- From: Christopher Allen <ChristopherA@blockstream.com>
- Date: Wed, 6 Apr 2016 12:03:34 -0700
- To: w3c-ac-forum@w3.org, public-webpayments-comments@w3.org
- Message-ID: <CA+HTxFdhqt4TPXd0hkrCs78JTXRWmktfnjQmsQv88VcrD+NPdQ@mail.gmail.com>
On Tue, 15 Mar 2016 16:35:39 -0400, Manu Sporny <msporny@digitalbazaar.com> wrote: > This is an *informal* request to review the Verifiable Claims Working > Group charter. This charter is NOT under W3C Membership review yet. > > In short, the work is about expressing and exchanging cryptographically > verifiable proofs of age, driver's licenses, passports, and > educational/professional qualifications via the Web. > > We are sharing this charter now because a few of us that have been > > I am the AC representing Blockstream—we just joined the W3C. So this is my first email to the AC list ;-) Some background: I was the co-author of the TLS 1.0 standard that drives internet commerce security today, so I am long familiar with standards processes and have been successful facilitating them. More recently I also have been working with Oasis XDI standard to help them break some centralized underpinnings that they have identified have prevented their broad deployment. The company I work for, Blockstream, is one of the leading companies in the blockchain space, with some of the top cryptographers and cryptographic engineers in the world. Personally I have multi-decade commitment to identity, for instance I'm on the steering committee for the ID 2020 Summit http://www.id2020.org at the United Nations in May, as well as technical design workshops with some of the top engineers in the world, the next one after the ID 2020 Summit in NYC. Part of the reason that Blockstream has joined W3C is that we are very concerned about architectures of centrality in identity services. We are care deeply about privacy and respect for the human and civil rights of the individual. What the Verified Claims group calls "user-centric" is what we call decentralized self-sovereign identity. We believe that there is a place for centralized approaches, but there is also an increasing need to support decentralized approaches. We wish to support both. One of the responses to this review request suggested that "what is lacking in the proposal is persuasive evidence that yet another standards effort would have a better outcome this time." Unfortunately, the other standards efforts do not emphasize decentralized self-sovereign identity. Yet there is clearly an increasing demand for this that I am seeing in the blockchain community (not just permissionless like Bitcoin, but permissioned efforts by large banks and other fintech institutions). For instance, I've met with IBM about the Hyperledger ledger, and this topic came up several times as problems with existing standards. If not W3C, where? Another response was "some governments are unlikely to trust credentials that are not received directly from the agency responsible for issuing them." That may be true, but our customers are often peers, not governments. This include C2C, B2C, B2B and other relationships. We have significant uses cases for federations of banks across multiple borders that need decentralized solutions where any one government can't issue identity. In the short term, there is some real need for better identity tools for the developer community which can bootstrap this project. We don't need browser support today—long term as we prove what can be done I can see interest from them, but browser support should not be a requirement for moving this WG proposal forward. There was another response that "W3C community should be skeptical of spec efforts that don’t have real skin in the game". Though we have interest in the Web Payments Group, the principal reason why were have joined W3C is to support the Verified Claims project. We anticipate that we will be supporting ~1 FTE engineer and security architect to support these efforts, maybe more. I also have spoken in the last few weeks to some other startups about considering joining W3C to support these efforts. At least 2 are seriously considering it, maybe more. Even though they are startups, like us they have large amounts of VC funding to move forward these efforts. I will also be reaching out to my contacts IBM, Intel, Cisco and other blockchain community members that have W3C membership somewhere else in their organization, to talk with their W3C AC about supporting this effort. Finally, Homeland Security has granted two different organizations SBIR research grants on decentralized identity on the blockchain to companies that I am partnered with. The fact that HS is financing this research is another demonstration that this WG should move forward. -- Christopher Allen
Received on Wednesday, 6 April 2016 19:04:33 UTC