Okay, sure, let's do this. "nomadic identity" 1. No one has ever even come close to explaining how using a did: uri is supposed to work2. Even assuming it works, no one can explain how it's different than oidc3. Even assuming it was different, what hap...
-
Vasya Sovarireplied to Jenniferplusplus on last edited by
@jenniferplusplus is it bad that I have exactly zero clue what any of this means? If so, scale 1-10
-
Jenniferplusplusreplied to Vasya Sovari on last edited by
@VasyaSovari No, I think it means you've made better life choices than I did
-
@hrefna @JessTheUnstill @jenniferplusplus @ariadne i'm with hrefna here, the question "are dids dumb and why?" kinda misses the point-- DIDs are an interop layer for key management systems, and DID URLs are an immature extension of that (the WG never really shipped them). if you have good-faith questions about how DIDs work i was in that W3C WG and can explain as much or as little as is helpful, but this thread isn't really meeting my minimum threshold of good-faith as is...
-
@by_caballero
I'm not sure who this is directed at? Assuming it's me: I'm approaching the topic with the same level of bombast as I've seen from others. But sure, I'll pull it back.Cryptographic keys are not an identity. They are a credential. In context of communication systems, identity is mostly the place where messages to you will be delivered. Making credentials portable does not untether you from that delivery address.
-
@jenniferplusplus @hrefna @JessTheUnstill @ariadne that's a great argument against coupling AP actors to one permanent identifier (particularly to an identifier that maps 1:1 to a self-managed key), but it's not really a good argument against using DIDs or DID URLs? or even the use-cases that the nomadic identity people are targeting in the first place?
-
@by_caballero
In that case, the nomadic identity fans are not being clear -
Ariadne Conill 🐰:therian:replied to bumblefudge on last edited by
@by_caballero @hrefna @JessTheUnstill @jenniferplusplus cool story, but the people who were pushing for this crap in that WG were largely crypto bros who wanted them for Web3 bullshit, so no, i think the question is quite valid in and of itself
-
bumblefudgereplied to Ariadne Conill 🐰:therian: on last edited by
@ariadne @hrefna @JessTheUnstill @jenniferplusplus https://en.wikipedia.org/wiki/Good_faith
i was in that WG, even flew to the in-person meetings. i work in crypto. i am not a bro. you're failing miserably at engaging in good faith with someone who is engaging you as a peer with relevant expertise. please stop insulting me
-
@jenniferplusplus @hrefna @JessTheUnstill @ariadne well, i certainly have my differences of strategy and would not have approached the developer community in the same way, but I think they're coming from a well-intended place and trying to convince the developer community to make a MAJOR change in the identity model of the fediverse stack. i like the general direction, even if i don't like the specific proposal and I encourage people to think through the usecases they're trying to enable...
-
Ariadne Conill 🐰:therian:replied to bumblefudge on last edited by
@by_caballero @hrefna @JessTheUnstill @jenniferplusplus
you work in a planet incinerating industry, which attaches itself to whatever buzzword it can find in order to sell pumped assets to pensioners who don’t know any better.
i design distributed systems for a living.
we are not the same.
-
@jenniferplusplus @hrefna @JessTheUnstill @ariadne DIDs weren't actually invented to promote blockchains or impose one ring to rule them all. they were built to federate custodial, user-controlled, and user-managed key systems alike to enable portability and translation between very different identity systems. lots of projects miss the point and invent a DID method to power a closed system, which is just open-platform theatre. if step 1 is "use my did method" they've already missed the point...
-
@jenniferplusplus @hrefna @JessTheUnstill @ariadne (that's not exactly what the zot people are doing, fwiw, nor is it what the bluesky people are doing, nor the "just use keyoxide for everything" people, tbc, but i don't think we're done until we have a solution that works for at least 2 of those 3 and lets very different kinds of software migrate users between them and federate across those differences)
-
Well, you work in crypto, you are what I would consider a crypto bro...
