2D/ Why the Internet Needs DIDComm

From IIW

Why the Internet Needs DIDComm

Tuesday 2D

Convener: Sam Curren

Notes-taker(s): Brent Shambaugh

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps

Presentation Slides: https://docs.google.com/presentation/d/16HTPyZV_-BtM6EifQpxjivRHKYUeVtOAReUD1eGUA9M/edit?usp=sharing

How to receive and track LoRa Satellites (TinyGS). Incl. innovative ideas for your projects

Project Cambria: managing schema change in distributed systems, Geoffrey Litt and Peter van Hardenberg

Taking notes:

Why the Internet needs DID Comm

Any questions?

I am going to make the argument that the internet needs did comm.

The DIDs are wonderful. What they do. The harmful effects of 3rd party identifiers. They could take that away. DIDs do a good job solving that.

APIs are wonderful. I think the reason that we have powerful things on the intent is b/c of API.

When it comes to persons on the internet, we are still bound by apis.

downside I am not always able to use https.

e-mail is the lucky exception. I think it is b/c mail has been around for awhile and it is a protocol.

why is e-mail not hostage. it is hard to innovate but it is widespread.

it is too hard for one company to control. twitter can change things, and nobody can stop them. they had an api, but tehy wanted control.

e-mail. intelligence is at the edge. the mail clients that are involved. we need more things like e-mails. we need to emulate and improve on it

i don't think that did comm is going to kill e-mail. I think there is a lot to learn... e-mail identifer...a bunch of usernames have become e-mails.

e-mails are approvable identifiers.... good for password recovery...

can we make e-mails into dids? dids as did documents .... can see where I am going.... did comm can be as powerful as e-mail addresses.

Benefits of did comm. enables verifiable presentation....has routing....that moves messages....all the intelligence is in the clients....

it is protocol based like e-mail.... it supports https like apis...

One of the really cool ones was did comm like bluetooth... that enables it to mobile and offline friendly...if my battery dies and I have

bad cell reception...the message based nature of did comm ... will make it friendly to devices like that...also allows rotating of dids with another dids

there are a lot of different did methods that don't have all the features that you want...

the peer-did method... not stored on a ledger... the ability to rotate from one did to another ... allows you to cross did methods...

did comm allows security ...transport ?/

work about ... security transport of did comm over different....

anyway...we can't stretch this too far...

a lot of apis are built on http....api don't have to start with http...but still get the benfits of it....

it is unline http in that it is a higher level....

it doesn't fall in the same position of the stack...

try to present some diagrams.... good work being done on the did core spec...it doesn't do a lot itself...just enough to exchange dids ...

representations of protocols that can be built on that....protocols to send human messages .... to send verifiable credentials...

work on did comm meeting group at diff..

drawing that diagrom...have alice and bob...have dids and did documents to interact...

I've said a lot of words? any questions have a lost anyone?

George said, Do you think the monotic nature of dids will be a problem?

You're right. Nobody wants to remember a did. I think that all of the operations of the DIDs..

What I am thinking is you go to someone, and you say what e-mail address? My Dad doesn't have a smart phone. I worry about something

where a device must be present to establish communication. It is the think that has all of the dids. I have to choose which one of these

makes sense. you can type in george fletcher and there are the dids. e-mail.

yes, you sound like a plant. I will talk a bit about it tomorrow. If people have to see the tech, then we are doing it wrong. You are

correct that this ecosystem has that not ... but there will be a part... concrete work?

Google wave..

I've thought about the ... kind of a replacement for e-mail...but then it died because google kills things.

There is attachments....there is better semantic meaning in did comm than e-mail.

(question)

guardianship is a good one. compensate with smart card or a piece of paper. You need people to be able to partipate in an ecosystem.

Cool. I want to touch on DID Comm transport. http. https. websockets ...

people have done things with bluetooth, but not standardized.. we've experimented with qr codes. If you and I want to exchange dids.

