[MINUTES] W3C CCG Credentials CG Call - 2024-02-06 from CCG Minutes Bot on 2024-02-06 (public-credentials@w3.org from February 2024)

From: CCG Minutes Bot <minutes@w3c-ccg.org>
Date: Tue, 06 Feb 2024 23:13:02 +0000
Message-ID: <E1rXUcX-009ogD-S0@mimas.w3.org>

Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2024-02-06/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2024-02-06/audio.ogg

A video recording is also available at:

https://meet.w3c-ccg.org/archives/w3c-ccg-weekly-2024-02-06.mp4

----------------------------------------------------------------
W3C CCG Weekly Teleconference Transcript for 2024-02-06

Agenda:
https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Feb&period_year=2024&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date
Organizer:
Mike Prorock, Kimberly Linson, Harrison Tang
Scribe:
Our Robot Overlords
Present:
Harrison Tang, Bob Wyman, Jing Chao, Ted Thibodeau, Ramesh
Narayanan, Erica Connell, Gregory Natran, Kimberly Linson, Kerri
Lemoie, Rashmi Siravara, Will, Dmitri Zagidulin, Phil (T3),
Meagan Treadway, Chandi Cumaranatunge, Vanessa, Leo, Kaliya
Young, Geun-Hyung Kim, TallTed // Ted Thibodeau (he/him)
(OpenLinkSw.com), Manu Sporny, Nis Jespersen , James Chartrand,
Adrian Gropper, Lucy Yang, Tim Bloomfield, Jeff O - HumanOS, Phil
Long

