Re: How much is it reasonable to generalize from the TruAge implementation?

Here’s one possible generalization of the TruAge model that might satisfy
Anil’s intent:

Let’s assume that a person might want to be deduplicated and accountable in
as many as 10 contexts. TruAge would be one of the contexts.

1 Let’s say the sovereign gives me 10 different paper credentials like a
passport that include a biometric and a different public key DiD-0 through
-9. The sovereign logs this. In the sovereign context, I’m deduplicated as
DID-0 and by my biometrics. The other nine DIDs correspond to context

2 I choose a context registrar that defines a domain of deduplicated
accountability like TruAge. I identify myself in person using one of the
nine other paper credentials. A context always uses the same category to
avoid Sybil attacks by people presenting different sovereign credentials.
For example, DID-3 is for age-restricted purchases like TruAge. Another
context, DID-2 could be used for reputation as a ride-share driver and
DID-4 for your credit score.

3 I have a secure element that can create derived DIDs from DID-3. The
context registrar will issue me as many VCs for that context as I want.
Their incremental cost is negligible because these context-specific DIDs do
not need for me to re-authenticate in-person.

4 I request a VC from an issuer, in context 3, by presenting, in person,
the corresponding paper biometric document and one of the derived DIDs
registered in the context. The issuer does not store the biometric or
DID-3. They only store the derived DID for the VC they will issue. The
information in DID-3 will be available to them from the registrar with or
without my consent depending on context policies.

5 I present the VC to a verifier online or in-person:

   - If it's to buy alcohol, which is not subject to social purchase
   restrictions, then the VC does not need to be checked for deduplication or
   quantity limits. The VC's DID is used as part of the
   authentication challenge. There's no call home to the registrar.
   - If it's to buy weed, then the DID and quantity are verified with the
   - If it's a reputation context like DID-2 or 4, then a reputation check
   or update is made with the registrar.

In this generalized model,

   - The sovereign is never contacted by the registrars unless there's a
   problem worthy of a court-order so there's no call home.
   - Context registrars compete as a federation, regulated by the
   sovereign. Like Certificate Authorities, a misbehaving registrar goes out
   of business but the context continues with limited damage.
   - Verifiers cannot collude because each VC uses a different DID.
   - Anonymity can be had by the subject by getting different VC even when
   visiting the same verifier.
   - For quantity limits and reputation cases, the registrar is involved
   but, depending on the policies, this might be done asynchronously.
   - KYC can be enforced through the regulated registrars.
   - Verifiers never have to check biometrics.
   - Any delegate, intended or not, that tries to use that VC will be
   signing the presentation with their own sovereign DID and contextual VC.

This is not a perfect solution because issue requires a biometric check but
it keeps everyone accountable and makes correlation very expensive.

I suspect there are further optimizations based on ZKPs and fancy crypto.


On Thu, Nov 16, 2023 at 3:10 AM John, Anil <> wrote:

> >The EIDAS 2.0 wallets (that are intended to include lots of VCs with PII)
> that the EU will require its member states to make available
> >to its citizens (that want them), would be certified against a
> yet-to-be-determined scheme and then ‘notified’, i.e. put on a list of
> wallets
> Thanks for making this point, Rieks!
> This reality is also, in part, my motivation for engaging in this
> discussion. My perspective, both directly and publicly regarding this is
> that I have no desire or ability to tell anyone what they should do,
> particularly another sovereign, while at the same time noting that what a
> particular sovereign does is not binding on others.
> However, there is shared desire across jurisdictions to ensure that the 3
> party identity model can work across implementations, even those with
> differing policy and implementation objectives.
> I always considered that the best way to make that work in practice is to
> have a shared, open conversation about “yet-to-be-determined scheme”(s)
> a.k.a the criteria TBD to evaluate the qualities of a wallet,  so that the
> community can contribute to and align on things that everyone agrees is of
> value, and those agreements could become the foundation of the bridges that
> ensure cross-jurisdictional and global interoperability.
> Best Regards,
> Anil
> Anil John
> Technical Director, Silicon Valley Innovation Program
> Science and Technology Directorate
> US Department of Homeland Security
> Washington, DC, USA
> Email Response Time – 24 Hours or more; I sometimes send emails outside of
> business days/times because it works for me; please do not feel any
> obligation to reply to them outside of your normal working patterns.
> [image: A picture containing graphical user interface Description
> automatically generated] <>[image:
> /Users/holly.johnson/Library/Containers/]

Received on Sunday, 19 November 2023 02:37:16 UTC