- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Wed, 30 Nov 2022 11:36:46 +0000
Thanks to Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2022-11-22/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2022-11-22/audio.ogg ---------------------------------------------------------------- W3C CCG Weekly Teleconference Transcript for 2022-11-22 Agenda: https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Nov&period_year=2022&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date Organizer: Mike Prorock, Kimberly Linson, Harrison Tang Scribe: Our Robot Overlords Present: Harrison Tang, John Henderson, Mike Prorock, Leonard Rosenthol, Paul Dietrich GS1, Mathieu Glaude, Razvan Braghesiu, Kimberly Linson, Erica Connell, Lucy Yang, Keith Kowal, Tim Bouma, Daniela Gutiérrez de P., TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Drummond Reed, Kaliya Young, Dmitri Zagidulin, Natasha, Nis Jespersen , Will, Joe Andrieu, BrentZ, Mahmoud Alkhraishi, Jeff Orgel, Nikos Fotiou, David Chadwick, Subhasis, Marty Reed, Steve Magennis, Benjamin Collins, Hadrien (IDLab), Manu Sporny, David I. Lehn, James Chartrand, Jean-Francois Blier, Orie Steele, Adrian Gropper, Phil Long, kristina Our Robot Overlords are scribing. Harrison_Tang: So hello everyone to the November 22nd w3c ccg meeting today we have a very interesting very full agenda we have a amazing guest Mathieu joining the join us and talk about the topic of obtaining trust and then we also have some other matters to discuss as well so before we start I just want to do some quick IP and call notes. Harrison_Tang: so first of all. Harrison_Tang: Just want to remind everyone the code of ethics and professional conduct reminder there's a link that I sent out in the agenda more or less just want to make sure that we be respectful and acknowledge each other's opinion don’t have to don’t have to agree but just make sure that we ensure psychologically safe environment all right couple IP notes anyone can participate in these calls however all substantive contributions. Harrison_Tang: to ccg work items must be a member of the. Harrison_Tang: CCG with full IPR agreement signed so there's also a link to the agenda I sent out you can click on that to to join make sure you have a w3c account if you have any questions just let one of the co-chairs know. Harrison_Tang: Couple call notes that meeting minutes and audio recordings are available on a w3c ccg website and we use Jitsi chat and to queue speakers during the call so you have any questions just typing q+ to add yourself to the queue and q- to remove. Harrison_Tang: all right. Harrison_Tang: Any introductions or reintroductions. Harrison_Tang: If you're new to the community or if you are rejoining the community please feel free to unmute and introduce yourself. Harrison_Tang: Alright at the end of meeting I'll call out introductions and reintroduction so you're feeling shy and want to prepare a little bit of a couple sentences feel free to do so. Harrison_Tang: Announcements and reminders. Harrison_Tang: Kaliya please. Kaliya. I think you might be on mute. Harrison_Tang: I think it might be an audio issue we cannot hear you. Harrison_Tang: We can come back to Kaliya later okay. Ted TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I just wanted to make a quick note of the credible web community group which seems relevant to today's topic and speaker and anybody who's not familiar with it yet might take a look put the link in the chat. Mike Prorock: +1 Ted Harrison_Tang: Thank you thank you Ted. Alright Kaliya Harrison_Tang: Sorry I don't think I can hear you it might be is it my issue or. Mike Prorock: No I think it's not on your side Harrison because I can hear you fine and everyone else fine. Harrison_Tang: Sounds good so Kaliya. Harrison_Tang: We can come back to you later sorry about that. <kaliya_identitywoman> I was going to share that we are moving with an event inspired by IIW - APAC Digital Identity Unconference - March 2-3 - with an opening reception on March 1 in the evening in Bangkok Harrison_Tang: And also I just want to take a moment to acknowledge the VC API thread the complication of the VC API note thread in the community and we invited Brent the co-char of verifiable credentials working group to kind of share a few words so Brent do you mind share a few words with the community. Drummond Reed: +1 BrentZ: I don't mind at all folks there's enough information in that thread for anybody to read who's interested in doing so I just wanted to you know make a statement as one of the chairs and what it what the situation boils down to is this there's a member of the VC working group who has proposed a course of action there has been discussion about that course of action in the thread. BrentZ: The chairs and our staff contact are in communication with W3 management to determine what the options are for moving the proposal forward within the scope of our Charter and w3c process the chairs have not reached a determination where we stand on that and but once we do so we will present the VC working group with those options for them to discuss. BrentZ: Happy to take questions really that's what it boils down to. Harrison_Tang: Thank you Brent. Mike Prorock: +1 Brent - thanks Harrison_Tang: So long story short we're on it so thanks a lot. Harrison_Tang: Alright and then I think Kaliya has audio issue earlier so I'll kind of read her comments in the chat so she was going to share that we are going to have an event inspired by IIW APAC digital identity unconference on the March 2nd to 3rd so with the opening of reception March 1st in the in Bangkok Thailand so if you're in the APAC region. Harrison_Tang: or you happen to be visiting there just feel free to join. Harrison_Tang: Any other announcements or reminders. Manu <kaliya_identitywoman> Thanks! I will share registration links when they become avaliable Manu Sporny: Yeah hi Harrison just wanted to draw people's attention towards a recent post to the mailing list around Google's browser and fed CM team being interested in exploring native apis in the browser for CHAPI put a link to that in the chat Channel this is really exciting news it came out of the. Manu Sporny: The discussions that we. <manu> Google Browser/FedCM team exploring native APIs for CHAPI: https://lists.w3.org/Archives/Public/public-credentials/2022Nov/0119.html Manu Sporny: Had with Sam go to at the internet identity workshop last week they've got any way we work through you know playing there's an issue raised in the FED CM group and this is really about like native open Wallet selection in the browser so Google's actively exploring supporting CHAPI specifically to do that through the FED cm apis. <mprorock> that would be awesome Manu Sporny: I know