RE: The SSI protocols challenge [Was]: W3C DID Core 1.0 enters Candidate Recommendation stage from Michael Herman (Trusted Digital Web) on 2021-03-28 (public-credentials@w3.org from March 2021)

From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
Date: Sun, 28 Mar 2021 23:23:14 +0000
To: steve capell <steve.capell@gmail.com>
CC: Jeremy Townson <jeremy.townson@gmail.com>, W3C Credentials CG <public-credentials@w3.org>
Message-ID: <MWHPR1301MB2094ED341EBA2DB64F5FA01FC37F9@MWHPR1301MB2094.namprd13.prod.outlook.>
One of the first cross-border trade scenarios executed on a blockchain was this one:


  *   https://www.feednavigator.com/Article/2018/01/25/Louis-Dreyfus-in-industry-first-blockchain-based-soy-deal

  *   https://www.financemagnates.com/cryptocurrency/news/first-blockchain-based-agricultural-commodity-trade-completed/


…pre-VC/DID …barebones on a blockchain.  Letters of credit, etc.

From: steve capell <steve.capell@gmail.com>
Sent: March 28, 2021 4:04 PM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
Cc: Jeremy Townson <jeremy.townson@gmail.com>; W3C Credentials CG <public-credentials@w3.org>
Subject: Re: The SSI protocols challenge [Was]: W3C DID Core 1.0 enters Candidate Recommendation stage

Hi Michael,

I think the health credential story is a great one for demonstrating the fully decentralised privacy preserving aspects of VC/DID - and I'm sure there are lots of people on this group that are intimately familiar with that domain.

However the story I need to write is about cross-border trade documents.  Still using VC but kind of on the opposite end of the spectrum

  *   the main concern is trust that an issuer and a subject really are who they say they are and that the issuer is authorised (typically by the exporting regulator) to make the claims.  Since the subject is usually a publicly known identifier such as a business tax registration number, there is no requirement to hide identity.  in fact it is important that various claims are correlatable to the same business ID.  Although ID correlatable, these are not public documents and so need to be visible only to the parties to whom they are presented and also able to be selectively redacted.
  *   Claims (ie credentials) often pass through multiple hops from issuer to verifier (eg chamber of commerce -> exporter -> freight forwarder -> importer -> customs agent -> customs authority).  We can't assume that every hop in that chain is VC-aware and technically capable - so we must have a seamless blend of human readable credential (eg PDFs with QR) and machine readable (json files) credentials.
  *   There is no DID in this use case, only VC.  However there "may" be an interesting opportunity to look at DID together with an appropriate DID method for "things", not people.  The most obvious "thing" is the consignment. If a DID could be a UCR (unique consignment reference) and, given a DID, the associated VCs could be discovered by authorised parties, then there is an interesting use case for DID in cross border trade.
The potential benefit of all this is that the increased trust in the integrity of digitally verifiable versions of paper not only allows the industry to drop actual paper (with signatures and wet seals etc) but also massively uplifts the data integrity from the perspective of the importing regulator so that cargo from trusted parties can be "green-laned" for pre-border clearance whilst at the same time improving strike rates on interventions on illicit cargo.

so i'll be making a business (policy maker) focussed white paper and an associated video storyboard (similar to manu's rather nice ones on json-ld) for this use case.  But I'd be keen to share it as I go so that this community can offer improvement suggestions and also point out any technical inaccuracies.

kind regards,
steve

On Mon, 29 Mar 2021 at 08:39, Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>> wrote:
Jeremy/Steve,

How about creating fully integrated, fully decentralized user stories and a solution concept for an end-to-end healthcare claims processing user scenario?

Healthcare Claim Processing User Scenario
https://hyperonomy.com/2021/03/28/healthcare-claim-processing-data-flow-user-scenario/

Best regards,
Michael

p.s. ...or a more limited but equally complex user scenario: an end-to-end, fully decentralized Electronic Medical Records (EMR) solution for the province of Alberta (including recording and tracking vaccinations): https://myhealth.alberta.ca/myhealthrecords


From: Jeremy Townson <jeremy.townson@gmail.com<mailto:jeremy.townson@gmail.com>>
Sent: March 26, 2021 4:36 AM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>>
Cc: Steve Capell <steve.capell@gmail.com<mailto:steve.capell@gmail.com>>; Adrian Gropper <agropper@healthurl.com<mailto:agropper@healthurl.com>>; Manu Sporny <msporny@digitalbazaar.com<mailto:msporny@digitalbazaar.com>>; W3C Credentials CG <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: Re: The SSI protocols challenge [Was]: W3C DID Core 1.0 enters Candidate Recommendation stage

Michael,

I would subvert the use-case somewhat. Some thoughts on that:

Erin is clearly a goodie here -- young, attractive, a model citizen we are led to think, yet the solution as described puts administrative obstacles in her way, which seems contradictory. In most societies today, the right to buy a car hinges only on having money in the bank. Yes, one needs a licence to drive the car away, but that is a separate matter. The dealer will take care of other paperwork, with glee. This need for 'papers' reminds me of the mindset in France. That mindset grew, probably for good reason, from the occupation and is one that younger French are now shaking off.

If Erin is to be a goodie then, I wonder if it's possible to find something genuinely difficult in peoples' lives, which credentials can help with? Buying a car is not difficult and, though people love cars, they agree the world has too many of them already.

More generally, in a capitalist/consumerist society, the idea of aiming credentials at, of all things, buying things, seems to be a non-starter.

Credentials seem more about control and limiting of freedoms. Hopefully this is for some global good, in a time where individual responsibilities are increasing.

