- From: Adrian Gropper <agropper@healthurl.com>
- Date: Thu, 19 Oct 2023 21:53:29 -0400
- To: Andrew Hughes <andrewhughes@pingidentity.com>
- Cc: Daniel Goldscheider <daniel@openwallet.foundation>, Credentials Community Group <public-credentials@w3.org>, technical-discuss@lists.openwallet.foundation
- Message-ID: <CANYRo8gSs+ktVoF19H-M2vsHLvXji4WWEkqv9txbQdO4f8nqqw@mail.gmail.com>
Hi Andrew, Don't shoot the messenger (me). My description of ISO is what the comment said. My point is that OWF and CCG can be proactive about dealing with the four issues I list below. Adrian On Thu, Oct 19, 2023 at 7:30 PM Andrew Hughes <andrewhughes@pingidentity.com> wrote: > Please stop calling ISO processes "closed" in ways that insinuate some > nefarious intent. Use a different word. Just because the way that > international standardization organization works is not to your liking does > not mean that it is inherently "bad". The particular ISO committee you > denigrate has gone out of its way to engage and accommodate other > communities, within the rules of the organization. We can always do better > for sure - but the language used in some of these communities does not > inspire a desire to work together. Please don't pick on us just because we > are trying to engage - there are other actually closed organizations that > have far more influence over you but you don't seem to bother them. > > Andrew Hughes > Director - Identity Standards > andrewhughes@pingidentity.com > Mobile/Signal: +1 250 888 9474 > > > > On Thu, Oct 19, 2023 at 4:07 PM Adrian Gropper <agropper@healthurl.com> > wrote: > >> Here's my observation of shared goals independent of technical >> implementations: >> >> - *We build on top of the VC standard rather than any closed data >> models and processes.* That means we need to understand the >> goals behind ISO mDL and decide whether we want to influence their closed >> process or replace mDL with VC as data models? Which way will OWF consensus >> go? >> - *We build on protocols that put human VCs ahead of any non-human >> applications.* Human VC issue and verification protocols have to deal >> with biometrics either directly or indirectly. Supply chain and other >> use-cases do not have any benefit or liability from biometrics. Almost none >> of the CCG related protocol work has been based on this distinction and the >> perception that we're barcoding or chipping humans needs to be dealt with >> sooner or later. Adding privacy features and principles to standards that >> apply to both people and things may not be an optimal strategy. If OWF does >> not develop protocols, then where will the open human rights based >> standards come from? >> - *We recognize that choosing among dozens of VCs, making selections >> for selective disclosure on some of them, and often using another >> credential for payment is a burden to the person.* Given what we know >> about human propensity for convenience over privacy, how likely is it that >> platforms will evolve to "help" us with these decisions along with >> surveillance and lock-in? Does OWF have a consensus on how to prevent >> platform dominance by recognizing the freedom to choose our helpful agents >> and representatives as a Universal Human Right, not just an option? >> - *We deal explicitly with the reality that DHS border guards, law >> enforcement, and maybe the TSA will reserve and routinely exercise their >> right to "call home" and to verify witnessed biometrics no matter what >> privacy principles we build into the open wallet protocols. *The >> argument that allowing any uses of VCs that call home opens the door for >> this abuse outside of government use-cases is valid. Nonetheless, does OWF >> have consensus on how to ensure that calling home can be regulated or >> technically prevented by design vs. just hoping that non-government >> verifiers will do the right thing just because they can? >> >> These four specific categories of potential consensus are more or less >> independent. By cross-posting them with the CCG protocol and OWF >> demonstration discussion groups, I'm hoping to discover a forum for seeking >> the consensus. >> >> Adrian >> >> >> >> >> On Thu, Oct 19, 2023 at 4:03 PM Daniel Goldscheider >> <daniel@openwallet.foundation> wrote: >> >>> Point well taken. >>> >>> In my mind, they should know that we