a number of the chairs were able to kind of chat with Sam at IIW but I'm just kind of formally bringing it up Sam would like to come and present to this group about the FED CM work and how CHAPI could be integrated into that and they have asked this group to come and talk about CHAPI at the FED CM group and I'm in communication with those chairs about that I'll Loop the chairs in. Manu Sporny: This group. Manu Sporny: But just wanted to one you know say that's great exciting development from IIW last week two shout out to Dimitri who has been on this for a while now trying to make it happen and three please read that issue it's got a lot of exciting screenshots and a native browser demo and all that kind of stuff that's it for me. <kaliya_identitywoman> can you post a link to the issue - please Harrison_Tang: Thank you Manu and congratulations and by the way which Sam are you referring to and we can definitely invite him to talk and present. Manu Sporny: Put you in touch with him in via email. Harrison_Tang: Thank you thank you Manu. Harrison_Tang: Any other announcements and reminders. <manu> Link to issue: https://github.com/fedidcg/FedCM/issues/374 Harrison_Tang: All right updates on the work items that people want to bring up. Manu please <dmitri_zagidulin> and issue 240. same repo Manu Sporny: https://w3c-ccg.github.io/di-eddsa-2020/ Manu Sporny: Yeah just a quick update on the Ed and I still need to chat with the VC wg chairs about this but in the ccg we have this Edwards curve digital signature algorithm thing I put the link in chat channel to the spec two weeks three weeks ago we got a first. Manu Sporny: Public working draft. Manu Sporny: Of the data. Manu Sporny: Integrity specification out there this community had published a crypto suite for the Edwards curve specifically in July presuming it was going to be pulled into the VCWG working group I have updated that specification to align with the recent FPWD publication and I don't know at this point and will need to chat about this. Manu Sporny: In VC wg. Manu Sporny: If we need to publish another final community group specification because it's lagged so much or if we can just pull that into the vcwg so just a heads up that there may need to be some more communication between the chairs of VCWG and C CG about this Spec in particular and how and when we can move it into VCWG hopefully that made sense. Harrison_Tang: Thank you any comments or questions. Harrison_Tang: All right any other updates on the work items or comment on the work items. Harrison_Tang: Manu no problem. Manu Sporny: I'm sorry we just have a lot of we just have a lot of specs in motion right now status list 2021 is work item in this community group there seems to be support to move that spec into VC working group I have been in touch with a couple of large companies that are still not engaging with ccg but wanted changes to the specification we were waiting for those. Manu Sporny: Changes to come in. Manu Sporny: Those large organization says have decided that the specification is okay as is and so I think that clears us to move that spec into the vcwg the only challenge they're being you know when we would do that we have not done a final community group specification publication for that document we would need to do that so this is just putting that on the chairs radar as well as something that may need some. Manu Sporny: Collaboration between ccg chairs vcwg. Manu Sporny: Chairs and the editors to make that happen in a timely fashion that's it I swear that's the last announcement. Harrison_Tang: Thank you Manu. Harrison_Tang: Any other updates comments on the work items. Harrison_Tang: Toward the end of the meeting I'll do a call-out for the introductions reintroductions announcements just in case people haven't had a chance to put that in now let's get to the main agenda so we're very pleased and honored to have Mathieu glaude the host of the SSI orbit podcast and the CEO of North and block today to kind of share his thoughts in regards to attaining digital trust you know I've been kind of an avid listener to Mathieu’s. Harrison_Tang: SSI orbit I think a couple. <mahmoud_alkhraishi> Hi, Harrison_Tang: Weeks ago he actually interview Drummond in regards to the difference between the agent and the wallet I thought I was a very insightful episode and then also most recently interview Stephen current on the anon-credit so he had the opportunity to actually chat and interview multiple thought leaders in the space and I thought he could actually use this opportunity to share some of his thoughts. Harrison_Tang: in regards to how do we kind of collaborate. Harrison_Tang: together to attain digital trust so without further Ado I’ll let Mathieu take the floor thank you. Mathieu_Glaude: Great thank you Harrison just want to make sure you could hear me okay before I get into it. Mathieu_Glaude: Okay awesome so yeah thank you very much for having me here today it is my honor to be here in front of everyone here talking about a subject that we've been thinking a little bit about at northern block recently and decided to turn it into a paper so really the purpose today is to walk you through some of these thoughts this paper is not done we're still working through it I think it's amazing to be able to talk through it with the group here because any feedback that we’re able. Mathieu_Glaude: To get and questions whatsoever is definitely what we’re. Mathieu_Glaude: Seeking and will help us make this a stronger paper and I hope some of the topics that I discussed today kind of resonate with the group here and so as Harrison mentioned I am the CEO of Northern block so we're a company based in Canada and I should be sharing my screen now if I'm not just let me know you should be seeing the PowerPoint slides. Mathieu_Glaude: Awesome so we're a company that I founded in Toronto in 2017 at the time really doing a lot of software development in the blockchain crypto space we pivoted towards digital Identity or decentralized identity in 2019 because all the solutions that we were really building had a gap in them we were trying to build these decentrally governed systems but there was never a really elegant way to. Mathieu_Glaude: to onboard users to. Mathieu_Glaude: The ecosystem or to the network and if you had compliance needs or you had access management needs or whatever your needs were there wasn't a really good way of doing it without adding some Federation and it was kind of taking away from what we were trying to do and so that got us really going down the rabbit hole of decentralized ID and we got quite excited about where the standards were at across the board where the architecture was heading I think when I first got into the. Mathieu_Glaude: blockchain