- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Fri, 14 Oct 2022 18:37:12 +0000
Thanks to Our Robot Overlords and Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2022-10-03-vc-education/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2022-10-03-vc-education/audio.ogg ---------------------------------------------------------------- VC for Education Task Force Transcript for 2022-10-03 Agenda: https://lists.w3.org/Archives/Public/public-vc-edu/2022Sep/0024.html Topics: 1. IP Note & Call Notes 2. Announcements 3. Main Topic: Velocity Network Organizer: Kerri Lemoie Scribe: Our Robot Overlords and Our Robot Overlords Present: Kerri Lemoie, Naomi, Andy Griebel, TimG, Steven Eisler, Tim Dutta, Stuart Freeman, Akshar Patel, Sharon Leu, Simone Ravaoli, Charles E. Lehner, xander - ASU/Pocketw, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Geun-Hyung, David Chadwick, David Ward, Dave McCool (Muzzy Lane), James Chartrand, Dmitri Zagidulin, Jim Kelly, Janko, John Kuo, Jeff O Human OS, Moshe Tzvi Wieder, Colin, Learning Economy, Tayken (LEF), Kayode Ezike, Jim Goodell, Phil L (P1), Keith Kowal, Azeem, Allyson Parco, Deepak Kulkarni <kerri_lemoie> Hello all - we'll start in a couple of minutes Our Robot Overlords are scribing. Kerri Lemoie: Sorry for the delay everybody. Topic: IP Note & Call Notes <kerri_lemoie> Meeting archives: https://w3c-ccg.github.io/meetings/ Topic: Announcements <kerri_lemoie> Plugfest2 : https://w3c-ccg.github.io/vc-ed/plugfest-2-2022/ <kerri_lemoie> To stay in the loop on events at VC-EDU, join the mailing list: send an email with the subject “subscribe” and no message to public-vc-edu-request@w3.org <kerri_lemoie> Emails are archived here: https://lists.w3.org/Archives/Public/public-vc-edu/ <kerri_lemoie> Upcoming CCG Meetings & Events: https://w3c-ccg.github.io/announcements/ <kerri_lemoie> Registration is still open for the Internet Identity Workshop (IIW) November 15-17: https://internetidentityworkshop.com/ https://drive.google.com/file/d/1k2c_gq1G3nznFJfqLvca1d0vnmQe8tlK/view?usp=sharing Our Robot Overlords are scribing. Topic: Main Topic: Velocity Network Naomi: To the network foundation and this is one of the features that this is an example of our board now and this is an example of the distributed governance that and the role of members of velocity and it's important to clarify that in terms of the exchanges that velocity enables anyone can participate on the network it's open it's free all the documentation is online the difference is that a members are the. Naomi: only ones that participate in governance and can. Naomi: Ode velocity as I did not get to mention it is a blockchain enabled and distributed Ledger where the only information that's stored on chain is for the verification the keys there's no pii stored unchain with that I thought that this might be a meaningful moment and slide to have up when you know most Jet City if you want to dig in and answer some of those questions and points that Kerry raised. Moshe_Tzvi_Wieder: Sure no problem so I guess in no particular order yeah the the question about how could other wallets interact with with the network so and it really goes back to the defined protocols as we mentioned the foundation is who decides kind of what the protocols are those Protocols are public published on our website even the the exist. Moshe_Tzvi_Wieder: All that we mentioned as a placeholder it's open source and any organization that would like to implement their own wallet as opposed to starting from scratch is as welcome to become a part of the the network and take that open source code and turn it into whatever they need the the wall it is based on defined protocols for sharing. Moshe_Tzvi_Wieder: The credentials and receiving them from issuers and sharing them with with inspectors and any wallet that chooses to implement those protocols would inherently be able to therefore receive issued credentials that are issued a part of the the velocity Network and would also be able to inspect or sent that wall would then be able to send those credentials to to inspection by any organization that implements. Moshe_Tzvi_Wieder: the inspection protocols on the network and so. Moshe_Tzvi_Wieder: It's completely open I believe even on our website right now we have a number of examples of different organizations that some of them have already implemented and some of them are the process of implementing their own wallets that comply with those protocols I think there's six or seven that are up on the website at the moment and so the the wallets are really open to whoever is interested in participating in the in the network if there's an existing wallet. <tim_dutta> What blockchain networks are you connected to? <phil_l_(p1)> link to the list of support protocols for VC exchange please? Moshe_Tzvi_Wieder: Her of adding the those protocols to their wallet so that they can then interact with velocity credentials on the velocity Network as well so I think that may have addressed both of your questions both