value their perspective and want to >>> speak with them. If they lack time or interest to talk to us that’s their >>> prerogative of course. >>> >>> Technical standards and solutions come and go. I think it’s useful to >>> agree on shared goals that are independent of technical implementations to >>> have consensus on what we want to achieve before discussing how to get >>> there. >>> >>> All the best, >>> Daniel >>> >>> >>> >>> On 19 Oct 2023, at 12:53, Adrian Gropper <agropper@healthurl.com> wrote: >>> >>> >>> Hi Daniel, >>> >>> These four groups are not staffed to participate directly in the kind of >>> work being done in our digital ID communities. As a result, they are >>> almost exclusively reactive, and negative. I myself, am not paid, have >>> never been paid, for working on DIDs and VCs since the beginning. Even so, >>> or maybe because I don't represent a commercial interest, my perspective >>> has been mostly ignored or treated as an annoyance by CCG-related >>> workgroups. >>> >>> I don't know if OWF will be different. Getting ahead of the adoption >>> issue should be the highest priority of OWF and I still don't see an open >>> discussion of who will do that work and how. Interoperability and privacy >>> "principles" are not enough. >>> >>> Adrian >>> >>> On Thu, Oct 19, 2023 at 3:36 PM Daniel Goldscheider >>> <daniel@openwallet.foundation> wrote: >>> >>>> Hi Adrian, >>>> >>>> I had already reached out to EFF and ACLU before this came out and >>>> completely agree with you. >>>> >>>> We should do try to engage with all 4. Ideally I’d love to get to their >>>> support for open interoperable wallets and explore if we can agree on >>>> privacy principles as well. >>>> >>>> Would you be willing to talk to EPIC and suggest a conversation? >>>> >>>> All the best, >>>> Daniel >>>> >>>> >>>> >>>> On 19 Oct 2023, at 12:20, Adrian Gropper <agropper@healthurl.com> >>>> wrote: >>>> >>>> >>>> Thanks, Kaliya! >>>> >>>> The comment also mentions Open Wallet Foundation so I'm cross-posting. >>>> >>>> I have worked with all four of the signing organizations over the years >>>> and am on the EPIC Advisory Board. It would be useful, maybe essential, to >>>> consider their concerns and get ahead of the next round of mandates and >>>> adoption issues. >>>> >>>> Adrian >>>> >>>> On Thu, Oct 19, 2023 at 1:12 PM Kaliya Identity Woman < >>>> kaliya@identitywoman.net> wrote: >>>> >>>>> Hi Folks, >>>>> >>>>> This was just shared with me and I wanted the list to see it. The >>>>> ACLU, EFF, Center for Democracy and Technology, and EPIC (Electronic >>>>> Privacy Information Center) collaborated on a response to the proposed >>>>> rule-making by TSA re: mDL. >>>>> >>>>> >>>>> https://www.eff.org/document/10-16-2023-aclu-eff-epic-comments-re-tsa-nprm-mdls >>>>> >>>>> They mention Verifiable Credentials several times and urge the TSA to >>>>> slow down to ensure the best most privacy enhancing options can be chosen >>>>> as things continue to mature rather then rush forward. >>>>> >>>>> It shows that engaging with and educating civil society groups who >>>>> are interested and tracking technology developments is a good thing. >>>>> >>>>> - Kaliya >>>>> >>>>> >>>>> >>>>> >>>>> _._,_._,_ >> ------------------------------ >> Links: >> >> You receive all messages sent to this group. >> >> View/Reply Online (#191) >> <https://lists.openwallet.foundation/g/technical-discuss/message/191> | Reply >> To Sender >> <agropper@healthurl.com?subject=Private:%20Re:%20Re%3A%20%5Btechnical-discuss%5D%20Civil%20Society%20Response%20to%20TSA%20mDL%20Rule%20Making> >> | Reply To Group >> <technical-discuss@lists.openwallet.foundation?subject=Re:%20Re%3A%20%5Btechnical-discuss%5D%20Civil%20Society%20Response%20to%20TSA%20mDL%20Rule%20Making> >> | Mute This Topic >> <https://lists.openwallet.foundation/mt/102067342/7178795> | New Topic >> <https://lists.openwallet.foundation/g/technical-discuss/post> >> Your Subscription >> <https://lists.openwallet.foundation/g/technical-discuss/editsub/7178795> >> | Contact Group Owner >> <technical-discuss+owner@lists.openwallet.foundation> | Unsubscribe >> <https://lists.openwallet.foundation/g/technical-discuss/unsub> [ >> andrewhughes@pingidentity.com] >> _._,_._,_ >> >> > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*
Received on Friday, 20 October 2023 01:53:47 UTC