space everyone was trying to stuff everything onto a blockchain and so it was kind of refreshing. Mathieu_Glaude: To see the movement away from blockchain and just really talking about a different problem that we're trying to solve and then discussing whether or not blockchains make sense at all for specific use cases and yeah so since since 2019 we've been focused on decentralized ID we mainly operate in Canada so we're doing some work with both public and private sector in Canada building digital trust infrastructure and yeah just wanted to shoutout. Mathieu_Glaude: there's a bunch of folks on. Mathieu_Glaude: Here that either were part of organizing IIW or pushing sessions for last week or just folks that were there so that was an amazing event it was actually the first IIW that I got to go to in person beforehand I had only attended the online ones and to be honest it makes me not want to miss another one again so I was really appreciative of all the thought leadership that was pushed forward there and I left every day with a headache trying to rest up for the next day to absorb. Mathieu_Glaude: as much as I could so a lot of interesting topics from DIDComm. Mathieu_Glaude: to open ID for VC to trust over IP to Kaliya and Lucy talking about mdl here and as Harrison mentioned on my podcast SSI orbit I tried to talk to folks like yourselves just to push the conversation forward towards adoption in the space and so actually one person that I knew of but hadn't spoken to Andrew Hughes at that conference he's one of the next guests that will come on the podcast to talk about mdl so I’m quite. Mathieu_Glaude: excited about that and if any of you. <daniela_gutiérrez_de_p.> mathieu@northernblock.io Mathieu_Glaude: Want to be on or have any topics of Interest or whatsoever please reach out to me after I could leave my email here after actually Daniela you're on the call maybe you could post my email in the chat and then feel free to reach out to me on Twitter or LinkedIn okay so getting to the presentation here let me jump into it so attaining digital Trust. Mathieu_Glaude: and so. Mathieu_Glaude: I'll be talking a lot about public sector or government ID here it's just it's a lens that we’re familiar with based on the work that we're doing and I just want to make sure that if sometimes it comes across that this is the only way forward and the only thing that's needed for the success of digital credentials and privacy-preserving interactions and relationships online that's not what I'm saying here still trying to brush up on some of the language that we’re using here but. Mathieu_Glaude: I start off by talking. Mathieu_Glaude: About kind of gaining National sovereignty in the digital world so we often talk about self Sovereign and take it from the perspective of individuals but it's not only for people right sovereignty is also quite important for nation-states and so as Democratic nation states maintain or one increase their sovereignty it definitely could result in positive Downstream implications on the sovereignty as of us individuals inside of these states so the big first question is. Mathieu_Glaude: how does a sovereign nation. Mathieu_Glaude: Ensure their sovereignty remains in a digital world. Mathieu_Glaude: And so I think it's clear that tech companies have sovereignty over their digital space I mean they architect the rules the algorithms the data versus in the physical spaces where governments are mostly in charge. Mathieu_Glaude: If we take an example and go back to that January 6th event at the US Capitol in Washington 2021 the response mainly went to tech companies and not the governments right the tech companies were empowered to deplatform the president of the US and there were other platforms that were kind of taken off of their infrastructure like Amazon took off parlor Etc and however you feel about these tech companies or call them social. Mathieu_Glaude: media companies then are today. Mathieu_Glaude: There’s a lot of divisiveness on this and Twitter is a good example of this today but Twitter has digital sovereignty and we've seen this just in the past few days and as they've been reinstating previously banned accounts so whatever opinion you have about their policies no one really voted for these rules they just were able to exert sovereignty themselves and so nation state sovereignty in the digital world remains a pressing topic. Mathieu_Glaude: and so in the digital space. Mathieu_Glaude: Today I'll make the claim that the private sector has moved far ahead of government and again generally speaking and we've seen a lot of activity recently so in early 2021 the prime minister's of Estonia Finland Denmark and Germany called on the EU to speed up digital sovereignty and the creation of a digital single market and so they wrote a letter the four Prime Ministers of these countries wrote a letter that said digital sovereignty means increasing Europe's technology technological. Mathieu_Glaude: capacity and its ability to establish values and rules. Mathieu_Glaude: And a technology censored world that's becoming dominated by other countries and they call them European Union to get ahead of the curve in this digital transformation so they talked about putting effectively effectively Safeguard competition and Market access in the Digital Data driven world and that critical infrastructure and Technologies need to be put in place and need to become resilient and secure and so since then we've seen many EU nation states first prioritized. Mathieu_Glaude: nationwide digital ID programs stuff coming out of the EU. Mathieu_Glaude: And stuff coming out of the nation states themselves as kind of a first order of action to increase their sovereignty and so if the first thing kind of the working on is digital ID to gain digital trust that's kind of the hypothesis is that leads to sovereignty from them for them I talked a bit about this on a podcast I see Tim is on the call here did a podcast with Tim and Darryl Donnell God I can't remember when maybe a year ago but. Mathieu_Glaude: but just talking about this a little bit. Mathieu_Glaude: And so with what our economies that are continuing to undergo a shift and a rising share of growth and prosperity is being driven by intangible assets which is kind of non physical assets but ones that have the possibility to generate significant economic value through examples or like data Digital Services brand Equity marketing Etc it's really important to start looking at how digital ID needs to. Mathieu_Glaude: to kind of have its place in there. Mathieu_Glaude: Governments do provide digital ID not digital id the governments provide ID infrastructure and root of trust in the physical world today right like if you want to register