about sort of the wallet openness as well as the general interoperability because it's just publicly defined standards that as long as you're implementing that protocol you can interface regardless of what peace. Moshe_Tzvi_Wieder: of the the. <tim_dutta> Are they tokenized? Kerri Lemoie: Thank you I have a few questions in the chat one is from Tim as it will Block Chain networks are you connected to. Moshe_Tzvi_Wieder: Yeah so it's a good question I want to clarify though because there's something that I think is is sometimes missed it's really important especially in light of what what no me clarified earlier individuals personal information their credential information is not stored on the Chain the individuals information about their credentials is only there's in their mobile wallet there is no Central database with everybody's information. Moshe_Tzvi_Wieder: Nation nor is there. Moshe_Tzvi_Wieder: That noise that information public on the blockchain such that if I were to hack a blockchain node I would be able to get access to people's personal information people's personal information their credentials only exist in their mobile wallet that is the entirety of where it exists what happens to the chain is to solve a particular issue so and I'll just explain the issue just so we're we can understand what is stored on chain which is. Moshe_Tzvi_Wieder: Storing your personal credential information what's to stop you from going into that credential file that's on your mobile device and changing some of the information there and maybe you want to give yourself a degree from from Harvard instead of jail or whatever and so in order to prevent that when the credential is issued from the issuing institution it is encrypted with public private key encryption and so what you have on your wallet then is an encrypted version of your credential and the. Moshe_Tzvi_Wieder: public key. <dmitri_zagidulin> er.. the issuer's signature is what prevents you from changing it :) <keith_kowal> It might be good to clarify the Velocity business model? My historical understanding is that verifiers need to pay to verify credentials. Moshe_Tzvi_Wieder: Locks that goes on to the blockchain and that's what's out there it's just a key the the specific technical blockchain that that we're using were using a therians blockchain implementation to at answer your question and then on the flip side when you share your credential with a relying party for it to be validated they go to the blockchain they get the public key and only if you have it tampered with the credential file that's on your device. Moshe_Tzvi_Wieder: well that public key still match your credential file. <phil_l_(p1)> Have you moved on your ethereum to PoS from PoW? Moshe_Tzvi_Wieder: And allow it to be unlocked and that's how we know you haven't tampered with it throughout the period of time that you were holding it so the Block Chain is used as part of the solution but really as an ancillary piece to solve a tamper-proof problem and it's not none of the core information is stored on the chain. <tim_dutta> So it is tokenized? <tim_dutta> thank you. Kerri Lemoie: Yeah I just had a few hours before I get to your question Keith I see you there to Tim at a follow-up about a tokens and if I'm any of the credential or tokenized or if you're using any of that method. <dmitri_zagidulin> @Phil - you should q+ Moshe_Tzvi_Wieder: The credentials are not tokenizer they are stored on the in the wallet on individuals wallet. <tim_dutta> thank you Kerri Lemoie: Yeah I can we can help. Naomi: If I'm a real quick carry to support can you still see my screen okay good so one thing is to I was sharing before and I think it drop down is the actual website and for example I was talking about the different schemas for the different types of credentials and all of the documentation is posted on the website and it really gives you no instant access to some of the sdks and instructions for how to get started. Naomi: started so that any entity that wants to issue. <phil_l_(p1)> +Q Have you moved on your ethereum to PoS from PoW? Naomi: Network or even build a wallet as machete had mentioned the information is all posted on here and it's just navigable by the through the velocity website so if this cooperates here my internet cooperates it doesn't seem to be basically on the developers tab you can click through to this kind of inventory of information. Kerri Lemoie: That's great thank you and I'm that page there is there information about Phil ordered it I like the protocols supporting for the VC exchange like be Capi open IDC is Roi DC is that included as part of this list on this document. Naomi: I don't think that that level of information included only because velocity encourage organizations to to interact with velocity using the SDK however you know for example for the plugfest were making the move to the oid see protocol so that may be something that the team can add for the future. Kerri Lemoie: Okay great thanks I'm going to go to