@ariadne @hrefna @JessTheUnstill @jenniferplusplus
-
@Fripi @ariadne @hrefna @JessTheUnstill @jenniferplusplus ah yes, clearly working in fintech R&D is (checks notes) morally equivalent to conquering europe and exterminating >10% of the population. excellent example of how godwin's law is really a parable about good faith being impossible on the internet.
imagine a conversation where your hatred of blockchains didn't overpower your absolutely bare-minimum capacity to talk to humans as humans.
https://hac.bard.edu/amor-mundi/ideological-blindness-2013-07-11 -
@by_caballero @ariadne @hrefna @JessTheUnstill @jenniferplusplus
I sympathize that sometimes these things can be harsh, but I trust hrefna & ariadne.
I do want DIDs and verifiable credentials to work,
but they don't need blockchain to do that.
one well studied way of doing key management would be the keyoxide & public keyservers way of centralizing.
at this point in time, DIDs have very little of the threat model work done compared to, say, Matrix. so it's hard to compare apples to apples on various loss-of-control events.
most crypto involves either algorithmic theft (DAOs) or wallet theft/loss. hence why the idea of ultimately having to trust an admin to some degree (be they an oauth admin, fediverse admin, or matrix home server) is a better model for right now.
I'd much rather see DIDs/VCs from an angle of torrenting compared to an angle of "let's be the defacto protocol of the internet everyone has to use, break compatibility, and capture all the revenue by licensing it" (web3)
-
bumblefudgereplied to pasta la vida on last edited by [email protected]
@risottobias @ariadne @hrefna @JessTheUnstill @jenniferplusplus that's a whole lot of straw men if you're trying to find common ground. you're also assuming i think (or anyone thinks) that DIDs and VCs need blockchain for anything, when about half the serious work on DIDs and VCs has been blockchain free since inception. but you're off to the right start by saying your preferred mental model for DIDs/VCs is "torrentlike", that's worth unpacking.
why's it harsh, exactly? i'm not being harsh? -
bumblefudgereplied to Ariadne Conill 🐰:therian: on last edited by
@ariadne @hrefna @JessTheUnstill @jenniferplusplus serious question, do you habitually talk to strangers this way? do you block strangers who talk to you this way? you're making a lot of very insulting assumptions about my personal ethics or my relationship to various economic actors that you present as cohering into an "industry". if i'm being totally honest i think it's wishful thinking that all the evils of VC-backed software can be quarantined in "crypto" and "AI".
-
bumblefudgereplied to bumblefudge on last edited by [email protected]
@ariadne @hrefna @JessTheUnstill @jenniferplusplus if "designing distributed systems" isn't what i'm doing right now, and being paid for it, then why do you think i haven't blocked you yet? i don't let people talk to me like this unless i'm on the clock, generally speaking.
-
@Fripi @by_caballero @ariadne @hrefna @JessTheUnstill
There's a universe where I could close the replies on this thread, but it's not this one. So I'll have to settle for deleting the op and telling everyone to knock it off before I block you.
-
@by_caballero @ariadne @hrefna @JessTheUnstill @jenniferplusplus
behavior on discussing crypto usually involves annoying cryptobros who sealion (https://en.wikipedia.org/wiki/Sealioning)
I would say that while some folks might be open to hearing proposals, the aggressive tone really does no favors to the idea of DIDs. it only further legitimizes ariadne's point about attaching to terms and ruining them. speaking as someone who loves esoteric cryptography protocols (like fuzzytags, ZKP, dining cryptographers, etc) but DESPISES coins, NFTs, DAOs, etc.
none of the work out of the working group seems free of pollution from crypto and web3 thinking. and it doesn't offer a different take that it can defend vs federated thinking. I personally like indieweb stuff.
and none of what it's made even comes close to my approach (it's as different as torrents are to NFTs, or offline is to online)
I'm sure in another decade the working group might come up with something. or actually have a solid threat model. or address failure modes.