a new company you do so on a corporate registry they Define naics codes which basically authorizes your boundaries of how to operate as a business everything's kind of tied to the legal system of the nation state and the same for individuals right we get birth certificates if you emigrate to a country you get an immigrant. Mathieu_Glaude: and immigration ID so these are foundational building blocks to enable access to services and. Mathieu_Glaude: Goods and since we spend most of our time in the digital world at least I know I do and if I had to make a bet I'm sure a lot of the folks on this call do as well and I think there's an expectations that government provide the same level of Trust online that they're able to do in the physical world and so if digital trust will bring sovereignty to States and citizens how do we attain digital trust so I wrote an introduction last year to digital. Mathieu_Glaude: trust I shorten the URL here kind of saw this a. Mathieu_Glaude: Few times at IIW I thought it was pretty cool it's a little bit easier to grab it if you're looking at it but I wrote an introduction to digital trust just explaining it from a very high level and trying to simplify it but now I try to move this discussion forward and really answer the question like what does it mean to ensure trust is baked into these digital interactions and so when we talk about the trust triangle which was covered in this initial post we use. Mathieu_Glaude: use jargon called issuers holders verifiers and that's. Mathieu_Glaude: mapped to the world we have today and we often played these three roles in our day-to-day lives and again I don't think I'm teaching anything new to the folks on this call today. Mathieu_Glaude: So right an issuer sends a credential to a holder holder could accept or decline it and a holder could then present that credential to whomever they wish with whatever levels of privacy they wish but Within These interactions there's further questions that need to be asked that kind of weren't asked in that original post and for every type of interaction right issuer to holder the reverse holder to issuer or in the same thing on this side so from an issuer standpoint if. Mathieu_Glaude: my issuing the credential to the right holder. Mathieu_Glaude: Is the holder authorized to receive the credential than I’m issuing to them from a holder standpoint there's all sorts of questions like is the issuer who they claim to be is the issuer authorized to issue what they're issuing same thing as the verifier who they claim to be is the verifier authorized to verify and all the way to the verifier standpoint which you could ask questions like the issuer issue the credential to the rights holder is the holder authorized to receive that credential is the issuer who they claim to be is the issuer authorized to issue what they issued. Mathieu_Glaude: and these aren't the full lists of questions that should be asked as could imagine we. Mathieu_Glaude: Want to know other details about credential types or credential schemas wallets used there's all sorts of other questions that you may want to be asking in these interactions but for the purpose of this just trying to take that initial paper on digital trust a step further as it comes to the claims being made by answering these three questions here so one how could I trust any type of claim that is made digitally independent of my role within the trust triangle. Mathieu_Glaude: second question is what infrastructure is needed to support this. Mathieu_Glaude: And the third question is who should build deploy and maintain this infrastructure so we're going to go through these three questions and talk about hopefully I can provide some answers or steps forward in the next few slides and again not all of this is concrete from the thinking still working through a lot of this so this is where again as I'm walking through and if anyone has feedback at the end that would be very valuable. Mathieu_Glaude: So the first question is what infrastructure is needed so I can trust any type of claim made digitally so when an entity is provided with a claim there's a few things of three other things now that they want to ensure one that the claim hasn't been altered or falsified at any point in time so that could be at presentation or at any other point in time second that the claim has accurate representation and three that the claim is authoritative. Mathieu_Glaude: that it has authoritativeness. Mathieu_Glaude: And so I'm not suggesting that you need to follow these three steps and I think on everything there is needs to be a disclaimer that decisions on digital trust architectures need to always be risk-based and there's no absolute trust that you're ever going to gain simply just a level of assurance that's good enough for your risk profile and so these are suggestions and based on certain risk profiles perhaps you want to ensure these these three things. Mathieu_Glaude: As I'm going through I'm really only seeing today that the claim hasn't been altered falsified at any point in time I think there's a lot of discussions happening and we saw a lot of them at IIW about these other things here which is great that we're asking these further questions right now I think coming back to nation state sovereignty and infrastructure that's being built really only seeing this happening today. Mathieu_Glaude: So ensuring a claim hasn't been altered falsified so I'm going to go through these three bullets here so as you all well know through cryptographic proofs we are today able to guarantee to a verifier or to any really person in that trust triangle that the claim being presented is based on unchanged data so we're ensuring that the if it's a credential in this case in the claim being presented to a verifier is the same as the one. Mathieu_Glaude: that the issuer issued to the holder and there’s different. Mathieu_Glaude: implementations of this at Northern block we’re quite familiar with the the hyper Ledger and the Ares anon creds World we've started to do more work in json-ld but just using it within an Ares context just based on kind of where our Market is today and what the demand is for this stuff but I think as I will repeat later in the presentation I think as Manu you said that in one of the sessions at. Mathieu_Glaude: IIW I think we could all agree that we’re. Mathieu_Glaude: Going to be in a. Mathieu_Glaude: World with different protocols and different technologies that are all kind of playing together based on the use case but so here really we're all we're doing is verifying that the claim or that the data hasn't been altered not really the legitimacy of the data attributes themselves and so the next question really is how do I know the other entity