If we present. QR code nice way to transport . usability

did comm with rfid. lots of similiarities between reading an nfc tag and ...

lots of transports, that is a useful thing because it enables a peer-to-peer thing..

here is a big ... independence of the security model ... not relying on the security of the transport layer...

did comm ...transport encrypted ... so you can use https but you are doubly encrypting... it ends up being rendundant...

cause of https... different than websockets ... different from bluetooth...if we relyed on the security of the transpart...

then ... can switch to bluetooth ... don't lose things that the security provides...

when developing on did comm not ... security of transport layer... downside is we lose the independence of the transport layer....

there is more...more on the transport...

paul...says that NFC is the only thing.... paul you are right. NFC does have some problems. It is not entirely foolproof. Someone with a good camera can see

exhcnage.

identifers with dids and did documents. did comm gets you protocol discovery support. you don't have to develop something.... processing flows...I didn't type

this in but you cna have multiple parties in a flow...

desinging a did comm protocol it isn't more complicated than designing an http api.

there are two version of did comm. comes to be v1 and v2. v2 is what we are now working on at DIF. There is lots of good work going on here, and I am quite excited

about where it is going.

the last time I edited it was in january. I didn't update it. the first 90% and the second 90%. We are definitely in the 2nd half.

If you want to join us. If you are a small organization. streamlined way to join DIF. The calls are at noon U.S. Pacific.

Questions, thoughts anything. Sam you don't think that did comm will kill email, why?

did comm has a lot of advantages that e-mail doesn't solve at all. did comm will build on..

advanced open source chat. most...wouldn't have had a problem...goal of did comm was not to solve chat...

e-mail itself will decrase in usage...b/c there is a lot of suff that it isn't good for...now it may fall off...but if it does kill e-mail it will take a long time...

The first thing ... having a did comm connection basically means you exchange dids with another party... messages will travel independently...you will send messages

travel...

having a connections mean you've exchanged dids with another party. we can communicate with that did comm that we are confident that the other party will see.

there are two ways that updating that connection happens. If we update e-mail. We will update MX records. If you are going to move for whatever reason

you will update your did documents. if it is keri you will approximate with keri. then when they send the message next time. this is analagous to updating MX

records in DNS. If we communicate...all of sudden we find ourselves together at the coffee cart at IIW. We can send messages across... using the keys...

Of course if we walk away than we can still use the connection...

technology doesn't allow it...still finalizing the way that the transport will work

q; you talked about that analgous updates in mx. .... are we creating an opportunity to correlate....sharing mx record...if they sidechannel they realize that they

all talk to me... the thing is technology allows that. you can use.... you are reusing the same did that allows for correlation.

you are going to have a unique key for each person, you get what is called herd privacy...it is sort of like the way that ... if you use g-mail...that gives herd privacy...

the other thing is the ... you won't personally have to do that...your software in the background will work on relationship names... as developers that is one thing

to consider...

what would you compare...

that's a really good question..I actually see a lot of these things as complimentary. did comm thrives in things that are not browser based. various levels of support.

chaffee doesn't care...enables ... chapi relies on the fact ...nor does it need to for a particular use case....

did comm like .... couple options....chapi did comm transport...standards how to use chapi as credential exchange .... and so there has been some talk about using

the chapi like API and extending them outside of the browser. the other one, as long as.... there is a harmonious part... enable a user as a part of a reality of

servives...

one question regarding ... one thing when introducing new protocols....if did comm becomes the trust layer for the internet...how old servers...old technology...

when I say the internet needs did comm... will say that the web will continue to exist. I don't think that is going away. if you would like to leverage the features of

did comm...tunnel over that connection...if you have ... this is a messaging oriented...could get to a stream oriented ...

if you had something that was message based...could tunnel and e-mail

my question...did comm for establishing trust... anything one has used....use did comm and establish initial trust....

that's great I mis-understood. caller id is untrusted. scammers ... I could imagine a protocol where you could pre arrage a phone call through a did connection... maybe

it could use... it could allow to transfer some amount of trust between ... excellent way to use did comm to use pre call handling ... now you have implemented some trust

in a prexisting...

kyle your hand is up...

we haven't pushed this out to a standard... use a username and password.. you use a username and response... access to tokens ... post on a login screen...QR code that is

scanning...agent that you are responding ....trust by authentication serve....respond with a standard...

pass back ... authenticate this token...you are actually using this to be able to authenticate...

that's cool...kyle you have peaked georges interest.

openID connect doesn't sound like anything you authenticate.... verifiable credentials....

the BCR spec specifically is built to allow sort of random....has multiple ways....any ecosyem... it doesn't actually prevent impersonation but it makes it harder. if did comm

allows for proof... the entity that ... how does my mobile app instance....

register my mobile app instance have some assurance ... this is an entity that I want to communicate with....generally...what I think will happen at the dcr side of things.

