[MINUTES] W3C CCG Credentials CG Call - 2023-11-07

Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2023-11-07/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2023-11-07/audio.ogg

----------------------------------------------------------------
W3C CCG Weekly Teleconference Transcript for 2023-11-07

Agenda:
  https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Nov&period_year=2023&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date
Organizer:
  Mike Prorock, Kimberly Linson, Harrison Tang
Scribe:
  Our Robot Overlords
Present:
  Harrison Tang, Pauld gs1, David I. Lehn, Manu Sporny, TallTed // 
  Ted Thibodeau (he/him) (OpenLinkSw.com), Nate Otto, Charles E. 
  Lehner, Kimberly Linson, Joe Andrieu, Vanessa, Adrian Gropper, 
  Erica Connell, Will, Nis Jespersen , Jeff O / HumanOS, Chandi 
  Cumaranatunge, Steve Magennis, Phil (T3), PL/T3, Denver, Bob 
  Wyman, Dmitri Zagidulin, Jing Chao, Brandi Delancey

Our Robot Overlords are scribing.
Harrison_Tang: Okay it hasn't started.
Kimberly Linson:  In if you are on the thank you oh don't talk is 
  what you're telling me to wait on says it's thing today so really 
  quickly that today we have a new talking about true age which is 
  I think a really exciting use case and a demonstration of the 
  kind of power and adoption that we are you know I just keep 
  telling books I feel like the flywheel is really starting to 
  churn and I'm now I'm just worried about getting my sleeve 
  caught.
Kimberly Linson:   I'm sorry.
Kimberly Linson:  And if you are on the ccg list man who already 
  posted the slides he's going to be going through today so you can 
  have those and follow along just to go through our our 
  housekeeping items we follow a code of ethics and professional 
  conduct the link to that can be found in our agenda but I think 
  the basic premise is that we are all driving towards the same 
  goals and and we want to.
Kimberly Linson:   Foster a community of.
Kimberly Linson:  Being and respect and participation from 
  everyone in the community and I think that is is one of the 
  things I really enjoy about being a part of this community we 
  welcome everyone to attend and be a part of this community group 
  in fact that is the purpose of a community group is to have as 
  many different varied voices as possible to provide feedback and 
  ideas and iterate to the larger from the larger Community to.
Kimberly Linson:   To the the work.
Kimberly Linson:  Groups it t at w3c so anyone is welcome to 
  participate however if you want to get deeper into the work and 
  really provide any kind of substantive contributions than I would 
  invite you to please sign the full IP our agreement and join w3c 
  both of which do not cost and you can do that by following the 
  links also in the agenda we do keep minutes and an audio 
  recording of this call.
Kimberly Linson:   What you just.
Kimberly Linson:  The UN video recording which you just saw a 
  start and that is important for us to keep a record of what's 
  being said both for you know historical preservation and and 
  organizational history but also to just make sure that we are 
  open and transparent about the things that are being discussed in 
  in this community and we do keep track of in the in the queue use 
  that too.
Kimberly Linson:   To keep track of speakers.
Kimberly Linson:  And that is what Harrison and I will be 
  managing I invite everyone who has a question or a comment on 
  what we're about to here today to to participate in the queue and 
  you do that by putting q+ in the queue and if you want to remove 
  yourself from the queue you can put Q - and now we are to the 
  time of day that I always look forward to which is introductions 
  and reintroductions for those of you that weren't on the call 
  last week we actually.
Kimberly Linson:   Used the time last week to do a.
Kimberly Linson:  And all Community introduction which was great 
  so I really do invite you if you were not here last week and want 
  to reintroduce yourself if you haven't been here for a while and 
  want to introduce yourself or if you are brand new to please put 
  yourself on the Queue and let us know that you're here.
Kimberly Linson:  All right I will I will take that as a sign 
  that everyone feels like they are well-versed in this community 
  and move on to announcements and reminders does anyone want to 
  put themselves on the Queue with an announcement or reminder.
Kimberly Linson:  Manu go ahead.
Manu Sporny: https://www.w3.org/TR/rdf-canon/
Manu Sporny:  I can do one real quick the rdf data set 
  canonicalization specification which is one of those boring 
  pieces of Plumbing that kind of power some of the verifiable 
  credentials work was successfully published on on Halloween of 
  all days as a candidate recommendation so that basically means 
  that we are feature complete we are looking for implementers for 
  that specification.
Manu Sporny:  As we already have quite a few implementers for the 
  specification it did not change that drastically since 2015 or so 
  so that let's see yeah that that specifications out there right 
  now will be kind of collecting implementations through the end of 
  q1 I'm next year and then we'll be proceeding that specification 
  to kind of a global standard at that.
Manu Sporny:   Point so.
Manu Sporny:  It's been in the making for 8 years now I guess it 
  should really probably closer to 11 years as when the work 
  started but nearing the end which is great to see the other heads 
  up is that we were scheduled to do the candidate recommendations 
  for the verifiable credential data Integrity specifications today 
  but due to workload issues.
Manu Sporny:   Who's at w3c.
Manu Sporny:  Happened there is a we're planning on publication 
  of those in the candidate recommendation next week at some point 
  that's it.
Kimberly Linson:  Wait could you do you have the link candy to 
  those two to put in the chat please.
Manu Sporny:  Yeah let me try and find.