in question in a claim is accurately represented and again from any of the three roles in the trust triangle. Mathieu_Glaude: so here I am claiming. Mathieu_Glaude: For example that the credential that I'm presenting has been issued by XYZ so you may say it's been issued by the government of Ontario so let me verify that it was actually the government of Ontario that issued it to you and again same for any other role in the trust triangle so we're now starting to verify that the data beneath the claim was issued to the holder by an accurately represented identity and that the holder was accurately represented as well so both issuing and accepting parties were duly authenticated. Mathieu_Glaude: and so this is a problem that exists in the physical world today as well so if any of the folks here. Mathieu_Glaude: Have ever had a. Mathieu_Glaude: Fake ID fake driver's license who falsely represented who issued a document to you and having a did anywhere on Ledger however your implementation doesn't magically solve the issue in the digital world so how do I know that an issuing organization actually owns and remains in control of that did and this is an authentication Challenge and so at the time of issuance as a recipient as a holder of the credential I may have followed different governance models to. Mathieu_Glaude: authenticate the identity of the issuer. Mathieu_Glaude: There's different methods for authenticating for accurate representation again depends on the use case on what's available we're starting to do more work in DNS security right now it's a very good implementation for government credentials because you're able to kind of get a guarantee through the root of trust and the DNS certificates that the ownership of a specific domain such as ontario.ca is actually under the current ownership and control of the province of Ontario and if ever there's a takeover and someone takes over the. Mathieu_Glaude: website you'll find out about it in. Mathieu_Glaude: The DNS security and ever that causes a problem and credentials were issued during that time you could always go back and revoke the credentials that were issued during that period of time but there's other use cases where this DNS security is maybe not the way you want to go and so you can use different authentications Fido authentications you could use Google accounts to authenticate their really depends again you're playing Legos here but we're talking about an authentication problem to ensure a claim as accurate representation so we've kind of taken this. Mathieu_Glaude: a step forward and now actually. Mathieu_Glaude: Have the confidence here that not only is the claim that the claim data hasn't been untouched but the entity they're claiming issued that data to them and. Mathieu_Glaude: This example is that an entity in real life so I could prove that they actually own the did or I could have assurance that complete proof but Assurance to a certain level that they are in control and own the did and so that moves us then to kind of that third level now I want to see an implicit claim that I have the authority or the other party has the authority to do something so this is the claim that we're trying to resolve now and so for example that the accurately represented issuing. Mathieu_Glaude: entity has authoritativeness to. Mathieu_Glaude: Issue such data to such holder there was a lot of conversations at IIW about how you would go about that a lot of discussions about lists and the type of information that would be in lists and we're starting to think a little bit more how this works for certain interactions but not for others how lists could be useful or trust Registries which is a popular yet that drives confusion term to describe what this does maybe as a good solution for the issuing. Mathieu_Glaude: side of things but maybe not. Mathieu_Glaude: For getting authoritativeness on the verifier side of things or even the holder side of things but that's a whole other discussion but until you get to this third level you can't reach complete and I'll put brackets complete relative digital trust in a transaction and again there's another podcast I did with Daryl O’Donell on this recently that you could listen to if you're interested in trust Registries but it's definitely a concept that seems to be growing in popularity. Mathieu_Glaude: But I Envision the user experience of trust. Mathieu_Glaude: Registries are however we want to call this being similar to your browser telling you that the website maybe is not secure because it doesn't recognize the certificate so it's going to have to be a little bit of ux built in here and yeah there's obviously different conversations about governance as code and other implementations as well so again not not pushing an agenda on any specific implementation here and so these three. Mathieu_Glaude: questions come back here. Mathieu_Glaude: So if we have confidence that the claim hasn't been altered falsified that the claim has accurate representation the claim has authoritativeness it should give us the relative trust to say that yeah this is enough infrastructure that I need to put into place so that I could trust any type of claim that is made digitally which leads me to the second question is what ramp is needed to maximize or what on-ramp is needed to maximize the benefits of this infrastructure. Mathieu_Glaude: these three layers that we just talked about so how could we bootstrap. Mathieu_Glaude: This thing if we have the infrastructure but no digital ids or no foundational digital IDs it's kind of like you build a road give a bit of an analogy to the roads here I like to use that example because roads our infrastructure kind of leads into digital identity should be infrastructure but it's like you build a road but with no ramps like how will cars or trucks get onto the road without the ramps so the first question that we talked about about the infrastructure here this is kind of more about the roads. Mathieu_Glaude: and this question here is more about the ramps to get onto the road so I hope. Mathieu_Glaude: That's a decent enough analogy but the question becomes what ramp or what ramps are needed to maximize the benefits of that infrastructure. Mathieu_Glaude: So if you look back at a moment in history where after Eisenhower became the president of the u.s. in 53 and he had gotten this idea from looking at Germany's Reich Autobahn system the highway system he pushed forward an investigation and then an investment to build an interstate highway system and this is a quote from the appointed. Mathieu_Glaude: General. Mathieu_Glaude: General Lucius d clay who has put in this investigation for the highway system whose and I think there's a lot of parallels to digital ID here is