There was a problem hiding this comment.
Unfortunately, this is more a note about DIDComm than it is an example use case describing the value created for an individual. DIDComm, per se, is not a requirement, it's a solution.
Can we get this adjusted to tell a single, simple example of a human getting value out of using DIDComm?
|
@jandrieu the text links to several use cases, but I agree it might be simpler to provider a single one. Before I attempt a PR to address your concerns, I need to understand the parameters for use case inclusion. A use case for an email address, is that you can send an email from one email address to another. By analogy, a use case for a DID is that you can use DIDComm to send a message from one to another. In my view, the value to an individual of having an email address, and a DID is similar, if they both support secure communication. Is secure communication a sufficient use case for inclusion? Would I be required to describe how MX Servers are used here, or is saying "secure communication" enough? I worry that a use case like "secure communication" is actually the wrong direction to take this, given that there are multiple ways to accomplish that without didcomm. Similarly, "Single Sign On" can be accomplished for a DID without proving control over one... I can use a did as an Would you be in favor of a "Secure Communication" use case, even if it currently only covered DIDComm? |
|
The problem I see has nothing to do with security and everything to do with
the transport layer. A DID is completely agnostic to the transport method
used to resolve the DID document. Once someone has my DID Document, however
they got it, and wants to do anything that looks like communication they
need a compatible transport and that transport is unrelated to the way they
got the DID Document.
That's the first use-case I'm looking for.
- Adrian
…On Thu, Sep 3, 2020 at 11:45 AM Orie Steele ***@***.***> wrote:
@jandrieu <https://github.com/jandrieu> the text links to several use
cases, but I agree it might be simpler to provider a single one.
Before I attempt a PR to address your concerns, I need to understand the
parameters for use case inclusion.
A use case for an email address, is that you can send an email from one
email address to another.
By analogy, a use case for a DID is that you can use DIDComm to send a
message from one to another.
In my view, the value to an individual of having an email address, and a
DID is similar, if they both support secure communication.
Is secure communication a sufficient use case for inclusion?
Would I be required to describe how MX Servers are used here, or is saying
"secure communication" enough?
I worry that a use case like "secure communication" is actually the wrong
direction to take this, given that there are multiple ways to accomplish
that without didcomm.
Similarly, "Single Sign On" can be accomplished for a DID without proving
control over one... I can use a did as an id_token subject, and use
okta/auth0 +2fa for example....
Would you be in favor of a "Secure Communication" use case, even if it
currently only covered DIDComm?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#100 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABB4YJBV6CRJY4P5KKI7OLSD623FANCNFSM4P67PJAA>
.
|
There was a problem hiding this comment.
I admit my initial "this looks good to me" comment was made in great haste and with little thought (basically 'cos I trust @OR13 who, unlike me, actually does know this technology) Thanks @jandrieu for being more assiduous and making me look again.
Sorry folks but I don't think this use case should be included in this document at all. It provides use cases for DIDComm, not DIDs. Now, one can argue that DIDs need DIDcomm to be useful. But that's not what this doc is about. We need to show uses specifically for DIDs, not any of the other components of the ecosystem the community is building.
As a close analogy, it's been something of a struggle to make sure that the UCs require DIDs and not VCs.
Sure, you could rewrite the use case here to require a secure communication channel - but does DIDcore cover that? If not, it's out of scope for the UCR.
Sorry :-(
|
@philarcher @jandrieu if did core supports keyAgreement (authenticated encryption) then did core supports secure communication :) https://w3c.github.io/did-core/#keyagreement We could describe "Secure Communication" as any use of KeyAgreement for communication, that would allow us to cover DIDComm and Encrypted Data Vaults as solutions. If I take another stab at this as "Secure Communication" where: 1"Alice users keys in her DID and keys in Bobs DID to derive a shared secret which she then uses to encrypt messages for Bob, that only Bob can decrypt" 2"These secure messages are the building block for Encrypted Data Vaults and DIDComm" 3Summary of DIDComm + Links to relevant specs... Would this meet the criteria for inclusion? If not, can you comment on which numbers need to be dropped or modified? |
|
What do we say or not say about transport? In other words, I'm fine with
the derived shared secret being a simple and obvious use of the DIDs. But
I'm curious, based on a use case, to understand what else Alice and Bob
need, beside the DID, in order to succeed in the use-case.