Kimberly Linson:  Thank you Harrison.
Manu Sporny: https://www.w3.org/TR/vc-data-integrity/
Harrison_Tang: Yeah man you are just curious can you give us a 
  little overview of the rdf canonicalization like how's that 
  different from like linked data you know yeah it's like who are 
  the relationship between the two if there's any.
Manu Sporny: https://www.w3.org/TR/vc-di-eddsa/
Manu Sporny: https://www.w3.org/TR/vc-di-ecdsa/
Manu Sporny:  Yeah that's a great question so I'm trying to get 
  these links in here here the other links to ecdsa Media say the 
  the relationship basically when you need to digitally sign 
  something like a verifiable credential there are various 
  different ways that you can digitally sign it one of them is you 
  can just take the verifiable credential and kind of.
Manu Sporny:   Shove it into an.
Manu Sporny:  Elope as it stands and then digitally sign that the 
  problem well one of the one of the issues with doing that is that 
  sometimes depending on the type of envelope you stuff the 
  verifiable credential into all of a sudden you can't see any of 
  the data you can't work with it you know like a put it in a 
  database and all that kind of stuff so canonicalization is 
  basically used to take a verifiable credential as you see it and 
  then transform it into something that.
Manu Sporny:   You can digitally sign in a way that is.
Manu Sporny:  In a way that kind of signs the meaning of the 
  credential instead of just signing what the credential looks like 
  so there's a difference between signing the B which obscures what 
  the credential you know it obscures the credentialing can't see 
  it anymore versus signing the information associated with the 
  verifiable credential so.
Manu Sporny:  A high level is it unfortunately this stuff is like 
  super low level cryptography stuff but fundamentally rdf data set 
  canonicalization is an attempt to sign the information that goes 
  along with the verifiable credential so that you can put that 
  verifiable credential in a lot of different places without there 
  being issues with it like like for example if you just sign the 
  B.
Manu Sporny:   Adding a.
Manu Sporny:  Single white space into the verifiable credential 
  will destroy the signature and that's a problem when people go 
  and lay copy and paste this stuff and put it in web pages like 
  they do for like manat org and SEO optimization and you know 
  doing things like listing store hours and products and stuff like 
  that so rdf data set canonicalization allows you to basically 
  make the data in the verifiable credential more resilient and 
  digitally sign it at the same time.
Manu Sporny:   Really that was helpful it's hard to it's hard to.
Manu Sporny:  You know what it is at depth.
Harrison_Tang: Yep yeah I recall you mentioning about this as 
  part of the daily Integrity proof presentation so thank you.
Kimberly Linson:  Thanks that was great any other announcements 
  are reminders.
Kimberly Linson:  Okay Manny well I will give you the floor back 
  to tell us about true age and what you've been up to.
Manu Sporny:  All right let me go ahead and screen share here.
Manu Sporny:  So today's presentation is on a production 
  deployment a really large production deployment of w3c verifiable 
  credentials so using all the technology that we've been working 
  on in this group for the past many years eleven plus years I 
  guess at this point this stuff is actually rolling out into 
  production and not in a small way in a very very you know large 
  way so that's what the presentation is about its.
Manu Sporny:   Kind of about.
<nate_otto> world premiere presentation!
Manu Sporny:  I learned things that nature this is the first time 
  this presentation is being done anywhere so please be kind it's 
  trying to explain the expansive this of the project is is also 
  fairly difficult okay so this this project is called true age it 
  is a digital age verification program that is nationally 
  available right now in fact the program went into production in 
  January of this year.
Manu Sporny:   And we took a long time.
Manu Sporny:  Waiting to talk about it because we wanted to make 
  sure that everything was running correctly and you know there was 
  a good adoption story there and that sort of thing so this is 
  about digital age verification it's about making sure that you 
  know college students are no longer able to use their fake IDs to 
  go in and buy things they shouldn't be buying it's to make sure 
  that you know the sale of age gated products in the United.
Manu Sporny:  Is done in a safer more responsible way I'll go 
  into the reasons why that's a difficult thing to accomplish these 
  days but first of all let's talk about like what production 
  deployment means so true age went into production in January 2000 
  23 at the end of July California the state of California DMV 
  announced that they.
Manu Sporny:   They were integrating it into their.
Manu Sporny:  Digital driver's license so this image that you see 
  here on the left is a verifiable credential it's a 100% Bonafide 
  w3c verifiable credential that expresses that the person is above 
  a certain age and you've got a picture of the individual there so 
  that the clerk can match it against the individual and then scan 
  the code so this is integrated into the state of California's 
  digital driver's license application.
Manu Sporny:  It's just rolled out into a pilot last month 1.5 
  million people is the target pilot population with an expansion 
  to the 24 million California's that have a driver's license in 
  California you will note that it is not using the mdl to prove 
  age at all this is using a different technology that's more 
  privacy preserving and I'll go into those qualities here in a 
  bit.
Manu Sporny:   So that was in October.
Manu Sporny:  Sorry that was in in like august/september that 
  announcement was made in October last month verifone who is the 
  largest point-of-sale manufacturer in the United States they 
  cover close to 60% of all convenience retail stores in the United 
  States.
Manu Sporny:   So there are.