I actually have 2 talks about this. using the os ability to attest to this app.

Bringing all of this back, why do I even care? This is sort of answering. We are running into this specifically. Browser....some of that infrastructure may be easy to work

with, some of it not. I like the idea of using did comm from an authentication perspective..

so kyle is on the Q. I want to mention one more thing george.. could have openID connect have a side effect of DID COmm. When I think about every site asking to send push

notifications...if you had something....

DID Comm could be first, or it could be last. I definately see a lot of ways....sending a coding via SMS to a phone is inherently insecure....there are a lot of opportunities

there....and then prioritize...

George....Kyle...

the public clinet registration?---mobile app will register with .... could have the authorization method send back a shared secret.... could have some reasonable trust...

if you use the client id and client secret...you could use the protocol that way...DCR is really about how you can .... the tricky part... openID spec that was

done first... most people a mix of both....for most people it isn't that clear

OpenID connect...In terms of authentication....zero RC is effect... we are oftne times trying to integrate request token....set up HTTPS call... try to releverage....

Use two factor authentication.... Zero round trip is the ....

protocol of exchange...worked around in v2 and send to the other party ... sematniclly meaning ful... before talk ....

did com...progress...in v2...anything added to v1...pretty close to frozen....add .... contains ... steps

making .... short answer v1 deprecated and moving to v2...

Him and I have envisioned....starting to do JWM kind of messages ....by the time we hit 3.0 doing did comm v2.

v2 contains an optional target that a lot are working with....will help with the aries community....

try not to communicate any of the energy in v1...difference in how we handle ....should make migrating factors easy...

(q)

likely how it happnes.. build on v2 unless they want compatibility .... this is a way of formalizing...now we will change the defualt into the new and now

we will remove the old...there is a lot of energy to reach compatibility in aries...we will make rapid progress there...

everything I've seen is very few people.... when secuity...https over did comm...didn't see it going anywhere....nobody has explored...most common answer...

people going in direction as most valuable for their use case at the time....find some sort of way...

Ivan will host something very technical tomorrow... reading into your question... how to present verifiable credentials amongst clients. Kiva presented an

SVG(?) client on

SVG is very nice....if you include in client...something that used to display...

ongoing efforts .... browsers ... sometimes they get along, sometimes they don't...directly collaborative or not...how to make it consistent.... how to leverage

As there is an interaction...

Where my mind goes ... lets me skip the refinement process.... in general it is knowable how to .... did comm messages ... it is a little better than e-mail...

trying to learn our lesson...protocol... rather than encode an image include it....the software would know...

Have you ever send over constrained networks like IoT?

some explorations....lots of talk...when you got to IoT it gets varied... compare to raspberri pi...some have cryptochips...some don't ... currently out of spec...

would love to see work to see how it integrates.... a lot of these things will communicate with a gateway... the gateway could be the point...

the average size of the did comm message in the size of 5kb....also consider cryptographic auth... if you push into 256kb of ram...start have ...constraints of messaging

system...can make it work on very small...

running and creating the message....the challenge is transporting through the constrained network...we've talked about a compact form for did comm envelopes.... one of

the things that might help....convert from did com from using a JSON payload to a binary payload.... considered future work not part of v2.

we're rouly at time... happy to answer questions....

the best iiw sessions are not presentations sessions... if you are curious about future things....did we talk about did comm over NFC... we did talk about early...

Retrieved from "https://iiw.idcommons.net/index.php?title=2D/_Why_the_Internet_Needs_DIDComm&oldid=23680"