Keith's question here he was wondering he's saying I was wondering if you could clarify more about the business model will probably go get back to the text after everybody because his understanding is I verify received to pay to verify credentials. Naomi: So high so I can absolutely dig into that and that was actually the next slide can you still see my screen and see the PowerPoint now or. Kerri Lemoie: Do you know why don't we pause on that then because we had some technical questions still so let's just stay here for a minute we'll get back to you okay Dimitri you're in the queue. Dmitri Zagidulin: Hi yeah I just wanted to clarify it sounded some of the some of the things more show is was saying seemed fairly exotic in the in the credential ecosystems I just wanted to clarify understood right so the question was what prevents users from changing the credential and typically in the verifiable credential ecosystem it's the signature. Dmitri Zagidulin: Encryption instead did I understand correctly. Moshe_Tzvi_Wieder: It is it is when you say the signature of the issuer so I we may be talking about the same thing what happens is when the issuer issues that credential they are essentially encrypting that credential with a with all the private key encryption and that public the public key that's used to encrypt that credential is what to put on the on the Chain but it's essentially the signing Act of the issuer which is causing that to happen. Moshe_Tzvi_Wieder: but it is. Moshe_Tzvi_Wieder: That right and so that way while I've got that credential file in my mobile device I can't go in and manipulate it in any way because if the only thing that happened was that I when I received that credential the name of the issuer came along with it or the signature of the you know the the issuer came along with it I could still go in and change it right and so the it's the fusion of those two at the time of verification when I then. Moshe_Tzvi_Wieder: take that public verification. Moshe_Tzvi_Wieder: That matches the encrypted credential file the marriage of those two the fact that they still match is what ensures me that no nothing tampered with it along the way there. Dmitri Zagidulin: I see I think I think maybe know I think we may be using the word encrypted differently usually in our community encrypted means ciphered meaning nobody can access it except the person who encrypted it. Dmitri Zagidulin: Which I don't think is what you're saying is it. Dmitri Zagidulin: The plain text. Moshe_Tzvi_Wieder: So when you see nobody can access it you mean nobody can see the plaintext yeah so that is that is that is to a certain extent what what we're saying but it's it's not necessarily so the encrypt and maybe so maybe encryption is is a common word and not exactly what's what you're intending but it's a it becomes. Moshe_Tzvi_Wieder: And there is the public key that matches that that encoded file the the encoded file itself is not in plain text it is it is encoded it's if you're you know it sounds like you're familiar with the technical back side so it's a g it's. Dmitri Zagidulin: I think this group in general is fairly technical. Moshe_Tzvi_Wieder: Okay fine so it's a JWT it's a sort of version of a JWT that if you go to any JWT reader legitimate E I O U be able to drop it in there and be able to see what it contains in clear text but because it is encoded if you change any of the bits the public key that's on the Chain won't match anymore at the time of verification. Dmitri Zagidulin: And this is okay I'll let sorry I don't mean to. <phil_l_(p1)> That's a great idea Naomi Naomi: Yeah and Dimitri you know we have an outstanding date to put you together with Andres Andres unfortunately is on Australian time so making it 11:00 meeting with near impossible for him he's on Sydney time but we can absolutely if anyone has additional questions schedule another meeting maybe at a five time to even answer the deeper even more technical questions. Dmitri Zagidulin: Overdue you fell. Kerri Lemoie: I see before me go to hell I'm going to I'm going to cut in line Phil sorry one second because one thing we did really talked about yet is learner identity how is identity defined is there's a come from the wallet but who defines as the identity. Kerri Lemoie: And what are you using for identity. Moshe_Tzvi_Wieder: I guess the question for me now me so. Naomi: Yeah yeah yeah. Kerri Lemoie: Oh yeah sorry I should have been more specific I'm sorry yes please. <cel> what was discussed sounds like integrity protection (signing/signatures), not encrypting/encryption Moshe_Tzvi_Wieder: No worries so at the at the moment we're not doing identity binding the and there's not a concept of personal dudes or anything like that essentially the we're using did I on for the issuers and we're using as well as for the inspectors and different actors in The organizational actors in the network are all registered and have a did. Moshe_Tzvi_Wieder: did unique ID that's a. Moshe_Tzvi_Wieder: The individuals and