Manu Sporny:  Ten fifty thousand of these stores verifone 
  provides point of sale software for close to 75 thousand of them 
  and so basically verifone announced the integration of true age 
  this new privacy protecting you know age verification program so 
  you've got the largest point of sale vendor in the United States 
  integrating true age the verifiable credential you know privacy 
  preserving approach of approving age at the point of sale.
Manu Sporny:   There reaches around 124 million.
Manu Sporny:  Those are the people that are under the age of 40 
  that you're supposed to card when they walk into the store and 
  try to buy a bottle of wine or things of that nature and then the 
  target population for most Californians is you know 24 million 
  that have a driver's license okay so this is big news big 
  adoption its public this booth this is our booth at the National 
  Association convenience stores show that had twenty-four thousand 
  attendees.
Manu Sporny:   Yeah and then the California DMV.
Manu Sporny:  Is on the left okay so that's the high level 
  business use case you know it seeing adoption there's significant 
  money and effort going into it but let's go back to kind of 
  understand why how digital age verification actually works 
  because it doesn't work like a lot of people talk about it when 
  they talk about digital credentials and mobile driver's license 
  and things like that this is you know when people hear age 
  verification they're like oh I just show my.
Manu Sporny:   Ins like.
Manu Sporny:  That is part of it but that is certainly not the 
  whole story so fundamentally you know true age in these are you 
  know true age slides they're committed to safely and simply 
  keeping age-restricted products out of the hands of minors as 
  some of you may realize you know there have been printing 
  technologies that have been outsourced from the United States 
  subsistence specifically around driver's license Printing and so 
  it is fairly easy.
Manu Sporny:   Easy to get a fake driver's license.
Manu Sporny:  That is printed on the same printers using the same 
  ink and materials and the same software that DMVs end up using so 
  it's very easy to create fix these days and you can't really tell 
  by looking at the plastic card that it's a fake even more 
  challenging the way the the way things work in the United States 
  is that retailers can ask a driver it can't ask a DMV whether or 
  not a driver's license is real or not.
Manu Sporny:   There are costs associated with the states that.
Manu Sporny:  Happens some states only allow that to happen with 
  you know law enforcement and what that ends up the the situation 
  we end up in is the clerk that's you know basically policing 
  whether or not the the age gated product should go to a potential 
  you know someone that's under age has no way of knowing whether 
  that plastic card that they're holding that looks very real is in 
  fact legitimate driver's.
Manu Sporny:   License so.
Manu Sporny:  Needed to be you know it needed to be addressed and 
  they said well you know we could go digital with it we could 
  depend on digital signatures which you can't counter fit in in 
  that might be the way to kind of combat some of this uptick and 
  card fraud that we're seeing the other thing to know about the 
  organization that put this together the National Association of 
  convenience stores.
Manu Sporny:  Profit and connects us their standard-setting body 
  is also a non-profit standard-setting body like like the World 
  Wide Web Consortium they you know create standards for the retail 
  industry and they depend largely on Open Standards w3c ITF things 
  like that in when the verifiable credentials want to work was 
  happening they looked at it and went we believe that is the 
  solution that we need to use an open standard Bearer.
Manu Sporny:   Bible credentials this.
Manu Sporny:  Re is massively decentralized so you these hundred 
  and fifty thousand stores you might have like you know 17,000 to 
  20,000 well sorry no 12,000 to 17,000 of them are like 7-Eleven 
  but the but the long tail is like mom-and-pop own stores the you 
  know family owns two to three stores in that is the vast majority 
  of the the way these.
Manu Sporny:   Stores operate.
Manu Sporny:  So anyways massively decentralized and we needed a 
  solution that would help all of them without harming the 
  decentralization aspects the other thing to know is that most of 
  the age gated products in the United States are sold through 
  convenience stores so that is where most people go to buy age 
  gated product they do 54 million transactions a day every single 
  day 365 days a year some days it's a little.
Manu Sporny:   Or some days it's a little less but it's a massive 
  number of.
Manu Sporny:  H gated transactions that they do and that includes 
  everything you know they're it includes everything that you can 
  think of from alcohol to cigarettes to vape to cannabis to energy 
  drinks or regulated in some states you have to be over a certain 
  age to to buy them things that things of that nature these dots 
  kind of represents how many of these stores exist.
Manu Sporny:  The stores nationwide that fluctuates by a couple 
  thousand every year they do 165 million transactions a day the 
  stores together 200 million plus customers per year so 2/3 of the 
  US population finds themselves in the convenience retail store at 
  some point during the year many of them multiple times a week and 
  as I said you know over 50 million age checks per day the reason 
  this is such a big deal to.
Manu Sporny:   To a convenience store is the margins of razor 
  razor.
Manu Sporny:  At a convenience store if you if you sell 10 
  million dollars worth of products through your store your your 
  profit on that might be twenty thousand dollars so most of the 
  stuff is just razor thin gas has sold at a loss to try and get 
  people into the store to buy coffee and sandwiches and things of 
  that nature and educated products and so.
Manu Sporny:   So if they sell to the wrong person.
Manu Sporny:  Accidentally sell to a minor they knowingly sell to 
  a minor it's jail time they lose their liquor license these 
  stores are a part of a police stings fairly regularly first 
  offense is a two thousand five hundred dollar fine so that's 10% 
  of their profit for that month would just go in a single 
  violation each single violation is you know multiple finds in the 
  big problem right now is that.
Manu Sporny:   These Clerks.
Manu Sporny:  You are now.
Manu Sporny:  You know trained in counterfeit detection on cards 
  and even if they were it's really hard to tell counterfeit card 
  these days are not able to keep up to figure out what's the fake 
  and what's not the other danger of course is in a convenience 
  store If you deny someone a sale there is a nonzero likelihood 
  that you're going to have a gun pointed at you shootings at 
  convenience stores or.
Manu Sporny:  Unfortunately common well at least violence at 
  convenience stores can be common from consumers that feel like 
  they should have been sold a product and they're being denied so 
  there's a lot of safety Clark safety that that we're concerned 
  about here as well when you put a clerk in that position who is 
  you know they're making minimum wage when you put them in a 
  position to policing you know an age gated product there is 
  always the.
Manu Sporny:  At them saying no puts them in danger so 
  fundamentally what we needed was a system that did not put the 
  clerk in that kind of danger we needed a system to say no we 
  needed to make sure that the clerk wasn't the one saying no we 
  needed an on fraudulent identity documents and the other really 
  nice thing here is that the National Association convenience 
  stores was saying if people you know if.
Manu Sporny:  We're if we're tracking individuals people you know 
  themselves nobody's going to buy into the thing this needs to be 
  privacy-preserving from the get-go we need to take gdpr and CCPA 
  and vcd Pa and all the Privacy regulations that are coming into 
  into the for seriously in build a system that is truly 
  privacy-preserving where we cannot you know.
Manu Sporny:   Know which individual.
Manu Sporny:  Buying what product as they go from store to store 
  the other thing you know they really wanted to avoid is were like 
  look the you know retailers want to know that information in that 
  is not the purpose of the program you know retailers would love 
  to have you know be able to track individual store to store but 
  clearly That's goes against privacy regulation and is not the 
  right thing to do for a digital age program the other danger 
  here.
Manu Sporny:  Any of these stores were buying point of sale 
  software that was just storing IDs they would scan the driver's 
  license in store 35 pieces of pie on the point of sale system and 
  that is just not a good thing to do it creates a Honeypot that 
  that attackers can attack and so we wanted to eliminate the 
  storage of all that pii Across the Nation so that those are the 
  things that are kind of that were driving this program the other 
  thing is.
Manu Sporny:   Is that right.
Manu Sporny:  They wanted they didn't want to be responsible for 
  building this system and then building it you know buying 
  something and then finding out that it didn't actually achieve 
  what they needed to in the state that they were operating in they 
  wanted to make sure that the documents that they were receiving 
  to do age verification where authentic documents meaning 
  digitally signed on fraudulent and they wanted it to be fairly 
  you know friction fee-free based on a valuation.
Manu Sporny:   Ation that this National.
Manu Sporny:  And convenience stores did 90% of people in the US 
  in the sample set supported a nation Nationwide standard for age 
  verification so customers basically said you know I don't want to 
  you know I don't want to go into one store and and be vetted in 
  one way and going to another store and be vetted in another way 
  this this was happening so for example like you know people use 
  their passports sometimes to prove age when when they're 
  visiting.
Manu Sporny:   Eating from out of town like in Hawaii.
Manu Sporny:  There's a lot of passport usage to prove age 
  whereas in certain States you know you're the types of ID's that 
  you need to take like tribal IDs versus driver's licenses you 
  know tend to tend to create friction at the at the point of sale 
  so there there's a lot of complexity here in you know which age 
  document proves your age so people basically said it would be 
  nice to have you know one way of doing this across the u.s..
Manu Sporny:  You know when you look at this program from the 
  outside it's a fairly simple program you want to keep adult 
  products out of the hands of underage kids you want to shut down 
  social selling so social social selling is when someone above age 
  goes into a convenience store in buys a lot of age gated product 
  and then walks to the nearest high school in resells that to high 
  schoolers right so that's social selling that we wanted to cut 
  down.
Manu Sporny:   On social selling also.
Manu Sporny:  That the individual would just chain from store to 
  store they would go to one store by their top limit and just walk 
  into the another another store different brands different 
  retailer by their limit than walk into yet another store and do 
  that these systems you know these systems were completely 
  disconnected and that meant that people could go way above you 
  know they're their purchase limits and then go and do social 
  selling with that we wanted to.
Manu Sporny:   Standardize the carding process and of course 
  protect.
Manu Sporny:  See as they went in there's no reason why you 
  should be handing over 35 pieces of personally identifiable 
  information when all you need to prove is your age at the end of 
  the day the thing you show is this thing on the right here so 
  this is my kind of true a JAP this is a verifiable credential for 
  in age token that basically says I'm over the age of 21 and it 
  and it has a you know a single.
Manu Sporny:   Use token in it.
Manu Sporny:  That's it there's it doesn't have my name it 
  doesn't have an image it doesn't have my home address or any of 
  that stuff in there okay so let me let me pause for half a second 
  I've kind of covered high-level stuff any questions so far you 
  can keep going to the tech stuff but go ahead David please.
Manu Sporny:  Yeah I'll get into the details they are and how we 
  do it fundamentally we take the identity information and create a 
  synonymous Persona so there is there is we can tell counts 
  associated with a certain token but we can't get to any of the 
  pii I'll go into that here in a bit.