that he said “it was evident we needed better highways we needed them for safety to accommodate more automobiles you needed them for defense purposes if that should ever be necessary and we needed them for the economy not just as Public Works measure but for future growth” and so they started building this interstate highway system in 56 and this is responsible. Mathieu_Glaude: for today's Trucking industry for suburbs today for gas stations. Mathieu_Glaude: Motels the the road trips so this national network this highway system was built to move goods and people around and so just like roads are public good digital identity needs to be a public good as well the Reliance in our everyday lives on proof of presence proof of age proof of address proof of Eligibility which eligibility to drive or to get Healthcare Services these are all driven by government. Mathieu_Glaude: differently in different. Mathieu_Glaude: Nation States but they're all driven by government so there these are basically the outcomes of being able to access the road through a ramp right and so to access the this interstate highway system or to access this infrastructure we need foundational digital identity which is the ramp and so who is providing the infrastructure and the ramps to the infrastructure so I’d argue and again pulling it back to the start of the conversation about digital sovereignty. Mathieu_Glaude: for a nation I would claim its more important. Mathieu_Glaude: Or it’s the same level as the highway system and you need it for safety you need it for defense you need it for the economy it kind of fits perfectly here one model that I found very useful in the past and there's there's some folks here from the trust over IP Foundation but it's been helpful in the past to kind of walk people through how you would build digital trust infrastructure through this it's basically a framework that adds a governance layer across the technology side of things. Mathieu_Glaude: so the governance and policy questions are the ones that need to be. Mathieu_Glaude: Answered in order to drive business legal social acceptance again it really depends on the governance and the ecosystem you're seeking but for ecosystems that require legal business social governance it's been it's been a good model and recently there's been an enhancement to this model or I don't know if I'd call it enhancements but a new kind of way or framework of looking at digital trust and it was documented in. Mathieu_Glaude: in the new technology. Mathieu_Glaude: Architectural specifications I know Drummond on this call was one of the key folks behind that but we look at this hourglass model and so it's based on The Hourglass model that is used for the internet and much of the success of the internet today is attributed to this design which in which the spanning layer protocol here maximizes interoperability by providing a common way for the higher levels to communicate with the lower levels. Mathieu_Glaude: so this would be. <drummond_reed> First public review draft of the ToIP Technology Architecture V1.0 Specification: https://trustoverip.org/news/2022/11/14/toip-tech-arch-first-public-review/ <harrison_tang> thanks!! Mathieu_Glaude: IPV4 in the internet today and the design of the trust binding protocol should be very thin very simple not get in the way of anything else that could be functions on top of it and what I again what I really like about this model is it makes it more use case and Technology agnostic like for example it's removed the need for public utilities which was kind of a base layer here where we would. Mathieu_Glaude: often talk about blockchains or. Mathieu_Glaude: It even removes the focus on use cases where we know that trust tasks protocols don't have to be credential exchange they could be all sorts of things but this model kind of just makes it a little bit more vanilla and you could kind of apply what you're trying to do what you're trying to achieve into it and this was another discussion that was quite interesting at IIW to see how open ID for verifiable credentials and psyop in these types of things could fit into this model and it seems like there is. Mathieu_Glaude: it's a nice fit so it’s a nice. <drummond_reed> The ToIP conceptual diagram needs to be updated now that that the ToIP Technology Architecture V1.0 Specification is out. Mathieu_Glaude: Model okay we could get into this might run out of time but could get into this in a future conversation so if I go back to my claim about foundational IDs being the ramp to the infrastructure needed for digital trust and I map it against this model I could see that two out of the three supporting systems are not really at started to support foundational ids or at least from our vantage point we're not seeing them right and these were the three. Mathieu_Glaude: things that we're trying to answer. Mathieu_Glaude: Of getting cryptographic proofs accurate representation and then authoritativeness there's some good Traction in different places in the world around having utilities that allow us to verify cryptographically the dids of issuers that's why I put a yellow like in Canada there's the candy Network that is implemented across different provinces and in Europe there's different networks as well so. Mathieu_Glaude: we are seeing traction here but not really seeing much. Mathieu_Glaude: Traction or standardization across these two other ones there's a lot of conversations about it but not really seeing this if this is truly needed to support foundational IDs and I think the support like the hardware certain infrastructure I put this green like this could be different communication protocols like didcomm is a good example and maybe isn't fully green yet because it maybe doesn't meet all the criteria but the point I'm trying to make is this is all pretty. Mathieu_Glaude: defined mature done it's not like a big problem we. Mathieu_Glaude: Have to solve for to issue foundational ideas the foundational IDs here in yellow are kind of in progress and really without these three things it's going to be a little difficult to achieve digital trust in the exchange of foundational ids which I will claim will be foundational to a lot of our interactions online so I'm not saying that every did or identity that exists needs to have a foundational id behind it I'm also not saying that like. Mathieu_Glaude: non goverment people can't just issue ids. Mathieu_Glaude: But for certain levels of trust to be there you need a foundational identity so it's almost like with your other verify my Google account or my that verified that I have a valid SIN number in a specific country so this kind of answer is what ramp is needed to maximize the benefits of the infrastructure which takes me to