W3C home > Mailing lists > Public > public-credentials@w3.org > September 2022

Re: Novel (to me) architecture for control of personal data

From: devi prasad <dprasadm@gmail.com>
Date: Sat, 10 Sep 2022 13:06:28 +0530
Message-ID: <CAO2B13RgLG5FMgH-PNnVLLroG-5_HP6BSJQJOt+x8UM7Lxc5Vg@mail.gmail.com>
To: Steve Capell <steve.capell@gmail.com>
Cc: Adrian Gropper <agropper@healthurl.com>, W3C Credentials Community Group <public-credentials@w3.org>, Chris Gough <christopher.d.gough@gmail.com>, namlleps.drahcir@gmail.com
Steve, the consent manager is an Account Aggregator (AA) in this ecosystem.
AAs are regulated by the central bank - the Reserve Bank of India (RBI).
The Financial Information Users (FIUs) generally pay per
consent/transaction - the amount is not fixed by RBI. It is left to
the market.

Refer to the official site for more details: https://api.rebit.org.in/

IMO, substantial trust is placed on AAs when a Financial Information User
(FIU) fetches financial data from a Financial Information Provider (FIP - a
bank, for example).
Ephemeral keys are used per data fetch between FIU and FIP. ECDH using
Curve25519 is mandatory.

There's a central registry of FIPs and FIUs maintained by the non-profit
organization, Sahamati - https://sahamati.org.in/.
This is indeed an interesting model that works at India scale.

The data request from FIU to an FIP via AA is documented here:
This is the context where I think an FIU trusts AAs because the former
exposes the initial key material it wants to share with the FIP for
subsequent cryptographic operations (signing as well as data encryption).

This text (by a licensed AA) offers more details :

Devi Prasad

On Sat, Sep 10, 2022 at 3:05 AM Steve Capell <steve.capell@gmail.com> wrote:

> Thanks for sharing that Adrian
> It’s very interesting - all the more so because it’s apparently live and
> working in the worlds most populous democracy.  Some thoughts occur to me
> 1 - It doesn’t say how the key management works for that encrypted flow of
> private data works. Orchestrated by the consent manager but not visible by
> the consent manager.  I guess it must be asymmetric encryption based on
> public key discovery of data users
> 2 - it doesn’t say how the commercial model works. Who pays for the
> consent manager service? The data user maybe?  Or is the consent manager a
> government run public good utility?
> 3 - although it’s different, I’m not entirely sure how / whether it’s
> better than a VC / EDV model where the subject is also the consent Manager?
> It might have something to do with the question about commercial
> incentives.  Possibly the most interesting thing about the Indian model is
> not the tech pattern but the commercial model for a fee-charging consent
> manager who’s profit motives are to protect the data subject’s data rather
> than to profit from the aggregation / analysis / resale of it
> Not expecting you to answer these questions Adrian - just sharing them as
> they occur to me ;)
> Kind regards
> Steven Capell
> Mob: 0410 437854
> On 10 Sep 2022, at 12:55 am, Adrian Gropper <agropper@healthurl.com>
> wrote:
> https://www.brookings.edu/blog/future-development/2022/09/08/give-people-control-of-their-data/
> Builds around delegation to an intermediary that does not see the data
> itself.
> Adrian
Received on Saturday, 10 September 2022 08:02:25 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 10 September 2022 08:02:26 UTC