W3C home > Mailing lists > Public > public-credentials@w3.org > May 2019

Re: Trust in Issuers (was: Materials from 2019-04-11 combined DID Spec and DID Resolution Spec meeting)

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Wed, 8 May 2019 09:11:29 +1000
Message-ID: <CAM1Sok2oP8Mf76Mv_vT+cbah9vdX7NbrSFtVceFL+YtLz7AisQ@mail.gmail.com>
To: Adrian Gropper <agropper@healthurl.com>
Cc: Brent Zundel <brent.zundel@evernym.com>, Carlos Bruguera <carlos@selfkey.org>, Daniel Hardman <daniel.hardman@evernym.com>, David Chadwick <D.W.Chadwick@kent.ac.uk>, "=Drummond Reed" <drummond.reed@evernym.com>, Credentials Community Group <public-credentials@w3.org>
I've been out of the loop for a bit.  Had a few thoughts, so I decided to
note them.

If I had more time, I'd write a shorter email.

From a rating of 1 to 10, what's the semweb skills matrix look like
nowadays?

Is.There an on-boarding resource for those who need a little help?

https://rubenverborgh.github.io/WebFundamentals/
https://www.webizen.net.au/resource-library/book-library/

re: health,  Snomed-ct is in rdf, for instance, so whilst seeking to set
aside topological differences, for now,

It's kinda important that the opportunity matrix for various types of
implementation methods is known to be diverse, potentially fractal, and
certainly also elevated in terms of granularity,

Whilst noting my fixed belief, that the solutions for a reality engine,
rather than a reality distortion engine of any kind, brings about a scope
of works that is not simply technical (w3/ietf standards) in nature, where
I would assume, some of these sorts of concerns would be better triaged, in
a basis that the available open, patent pool protected royalty-free
standards offer a range of alternatives that may be elected for use to
address particular use cases, whilst maintaining some sense of core
principles considered to be of universal importance.

Therein also,

Is there now clarity about the primary or secondary role considered to
apply to life and the natural world in the primary (knowledge based
economy); or conversely, persona ficta, and the supply of means to aid in
the consumption of things of the natural world (resource based economy),
and/or,

Is one set of sensemaking "Tool production" strategies, for our future,
diminishing in any way the opportunity to innovate, as required for various
reasons including those of economic and natural world sustainability;

Fwiw, I realised recently that one of the issues silos held by "persona
dicta" has in being made useful, is that "privacy" doctrines / laws, often
prevent a group of organisations from sharing point data as to evaluate
complex issues.

I learned this from research some years ago, that sought to forge
academically useful statistics to.investigate any relationship significant
life events may have with suicide.  Certainly not an area where "privacy"
should trump "dignity".

What I later figured out, wasthat these models that seek to help consumers
aggregate their personal data from multiple silos, as to "take ownership"
(and or "sell") that data, would in turn provide a solution to this
otherwise impossibly difficult predicament of not.being able to do, data
matching, across multiple datasets wwithout express permission from the
data subjects.

My modelling, wouldn't required people to sell their data at all, that's no
what I'm projecting to be "the breakthrough" for humanity and It's
socioeconomic environments in this emergent "ai empowered" next stage.

Nonetheless,

Within this community devoted to forming useful w3c royalty-free standards,

My experiences have led me to consider that the most.important thing here,
is the ability to define flexible, member backed specs that can clear the
rather tremendous hurdles involved, in delivering something useful, that
may then be used by world to demonstrate different works of art, and that
whilst marker forces then play a role in weird and complex ways,

Standards should be made available by practice means that does not act to
subvert any potentially good, option.

Therein, I consider a past debate about whether to use the term
"blockchain", because it was simplier, or to use dlt, as it was more
broadly able to be used (which at that time, was a consideration about the
future and theI various technical vs. commercial influences, on
documentation in particular); I now reflect on these discussions and their
impact on ecosystems globally.  I was recently led to believe some
jurisdictions now have law relating to blockchains, but not DLTs?

I believe a more.present problem in places like china may include the right
to work online, whlist a far broader problem would be the right to be paid
for work done online, the right to a safe workplace when working online.

From exodus, to the 8 hour work movement (
https://en.wikipedia.org/wiki/Eight-hour_day )

Fairly sure it's options we need today, standards are important for
economies, sovereign nations and their citizens (Inc. Personhood, agency,
rule of law related apparatus, etc) alongside trade and the apparatuses
required to support our collective means to solve serious problems,
worldwide, in a timely manner.

Nonetheless, I guess instrumental, it gets down to whether and how these
works support the functional requirements needed by natural actors to make
us of it, as part of their reality engine.

So long as the functional requirements to do so are supported, for the
purpose of intended scope as does relate to this body of work, noting also
the desires to enshrine as fundamental human right the online open
standards, royalty-free tooling required to be provided to natural persons
in a manner that renders meaningful protection for freedom of thought,

Then, I don't think it matters what the bad guys do,

I'm strongly of the view that artificial things exist to provide meaningful
service to things of the natural world.

