RE: Digital Press Passes and Decentralized Public Key Infrastructures

How feasible is it for every SMB, student, patient, etc. on the planet to host the equivalent of the Sovrin network (as an example)?

From: David Chadwick <d.w.chadwick@verifiablecredentials.info>
Sent: July 24, 2021 8:31 AM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>; public-credentials@w3.org
Subject: Re: Digital Press Passes and Decentralized Public Key Infrastructures


Could you please be more specific about what you mean by "the current issuer model doesn't scale". What model do you have in mind, and why doesn't it scale

Kind regards

David
On 24/07/2021 08:23, Michael Herman (Trusted Digital Web) wrote:
David,


  1.  My only concern is Issuers …not Verifiers …because that Verifies don’t need any significant infrastructure, if any, to operate.  An SMB, student, patient, etc. can easily act as a Verifier with very little software (e.g. a query to a VDR).
  2.  Knowing each other hasn’t been part of this conversation
  3.  For a single conference, there may be hundreds or 10s of thousands of Verifiers: every attendee, every exhibiting company, every member of the exhibiting team, security personnel, EMS/medical personnel, caterers, etc. may be Verifiers in one context or another …but again, I’m not referring to Verifiers in my context.
  4.  For a particular event (e.g. a specific conference), I can’t imagine a scenario where there would be more than 1 Press Pass Issuer (aka Press Pass Office/Authority for this particular event).
  5.  Each event is scalable from an Issuer perspective but when you look at the grand total of Issuers across all events globally for a reasonably long period of time, the current Issuer model doesn’t scale …unless we progress to having “Issuer services providers” …but these are what I’m calling VC Notarization Providers whose use is triggered by an Originator and the actual attestation/notarization is performed by a Notary.

Michael

From: David Chadwick <d.w.chadwick@verifiablecredentials.info><mailto:d.w.chadwick@verifiablecredentials.info>
Sent: July 23, 2021 2:33 AM
To: public-credentials@w3.org<mailto:public-credentials@w3.org>
Subject: Re: Digital Press Passes and Decentralized Public Key Infrastructures


Hi Michael

I think you are missing the bigger picture. Whilst it is true there will be thousands or millions of issuers and verifiers, they don't all need to know about each other. For a single conference or there might only be a single verifier (the venue) and a single ticket issuer. So they can easily configure this into their eco-system as part of the conference set up. In terms of press passes, there will only be the local and national press issuers that will be needed. They wont need to know about the millions of other local press pass issuers in other parts of the country or abroad. So each event is easily scalable.

Kind regards

David
On 23/07/2021 02:50, Michael Herman (Trusted Digital Web) wrote:
Getting into the semantics/applications of press passes, …

Press passes are often issued by thousands and thousands perhaps millions of individual events each year to already credentialed members of the different domains of press/journalists (e.g. political speeches, product announcements/launches, conferences of all sorts, emergency responses, cruise ships, vacation destinations, etc.).  The implication is: will each organizing committee will need to become their own Issuer?  …10s of thousands or millions of Issuers over the course of several years.  It’s not practical.  The current Issuer model doesn’t scale.

Again, this is where I think the Originator-Notary VC Notarization model might be a good fit.

Michael

From: steve.e.magennis@gmail.com<mailto:steve.e.magennis@gmail.com> <steve.e.magennis@gmail.com><mailto:steve.e.magennis@gmail.com>
Sent: July 22, 2021 7:24 PM
To: 'Alan Karp' <alanhkarp@gmail.com><mailto:alanhkarp@gmail.com>; 'Bob Wyman' <bob@wyman.us><mailto:bob@wyman.us>
Cc: 'Annette Greiner' <amgreiner@lbl.gov><mailto:amgreiner@lbl.gov>; public-credibility@w3.org<mailto:public-credibility@w3.org>; public-credentials@w3.org<mailto:public-credentials@w3.org>
Subject: RE: Digital Press Passes and Decentralized Public Key Infrastructures

+1

I’m rapidly coming to the conclusion that from a technology perspective all we can really do is surface information to help verifiers (and to a lesser extent holders) come to their own conclusion about trusting issuers. I also believe that surfacing copious information is not necessarily better. If I fabricate shower curtain rings, I pretty much already know who the main suppliers of plastic stock are and they don’t change that often. Maybe 5% of the time I will come across someone new. I concede there are use cases where issuers and verifiers are so dynamic that it is always just a mosh pit of untrusted interactions. If this is the core use case being sought (e.g. social media, blogging, etc.) , then I will happily get on board and be very eager to see where that takes us, but I think that use case comes with unique characteristics that should be seen as disproportionately important to it.

