- From: Adrian Hope-Bailie <adrian@fynbos.dev>
- Date: Fri, 20 Oct 2023 19:09:31 +0200
- To: zeuthen@google.com
- Cc: Adrian Gropper <agropper@healthurl.com>, Credentials Community Group <public-credentials@w3.org>, Daniel Goldscheider <daniel@openwallet.foundation>, andrewhughes@pingidentity.com, technical-discuss@lists.openwallet.foundation
- Message-ID: <CAK7GZxNpjvqMcPNMgFq_3S8yYXu_T1GwtCMP9EoxZhQv46dhmg@mail.gmail.com>
As a follow up, I’d like to add that one way ISO can meaningfully contribute to interoperability and open standards is through meta-standards like ISO 20022. The identity and credentials ecosystem could benefit greatly from a similar standardization framework On Fri, Oct 20, 2023 at 19:02 Adrian Hope-Bailie <adrian@fynbos.dev> wrote: > Criticism of ISO is not a personal attack it is a criticism of an archaic > system that is inappropriate in a modern connected and digital world. > > I’m sorry if you take personal offense to the SDO being described as > closed but that’s what it is. > > The irony is that the SDO that purports to represent nation states which > should be the biggest advocates for transparency and open participation is > the one that meets behind closed doors sells its output at exorbitant > prices and aggressively enforces its copyright effectively making its > standards almost impossible to contribute to or even read. > > In contrast a number of open SDOs where participants represent profit > driven commercial enterprises take input from nearly anyone, their meetings > are open and they make their standards freely available. > > If the criticism stings maybe consider, as someone on the inside, what you > could be doing to change the system rather than defend it > > On Fri, Oct 20, 2023 at 18:00 David Zeuthen via > lists.openwallet.foundation <zeuthen=google.com@lists.openwallet.foundation> > wrote: > >> Hi, >> >> +1 to what Andrew said from someone who's also working on that particular >> set of ISO groups. And, yes, we could spend bandwidth discussing the merits >> of various SDOs but, really, that's been all done before, they all have >> their flaws, and at the end of the day the comparison table might not even >> help the claim that ISO is the one where it's the most difficult to have >> your voice heard, just saying :-). I'm here because I want to work with >> everyone else who wants to make Digital Identity better for people on this >> planet, not discuss which SDO is my favorite because at the end of the day >> reaching this goal for sure will require participation in more than just >> one SDO. >> >> This is not to say that we shouldn't encourage SDOs to do better but >> let's not alienate people in a place that decidedly is SDO-neutral >> territory. >> >> Thanks, >> David >> >> >> >> On Thu, Oct 19, 2023 at 7:30 PM Andrew Hughes via >> lists.openwallet.foundation >> <andrewhughes=pingidentity.com@lists.openwallet.foundation> wrote: >> >>> Please stop calling ISO processes "closed" in ways that insinuate some >>> nefarious intent. Use a different word. Just because the way that >>> international standardization organization works is not to your liking does >>> not mean that it is inherently "bad". The particular ISO committee you >>> denigrate has gone out of its way to engage and accommodate other >>> communities, within the rules of the organization. We can always do better >>> for sure - but the language used in some of these communities does not >>> inspire a desire to work together. Please don't pick on us just because we >>> are trying to engage - there are other actually closed organizations that >>> have far more influence over you but you don't seem to bother them. >>> >>> Andrew Hughes >>> Director - Identity Standards >>> andrewhughes@pingidentity.com >>> Mobile/Signal: +1 250 888 9474 <(250)%20888-9474> >>> >>> >>> >>> On Thu, Oct 19, 2023 at 4:07 PM Adrian Gropper <agropper@healthurl.com> >>> wrote: >>> >>>> Here's my observation of shared goals independent of technical >>>> implementations: >>>> >>>> - *We build on top of the VC standard rather than any closed data >>>> models and processes.