Correct misleading language about no dependence upon centralized registries or authorities #160
Assignees
Labels
extensibility
related to extensibility, json-ld contexts, external properties, etc
pr exists
There is an open PR to address this issue
Comments
rhiaro
added
the
extensibility
|
I will create a PR that removes the false statements. |
|
The language about identifier registries remains valid. We are only using central registries for defining properties in the DID Document. And potentially for method names, although I can't say we have consensus on that. |
|
Per the 14-Apr-20 call, I still need to write this PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Introduction currently says "This design eliminates dependence on centralized registries for identifiers as well as centralized certificate authorities for key management". This is misleading because it is not actually true. Since DID method names are human-readable strings, a centralized registry is required to prevent name collisions and to ensure that method names have an unambiguous defined meaning.
The convoluted language in the section Unique DID Method Names https://w3c.github.io/did-core/#unique-did-method-names that tries to say that there is no centralized registry makes the stark consequences that would result from not having a centralized registry very clear when it says "there is no way to know for certain if a specific DID method name is unique". This is saying that we are choosing to have no DID method names be unambiguously meaningful. This is unacceptable, as we would be abdicating providing critical infrastructure to actually make DIDs meaningful and useful.
We need to either embrace the centralized registry to make DIDs unambiguously meaningful OR remove human-readable DID method names from the specification and replace them with identifiers that can be allocated in a decentralized manner, such as UUIDs. The current text saying that DIDs don't have a dependence on centralized registries, while philosophically attractive, is false in practice.
====
P.S. Any JSON-LD implementation of DIDs also embraces dependencies on the centralized DNS registry (for
@contextURL names), centralized PKI authorities (for TLS certificates used for https), centralized IP address allocation (to enable IP packet routing), etc. These also argue for removing the incorrect language saying that DIDs have no dependence upon centralized registries.The text was updated successfully, but these errors were encountered: