Skip to content
This repository has been archived by the owner on Oct 29, 2019. It is now read-only.

Replace "owner" with "controller" #102

Merged
merged 1 commit into from
Jan 22, 2019
Merged

Conversation

jandrieu
Copy link
Contributor

@jandrieu jandrieu commented Sep 15, 2018

In addressing #101, it was clear that ownership and owner were used throughout despite the problems cited in the issue: namely that proof of control does not establish ownership, just control.

This PR adjusts the language from owner to controller for better accuracy and understandability, both in the spec-text and in the field name.


Preview | Diff

In addressing #101, it was clear that ownership and owner were used throughout despite the problems cited in the issue: namely that proof of control does not establish ownership, just control.

This PR adjusts the language from owner to controller for better accuracy and understandability, both in the spec-text and in the field name.
@jandrieu
Copy link
Contributor Author

@dlongley I'm not sure what you're getting at with LD Signatures and the "owner" property. With all respect, that's an emergent draft that isn't on the W3C standards track https://w3c-dvcg.github.io/ld-signatures/ . Although it is a fine foundation for our work, I have a hard time with an argument that a current draft of a non-standards track spec should be read in as "required" and immutable. I would like to think that any lessons learned in the CCG would fold into the next iteration of LD Signatures. Which is to say if we've figured out a clearer, better way to name things, I hope the LD Signatures spec will consider it for adoption.

You make the argument that "The "owner"/"controller" property is on the key, not the DID", but the section on "Binding of Identity" (7.2) makes it fairly clear that "owner" is about DID itself, the identity referred to by the DID, and the key. It is precisely this kind of catch-all use of "owner" and "identity owner" that creates ambiguity and leads to confusion. You can't use a term in one place as glue that holds it all together, then later argue that you only mean it in a limited, single way.

You also say "I don't expect most software developers to see a significant difference between any of those terms." I agree. This is the bane of the industry and the focus of my core work on identity in the last few years: helping all of us speak more clearly and more rigorously because the unrigorous vernacular we use in the industry makes it nearly impossible to have meaningful conversations outside the identerati and those indoctrinated into the jargon-driven tech world. And even within that world, people keep chasing incomplete and unsatisfactory solutions because they build before they fully understand the scope, consequences, and subtlety of how identity manifests, both digitally and in the real world.

IMO, this is precisely when we should lock down this distinction, before we start more widely promoting the work and confusing even more people.

Also, it should be noted that DID ledger implementations are moving forward and will be ahead of even the creation of a WG at W3C. This is quite often the case for standards; a standard isn't always (some may even say rarely) done and out the door before anyone implements it.

That is exactly correct. The specification is not finished. The implementations are not finished. Both will continue to change and both should expect to handle those changes. Certainly, you aren't arguing that Digital Bazaar's implementation should be accepted whole hog without debate or improvement. (I trust your character, Dave. I know that's not what you expect.)

Figuring out how to create a specification that combines the best of what we all bring to the table is why we are here. Of course there will be changes. The question is whether or not we--as a collaborative conversation--are willing to learn from well over a decade of hard-earned lessons on identity from the user-centric identity movement or if we're going to arbitrarily defend early iterations because the initial proof of concepts implemented their version a particular way.

For a great example of the difficulty with "ownership" as a term of consensus, especially wrt identity, there's probably no better reference than the progress-halting meltdown of this conversation:
WebOfTrustInfo/self-sovereign-identity#6

Property, and therefore ownership, is a result of the social contract. Until one yields personal power to the public good to protect property from arbitrary theft, possession--not ownership--defines who gets to use what resources. Property and ownership proceed from the social contract and therefore depend on the yielding of sovereignty to social institutions.

In contrast, identity, like language, is innate to human cognition. It predates the social contract and, in fact, may even be necessary for it. Any system that subjugates identity to the social contract robs the individual of fundamental freedoms. Since identity both predates and precludes strict notions of ownership, architectures which depend on "ownership" as a model for individual agency are deeply flawed.