* That means we need to understand the >>>> goals behind ISO mDL and decide whether we want to influence their closed >>>> process or replace mDL with VC as data models? Which way will OWF consensus >>>> go? >>>> - *We build on protocols that put human VCs ahead of any non-human >>>> applications.* Human VC issue and verification protocols have to >>>> deal with biometrics either directly or indirectly. Supply chain and other >>>> use-cases do not have any benefit or liability from biometrics. Almost none >>>> of the CCG related protocol work has been based on this distinction and the >>>> perception that we're barcoding or chipping humans needs to be dealt with >>>> sooner or later. Adding privacy features and principles to standards that >>>> apply to both people and things may not be an optimal strategy. If OWF does >>>> not develop protocols, then where will the open human rights based >>>> standards come from? >>>> - *We recognize that choosing among dozens of VCs, making >>>> selections for selective disclosure on some of them, and often using >>>> another credential for payment is a burden to the person.* Given >>>> what we know about human propensity for convenience over privacy, how >>>> likely is it that platforms will evolve to "help" us with these decisions >>>> along with surveillance and lock-in? Does OWF have a consensus on how to >>>> prevent platform dominance by recognizing the freedom to choose our helpful >>>> agents and representatives as a Universal Human Right, not just an option? >>>> - *We deal explicitly with the reality that DHS border guards, law >>>> enforcement, and maybe the TSA will reserve and routinely exercise their >>>> right to "call home" and to verify witnessed biometrics no matter what >>>> privacy principles we build into the open wallet protocols. *The >>>> argument that allowing any uses of VCs that call home opens the door for >>>> this abuse outside of government use-cases is valid. Nonetheless, does OWF >>>> have consensus on how to ensure that calling home can be regulated or >>>> technically prevented by design vs. just hoping that non-government >>>> verifiers will do the right thing just because they can? >>>> >>>> These four specific categories of potential consensus are more or less >>>> independent. By cross-posting them with the CCG protocol and OWF >>>> demonstration discussion groups, I'm hoping to discover a forum for seeking >>>> the consensus. >>>> >>>> Adrian >>>> >>>> >>>> >>>> >>>> On Thu, Oct 19, 2023 at 4:03 PM Daniel Goldscheider >>>> <daniel@openwallet.foundation> wrote: >>>> >>>>> Point well taken. >>>>> >>>>> In my mind, they should know that we value their perspective and want >>>>> to speak with them. If they lack time or interest to talk to us that’s >>>>> their prerogative of course. >>>>> >>>>> Technical standards and solutions come and go. I think it’s useful to >>>>> agree on shared goals that are independent of technical implementations to >>>>> have consensus on what we want to achieve before discussing how to get >>>>> there. >>>>> >>>>> All the best, >>>>> Daniel >>>>> >>>>> >>>>> >>>>> On 19 Oct 2023, at 12:53, Adrian Gropper <agropper@healthurl.com> >>>>> wrote: >>>>> >>>>> >>>>> Hi Daniel, >>>>> >>>>> These four groups are not staffed to participate directly in the kind >>>>> of work being done in our digital ID communities. As a result, they are >>>>> almost exclusively reactive, and negative. I myself, am not paid, have >>>>> never been paid, for working on DIDs and VCs since the beginning. Even so, >>>>> or maybe because I don't represent a commercial interest, my perspective >>>>> has been mostly ignored or treated as an annoyance by CCG-related >>>>> workgroups. >>>>> >>>>> I don't know if