RE: Digital Press Passes and Decentralized Public Key Infrastructures

>>>>> Two other projects in the VC space come to mind that might be worth looking into:
GLEIF<https://wiki.trustoverip.org/display/HOME/Ecosystem+Working+Group+Files?preview=%2F66630%2F67146%2FAccelerating-Digital-Identity-with-the+LEI_ToIP-Ecosystem-Foundry_WG_v1.0_final+.pdf> -

I'm chatting with Karla McKenna at GLEIF. VCs are (AFAIK) part of the vLEI roadmap.

Best regards,
Jim
_______________
[cid:image001.png@01D77D52.0DCDCB60]
Jim St.Clair
Chief Trust Officer
jim.stclair@lumedic.io<mailto:jim.stclair@lumedic.io> | 228-273-4893
Let's meet to discuss patient identity exchange: https://calendly.com/jim-stclair-1

From: steve.e.magennis@gmail.com <steve.e.magennis@gmail.com>
Sent: Tuesday, July 20, 2021 8:46 AM
To: 'David Chadwick' <d.w.chadwick@verifiablecredentials.info>; 'Adam Sobieski' <adamsobieski@hotmail.com>; public-credentials@w3.org
Subject: RE: Digital Press Passes and Decentralized Public Key Infrastructures

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Two other projects in the VC space come to mind that might be worth looking into:

  *   GLEIF<https://wiki.trustoverip.org/display/HOME/Ecosystem+Working+Group+Files?preview=%2F66630%2F67146%2FAccelerating-Digital-Identity-with-the+LEI_ToIP-Ecosystem-Foundry_WG_v1.0_final+.pdf> - this is an ecosystem with a globally authenticated list of orgs, think distinctly, and unequivocally known publishers (sans reputation), they are potentially extending into named individuals within those orgs, think writer(s). This could help solve the problem of easily and confidently distinguishing John Smith at Reuters from John Smith at Reuterzz.
  *   Internet of Research<https://wiki.trustoverip.org/display/HOME/Internet+of+Research+Ecosystem+Task+Force>: This group is tackling the issue of scholarly publications which need to be very clear about authentic authorship, recognizable publication and citations of published works. Maybe more granular than you need in some ways, and maybe less granular than you need in others, but worth a look.

Happy to help with intros if interested in either.
-Steve

From: David Chadwick <d.w.chadwick@verifiablecredentials.info<mailto:d.w.chadwick@verifiablecredentials.info>>
Sent: Tuesday, July 20, 2021 5:28 AM
To: Adam Sobieski <adamsobieski@hotmail.com<mailto:adamsobieski@hotmail.com>>; public-credentials@w3.org<mailto:public-credentials@w3.org>
Subject: Re: Digital Press Passes and Decentralized Public Key Infrastructures



On 20/07/2021 13:10, Adam Sobieski wrote:
David,
Scott,

It sounds like W3C VC's can equip organizations (e.g., https://www.google.com/search?q=journalism+organizations) with the capability to issue and revoke "digital press passes" per their own policies, codes of ethics, and procedures.

As for the W3C VC models not being limited to the journalism domain, these same technologies could equip ACM, IEEE, and AAAI with the means of issuing, beyond membership-related credentials, credentials which represent compliance with their ethical codes.

Broadly, then, under discussion are the matters of equipping professional organizations with the means of issuing and revoking membership-related credentials and credentials which indicate compliance with the organizations' policies and/or codes of ethics.


yes, correct


Brainstorming and exploring the topic, we might also envision decentralized systems

it depends what your definition of decentralised is, as it can encompass several different functionalities. If you mean that issuers need DIDs, then no, they can have standard X.509 signing certificates. If you mean that blockchains are needed, again no, they are not essential. The only decentralised feature I have found to be essential is that users can create their own asymmetric key pairs (as many as they need).

What is clear (and all the decentralised people agree with this), is that every SSI system today needs centralised systems in order to function at all on the Internet.

Kind regards

David
which allow, beyond issuing and revoking credentials, the capability to warn organizations and individuals. That is, we might consider that a "digital press pass" could be in states including: valid, warned, and revoked. If it is possible to add warnings to VC systems, we could envision the UX in Web browsers with a green news symbol for valid, a yellow news symbol for warned, and a red error news symbol for revoked. These graphical symbols could be placed next to the lock symbol in the left of the URL address bar, before the URL text.