their wallets are identified as they claim their identity credentials in their wallet so as an example right when you download the walls for the first time and you fire it up the first thing it asks you to do or suggest you do is to claim a email account and claim a phone number we also allow you to use a driver's license and claim Social. Moshe_Tzvi_Wieder: remember driver's license ID passport you can use to. Moshe_Tzvi_Wieder: Remember and so you become the holder of those identity credentials and then using those identity credentials you can then go and claim other credentials. Kerri Lemoie: Making sure that all right Phil you have the floor now please thanks. Phil_L_(P1): Can you hear me. Phil_L_(P1): Okay thank you you made a brief side comment about using ethereum I was just wondering if you're using the etherium before with the same po W consensus or have you burned moved over since they've implemented proof of. Moshe_Tzvi_Wieder: Yes we're still using the the proof of w yeah. Phil_L_(P1): Yeah so using magnetic got it okay thank you. Kerri Lemoie: Okay great why don't we all move on to that business model discussion we could always Circle back to questions people have. <tim_dutta> Tim Dutta says:So you are requiring all participients of the network to be registered on ION Blockchain and Etherum Networks? Naomi: Absolutely I think you're still seeing my screen I'll make it a little bit bigger one of the things that people ask about is not only the business model but also like hey we've heard that you know there's a credit system Etc velocity and absolutely I mentioned that velocity started out originally thinking about the adoption problem that's part of what drove the conversations with the HR is Tech providers and that's also you know what drove. Naomi: you know. Naomi: Some of the. Naomi: The members of the founding members were organized but the other part of driving adoption is that they realize to get everyone to start to issue credentials there would need to be some incentive to participate in this kind of system and so the way velocity is structured contributors anyone who contributes to the network and this doesn't have to be a member this can be any organization that issues credentials they can issue in their. Naomi: own world where they're currently. Naomi: Two other networks as well and then once they issue to Velocity they get credit and the person accepts the credential I will add that once that credential is accepted they get credit for having issued that credential and then they can hold those and then when a verifier goes to verify a credential not just to view a credential but to verify the credential they have to buy credits and use credits to make that verification happen. Naomi: oh and so it creates an opportunity for this Market. Naomi: So it gives that opportunity for anyone who issues a credential to monetize and get a benefit Financial benefit out of issuing their credentials and that's really important in the sense that we're asking a number of organizations to basically disrupt their current business models and think differently about them and even on the verification side the idea here is that the most static pieces of data about a person like your education employment record like if I went to a certain School I've still. Naomi: will I've always gone to that certain school it's not something that changes data. Naomi: Middle background where I could run out and robbed a bank tomorrow and then my record changes that information for background check providers is often hard to verify and slow and it creates a lot of friction in their process at the same time it's static so it doesn't have to be so slow and it can be absolutely something that's issued as a credential and instantly verified and reduces a lot of the time and effort for getting people into jobs and so that's really this idea. Naomi: in here is that we can in sent more issuance of digital. <keith_kowal> So I think the business model ties back to Dmitri's question. I believe the credential is "encrypted" because the verifier needs to pay to decrypt the credential to view its contents. Correct? Naomi: Jules and then the background check providers were actually making changes to the way they think about their business models as well to be able to participate and and kind of simplify the parts that they can simplify and use and use their expertise has on some of the harder to solve things that are more transient in a person's record and so just wanted to talk to the business model I know that question came up and did I speak to it sufficiently in terms of hey there's a. Naomi: I heard verifiers have to pay that's the way this. Naomi: System is set up. <tim_dutta> Are your employer partners willing to pay for verification? <sharon_leu> What is the incentive for individuals to share their credentials? Kerri Lemoie: Fix em I don't see anyone else in the queue right now so you keep going thank you. Naomi: Okay and and then in terms of the roles in velocity network is there