OWF will be different. Getting ahead of the adoption >>>>> issue should be the highest priority of OWF and I still don't see an open >>>>> discussion of who will do that work and how. Interoperability and privacy >>>>> "principles" are not enough. >>>>> >>>>> Adrian >>>>> >>>>> On Thu, Oct 19, 2023 at 3:36 PM Daniel Goldscheider >>>>> <daniel@openwallet.foundation> wrote: >>>>> >>>>>> Hi Adrian, >>>>>> >>>>>> I had already reached out to EFF and ACLU before this came out and >>>>>> completely agree with you. >>>>>> >>>>>> We should do try to engage with all 4. Ideally I’d love to get to >>>>>> their support for open interoperable wallets and explore if we can agree on >>>>>> privacy principles as well. >>>>>> >>>>>> Would you be willing to talk to EPIC and suggest a conversation? >>>>>> >>>>>> All the best, >>>>>> Daniel >>>>>> >>>>>> >>>>>> >>>>>> On 19 Oct 2023, at 12:20, Adrian Gropper <agropper@healthurl.com> >>>>>> wrote: >>>>>> >>>>>> >>>>>> Thanks, Kaliya! >>>>>> >>>>>> The comment also mentions Open Wallet Foundation so I'm >>>>>> cross-posting. >>>>>> >>>>>> I have worked with all four of the signing organizations over the >>>>>> years and am on the EPIC Advisory Board. It would be useful, maybe >>>>>> essential, to consider their concerns and get ahead of the next round of >>>>>> mandates and adoption issues. >>>>>> >>>>>> Adrian >>>>>> >>>>>> On Thu, Oct 19, 2023 at 1:12 PM Kaliya Identity Woman < >>>>>> kaliya@identitywoman.net> wrote: >>>>>> >>>>>>> Hi Folks, >>>>>>> >>>>>>> This was just shared with me and I wanted the list to see it. The >>>>>>> ACLU, EFF, Center for Democracy and Technology, and EPIC (Electronic >>>>>>> Privacy Information Center) collaborated on a response to the proposed >>>>>>> rule-making by TSA re: mDL. >>>>>>> >>>>>>> >>>>>>> https://www.eff.org/document/10-16-2023-aclu-eff-epic-comments-re-tsa-nprm-mdls >>>>>>> >>>>>>> They mention Verifiable Credentials several times and urge the TSA >>>>>>> to slow down to ensure the best most privacy enhancing options can be >>>>>>> chosen as things continue to mature rather then rush forward. >>>>>>> >>>>>>> It shows that engaging with and educating civil society groups who >>>>>>> are interested and tracking technology developments is a good thing. >>>>>>> >>>>>>> - Kaliya >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>> *CONFIDENTIALITY NOTICE: This email may contain confidential and >>> privileged material for the sole use of the intended recipient(s). Any >>> review, use, distribution or disclosure by others is strictly prohibited. >>> If you have received this communication in error, please notify the sender >>> immediately by e-mail and delete the message and any file attachments from >>> your computer. Thank you.* >>> >>> >> >> -- >> >> David Zeuthen | zeuthen@google.com | >> Google >> | Android Hardware-Backed Security >> _._,_._,_ >> ------------------------------ >> Links: >> >> You receive all messages sent to this group. >> >> View/Reply Online (#197) >> <https://lists.openwallet.foundation/g/technical-discuss/message/197> | Reply >> To Sender >> <zeuthen@google.com?subject=Private:%20Re:%20Re%3A%20%5Btechnical-discuss%5D%20Civil%20Society%20Response%20to%20TSA%20mDL%20Rule%20Making> >> | Reply To Group >> <technical-discuss@lists.openwallet.foundation?subject=Re:%20Re%3A%20%5Btechnical-discuss%5D%20Civil%20Society%20Response%20to%20TSA%20mDL%20Rule%20Making> >> | Mute This Topic >> <https://lists.openwallet.foundation/mt/102067342/7178072> | New Topic >> <https://lists.openwallet.foundation/g/technical-discuss/post> >> >> Your Subscription >> <https://lists.openwallet.foundation/g/technical-discuss/editsub/7178072> >> | Contact Group Owner >> <technical-discuss+owner@lists.openwallet.foundation> | Unsubscribe >> <https://lists.openwallet.foundation/g/technical-discuss/unsub> [ >> adrian@fynbos.dev] >> _._,_._,_ >> >>
Received on Friday, 20 October 2023 17:09:48 UTC