My recommendation would make Erin a badie. Maybe it is a not-too-distant, carbon neutral future and Erin is rich, the owner of a fleet of muscle cars and hungry for more? Perhaps credentials make this harder, allowing policy makers to achieve their internationally agreed targets and justifying the sacrifices made by other citizens?

I love the way Mad Max captures the tendency of people to consume ostentatiously that which is scarce. Perhaps the credentials use-cases should be less about easing consumption -- a use-case which we can safely agree has been perfected -- and more about tackling our rogue mindset?

Congratulations on producing a document which keeps up with the discussion.

Regards,
Jeremy


On Fri, 26 Mar 2021 at 05:11, Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>> wrote:
Steve, attached is the beginnings of a simple, practical, and easy-to-understand user scenario explaining Self-Sovereign Identity as defined in the TDW Glossary (per your “for example” suggestion).

The description of the Erin Buys A Car scenario is still pretty technical but it’s a start.

Best wishes and thank you for the inspiration,
Michael

From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>>
Sent: March 20, 2021 3:51 PM
To: Steve Capell <steve.capell@gmail.com<mailto:steve.capell@gmail.com>>
Cc: Adrian Gropper <agropper@healthurl.com<mailto:agropper@healthurl.com>>; Manu Sporny <msporny@digitalbazaar.com<mailto:msporny@digitalbazaar.com>>; W3C Credentials CG <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: Re: The SSI protocols challenge [Was]: W3C DID Core 1.0 enters Candidate Recommendation stage

I'll add an "for example" user scenario to the article after the definition for Self-Sovereignty. Thk u for the feedback Steve.
Get Outlook for Android<https://aka.ms/AAb9ysg>

________________________________
From: Steve Capell <steve.capell@gmail.com<mailto:steve.capell@gmail.com>>
Sent: Saturday, March 20, 2021 2:25:47 PM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>>
Cc: Adrian Gropper <agropper@healthurl.com<mailto:agropper@healthurl.com>>; Manu Sporny <msporny@digitalbazaar.com<mailto:msporny@digitalbazaar.com>>; W3C Credentials CG <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: Re: The SSI protocols challenge [Was]: W3C DID Core 1.0 enters Candidate Recommendation stage

Hi Michael

As a contractor to Australian government I deal with policy makers almost every day and so I understand both the difficulty and the necessity of conveying these concepts to non technical audiences.

As a sufficiently technical reader, I liked your article. It’s the first time I’ve seen that meta-model of the identity domain and, for me, it was very helpful.

However, sadly, I don’t think it will help the policy maker that is not used to reading meta models. I usually have more success with storyboards that contrast two architectures with real examples. Policy makers don’t need to “understand the architecture”.  They need to be able to conceptualise how it works through examples to that they can understand the policy impacts and opportunities.

I also need to convey these ideas - both to AU and UN sometime over the next month or so. I’ll need to test my communication materials on non technical people to ensure the message has worked - and also on expert SSI community members to ensure that the message is right. For that latter concern, please let me know if anyone in this group is willing to be a sounding board

Kind regards
Steven Capell
Mob: 0410 437854

On 21 Mar 2021, at 4:47 am, Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>> wrote:


RE: In prep calls for the panel and other mentions of our work, the “Self-Sovereign Identity” concept is treated as controversial. In a recent major webinar about mandated protocols by the US regulators themselves, they referred to “Distributed Identity”.



I’m trying to address the same issue wrt what is “Self-Sovereign Identity” / “SSI” at its very core.



Check out: https://hyperonomy.com/2021/02/01/ssi-unconscious-contractions/




I’m looking for additional people who share a similar perspective.



Best regards,

Michael



From: Adrian Gropper <agropper@healthurl.com<mailto:agropper@healthurl.com>>
Sent: March 20, 2021 8:58 AM
To: Manu Sporny <msporny@digitalbazaar.com<mailto:msporny@digitalbazaar.com>>
Cc: W3C Credentials CG <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: The SSI protocols challenge [Was]: W3C DID Core 1.0 enters Candidate Recommendation stage



It is indeed a big deal and cause for celebration.



From my perspective the next challenge is to get the protocols right from a human-centered and community perspective.



For an example of that challenge, on March 30 I’m on a Digital Credentials panel at the ONC (US Federal healthcare regulator) Annual Meeting. In prep calls for the panel and other mentions of our work, the “Self Sovereign Identity” concept is treated as controversial. In a recent major webinar about mandated protocols by the US regulators themselves, they referred to “Distributed Identity” :-?



Let us celebrate and consider the Fun times ahead....



Adrian



On Sat, Mar 20, 2021 at 10:16 AM Manu Sporny <msporny@digitalbazaar.com<mailto:msporny@digitalbazaar.com>> wrote:

Hi all,

Decentralized Identifiers (DIDs) v1.0 has reached the Candidate Recommendation
stage at W3C. The current specification can be found here:

https://www.w3.org/TR/2021/CR-did-core-20210318/


This is a major milestone in the W3C global standards process. It marks the
start of a period of 1-4 months where the official W3C Working Group has
communicated that it is done with all features in the specification.

The W3C DID WG has also communicated that the specification is stable enough
to collect implementation experience from the global implementer community.
Once the WG collects enough implementation experience, it may then make final
adjustments before publishing the v1.0 global standard, which is expected at
the end of September 2021.

I have attached an image with an (unofficial) graphical depiction of the DID
standards history and expected future timeline.

Congratulations to everyone that contributed to get us to this point; this is
a big deal and cause for celebration. :)

-- manu

--
Manu Sporny - https://www.linkedin.com/in/manusporny/

Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches



--
Steve Capell
Received on Sunday, 28 March 2021 23:23:35 UTC