Steve Magennis:  Yep can you hear me that kind of a typical store 
  might do 10 million dollars of sales with a.
Steve Magennis:  It's about you know 2% margin and then you 
  follow it up to say that a 25 hundred dollar fine represents 10% 
  of the profit for that month.
Manu Sporny:  Yeah she was a hand a bit of a hand wave.
Steve Magennis:  I understand that by me this is like you know a 
  factor of 100 raise one is kind of get a sense of you know what 
  these convenience stores sort of you know sort of an average ones 
  are typically does in terms of business.
Manu Sporny:  It there it is an average one in the middle of the 
  Midwest and a 400 person town or one that's in downtown New York 
  City right eye well it I it the ten million one is probably 
  something that is in a service area of like 100,000 people.
Manu Sporny:  But again I mean it's it varies wildly.
Manu Sporny:  In the fines vary wildly and then who's stung where 
  varies wildly like as you can imagine like the further you get 
  out in the rule rural communities the less stings there are the 
  less things of that nature the more you get into cities the more 
  stings there are.
<nate_otto> Fines in Oregon are $1000 to the employee and $5000 
  for the establishment for age check violation.
Manu Sporny:  Is a lot of diversity I guess is what I'm trying to 
  trying to say.
Steve Magennis:  Yeah but me I guess I guess maybe a better 
  question would be so is sort of a two percent to 25 percent 
  margin kind of not uncommon or is it work now.
Manu Sporny:  It's not uncommon that's a pretty common thing I 
  mean you've got you know station you know these convenience 
  stores also sell gas so if you if you go to a gas station at all 
  that's that's a convenience store or is it is a convenience store 
  right and what they typically do is they sell gas at a loss to 
  get you into the store so you will buy a Gatorade or a coffee or 
  you know.
Manu Sporny:  Like that something that has a higher margin item 
  so the whole business model for convenience stores is built 
  around getting you into the store so that they can sell you 
  something that's in the store.
Steve Magennis:  Okay thank you.
Adrian Gropper:  Okay in the early slides you showed California 
  driver's license and and a wallet so I'm just curious and I'm 
  sure you're going to maybe get to this this presentation that you 
  just showed us with your picture on it is that something that 
  would be available in the DMV app or how is that being handled 
  that not just.
Adrian Gropper:   Immediately but sort of.
<steve_magennis> This is exciting stuff!
Adrian Gropper:  Mixed ages in the future.
Manu Sporny:  This thing on the left Adrienne is that what you're 
  talking about are you talking about the thing on the right the 
  thing on the left is available in the DMV app today so if you're 
  in California if you're a California Citizen and you've got a 
  driver's license there you can get this today.
Adrian Gropper:  And what I'm asking is all of this back-end 
  stuff which I'm sure you're going to get into you know to avoid 
  social selling and what's not is this integrated into the system 
  when you are using the California driver's license app to prove 
  age.
Manu Sporny:  That guy's I think I'm trying to read between the 
  lines Adrian the so does the California DMV app do anything 
  special other than showing a QR code and the answer to that is no 
  so the count California DMV app all they do is they show these 
  single use tokens and they show the picture and that's 
  effectively all that's done there right the the mechanism to.
Manu Sporny:   To ensure that people aren't going over there.
Manu Sporny:  Limits for anything that does have limits on it 
  products that have limits on it that's all done in the back end 
  of the true age system.
Adrian Gropper:  And I'm sure you'll get to this the reason I'm 
  asking is there's already over a decade of experience with 
  prescription drug monitoring programs that have similar 
  requirements so please go on them I think you're going to get to 
  that.
Manu Sporny:  Yes that's exactly right Adrienne and I would 
  imagine this system is closely related to that but takes a more 
  aggressive privacy stance than prescription drug systems tend to 
  take so part of you know the part of the work that we did you 
  know in the program is is look at the way prescription drug 
  programs you know operate.
Manu Sporny:  Because the Cannabis regulations and the u.s. look 
  like they were going to you know follow the same kind of path but 
  yeah I'll get into that a bit more Adrian they're very strong 
  parallels between the two systems and then just please you know 
  ask ask the the remaining questions when I get to it if I don't 
  answer your question okay I'm going to keep going here's some 
  just cook or tannins.
Manu Sporny:   The slide.
Manu Sporny:  Up there so you can read through the details here I 
  wanted to put a focus on privacy today and this other thing free 
  this system is free for retailers it's free for consumers there 
  was no way that the system was going to get adoption if it wasn't 
  free to the retailers and the consumers as I said true age is a 
  non-profit and acts as a non-profit their goal is to solve 
  industry problems.
Manu Sporny:   For the.
Manu Sporny:  Three it's the Retailer's job the retailers are the 
  ones that are for profit okay systemic volume limitations will 
  talk about that here in a bit okay so how does this work 
  fundamentally we started the design off with a massive reduction 
  in pii we did not want to collect all 35 pieces of information on 
  a driver's license so the way this was done before is they ask 
  you for your driver's license they flip it over and there's a 
  PDF.
Manu Sporny:   417 Barcode.
Manu Sporny:  They scan that and they put it into the point of 
  sale system that captures all of the data in that PDF barcode 
  which is all of your Pi on your driver's license so you hand all 
  of that over when the it was checked so the first thing we want 
  to do is reduce the amount of pii that that even touches the true 
  age system to follow what we saw happening with gdpr and CCPA 
  which is you need to as a retailer.