…On Fri, Sep 4, 2020 at 9:03 AM Orie Steele ***@***.***> wrote:
@philarcher <https://github.com/philarcher> @jandrieu
<https://github.com/jandrieu> if did core supports keyAgreement
(authenticated encryption) then did core supports secure communication :)
https://w3c.github.io/did-core/#keyagreement
https://w3c.github.io/did-spec-registries/#keyagreement
https://github.com/w3c/did-spec-registries/blob/master/contexts/did-v1.jsonld#L49
We could describe "Secure Communication" as any use of KeyAgreement for
communication, that would allow us to cover DIDComm and Encrypted Data
Vaults as solutions.
If I take another stab at this as "Secure Communication" where:
1
"Alice users keys in her DID and keys in Bobs DID to derive a shared
secret which she then uses to encrypt messages for Bob, that only Bob can
decrypt"
2
"These secure messages are the building block for Encrypted Data Vaults
and DID DComm"
3
Summary of DIDComm + Links to relevant specs...
Would this meet the criteria for inclusion? If not, can you comment on
which numbers need to be dropped or modified?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#100 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABB4YPLCKXHNRSLS6JPOUDSEDQTVANCNFSM4P67PJAA>
.
|
|
Hmm... I wonder whether we actually already have use cases that require DIDcomm but that such a requirement is not made explicit. For example, we have the Encrypted Data Vault UC (courtesy of DB and Transmute). And I think most if not all the UCs talk about verifying signatures etc. So maybe a way forward might be to define a 'new' requirement for a secure transport mechanism? If that works for you, then maybe you can add to the JSON object defined from line 1534 onwards in the Editor's draft and then see how these are referenced in, for example, line 360. If the magic works, doing this will create new entries in the tables in sections 3 and 4. WDYT? |
|
@OR13 to review https://github.com/w3c/did-use-cases/blob/master/index.html#L1534 / add message level encryption requirement. Then review existing use cases which might benefit from end to end encryption such as https://github.com/w3c/did-use-cases/blob/master/index.html#L360 |
There was a problem hiding this comment.
These are good examples. I think the best way to get these in is by a separate title & paragraph for each, without the DID Comm intro.
DID Comm is a solution-space notion; what we are trying to capture in the use cases are problem statements independent of the underlying solution.
If you can turn these three URLs each into a single brief paragraph explaining what a specific individual does with a DID, that would be a better fit in this part of the document.
|
on my plate to update this. |
|
@jandrieu @philarcher @dhh1128 I have made updates, requesting re-review. |
|
We are going to accept this, but we are going to add a bit of human story to anchor each to a specific person(s) doing a specific thing. If you're curious what I mean, I have a few issues for other sections #107 #106 #105 #109 #110 that do something similar. We'll take that on, but if you beat us to it, that'd be great too. |
|
@jandrieu I'm not sure if I have to time to add stories for didcomm, but I will ping their wg for follow up. |
|
@OR13 Any interest from the DID Comm folks for providing some stories? |
|
I recommend accepting this PR and then seeing if other DIDComm folks want to make one or two others than are specific to other DIDComm use cases. |
|
@talltree The problem is that right now, the PR doesn't meet editors' requirement to have a human story for the use case. |
@jandrieu can you rephrase this to make it clear what needs to be done to accept this PR? |
|
@OR13 Yes. Each use case should have a concrete story of one or more specific individuals doing something that creates value and thereby demonstrates how this technology could create value. The issues cited above each have a short paragraph doing that. For example, the current language:
Is not about a specific person doing a specific thing that creates value. Why would any party want to "privately and securely present credentials" and why does it matter if the communications channel is transport agnostic? Are you sending secret recipes? Publishing family histories? Sharing nuclear codes? Other than that adolescent period when secret decoder rings are cool, people generally don't send secret messages for the sake of sending secret messages. It is the connection to the real world that we are looking for. |
|
I have pinged the DID Comm WG on this, and if there are no takers, I suggest this PR be closed for lack of interested in a week or two. |
|
Ok. Thanks, @OR13 |
The DIDComm WG (and chairs) are working on this issue and will update this PR this week. |
|
This discussion has landed up around PR 126 so we're closing this one. |
Addresses: #97
Preview | Diff