If the environment is made toxic. It's also made inhospitable.  Cycle of
life stuff

Whilst i think, there's some fairly incredible evidence built upon quantum
physics stuff, I won't bore anyone with it further,

Other than to summarise by saying, I don't think the issue you have raised
is something to be concerned about.

There are always issues, but I don't think, at this stage, the one you've
highlighted is one of those issues, and that your illustrative examples do
not relate well, to whether or not the verifiable claims and related specs,
support an array of use cases; including many ontological defined practice
examples that could be used to address your concerns more directly.

Noting again, fwiw, checkout solid.

Timo.

On Wed., 8 May 2019, 7:34 am Adrian Gropper, <agropper@healthurl.com> wrote:

> The issue of surveillance across contexts boils down to self-censorship.
> China's social credit scoring is the extreme example but Facebook in the US
> is really no different. Once we allow our activities in one context to be
> used in another context then we need to worry that we will be asked for our
> Facebook login when we ask for a visa or seek employment.
>
> Adrian
>
> On Tue, May 7, 2019 at 2:44 PM Timothy Holborn <timothy.holborn@gmail.com>
> wrote:
>
>> Why not multimodal?
>>
>> Or did I miss that part of the functional spec, being discussed...?
>>
>> There are use cases where tracking the use of a verifiable claim is as
>> important as the claim itself, for various reasons, including protection
>> from scope-creep.
>>
>> Noting also, I am.firmly of the view that solid interoperability is
>> essential.
>>
>> Timo.
>>
>> On Wed., 8 May 2019, 4:18 am Brent Zundel, <brent.zundel@evernym.com>
>> wrote:
>>
>>> Carlos,
>>>
>>> The problem is not that issuers must be trusted (they must). The problem
>>> with the business model is that it is predatory. It allows the worst abuses
>>> of surveillance capitalism to continue, under the guise of self-sovereign
>>> identity.
>>> As I see it, once a credential has been issued it is not the issuer's
>>> business how I use that credential. Let's say I have been issued a
>>> credential asserting my national citizenship (such as a passport), then use
>>> my credential to prove my address so that I can join a local gardening
>>> club. Is it the passport issuer's business that I like gardening? Let's say
>>> my bank issues me a credential asserting my account information, then I
>>> use that credential to set up automatic donations to my church. Is it the
>>> bank's business which church I attend?
>>> A credential revocation scheme that requires the issuer be contacted in
>>> order to verify the current revocation status of the credential allows the
>>> issuer to track every use of that credential.
>>> Revocation schemes such as Sovrin's do not require the issuer to be
>>> contacted to check the revocation status of the credential. They also do
>>> not require public revocation lists. They allow for proofs on
>>> non-revocation that reveal nothing other than whether a credential has been
>>> revoked.
>>>
>>> On Sun, May 5, 2019 at 8:35 PM Carlos Bruguera <carlos@selfkey.org>
>>> wrote:
>>>
>>>> Why is it a problem that credential issuers establish business models
>>>> such as the one described? In what manner does it threat self sovereign
>>>> identity? In the end, trusting the issuers is *always* required as far
>>>> as I know, and DIDs still allow for other types of credentials not
>>>> requiring to rely on these issures... Perhaps I don't fully understand the
>>>> example. In what manner do revocation schemes (such as Sovrin's) disallow
>>>> such use cases? Also, shouldn't the credential issuers always be able to
>>>> set arbitrarily long (or perhaps even null) expiration times?
>>>>
>>>> Regards,
>>>> Carlos
>>>>
>>>> On Wed, Apr 17, 2019 at 4:43 PM Daniel Hardman <
>>>> daniel.hardman@evernym.com> wrote:
>>>>
>>>>> Agreed.
>>>>>
>>>>> On Wed, Apr 17, 2019 at 1:58 AM David Chadwick <
>>>>> D.W.Chadwick@kent.ac.uk> wrote:
>>>>>
>>>>>> But this does not stop others from using the back door! The back door
>>>>>> should be bricked up.
>>>>>>
>>>>>> On 16/04/2019 18:52, Daniel Hardman wrote:
>>>>>> > Right. This is why Sovrin went down the road of testing revocation
>>>>>> with
>>>>>> > a cryptographic accumulator instead of a conversation back to the
>>>>>> issuer.
>>>>>> >
>>>>>> > On Tue, Apr 16, 2019 at 2:49 AM David Chadwick <
>>>>>> D.W.Chadwick@kent.ac.uk
>>>>>> > <mailto:D.W.Chadwick@kent.ac.uk>> wrote:
>>>>>> >
>>>>>> >     The current FIM
>>>>>> >     model places the IdP at the centre of the ecosystem, which is
>>>>>> ideal for
>>>>>> >     Google tracking users and capturing data. VCs do not do this.
>>>>>> >
>>>>>> >     However, the current VC data model gives Google a back door for
>>>>>> this as
>>>>>> >     follows:
>>>>>> >
>>>>>>
>>>>>
>
> --
>
> Adrian Gropper MD
>
> PROTECT YOUR FUTURE - RESTORE Health Privacy!
> HELP us fight for the right to control personal health data.
> DONATE: https://patientprivacyrights.org/donate-3/
>
Received on Tuesday, 7 May 2019 23:12:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:49 UTC