In contrast, "controller" is precisely functional and carries no baggage of the social contract nor human cognition. Either you can control a thing or you can't. It's clear, simple, and free of political and emotional baggage.

Since the specification is to enable functional use of DIDs rather than advocate a political or ideological argument for or against identity ownership, I think we'd do better to use the functional term "controller" rather than the loaded and controversial term "owner".

I also believe it will have a much better chance of earning the support of a wider audience in the W3C and the non-technical world now diving headlong into building, regulating, and using digital forms of identity.

@msporny
Copy link
Contributor

msporny commented Sep 17, 2018

@jandrieu wrote:

Although it is a fine foundation for our work, I have a hard time with an argument that a current draft of a non-standards track spec should be read in as "required" and immutable.

You're missing one of @dlongley's points. He's saying that Mastodon shipped Linked Data Signatures (the current wobbly spec) to 1.63 million users. So, whether we like it or not, that version of the spec exists now and we are busy supporting it. The change you're suggesting, which I'm taking no position on currently, would require Digital Bazaar (and all other implementers) to support two different code paths which may result in security attacks that we haven't considered yet... so there is a cost to switching, and to those 1.63 million people (and the people that develop for them).

I think you're making some good points in this thread... just make sure you're understanding @dlongley's points fully as well.

@jandrieu
Copy link
Contributor Author

@msporny Fair enough. I recognize there may be some non-trivial switching costs. IMO, better to incur that now before we deploy to another million users, or 10 million, or more.

@ChristopherA
Copy link
Contributor

ChristopherA commented Sep 17, 2018 via email

@jandrieu
Copy link
Contributor Author

@dlongley Another reference to the complications of using "owner" in reference to data, especially in the context of identity, recently popped up on the VRM list. That thread pointed to a current article by Elizabeth Renieris and Dazza Greenwood.  Worth reading.
https://medium.com/@hackylawyER/do-we-really-want-to-sell-ourselves-the-risks-of-a-property-law-paradigm-for-data-ownership-b217e42edffa

@OR13
Copy link

OR13 commented Jan 11, 2019

Seems like controller won out... https://github.com/digitalbazaar/jsonld-signatures/pull/45/files

Can we adopt this change? or make it clear which version of jsonld / jsonld signatures this spec is based on that uses the term controller?

@dlongley
Copy link
Contributor

dlongley commented Jan 15, 2019

Seems like controller won out... https://github.com/digitalbazaar/jsonld-signatures/pull/45/files

Can we adopt this change? or make it clear which version of jsonld / jsonld signatures this spec is based on that uses the term controller?

I'm +1 to adopting "controller" now -- and as you can see above our implementation of LD signatures/proofs has adopted that term and added backwards compatibility support for "creator". There are a number of other terminology changes related to this that will be discussed on an upcoming CCG call.

Related to w3c-ccg/community#50.

@mwherman2000
Copy link

mwherman2000 commented Jan 15, 2019

When we consider Things (e.g. cars, pets, houses, business documents, products, assemblies, parts, etc.) in addition to Actors (e.g. Persons, Organizations, Software Agents), how does this influence the choice of Owner vs. Controller? ...Things and ownership is an important scenario that is not addressed well in the current draft DID spec and the current topic is very relevant to rectifying this situation.

image

Diagram reference: https://hyperonomy.com/2019/01/13/hyperledger-indy-sovrin-comprehensive-architecture-reference-model-arm/

@rhiaro rhiaro added needs new pr Concept is good but a clean PR is needed eg. to remove conflicts and removed needs new pr Concept is good but a clean PR is needed eg. to remove conflicts labels Jan 22, 2019
@dmitrizagidulin
Copy link

(👍 from me on this PR)

@rhiaro
Copy link
Member

rhiaro commented Jan 22, 2019

Merging; the group has consensus around this change.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants