Re: The SSI protocols challenge [Was]: W3C DID Core 1.0 enters Candidate Recommendation stage

Hi Michael,

I think the health credential story is a great one for demonstrating the
fully decentralised privacy preserving aspects of VC/DID - and I'm sure
there are lots of people on this group that are intimately familiar with
that domain.

However the story I need to write is about cross-border trade documents.
Still using VC but kind of on the opposite end of the spectrum

   - the main concern is trust that an issuer and a subject really are who
   they say they are and that the issuer is authorised (typically by the
   exporting regulator) to make the claims.  Since the subject is usually a
   publicly known identifier such as a business tax registration number, there
   is no requirement to hide identity.  in fact it is important that various
   claims are correlatable to the same business ID.  Although ID correlatable,
   these are not public documents and so need to be visible only to the
   parties to whom they are presented and also able to be selectively
   redacted.
   - Claims (ie credentials) often pass through multiple hops from issuer
   to verifier (eg chamber of commerce -> exporter -> freight forwarder ->
   importer -> customs agent -> customs authority).  We can't assume that
   every hop in that chain is VC-aware and technically capable - so we must
   have a seamless blend of human readable credential (eg PDFs with QR) and
   machine readable (json files) credentials.
   - There is no DID in this use case, only VC.  However there "may" be an
   interesting opportunity to look at DID together with an appropriate DID
   method for "things", not people.  The most obvious "thing" is the
   consignment. If a DID could be a UCR (unique consignment reference) and,
   given a DID, the associated VCs could be discovered by authorised parties,
   then there is an interesting use case for DID in cross border trade.

The potential benefit of all this is that the increased trust in the
integrity of digitally verifiable versions of paper not only allows the
industry to drop actual paper (with signatures and wet seals etc) but also
massively uplifts the data integrity from the perspective of the importing
regulator so that cargo from trusted parties can be "green-laned" for
pre-border clearance whilst at the same time improving strike rates on
interventions on illicit cargo.

so i'll be making a business (policy maker) focussed white paper and an
associated video storyboard (similar to manu's rather nice ones on json-ld)
for this use case.  But I'd be keen to share it as I go so that this
community can offer improvement suggestions and also point out any
technical inaccuracies.

kind regards,
steve

On Mon, 29 Mar 2021 at 08:39, Michael Herman (Trusted Digital Web) <
mwherman@parallelspace.net> wrote:

> Jeremy/Steve,
>
>
>
> How about creating fully integrated, *fully decentralized* user stories
> and a solution concept for an end-to-end healthcare claims processing user
> scenario?
>
>
>
> *Healthcare Claim Processing User Scenario*
>
> https://hyperonomy.com/2021/03/28/healthcare-claim-processing-data-flow-user-scenario/
>
> Best regards,
>
> Michael
>
>
>
> p.s. ...or a more limited but equally complex user scenario: an
> end-to-end, fully decentralized Electronic Medical Records (EMR) solution
> for the province of Alberta (including recording and tracking
> vaccinations): https://myhealth.alberta.ca/myhealthrecords
>
>
>
> *From:* Jeremy Townson <jeremy.townson@gmail.com>
> *Sent:* March 26, 2021 4:36 AM
> *To:* Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
> *Cc:* Steve Capell <steve.capell@gmail.com>; Adrian Gropper <
> agropper@healthurl.com>; Manu Sporny <msporny@digitalbazaar.com>; W3C
> Credentials CG <public-credentials@w3.org>
> *Subject:* Re: The SSI protocols challenge [Was]: W3C DID Core 1.0 enters
> Candidate Recommendation stage
>
>
>
> Michael,
>
>
>
> I would subvert the use-case somewhat. Some thoughts on that:
>
>
>
> Erin is clearly a goodie here -- young, attractive, a model citizen we are
> led to think, yet the solution as described puts administrative obstacles
> in her way, which seems contradictory. In most societies today, the right
> to buy a car hinges only on having money in the bank. Yes, one needs a
> licence to drive the car away, but that is a separate matter. The dealer
> will take care of other paperwork, with glee. This need for 'papers'
> reminds me of the mindset in France. That mindset grew, probably for good
> reason, from the occupation and is one that younger French are now shaking
> off.
>
>
>
> If Erin is to be a goodie then, I wonder if it's possible to find
> something genuinely difficult in peoples' lives, which credentials can help
> with? Buying a car is not difficult and, though people love cars, they
> agree the world has too many of them already.
>
>
>
> More generally, in a capitalist/consumerist society, the idea of aiming
> credentials at, of all things, *buying things*, seems to be a non-starter.
>
>
>
> Credentials seem more about *control* and limiting of freedoms. Hopefully
> this is for some global good, in a time where individual responsibilities
> are increasing.
>
>
>
> My recommendation would make Erin a *badie*. Maybe it is a
> not-too-distant, carbon neutral future and Erin is rich, the owner of a
> fleet of muscle cars and hungry for more? Perhaps credentials make this
> harder, allowing policy makers to achieve their internationally agreed
> targets and justifying the sacrifices made by other citizens?
>
>
>
> I love the way Mad Max captures the tendency of people to consume
> ostentatiously that which is scarce. Perhaps the credentials use-cases
> should be less about easing consumption -- a use-case which we can safely
> agree has been perfected -- and more about tackling our rogue mindset?
>
>
>
> Congratulations on producing a document which keeps up with the discussion.
>
>
>
> Regards,
>
> Jeremy
>
>
>
>
>
> On Fri, 26 Mar 2021 at 05:11, Michael Herman (Trusted Digital Web) <
> mwherman@parallelspace.net> wrote:
>
> Steve, attached is the beginnings of a simple, practical, and
> easy-to-understand user scenario explaining Self-Sovereign Identity as
> defined in the TDW Glossary (per your “for example” suggestion).
>
>
>
> The description of the Erin Buys A Car scenario is still pretty technical
> but it’s a start.
>
>
>
> Best wishes and thank you for the inspiration,
>
> Michael
>
>
>
> *From:* Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
> *Sent:* March 20, 2021 3:51 PM
> *To:* Steve Capell <steve.capell@gmail.com>
> *Cc:* Adrian Gropper <agropper@healthurl.com>; Manu Sporny <
> msporny@digitalbazaar.com>; W3C Credentials CG <public-credentials@w3.org>
> *Subject:* Re: The SSI protocols challenge [Was]: W3C DID Core 1.0 enters
> Candidate Recommendation stage
>
>
>
> I'll add an "for example" user scenario to the article after the
> definition for Self-Sovereignty. Thk u for the feedback Steve.
>
> Get Outlook for Android <https://aka.ms/AAb9ysg>
>
>
> ------------------------------
>
> *From:* Steve Capell <steve.capell@gmail.com>
> *Sent:* Saturday, March 20, 2021 2:25:47 PM
> *To:* Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
> *Cc:* Adrian Gropper <agropper@healthurl.com>; Manu Sporny <
> msporny@digitalbazaar.com>; W3C Credentials CG <public-credentials@w3.org>
> *Subject:* Re: The SSI protocols challenge [Was]: W3C DID Core 1.0 enters
> Candidate Recommendation stage
>
>
>
> Hi Michael
>
>
>
> As a contractor to Australian government I deal with policy makers almost
> every day and so I understand both the difficulty and the necessity of
> conveying these concepts to non technical audiences.
>
>
>
> As a sufficiently technical reader, I liked your article. It’s the first
> time I’ve seen that meta-model of the identity domain and, for me, it was
> very helpful.
>
>
>
> However, sadly, I don’t think it will help the policy maker that is not
> used to reading meta models. I usually have more success with storyboards
> that contrast two architectures with real examples. Policy makers don’t
> need to “understand the architecture”.  They need to be able to
> conceptualise how it works through examples to that they can understand the
> policy impacts and opportunities.
>
>
>
> I also need to convey these ideas - both to AU and UN sometime over the
> next month or so. I’ll need to test my communication materials on non
> technical people to ensure the message has worked - and also on expert SSI
> community members to ensure that the message is right. For that latter
> concern, please let me know if anyone in this group is willing to be a
> sounding board
>
>
>
> Kind regards
>
> Steven Capell
>
> Mob: 0410 437854
>
>
>
> On 21 Mar 2021, at 4:47 am, Michael Herman (Trusted Digital Web) <
> mwherman@parallelspace.net> wrote:
>
> 
>
> RE: In prep calls for the panel and other mentions of our work, the
> “Self-Sovereign Identity” concept is treated as controversial. In a recent
> major webinar about mandated protocols by the US regulators themselves,
> they referred to “Distributed Identity”.
>
>
>
> I’m trying to address the same issue wrt what is “Self-Sovereign Identity”
> / “SSI” at its very core.
>
>
>
> Check out: https://hyperonomy.com/2021/02/01/ssi-unconscious-contractions/
>
>
>
> I’m looking for additional people who share a similar perspective.
>
>
>
> Best regards,
>
> Michael
>
>
>
> *From:* Adrian Gropper <agropper@healthurl.com>
> *Sent:* March 20, 2021 8:58 AM
> *To:* Manu Sporny <msporny@digitalbazaar.com>
> *Cc:* W3C Credentials CG <public-credentials@w3.org>
> *Subject:* The SSI protocols challenge [Was]: W3C DID Core 1.0 enters
> Candidate Recommendation stage
>
>
>
> It is indeed a big deal and cause for celebration.
>
>
>
> From my perspective the next challenge is to get the protocols right from
> a human-centered and community perspective.
>
>
>
> For an example of that challenge, on March 30 I’m on a Digital Credentials
> panel at the ONC (US Federal healthcare regulator) Annual Meeting. In prep
> calls for the panel and other mentions of our work, the “Self Sovereign
> Identity” concept is treated as controversial. In a recent major webinar
> about mandated protocols by the US regulators themselves, they referred to
> “Distributed Identity” :-?
>
>
>
> Let us celebrate and consider the Fun times ahead....
>
>
>
> Adrian
>
>
>
> On Sat, Mar 20, 2021 at 10:16 AM Manu Sporny <msporny@digitalbazaar.com>
> wrote:
>
> Hi all,
>
> Decentralized Identifiers (DIDs) v1.0 has reached the Candidate
> Recommendation
> stage at W3C. The current specification can be found here:
>
> https://www.w3.org/TR/2021/CR-did-core-20210318/
>
> This is a major milestone in the W3C global standards process. It marks the
> start of a period of 1-4 months where the official W3C Working Group has
> communicated that it is done with all features in the specification.
>
> The W3C DID WG has also communicated that the specification is stable
> enough
> to collect implementation experience from the global implementer community.
> Once the WG collects enough implementation experience, it may then make
> final
> adjustments before publishing the v1.0 global standard, which is expected
> at
> the end of September 2021.
>
> I have attached an image with an (unofficial) graphical depiction of the
> DID
> standards history and expected future timeline.
>
> Congratulations to everyone that contributed to get us to this point; this
> is
> a big deal and cause for celebration. :)
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches
>
>

-- 
Steve Capell

Received on Sunday, 28 March 2021 22:04:49 UTC