are several known roles I think this is important to clarify so we mentioned members and what members do members are on the board of directors and shape you know the practices of the network they can be networked stewards which is they operate a node or they could be advisory members where the action tends to happen that we think about is you've got your individual. Naomi: being a wall. Naomi: And again that can be any wallet and then you've got people that want to issue credentials and folks that want to verify those credentials and so velocity splits out the role of the issuer for example from the credential agent operator where I might be a school they Naomi University and I want to issue credentials but I'd maybe I'm a small school I don't have a lot of funds I don't have a big it department so I don't want to do that myself I want to have it credential agent operator do that technical Workforce. Naomi: for me the issue Mike. <dmitri_zagidulin> @Keith - great question, you should hop on the queue to ask Naomi: Goals and so in this model both organizations kind of get credit and split the credit for having issued the credential to Velocity and that's a really important role and then here notary issuers are like your background check providers that may be verified my record and those are right highly regulated players it's a highly regulated industry and only a individual I'm sorry an organization that. Naomi: is in that. Naomi: A group can participate as a notary issuer you know say I Naomi worked for a company 10 years ago that then when a business but it was verified once that I did in fact work there they can issue that credential on behalf of that organization and so that's the role of the notary issuer and then you see your linked open data players here and so forth and so this kind of gives a little bit of the different roles in velocity Network and what they do on the network any kind of questions in that space yeah. Kerri Lemoie: Yeah these may have come just before you got there so I assume they're in the church had so once your name Tim and you want to know if your employer partners are willing to pay for verification. Naomi: Yes they are because it's expected to be a lot cheaper than what they're currently paying. Kerri Lemoie: And I share an ass up here I'm what's the incentive for individuals to share their credentials. <tim_dutta> Thank you! Naomi: Ah that is whether they want to get opportunities and that is in the space of the wallet itself in terms of when they and I guess I should pull back so one of the things that velocity is doing is we're starting to work on these closed-loop ecosystems with large employers that if their HR is systems and even Partnerships with the institutions that are issuing certain credentials for example one of our. Naomi: are clusters is a healthcare cluster where. Naomi: Hospital system is trying to hire for example nurses and so forth to create these closed-loop ecosystems and the incentive for sharing your credentials is that you can more quickly get processed and hired on to a new organization. Kerri Lemoie: Very interesting thanks near me I'm Phil P1 you're in the key of the floor. Phil_L_(P1): Sure thank you when you're when you're talking about the credential notaries are they what's a little bit unclear to me is are they signing in lieu of the institution themselves do they have in some sense the institutions or an Institutional identifier of the former student for example that they're using or how does that work. Moshe_Tzvi_Wieder: Yeah let me let me go. Naomi: Yeah this is limited to background check providers at present it's a very specific role to answer your question in more detail and it's as far as I know it's not necessarily on the institution side it's only on the employment side but Phil I can get back to you with more information on that in the sense that it's not my expertise per se I know they have a very limited slice of a role and actually we've had some requests. Naomi: 2R even rethink what notary issuer means to expand it but to my knowledge the foundation has not explored any expansion of that role yet yeah. Moshe_Tzvi_Wieder: And no me just to add to your just just add to your response as well so the when the notary issues or issue or science credentials it's with their own signature it's not with the original issuing institution signature so it's very clear that it's on behalf of and it's not the actual it doesn't have the same weight as the Visa issuing institution itself signing it. Phil_L_(P1): So it's not a multisig credential in that sense. Moshe_Tzvi_Wieder: Multisig credential what do you mean. Phil_L_(P1): Meaning that there's multiple signatures on the credential one from. Moshe_Tzvi_Wieder: I know it's just you know there's a single there's a single signature on the credential and against the Notre Dame yeah. Phil_L_(P1): Okay okay got it thank you. Naomi: And thank you Moshe for contributing that so then you know in terms of like our secret sauce what we what we get to in