The World Wide Web Consortium (W3C) has rejected Google's and Mozilla's objections to the Decentralized Identifiers (DID) proposal, clearing the way for the DID specification to be published a W3C Recommendation next month.
The
DID specification describes a way to deploy a globally unique identifier without a centralized authority (eg, Apple
for Sign in with Apple) as a verifying entity.
"They are designed to enable individuals and organizations to generate their own identifiers using systems they trust," the specification explains. "These new identifiers enable entities to prove control over them by authenticating using cryptographic proofs such as digital signatures."
The goal for DIDs is to have: no central issuing agency; an identifier that persists independent of any specific organization; the ability to cryptographically prove control of an identifier; and the ability to fetch metadata about the identifier.
These identifiers can refer to people, organizations, documents, or other data.
DIDs conform to the
URI schema: did:example:123456789abcdefghi. Here "did" represents the scheme, "example" represents the DID method, and "123456789abcdefghi" represents the DID method-specific identifier.
What Google and Mozilla object to is that the
DID method is left undefined, so there's no way to evaluate how DIDs will function nor determine how interoperation will be handled.
"DID-core is only useful with the use of 'DID methods', which need their own specifications," Google
argued. "... It's impossible to review the impact of the core DID specification on the web without concurrently reviewing the methods it's going to be used with."
However, there is a point of centralization: the W3C DID Working Group, which has been assigned to handle dispute resolution over DID method specs that violate any of the
eight registration process policies.
Mozilla argues the specification is fundamentally broken and should not be advanced to a W3C Recommendation.
"The DID architectural approach appears to encourage divergence rather than convergence & interoperability," wrote Tantek Çelik, web standards lead at Mozilla, in
a mailing list post last year. "The presence of 50+ entries in the registry, without any actual interoperability, seems to imply that there are greater incentives to introduce a new method, than to attempt to interoperate with any one of a number of growing existing methods."
Google and Mozilla also raised other objections during debates about the spec last year. As recounted in
a mailing list discussion by Manu Sporny, co-founder and CEO of Digital Bazaar, Google representatives felt the spec needed to address DID methods that violate ethical or privacy norms by, for example, allowing pervasive tracking.
Both companies also objected to the environmental harm of blockchains.
"We (W3C) can no longer take a wait-and-see or neutral position on technologies with egregious energy use," Çelik said. "We must instead firmly oppose such proof-of-work technologies including to the best of our ability blocking them from being incorporated or enabled (even optionally) by any specifications we develop."