Manu Sporny:   Reduce the pie.
Manu Sporny:  Collecting to the bare minimum for the transaction 
  that you're performing and collecting 35 pieces of information 
  was over collection of information so we narrowed it down to four 
  pieces of personal information the issuing authority so which 
  state issued this driver's license the document identifier number 
  which is the driver's license number your date of birth and when 
  the document expires those are the only four pieces of 
  information that ever go into the true age system and when they 
  go into the.
Manu Sporny:   The true Edge system.
Manu Sporny:  Immediately encrypted multi multi way encrypted 
  meaning that it true age by itself cannot extract that pii again 
  right so what we do is we require multiple parties to unlock the 
  pii data there has to be a subpoena in play there has to be 
  potentially law enforcement or the the courts in play legal 
  counsel has to be in play and the technical team that operates 
  the.
Manu Sporny:  In production has to be in play so you need 
  multiple parties that are struggling for the word five mutually 
  distrustful of each other to unlock it right so so you don't want 
  you know everyone agreeing to unlock whenever they need to unlock 
  something you need to make sure that you know the legal legal and 
  operations.
Manu Sporny:   And all those folks are involved.
Manu Sporny:  Basically we take these four pieces of information 
  we create a pseudonymous identifier for the person that only 
  lives in the true age system in we lock away the pii until it's 
  actually required based on some kind of legal process so once we 
  you know create that suit on a pseudonym inside the true Edge 
  system we issue a single use tokens and those single use tokens 
  are the things that are used.
Manu Sporny:   Outside the system these single use tokens are.
Manu Sporny:  Lately random only the true age system can map them 
  back to a Persona and even when we map it back to a Persona we 
  don't know who that individual is all we know is what limits they 
  may or may not have hit so the reason we did this is to prevent 
  retailers from using these tokens to track people even the same 
  retailer to stores from the same brand using a single-use token 
  at one retailer and then the the next store.
Manu Sporny:   Does not allow them to track you.
Manu Sporny:  Single use okay and this kind of just goes over how 
  that tokenization process happens the other important thing about 
  this program is we have to make sure that these are real people 
  that are onboarding into the system they do have you know we 
  still and this is going to happen for a long time as far as 
  verifiable credentials are concerned there are going to be 
  plastic cards that exist.
Manu Sporny:   Some of those cards are going to be fraudulent.
Manu Sporny:  We know that we do our best to check the the 
  driver's licenses though so they are services that allow you to 
  check their water marks that exists in some drivers licenses that 
  we can check before we onboard people this goes above and beyond 
  what a clerks able to do at the cash register and then 
  fundamentally that individual in order to activate these tokens 
  activate the verifiable credential tokens they have to walk into 
  the store and.
Manu Sporny:   Sent a driver's license present the QR.
Manu Sporny:  Um in a way that in a way that we can kind of bind 
  the human being to those those sets of tokens the system is 
  designed to work in fully offline mode so the store does not need 
  to be online in order to check the verifiable credential and the 
  digital signature on it that says the person is above a certain 
  age yeah I think that's that's more or less that.
Adrian Gropper:  This sounds very interesting because it seems 
  like you've created a contextual reputation system where 
  deduplication is done on the basis of the duplicator credential 
  the driver's license but the reputation is managed contextually 
  for under whatever you know principles apply.
Adrian Gropper:  Enforcement or whatever you want to call it here 
  how General is this model that you're using or am I leaping way 
  too far is it is it truly is this idea of requiring a subpoena to 
  break the notary's log is the way I always thought about it a 
  general solution for reputation in context.
Manu Sporny:  Um that's an excellent question Adrian I I don't 
  know is the answer I you know I think we'd like to think that 
  it's generalizable we have been razor sharp focused on just age 
  the the biggest thing we did not want this system to turn into is 
  you know a tracking mechanism for Consumer preferences right and 
  so we have tried to just narrow.
Manu Sporny:   To the.
Manu Sporny:  2H gated purchases and enforcing quantity 
  restrictions and that's it you could argue that that is 
  generalizable to something like you know pharmaceutical industry 
  it's generalizable to other systems that you know narrowly focus 
  on a particular quality of an individual but you know I we 
  haven't deployed we haven't we haven't deployed the generalized 
  solution in other environments there.
Manu Sporny:   It would be differences.
Manu Sporny:  One thing that we did learn along the way is that 
  there's always this pressure to like add more information and 
  more you know kind of correlated will feels to the Persona in 
  we've found that it's really important to have a set of legal 
  staff that understand why that is such a horrible idea right I 
  mean Goods because you have to think about kind of the Dynamics 
  at play here retailers want more and more and more data.
Manu Sporny:   AA on the.
Manu Sporny:  But that works against the program because the more 
  you know data you so associate with that Persona the less people 
  are going to trust it people don't want people you know people 
  don't want retailers hoovering up a bunch of data when all 
  they're doing is you know an H gated purchase so all that to say 
  these systems if there is something generalizable among all of 
  them is to make sure that you know and you're using the word 
  reputation feel a bit uneasy about that.
Manu Sporny:   At that.