the last question here will be wrapping up shortly I'll try to leave about 10 minutes for a conversation and questions and. Mathieu_Glaude: we'll definitely value anyone. Mathieu_Glaude: Reaching out afterwards but the question of who should build deploy and maintain this infrastructure so similarly I think the reason government has to create the digital equivalent of what they have in the physical world is they need to create the infrastructure and the ramps that we talked about and the infrastructure being this and then the ramp so that you could access foundational ID governments the source of Truth for these things they offer today like I said as a. Mathieu_Glaude: public good in the physical world now they need to do it digitally. Mathieu_Glaude: It will allow them to protect their sovereignty and enhance the sovereignty of their citizens will should if built right give that agency to their citizens and many of their interactions will protect them from frauds identity take over as phishing attacks all of these things that happen way too frequently today so every time I kind of go to a cyber security conference and see all of the vendors that are selling Solutions there and that whole Space is growing like crazy although there's more and more money being. Mathieu_Glaude: poured into that space it’s just. Mathieu_Glaude: Foundationally not solving the problem it's like we're trying to stick Band-Aids on a cut that is way too big. Mathieu_Glaude: So digital ids created today by the private sector I mean there's different you could think of different types of IDs like my emails and ID my bank account could be an ID my operating system perhaps gives me an ID but I don't have a government digital ID and so if we’re talking about you know digital interactions and digital transformation we don't have a foundational ID from the government I don't see how that makes sense and so there needs to be a carved out place in the digital world that. Mathieu_Glaude: governments own again in the physical space there are things. Mathieu_Glaude: They own and so it's about doing it in the digital space and the questions here why won't the private sector build the foundational ID it's just not in the interest of the private sector to build it or not in the business of public good or communities good for everyone they do build some infrastructure like here in Toronto where I live there is a highway system 407 that is a toll road I know there's a lot of toll roads in the US and in other countries throughout the world but they have a commercial trust. Mathieu_Glaude: right they keep the roads nice for profit to continue making money not for public. <kaliya_identitywoman> NSTIC in the US there was an attempt to make this happen - getting the private sector to issue digital IDs that could be "trusted" but it got mostly no-where Mathieu_Glaude: And if I'm going to use like lists or infrastructure as a way to create digital trust that can't be defined by the private sector they just have different incentives in there could be biases and I'm not saying the private sector needs to sit and wait I mean knowing how wide to build a road lane can only be known if you kind of know the width of the cars that you need to support so definitely not saying this is just sit and wait just think there needs to be more collaboration but the. Mathieu_Glaude: really the infrastructure that I'm talking about today should be driven. Mathieu_Glaude: By the public sector and then why Big Tech shouldn’t build it well this is where I mentioned Andrew Hughes on the mdl side I'm just curious to go a little bit deeper into some of maybe Lucy and Kaliya with your work on mdl would be interested to just know a bit more kind of about some of the the context and the walled Gardens that apple is able to apply and apple basically telling government's what to do because government doesn't own it and this really definitely impacts their sovereignty which is. Mathieu_Glaude: the whole reason why governments are investing in digital id programs. Mathieu_Glaude: So Big Tech shouldn’t be doing it and then why kind of non for profits or communities I don't think open communities are driven towards consensus for specific country and like they’re Global which is positive in many aspects they’re principle driven which is amazing and different aspects but sometimes it's also tough to have timelines and specific mandates it's more more general not for not for a specific nation state and so because and that's where I get to the end here. Mathieu_Glaude: which is still being worked on but why does it make sense for government to buid this. Mathieu_Glaude: Infrastructure well because it's infrastructure it can it can not monetize itself independently it's an investment which only the government can make and because it's not a use case it enables the use cases to be driven by the private sector mostly in a an unbiased decentralized environment where there's not any proprietary biases so this is where we think and governments are building this and working towards it we're just trying to. Mathieu_Glaude: to paint kind of what else needs to happen and who. Mathieu_Glaude: Needs to build deploy and kind of maintain this infrastructure that we're defining here and again I think everything is about adoption business use cases and we really feel like this is a crucial crucial piece to build and why the government should build it and once they do we feel like adoption will just automatically happen like like it has on the highway systems and so with the taxpayer money we pay and. Mathieu_Glaude: I don't know 90% of the time. Mathieu_Glaude: During the day that is. Mathieu_Glaude: Spent in the digital space I think there's more value we could we could get for that so there you go I'm at the end of this presentation there's nine minutes left I'm going to stop here I hope this was interesting or enjoyable or both and I welcome questions and feedback and thank you. Harrison_Tang: Thank you Mathieu Adrian. Adrian Gropper: Yes yeah this was interesting and enjoyable foundational ID typically in the non digital space involves Biometrics but you did not mention Biometrics at all in this presentation at least not that I heard and I'm sort of curious as you envisioned this digital public good which I completely agree with you. Adrian Gropper: What do we as a Tech Community have to do relative to biometrics in order to promote your vision. Mathieu_Glaude: I I will say that I'm not the right person to answer this I would love to work with folks that are more familiar with the space because I'm not in we don't spend much time there but I think it's an area that was missed and should be touched on but I don't have any answers right now. Jeff Orgel: +1 Great perspective on