The second point I’ll make is that you can’t throw a proverbial rock in any direction and not hit an organization who’s primary business model is maintain a list of ‘who can be trusted to do X.’ Industry groups, ISO certification, educational certifications, accounting, health and food safety. Standards, memberships, audits, legal recourse. I honestly don’t know much about the publishing industry and what industry groups attempt to set and uphold journalistic standards, or how effective they are especially today when the industry is trying to transform itself while undergoing pretty significant decentralization and shift in incentives and revenue. Maybe the trust ecosystem in journalism writ large is just overwhelmed by the rush that came from lowering the barrier to publish so much. Looking forward to following this.

</soap boxing complete>
-S

From: Alan Karp <alanhkarp@gmail.com<mailto:alanhkarp@gmail.com>>
Sent: Thursday, July 22, 2021 1:56 PM
To: Bob Wyman <bob@wyman.us<mailto:bob@wyman.us>>
Cc: Annette Greiner <amgreiner@lbl.gov<mailto:amgreiner@lbl.gov>>; public-credibility@w3.org<mailto:public-credibility@w3.org>; public-credentials@w3.org<mailto:public-credentials@w3.org>
Subject: Re: Digital Press Passes and Decentralized Public Key Infrastructures

Trust is contextual.  I trust my bank with my money but not my children.  I trust my sister with my children but not my money.

--------------
Alan Karp


On Thu, Jul 22, 2021 at 1:47 PM Bob Wyman <bob@wyman.us<mailto:bob@wyman.us>> wrote:
Annette,
You wrote: "A list of who’s trusted and who isn’t would need to include who is trusted _in_what_context_."
This reminded me of a recent discussion on StackExchange of "How is it possible that [insert known crackpot] has articles published in Peer-Reviewed Journals?<https://academia.stackexchange.com/questions/170795/how-is-it-possible-that-insert-known-crackpot-has-articles-published-in-peer-r>"
Of course, the response provided by many was that we shouldn't be surprised when someone is an expert in one context but a complete crackpot in others. (A classic example might be Hollywood actors who are often asked to expound on world affairs... Who imagines that that might be useful?)

The reality is that we can't ever say with confidence that "X is credible," rather, the best we could ever say is that "When X speaks about Y, X should probably be considered credible" and even then, we'd need to be careful to specify the time period during which we should ascribe credibility. As Buffy<https://academia.stackexchange.com/users/75368/buffy> commented on StackExchange: "someone who has done important work early on [in their career] can become a crank later in life." And, we should consider the "stopped clock" syndrome mentioned by Graham<https://academia.stackexchange.com/users/43789/graham>: Some statements may have been very credible at the moment that they were made even though later evidence or paradigm shifts made them less credible. (Should one be considered "credible" if what they said was once credible but now is no longer credible?)

bob wyman

On Thu, Jul 22, 2021 at 3:49 PM Annette Greiner <amgreiner@lbl.gov<mailto:amgreiner@lbl.gov>> wrote:
One important angle on this question is the context of a statement. A list of who’s trusted and who isn’t would need to include who is trusted _in_what_context_. For example, a physician who specializes in dermatology cannot prima facia be taken as an authority on heart transplants, nor vice versa. Part of the misinformation landscape we’ve seen of late is characterized by people getting credit for roles in which they have no expertise because they have credit in some other high-profile role. It would be a serious error on our part to develop a mechanism of people generating lists of those who they consider trustworthy without reference to context.
-Annette

On Jul 21, 2021, at 9:21 PM, Bob Wyman <bob@wyman.us<mailto:bob@wyman.us>> wrote:

The best answer to the question "Who decides who is in and who is out?" is probably "Who cares? Do whatever feels good." The important thing in building a curated list is to simply build it.