Manu Sporny:  Just some aspect of the individual doesn't creep 
  into collecting more and more data on the individual you have to 
  stay razor sharp focused on a very specific aspect that is that 
  is in just and then just focus the system you know on that aspect 
  going beyond that you know means that you're dangerously 
  wandering into Data broker territory which this system is it's 
  not designed to do it's you know.
Manu Sporny:   In luck.
Manu Sporny:  Do you know the legal staff have basically said at 
  every turn if you go that direction you aren't you're going to 
  violate gdpr you're going to violate CCPA you know it's not a not 
  an end goal so sorry that's was long-winded way of saying I would 
  assume the system is generalizable but until we actually apply it 
  in a bunch of other scenarios you know we can't say for sure did 
  that address some of your question Adrian.
Adrian Gropper:  Yes my my question was specifically about the 
  need for deduplication in the reason I use the term reputation is 
  to focus on civil resistance but let's I hear you and this is not 
  necessarily on topic for today but it seems to me like you've 
  gone part way towards you know something that could work for say 
  voting to take the most controversial possible.
Adrian Gropper:   Nothing and.
Adrian Gropper:  That's the sense in which I meant it.
Manu Sporny:  Okay all right yeah and and again this system 
  cannot work for voting I you know I'm just kind of going to say 
  that it is the big advantage that we have in the convenience 
  retail sector is that there are 4 million retail clerks out there 
  that are out there right now who are in in the real world in 
  person that are capable of checking in ID and they've been 
  trained to do that in a rough you know basis so our civil 
  resistance.
Manu Sporny:   Protection in the system is only because the.
Manu Sporny:  Our industry has 4 million people that provide that 
  kind of check in person identity verification for free very few 
  other Industries have you know have that so that's I think what 
  what what creates the Civil resistance here to a degree let me 
  this is just kind of how the app works on the on the left is you 
  know how you on board into the system you download the app which 
  is free you take a snapshot your driver's license.
Manu Sporny:   Ed and selfie.
Manu Sporny:  The true age system is designed so it only receives 
  the four pieces of information I mentioned the client you know 
  removes all the other information that's used to create a 
  pseudonymous account that's associated with your driver's license 
  and then your account is created but the tokens that you're given 
  are deactivated until you walk into a store and activate them and 
  you activate them by showing them the qr-code showing them your 
  plastic.
Manu Sporny:   Vers license and doing the.
Manu Sporny:  There to do an age-restricted purchase then your 
  tokens are activated you show the clerk the QR code to scan their 
  trained to look at the image and look at you as well to make sure 
  that that matches the system the true age system then takes that 
  pseudonymous Persona and verifies the your age and quantity 
  limits to make sure you're not over any quantities and then they 
  send a token back to the convenience store point of.
Manu Sporny:   Sale system to put in the.
Manu Sporny:  Nothing no pii is ever stored in the transaction 
  log and then you pay and you go so it's meant to be a pretty 
  quick process that mirrors you showing your driver's license but 
  is way more privacy protecting and safer for the retailer and the 
  customer Harrison I see you on the queue.
Harrison_Tang: Yes what do you mean by activated activated can 
  you go a little bit deeper into that.
Manu Sporny:  Oh yeah let me see if I let's see well now I guess 
  I didn't didn't put that slide in here deactivated just means 
  like we can't trust people to onboard purely in an online 
  situation and then use those tokens because nobody's actually 
  bound that individual the human being to that that Persona in the 
  system meaning there's no such thing as.
Manu Sporny:   Is like.
Manu Sporny:  There's no such thing as a purely online onboarding 
  except for you know we'll talk about the California DMV case here 
  in a bit but we wanted to make sure sorry let me go back Adrian's 
  question was how do you do civil resistance in my answer was 
  we've got four million Clark's that are always there in the 
  United States that can check an ID and do things with a 
  point-of-sale system and so the way that you know we.
Manu Sporny:   We on board system through the app.
Manu Sporny:  Onboard people through the app but we don't 
  activate their tokens for the first time until they go into the 
  store and do that physical binding that's how we keep you know 
  people just guessing driver's licenses online or using fake IDs 
  online to activate their account we have to have that individual 
  going to a store use their use their app show their physical ID 
  set that so that there's a mapping there and we need a physical 
  person a clerk there.
Manu Sporny:   Checking all of those.
Manu Sporny:  So deactivated is only when you are on board for 
  the first time once you go in the store and scan you know your ID 
  and everything the first time then they're activated and you no 
  longer need your physical driver's license do they answer your 
  question.
Harrison_Tang: Oh I see so the impunity is actually not fully 
  online it's only when they first time going to the physical score 
  the store then that completes our onboarding that's why I meant.
Manu Sporny:  Yes that's correct yep yeah you've got on board 
  into the system and you have to do that with the physical 
  interaction in the in the real world.
Harrison_Tang: Don't why you need to do that is because you need 
  that binding between the physical and digital identity.
Manu Sporny:  Yes you got it exactly exactly all right let's see 
  who's on the I don't know who's David and then Adrian I guess are 
  on the queue.
Manu Sporny:  Nope not not of the selfie no of the of the 
  driver's license number date of birth expiration date the selfie 
  we never see the selfie we don't want to see the selfie because 
  that's a tracking token that would be uploaded to us.
Manu Sporny:  No it does oh oh I'm sorry yes you're correct sorry 
  the yeah it receives a hash of the selfie it does not receive the 
  the selfie itself.