Best regards,
Adam

From: David Chadwick<mailto:d.w.chadwick@verifiablecredentials.info>
Sent: Tuesday, July 20, 2021 6:19 AM
To: public-credentials@w3.org<mailto:public-credentials@w3.org>
Subject: Re: Digital Press Passes and Decentralized Public Key Infrastructures


Hi Scott
On 19/07/2021 22:47, Scott Yates wrote:
Adam, (and friends),

I looked really hard at a PKI solution for a long time, and the downsides were insurmountable..

PKI does not propose to tell you who is press and who is not. It was never designed to do this. From the outset PKI was designed to bind an identifier to a public key for authentication purposes, that's all. PMI is what you were looking for (X.509 attribute certificates) e.g. as we implemented in the PERMIS open source code. But now, we have switched to W3C VCs as a better way of telling you who is a member of the press or not.

The other ingredient you need is something like the TRAIN API which tells you if the issuer of the "press VCs" is trusted to do this or not. We have this built into our VC eco system.

Probably the biggest problem that you can't get around is: Who decides who is in and who is out?
The answer is simple. The verifier does. But it can delegate this task to a TTP if it wants e.g. the TRAIN API, or it can have its own list of trusted issuers.


After beating my head against the wall for a couple of years, I came up with trust.txt. It's a text file in the tradition of robots.txt and ads.txt. In that file, press associations list their members, and members list their associations.

This is exactly what we do with the TRAIN API and VCs. Issuers (members in your terminology) put a ToU property in the VCs they issue listing the associations they are affiliated to. The verifier passes the association and issuer to the TRAIN API and it returns true or false to this affiliation.



For example, the Texas Press Association's file is here: https://www.texaspress.com/trust.txt and the file for a small weekly paper in Hays has its file here: https://haysfreepress.com/trust.txt

With those, anyone can build a crawler and an algo to get confirmation about who belongs to whom.

No one body has to decide who is "press" and who is not. Groups on their own decide who is a member, and it's up to the platforms to interpret the signal and decide that the Hays Free Press is just a bit more trustworthy because they at least know that it belongs to the TPA.

I'm now rolling this out to press and broadcasting associations in the U.S., and hope to go international starting in the fall.

Sounds very good. Well done.



After studying it for a long long time, I think this is as close as we can get to a "digital press pass" that is consistent with the First Amendment and an open, decentralized web.

I agree. And the model is not limited to press passes but to any VCs in any domain

Kind regards

David

-Scott Yates
Founder
JournalList.net<http://JournalList.net>, caretaker of the trust.txt framework
202-742-6842
Short Video Explanation of trust.txt<https://youtu.be/lunOBapQxpU>


On Mon, Jul 19, 2021 at 3:23 PM Adam Sobieski <adamsobieski@hotmail..com<mailto:adamsobieski@hotmail.com>> wrote:
Credible Web Community Group,
Credentials Community Group,

I would like to broach the topic of "digital press passes" towards a more credible web.

As envisioned, "digital press passes" could be provided to organizations and individuals utilizing decentralized public key infrastructure.

Webpages could include URLs to their "digital press passes" in link elements (<link rel="press-pass" href="..." />). This information could also be encoded in documents in a manner interoperable with Web schema. News content could be digitally signed by one or more "digital press passes".

Upsides include: (1) end-users and services could configure which certificate authorities that they desired to recognize, (2) end-users could visually see, in their Web browsers, whether displayed content was from a source with a valid "digital press pass", (3) news aggregation sites could distinguish content digitally signed by "digital press passes", (4) social media websites could visually adorn and prioritize shared content which is digitally signed by "digital press passes", (5) entry for new news organizations and recognition as such by existing services would be simplified, e.g., a new newspaper organization, the new news organization would need to obtain a "digital press pass" from a certificate authority.

Downsides include: impact on citizen journalism, where users other than journalists desire to publish or distribute news content.

Have these ideas been considered before? Any thoughts on these ideas?


Best regards,
Adam Sobieski

P.S.: https://meta.wikimedia.org/wiki/Wikifact

Received on Tuesday, 20 July 2021 15:29:19 UTC