the end of all these pieces being put together is this public open fully decides Network controlled and governed by participants and right now it's 28 blockchain nodes run by 15 organizations and periodically there's been a call for participation on you know for additional members want to come in and. Naomi: run a node so that's a maybe I think it's twice. Naomi: There's a call for four members to participate in that way but that's the current status of the network and the velocity Tech stack is fully available royalty free open source and as I showed you on line the documentation is you know fully accessible online it's constantly under updating you know under revision and review if you see anything that you think would be helpful to have in the documentation please absolutely. Naomi: Italy reach out to me I know that even some of care. Naomi: Start to probe to opportunities for us to expand the discussion further or if you find anything that is an error you know please do let us know of course there's a lot of documentation to maintain but the idea is to make everything is accurate and open as possible I'll show you real quick a little bit of that we're live we're focused on adoption these are some of our current updates so we've got a cluster strategy and we're starting with regulated credentials first. Naomi: We're getting some of the largest employers to opt-in and this particularly is focused on a healthcare cluster and there's also a banking cluster in the EU. Naomi: And using other screening industry to focus as notaries where necessary and that the largest job boards are serving as distribution channels to individuals and so together with the HR Tech Ventures serving as distribution channels to employers so this is kind of like the operational strategy although there are other clusters that are popping up and other types of issuers that are starting to get involved and start publishing tool. Naomi: And then this slide real quick just covers a website which I showed you in some of the documentation available we do have all of our content from the New York City General Assembly from the summer posted online and you can read and kind of see what different actors in velocity have started doing with with the tildy layer of the lot velocity provides and then Mo she may be able to talk to this further I do get questions about like hey well what happens if you're not using. Naomi: using the large systems the HR Tech providers. Naomi: Box out small businesses from participating and or small institutions from participating and the answer is no because if you're not using one of those platforms you can still you know work with an issue a different kind of issue where we're starting to see more open types of opportunities for issuing credentials and you can work with one of those Partners to issue your credentials to Velocity and from a receiving end this also this web verification service will be live shortly and. Naomi: it will enable. Naomi: Verification of the credentials on velocity without direct verification through your HR Tech provider while those systems and those Integrations are still being developed motions if you do you have anything you kind of want to add here because I know this is more your world. Moshe_Tzvi_Wieder: Thanks thanks for offering no I think you did a fine job explaining it essentially the way we think about this is allowing individuals offering the individuals a service whereby their credential becomes hosted in this is more of like a SAS centralized model where the if the individual wants their credential hosted. Moshe_Tzvi_Wieder: so that. Moshe_Tzvi_Wieder: Anyone that they give they give the the the generated link to can go in and validate the credential then you know this this makes that available and as no me pointed out that the reason that were you know going down this path and as an additional component to our framework is that it then allows any organization regardless of whether they have any. Moshe_Tzvi_Wieder: TS regardless of whether their 80s is. Moshe_Tzvi_Wieder: Yet integrated with the velocity Network or not to Simply follow a link come to a website and then click to verify the credentials if they want to. Naomi: Okay any other kind of questions coming up in the chat I see it moving and I it's hard to decipher what is us talking and what is questions. Kerri Lemoie: Yes again keeping an eye on it the transcriber really fills up the Chatham's his P1 is a he's in the queue so I'm going to give him the floor. Phil_L_(P1): Sure what about what about self issued credentials the the verify the VC model certainly supports an individual creating their own credential is that I'm not sure how that fits into the description you described. Moshe_Tzvi_Wieder: Yeah so that's there certainly is the ability for an individual to go into the wallet and and add credentials that you know that self-reported credentials as we call them verifying self-reported credentials doesn't have a lot of meeting right because that you're never