Manu Sporny:  Because they see it on the phone they see the 
  selfie on the phone and there is in the the driver's license the 
  physical driver's license has to tokenize and the true age system 
  did the same token that they're showing on their app so there's a 
  multi document binding between their physical driver's license 
  and the four pieces of information on it the token the single-use 
  token that they're showing the onboard into the system the.
Manu Sporny:   Sure on their drivers license and the.
Manu Sporny:  On the app all those things have to map line up we 
  do not check the image data right that's that's what the clerk 
  does they do that in a decentralized distributed way where that 
  information is not uploaded to us.
Manu Sporny:  Yep that's right yeah and their ways of us getting 
  better than that that's just what we have today because you know 
  people have plastic driver's licenses that we have to deal with.
Manu Sporny:  Of course Adrian.
Adrian Gropper:  If in the beginning you said that the fake 
  driver's licenses are readily available so if somebody has a fake 
  if somebody wants to avoid the social limits or the reputation 
  issue they can just get themselves 10 different fake driver's 
  licenses and they're good to go.
Manu Sporny:  They could today in the future you know this system 
  is it systems not 100% perfect right there's no such thing unless 
  we ratchet up the security so much that it's a pain to use the 
  system and no one uses it so we do expect some some people like 
  that to slip through the cracks but then it's kind of like those 
  people exist today and why would they use the app you know anyway 
  meaning meaning that you know there's.
Manu Sporny:   No reason to use the extra stuff they would just 
  get.
Manu Sporny:  Bunch of fake IDs this really comes into play when 
  we're talking about California DMV so California DMV integrated 
  it if if the state start you know going more to digital driver's 
  licenses we can get rid of that you know plastic you know fraud 
  Vector in the system so just you know be clear Adrian that the 
  number of people that are doing that to get around the system are 
  very.
Manu Sporny:  Compared to the number of college students that 
  have a fake ID that try to use it you know.
Adrian Gropper:  Oh I II completely understand again the reason I 
  asked the question for clarification is because when we see all 
  of the problems with something like add hard as a way of creating 
  a deduplicated ID and you're obviously avoiding that by not not 
  doing any biometric matching of your hashes or like the world 
  coin approach Etc I was just.
Adrian Gropper:   Trying to.
Adrian Gropper:  As to how far this particular scheme which I 
  really like this notarization aspect of what you're doing is 
  would be generalizable but yeah I got it.
Manu Sporny:  Yeah and you got it those are the reasons we did 
  not do the biometric stuff is we did not want to fall into an 
  adhar like system we didn't want to fall into a world coin like 
  system where you know people were perfectly identifiable you know 
  in the in the system it's just violates all kinds of privacy 
  expectations well when you do that okay just noting the time you 
  know we're almost out.
Manu Sporny:   Just to go through.
Manu Sporny:  This before I I this is the this is the age 
  restricted purchase thing so cannabis was one of the things that 
  we had to solve for there are limits like you can only buy you 
  know eight thousand milligrams per day of something like a can of 
  this Vape pod depending on the state that you're in and the 
  regulations and play so the system is built to enable those kinds 
  of systemic limitations and basically you know.
Manu Sporny:   Because your age.
Manu Sporny:  Is mapped to kind of a Persona that we don't know 
  any of your you know details unless it subpoenaed we can do a 
  systemic check when you do a purchase and see if you're over your 
  limit or under your limit and that's the only you know checking 
  that we do there as far as technologies that were used this is 
  the list there's a lot of ccg technologies that we use or a lot 
  of Delhi.
Manu Sporny:   3C and ITF technologies that we use.
Manu Sporny:  So now the verifiable credentials data Integrity 
  dids the connections age verification standard defines the 
  standard that the point of sale systems speak in the verifiable 
  credential itself we use oauth2 just for the Retailer's to 
  connect to the system so that we authorized you know which which 
  stores are checking with the system that QR code is a see bore 
  LD.
Manu Sporny:   Added verifiable credential.
Manu Sporny:  Binary formats of compressed we use the VC API for 
  issuing verification exchanges we use e TVs so the true age app 
  which is a digital wallet uses an encrypted Data Vault to store 
  these single use tokens we use authorization capabilities HP 
  signatures chappy credential refresh is used to refresh the 
  credential so when you when you get a batch of credentials.
Manu Sporny:  Them until you run out of those credentials which 
  means that you don't have to you don't phone home for every 
  single you know transaction you can get a bundle of think it's 
  like 10 of them now and then every time you use one they're 
  effectively spent and then when you run out he's credential 
  refresh to go back and get a new batch and then we use did key 
  for the signatures.
Manu Sporny:   On the.
Manu Sporny:  And unfortunately we're out of time back over to 
  you Harrison.
<harrison_tang> Thanks Manu !!
Kimberly Linson:  Thanks Manny this was really really fascinating 
  and great in your right I'm bummed that we're out of time because 
  I think that we could discuss this for for a lot longer so we 
  will look for an opportunity to do that thank you everybody this 
  was a really interesting topic it's so exciting to again see this 
  flywheel I think really starting to catch momentum so thanks 
  everybody will see you next next Tuesday.
<jeff_o_/_humanos> Thx MAnu!

Received on Thursday, 9 November 2023 05:20:48 UTC