the political optics. Well brought to this community. Very nicely portrayed. Harrison_Tang: Thank you David. Mathieu_Glaude: Yeah I guess same comments I’m not familiar with that only to go look and see if it conflicts with what I said here that this is something that we’ll definitely have to go look at I think an there's one of the I think Tim bomaye shared that on Twitter yesterday like that just a list of resources and stuff I think we often just struggle to line everything altogether and incorporate everything but that's something. Mathieu_Glaude: that we’ll definitely look at it as well on top of the biometrics. Phil Long: Thank you yes thank you can you hear me okay thank you Mathieu this was a really interesting presentation I'm curious though about your analogy to the highway system is so far as the parallel to that digitally of course is the internet not necessarily the web but the internet and it was funded largely by federal funding. Phil Long: With support from Federal agencies. Phil Long: But in collaboration with private sector and to this day it is principally run by the private sector and so I'm curious how the analogy stays together or whether there is something distinct in the digital world which opens opportunities for other players to have an ongoing role. Mathieu_Glaude: That’s an interesting comment I’ll have to think about that one as well I don't have trying to form the right analogy probably not perfect so far but we'll have to include that as well. Harrison_Tang: And Mathieu I have a clarification questions earlier you mentioned that government should be building the identity infrastructure because it's a public good now just to clarify are you referring to a government building the issuance infrastructure as the issuer and or trust Registries or verifiable data Registries and or wallet and or like no verifier infrastructure why are you referring to the entire infrastructure or. Harrison_Tang: were just talking about a certain parts of it. Mathieu_Glaude: I'm not necessarily talking about the solutions that are used to execute the trust tasks whether it's the issuance of the foundational id or whatever it is I think it's just the governance around these things and part of the governance that I was like having a verifiable data registry to manage governance around who could issue what type of thing on this network that's kind. Mathieu_Glaude: of one of those supporting. <phil_t3> @Kaliya your hand is up but you're not in the queue. Mathieu_Glaude: Pieces that there are other other supporting pieces of how authentication should be done based on different risk profiles and the same thing with how Authority should be established these are the types of governance pieces that when I say they need to own not necessarily own the end implementation of it but own the architecture and the design of it and then the rules around it. Mathieu_Glaude: I know there's push and different jurisdictions like the EU for example that nation-states will each push their wallet forward I'm not convinced that that is the the the approach that is going to be a long-term approach for the growth of this stuff I think that we're seeing a lot of nation-states push their own wallets forward just because they're trying to figure out where their boundaries are and what they want to control and what they don't want to control I’m. Mathieu_Glaude: not saying in this presentation that governments need to own the wallets need to own. Mathieu_Glaude: Issuer services and stuff like that again it's contextual to what the government wants to do but I don't think that that is the crucial piece in establishing digital trust with a foundational ID. Harrison_Tang: Thank you any other question. Harrison_Tang: Yeah I just I just want to make a comment I think Mathieu you bring up good points and raise good questions like especially the questions around accuracy like hit a chord with me because you know at Spokeo we are trying to determine data truth and accuracy and the truth is you cannot actually depend on one single issuer like even government agencies like for example birth information government agencies has different. Harrison_Tang: accuracy levels and. Harrison_Tang: Historically it's been established that the DMV is the best source right now not SSN and things like that so so I thought the accuracy question is quite important and very very thoughtful for this entire Community to think about because if accuracy and Truth is just what the majority says like blockchain then the Earth will always be flat because at some point human history the majority of human race believe that Earth is flat right so I so I think it is a very very good question. Harrison_Tang: and I think a very thoughtful provoking question for myself. Harrison_Tang: And I think for a lot of us. Mathieu_Glaude: I appreciate the questions I think this still trying to figure out I feel like there's good things being talked about in this paper just there's some things that need to gel better together but I really appreciate we're going to consider how Biometrics thanks Adrian for that how that fits in and then the Kim Cameron laws of identity fits and even the road analogy of maybe at times it was rightly used or wrongly used but just. Mathieu_Glaude: to make sure if we’re using. Mathieu_Glaude: That analogy that it's it fits tightly to what we're trying to say. Harrison_Tang: Cool thank you so we only have about two minutes so I just want to say thank you again Mathieu for sharing your insights and your upcoming paper you raise a very good questions and I just want to take a moment to thank you for taking the time to preset at w3c ccg. Mathieu_Glaude: My pleasure thank you very much for for having me here it was I was lucky to present to the group here so thank you very much. Harrison_Tang: All right so any last introductions announcements reintroductions or reminders. Harrison_Tang: Okay so I think a quick preview of what's coming so next week we'll have open discussions around decentralized social media I'll send out the agenda there's a little change in the agenda will have a plugfest recap in the beginning of January and then next week we'll have a decentralized social media discussions and then the week after that we'll have …. to talk about use of VC's and dids in the government. <kaliya_identitywoman> Thoughtful Biometrics Workshop! https://www.thoughtfulbiometrics.org Feb 13-17 Harrison_Tang: all right thank you. Harrison_Tang: Have a good one. <daniela_gutiérrez_de_p.> Please don't hesitate to reach out to Mathieu at mathieu@northernblock.io. Thank you for having us! Harrison_Tang: And Happy Thanksgiving to to those in the States thanks. <phil_t3> Good discussion.
Received on Wednesday, 30 November 2022 11:36:46 UTC