going back to the source institution because it's just something that the individual created themselves but there certainly is it's supported by the network and part of the. Moshe_Tzvi_Wieder: wall in framework. <simone_ravaioli_(vc_edu)> How many credentials have been verified or issued by Velocity so far ? Moshe_Tzvi_Wieder: You can go ahead and do it and and by the way anyone who wants to is more than welcome to go to the app store or the Google Play Store and download our wallet and play around with its no-cost it's free and you can kind of see the functionality that's there. Kerri Lemoie: Thanks I keep you at the floor. Keith Kowal: Yeah thank you for the great presentation I think there's a lot of room for this type of product in the market I guess my question is I mean a lot of flies talk about it being kind of decentralized and open but at the same time I mean if one considers the architecture where I go everything needs to go through an SDK you have the web services which I'm just going to assume is all operated by velocity Network that would seem to be like a large centralizing function like everything needs to go through velocity I am maybe I'm missing. Keith Kowal: Being here like how do you. Keith Kowal: How do you adhere the principles of decentralization yet maybe have so much centralization. Moshe_Tzvi_Wieder: So things don't need to go through velocity the the wallet and the SDK is there as a basis it's as I mentioned for to open source and and we would love nothing more than for there to be several other wall Riders implementing the the protocols and we can retire our wallet right we don't want to be in a wallet business we just created one now because like just just so there's an example out there for people to have and there's something functional. Moshe_Tzvi_Wieder: If it's not at all and even then it's not going through our servers or anything like that right the only communication that takes place is peer-to-peer right so when a issuing institution issues credentials they're issuing it directly to the the wallet that an individual's holding and then that individual is sharing it directly with inspecting institution and velocity is not any part of the those those. Moshe_Tzvi_Wieder: channel so maybe. Moshe_Tzvi_Wieder: Mental models little different than what you had in mind but it is you know legitimate he decentralized or not things are not coming through us we don't have access to the credentials that are that are being shared or anything like that. Naomi: And keep the bat did that help clarify and kind of give you the perspective yeah okay good. Kerri Lemoie: Xander you have the floor. Xander_-_ASU/Pocketw: Thank you so much I just had a couple of quick kind of Rapid Fire questions around the mobile wallet in particular I had pulled up the example while it's on GitHub and it read the documentation you'll quick it doesn't really clean clear how exactly are you doing the wallet implementation like are you using Ursa or did you do your own like what's underneath for storage there. Xander_-_ASU/Pocketw: All right so then maybe I can bounce up one level higher. Naomi: I'll put yeah. Moshe_Tzvi_Wieder: That's deeper than me I apologize that I'm happy to I'm happy to get you on a call with with with architect our mobile team lead but I honestly don't know what what there is what the wall is internally using as its storage model I don't know. <naomi> naomi.szekeres@velocitycareerlabs.com Xander_-_ASU/Pocketw: Yeah I know where is I checked the dependencies I thought I might find it there but it I can refine so the next question is can you I don't think this has been mentioned I apologize if I missed it but look what protocol is being used specifically to communicate between issuers and wallets and verifies that all in HTTP API or are using some kind of other medium for transmitting these communications. Xander_-_ASU/Pocketw: Yeah that's what it looked like to me I just kind of wanted your clarification are so then my final question. Xander_-_ASU/Pocketw: It might be. Moshe_Tzvi_Wieder: I believe it I believe it is HTTP I believe it is but again we can yeah yeah it should be a specialist say it's HTTP but yeah I am pretty sure it is but again if it's important I'm happy to we can get back to you with yeah no problem. Naomi: Yeah and I just put my I just put my email in the chat so if you have any questions that we can answer on this call like I said Andres really knows all the weeds and he's not available today at this time so you know we'd be happy to set up a call to really dig deeper with anyone on this group who has the deeper questions on how things work and are built. <kerri_lemoie> Last question @xander please Xander_-_ASU/Pocketw: Well I hope my hope thank you I hope my last question is not too technical but I mean we'll see so if you're using HTTP a IPS which it looks like you are how are you handling authentication between parties and I'm kind of interested in this in two ways you know like if I'm going to issue a credential to a