RE: Open Wallet Foundation (and how it might fail) from John, Anil on 2022-09-22 (public-credentials@w3.org from September 2022)

From: John, Anil <anil.john@hq.dhs.gov>
Date: Thu, 22 Sep 2022 23:25:52 +0000
To: W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <PH0PR09MB797724AC02A7BE86D0ACA237C54E9@PH0PR09MB7977.namprd09.prod.outlook.com>
Hi Adrian,

As you well know, I tend to stay away from open ended conversations on human rights, as that often means many things to many people.

What I do agree with and champion is putting the individual in control of the things that matter to them. As USCIS articulated publicly a couple of weeks ago at the FedID Conference (prezo attached) the way that manifests itself is in their implementation principles  and priorities (slide 4):


  *   Not a requirement; a choice!
     *   Starting with the digital Permanent Resident Card (PRC), immigrants will be invited to request a digital version when they receive the physical credential
     *   Immigrant can continue to conduct all Government transactions with their existing physical credential
  *   Eliminate “phone home” architecture/technology/implementations
  *   Eliminate “back channel” interactions between verifiers of the credential and the issuer (USCIS) which are not visible to the credential holder
  *   Support for selective disclosure capabilities to provide the holder of the credential granular control over what information they can share and when
  *   Encourage and support a plurality of independent, interoperable, standards based implementations to counter vendor/technology lock in, and mitigate perverse incentives that accrue market power to entities that can result in a gatekeeper functionality between the Government and its customers

Best Regards,

Anil

From: Adrian Gropper <agropper@healthurl.com>
Sent: Thursday, September 22, 2022 11:57 AM
To: John, Anil <anil.john@hq.dhs.gov>
Cc: W3C Credentials Community Group <public-credentials@w3.org>
Subject: Re: Open Wallet Foundation (and how it might fail)

CAUTION: This email originated from outside of DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions or concerns.

Anil,

I’m grateful for your comments and urge your continued attention to the wallet issues as human issues rather than business issues.

No matter what “alphabet soup” of workgroups and protocols, old and new, that create an impactful wallet, it’s imperative that we look at digital wallets in terms of human rights rather than business.

For example, it’s arguable that digital wallets are the most important example of a digital public good. More important than access to broadband. More important than effective regulation of digital currency. Can we think of any aspect of digital infrastructure that will be more important to equity across the totality of universal human rights? How will a rich person’s wallet be different from a poor person’s? How will a US citizen’s wallet differ from the wallet of an undocumented migrant? Will the wallet of a Venezuelan migrant also work in the US?

Medical records are another example of digital public goods. All of the questions I pose above for general use-cases apply just as much to the very large use case of medical data. (As you may know, I’ve been involved in planning for managing the medical records of Ukrainian refugees.)

AAMVA and the governmental entities participating in mDL via opaque standards and secret meetings seem like the antithesis of the kind of transparency that you are calling for below.

IETF has a formal human rights component which may be used to inform specific work groups. How would we introduce human rights considerations into the discussion of wallet standards and protocols?

Adrian


On Thu, Sep 22, 2022 at 2:19 PM John, Anil <anil.john@hq.dhs.gov<mailto:anil.john@hq.dhs.gov>> wrote:

Manu > … dilutes focus in the technical specification work ...



I would be curious to understand where the “technical specification work”, as it relates to digital wallets, is taking place currently in a manner that:

  *   Is open and visible to the global community
  *   Has a mechanism in place to move it into formal standardization pathways
  *   The output of the work is open, royalty free, patent free and free to use by anyone globally



I consider digital wallets to be both critically important to the DID/VC ecosystem AND simultaneously the most hand-waved over piece of implementation infrastructure!



The gaps that I can see existing include:

  *   A clear articulation of what features/capabilities should be within a core, normative, baseline of a digital wallet that is expected to store and manage high value credentials, and what should be optional / value add
  *   How those features can be detected by issuers and verifiers

     *   Independent testing / evaluation
     *   Cryptographic Challenge/Response
     *   Formal Certification / Accreditation by some entity after an in-depth technical and business model review

  *   How wallets can signal intent and capability to an Issuer and Verifier such that they can make a risk-based decision to interact with that wallet



… and so much more!


Best Regards,

Anil

Anil John
Technical Director, Silicon Valley Innovation Program
Science and Technology Directorate
US Department of Homeland Security
Washington, DC, USA

Email Response Time – 24 Hours

[A picture containing graphical user interface    Description automatically generated]<https://www.dhs.gov/science-and-technology>[/Users/holly.johnson/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_1972159395]
Attachments

image/jpeg attachment: image001.jpg
image/jpeg attachment: image002.jpg
application/pdf attachment: US Digital Immigration Credentials Overview - 9.7.2022.pdf
Received on Thursday, 22 September 2022 23:26:25 UTC