wallet how do I verify that the wallet holder is who I think they are and vice versa you know is it how is the identity of the. Xander_-_ASU/Pocketw: who or the verifier like. <kerri_lemoie> We have one more after this one. Xander_-_ASU/Pocketw: Of all again all these communications are HTP is it just like various flavors of Olaf. Moshe_Tzvi_Wieder: So it's a good question so actually it's a layer above that right you're thinking sort of on the on the technical protocol side but actually the answer to your question as far as how do I know that the person is who they say they are is because is because of the identity credentials that they own in their wallet right and. Xander_-_ASU/Pocketw: Oh no so like what I mean more specifically is like let's say you wanted to issue something to me or you issuing it by like my email like I know that you know they're you know that I'm your employee I have this particular email identity already like how do I reach out to this particular wallet to offer them credential is it like you see them saying like how is that wallet addressed. Moshe_Tzvi_Wieder: So there's so there's I think there's two layers your question I'll try to address both of them and if I still missed it and then let me know and we'll will recalibrate so the first is how how am I as an employer or an issue or how do I determine you know that this person actually is who they say they are and therefore they're the right person for me to be giving the credential to and so that's what I was. Moshe_Tzvi_Wieder: is what I was. Keith Kowal: https://www.velocitynetwork.foundation/main/developers-guide-authentication Moshe_Tzvi_Wieder: Which is and this was designed to map current business processes right so imagine right now if a graduate of University calls up the registrar's office and says they need a copy of their transcript so what is that registrar's office currently requiring in order to you know validate that that person is who they say they are and therefore provide them that information and it's different right depends on each institution decides for itself right what information it's going to require in order to make that happen. Moshe_Tzvi_Wieder: and so too the same thing as here right when you are an issuer you decide. Moshe_Tzvi_Wieder: What disclosures you require in order to issue it could be that if it's the credential that reissuing is simply a participation you know that badge that hey we were all in this one hour session together then you know maybe it's good enough that I just you know that we match on the email address but if I'm giving somebody there their medical license right II you know probably want you know four different pieces of information and your copy their drivers license and who knows why. Moshe_Tzvi_Wieder: I don't sew. Moshe_Tzvi_Wieder: Define when you're an issuer in you define the protocols the the credit the disclosures excuse me that you're going to require in order to determine that this is a person it's in your hands to make that decision and you know again it's usually just going to map whatever your current business processes for non digital credential that you're issuing you would just translate that over to digital side. Moshe_Tzvi_Wieder: I'd the. Moshe_Tzvi_Wieder: Piece of your question is okay that's great but how do I you know how do I make that connection right how do I let you individual know that I may have a credential for them and so to facilitate that we've got we generate either a link or a QR code that you can send via email whatever method you know whatever methodology you want to to to the individuals emails as what we most commonly see where people just. Moshe_Tzvi_Wieder: I'll drop those q r. Moshe_Tzvi_Wieder: Um in a mail merge to email them and then someone will receive an email saying hey you know you've got credential that digital credential you can claim you can claim your diploma now and then when they scan that QR code it will open up in our app the ability to then create the peer-to-peer connection with the issuing institution provide you information that's required and get the credential. Xander_-_ASU/Pocketw: Gotcha thank you so much. Kerri Lemoie: I think you I'm sorry we are gone over time here so we have to call this a. Naomi: Thank you and we are we yes I actually carry I was right with you I know we're out of time so I this is our final slide and I can I mean I've shared the deck in the chat I've also given my email the chat if anyone has any questions that we were not able to answer today carry is there anything else you want us to do before we wrap up. <cel> thanks! Kerri Lemoie: Nope no that is great we will publish these minutes and have folks these will show up for the mailing list feel free to reach out to Naomi if she said thank you very much for coming here today telling us about the lastly we appreciate it. Naomi: Thank you for having us ivory. <sharon_leu> thanks! Kerri Lemoie: Thank you have a good week everybody thank you.
Received on Friday, 14 October 2022 18:37:12 UTC