<tallted> I am very confused. CCG meeting is on calendar for
Noon-1pm ET
(https://www.w3.org/events/meetings/8e8242af-7a68-40e4-9a7f-71e2f06b6b12/20240206T120000/),
but apparently ran 11am-Noon
(https://meet.w3c-ccg.org/archives/w3c-ccg-weekly-2024-02-06-irc.log)
?
<tallted> skimming that log, I see, that wasn't the weekly CCG
call, it was a special call for maintenance volunteers, for the
did spec Registries and the verifiable credential specs directory
<tallted> unfortunately, the new recordings and logs for the
*actual* weekly call will over-write those for that earlier call.
Our Robot Overlords are scribing.
Kimberly Linson: Recording is on.
<harrison_tang> @TallTed I'll take a look at the issue later this
week and see how we could fix it
Kimberly Linson: All right well hello everybody um welcome to
today um it's exciting to see so many faces here um I'm gonna go
ahead and uh get us through our uh housekeeping items so that I
can turn it over to mesh and um.
Kimberly Linson: And get us get us started with today so uh as
everyone knows um we start off each of our meetings by just
taking a moment to reflect on.
Kimberly Linson: How we approach this community and that we are
looking um at everyone as a who is a part of this community as
someone who has positive intent and we do follow the w3c code of
conduct and that is in the agenda if you would like to review it.
Kimberly Linson: Uh also uh we uh welcome everyone who is here
and we're very excited to have you and uh if you are not an
official member of the ccg then uh that's great you're welcome to
join in these calls at any point and participate in the larger
Community if you feel like you want to dive into the work a
little bit more um be a contributor then I would ask you to.
Kimberly Linson: Go ahead and use the links in the agenda to
create an account with w3c and actually join the community group
it is um of no uh no there is no cost for individual members and
so feel free to go ahead and do that the more voices that we have
in this community better.
Kimberly Linson: Um we.
Kimberly Linson: Minutes of these meetings and a and a
transcript uh and a and a video call um 1 I think the the the
most important piece of that is so that uh as members we have the
opportunity to be able to go back and and review pieces of
information that are important to what what we're interested in I
know it has happened for me um that a session wasn't necessarily
pertinent at the time that it came but then uh later down the
road I was like oh actually need to really understand that and so
having that archive is uh.
Kimberly Linson: Is enormous.
Kimberly Linson: And then also just to make sure that we we keep
a record of what happens in these meetings and the things that
that we discuss um obviously as we're as we.
Kimberly Linson: Continue to um have more and more membership
and this becomes larger and larger Community having a record um
of how this community is evolving is important.
Kimberly Linson: Uh and I think now that I'm I'm through sort of
the the Spiel portion um I'd like to uh ask for the opportunity
for anyone who is new to this community or just has an update to
this community to put themselves on the Queue which actually is
the other thing I didn't mention is that that's how we manage
these meetings so uh if you are interested in introducing
yourself or sharing an update um that I would ask you to put Q
Plus uh into the queue so that you can uh we can call on you and
and recognize you.
Manu Sporny:
https://www.w3.org/news/2024/w3c-invites-implementations-of-verifiable-credentials-data-model-v2-0/
Manu Sporny: Hey uh Kimberly hey everyone um just some good news
uh the verifiable credentials data model version 2.0 is now in
the candidate recommendation phase at w3c uh so apologies this
happened last week There's the news announcement from the w3c um
what this means is that the working group believes that they're
done with version 2 um and is and they're asking uh people
implementers out there to start implementing the specification so
feature freeze happened a while ago now we're saying we really
think we're done um we will probably keep the door open for the
next maybe 3 to 5 months and once we have enough implementers
implementing saying that they feel comfortable with the
specification we will wrap it up.
Manu Sporny: Call it a global.
Manu Sporny: And put it out for the final vote at the worldwide
Web Consortium so that's where all 450 plus companies.
Manu Sporny: They still think it needs work um so this is a big
milestone this basically means that you know the past 18 months
of work uh you know we're we're done uh there have been.
Manu Sporny: If I remember off the top of my head 280 changes to
the specification so a lot of people didn't you know why while
we're working on it it feels like we're like making no progress
but when you look back to the last 18 months of work it's
resulted in a lot of updates.
Manu Sporny: And clarify.
Manu Sporny: Patients to the specific.
Manu Sporny: So it's out there now um feel free to start
implementing I know that a number of vendors are already starting
to integrate the vc20 data model into their production roadmap
plans for the summer.
Manu Sporny: Um that's it good news and thank you everyone in
the community that contributed to it and and got it to the stage.
Manu Sporny:
https://www.w3.org/news/2024/w3c-invites-implementations-of-verifiable-credentials-data-model-v2-0/
Kimberly Linson: Thank you Manny that is an enormous amount um
volume of work that's been completed so congratulations to to
everyone uh anyone else with an an introduction or
reintroduction.
Kimberly Linson: All right how about announcements and reminders
anything coming up that that you want to make sure the community
is aware of.
Kimberly Linson: You can add yourself to the queue with Q Plus.
https://github.com/w3c-ccg/community/blob/main/experiments/roadmap.md
Kimberly Linson: That's great thank you please check check that
out and and provide some input.
Manu Sporny: Yeah well 1 thank you for working on that um uh in
the the preview looks great I think that's going to be way easier
to manage um using mermaid I still owe you that list of.
Manu Sporny: From the.
Manu Sporny: Buried deep on my work queue so please feel free to
uh Pastor me until I get that list to you if that would be full
to you.
Kimberly Linson: Any other announcements in or reminders or
questions about work items.
Kaliya Young: As always forgot IBEW coming up in April in
Mountain View California.
Kaliya Young: Um should be great um.
Kaliya Young: I think very soon the registration for our
regional event in Europe will open up the digital identity
unconference Europe which is the third week of June.
Kaliya Young: And it looks like um.
Kaliya Young: The South African event um will be happening the
third week of septembar which unfortunately conflicts with TPAC
but.
Kaliya Young: That's the way it goes with venues and
availability.
Kaliya Young: I'll put a link to aew and then chat.
Kimberly Linson: Great thank you.
Kaliya Young: http://www.internetidentityworkshop.com
Kimberly Linson: All right well I'm going to go ahead and uh get
rash started um first of all I if you weren't here at the very
beginning of the call it is very late for him and we're very
appreciative of him taking the time to come and join us to talk
about modular open source identity platform uh and so uh welcome
rash and go ahead and and the floor is yours.
Ramesh_Narayanan: Thank you for the opportunity to present.
Ramesh_Narayanan: You all and as per.
Ramesh_Narayanan: Those Sage advice of Harrison I'll turn my
video off and I start my screen share so that.
Ramesh_Narayanan: things will.
Ramesh_Narayanan: But I just.
Ramesh_Narayanan: Just wanted to make sure.
Ramesh_Narayanan: Most of you may not have met me I just wanted
to you to be able to put a face to my.
Ramesh_Narayanan: Name and voice.
Ramesh_Narayanan: Let me start sharing.
Ramesh_Narayanan: I hope you are able to see my screen.
Kimberly Linson: Yes we see it.
Ramesh_Narayanan: Okay thank you.
Ramesh_Narayanan: uh so.
Ramesh_Narayanan: I'll try to keep this brief maybe up to 20
minutes and then we could.
Ramesh_Narayanan: To get into questions after that.
Kimberly Linson: That sounds great thank you.
Ramesh_Narayanan: was found.
Ramesh_Narayanan: Incubated at the triple it Bangalore
University.
Ramesh_Narayanan: And it's supported by grants from various
philanthropic agencies.
Ramesh_Narayanan: Including the ones listed here.
Ramesh_Narayanan: We started in 2018 we remain a not-for-profit
and not for Revenue project.
Ramesh_Narayanan: We have been adopted in.
Ramesh_Narayanan: 43 so far which I've gone live and there have
been several Pilots that are that have been run and 2 more
countries are in the process of.
Ramesh_Narayanan: Taking their identity systems life using.
Ramesh_Narayanan: The platform that we have built.
Ramesh_Narayanan: As of date we have 100 million plus people who
have been issued IDs.
Ramesh_Narayanan: Using our platform.
Ramesh_Narayanan: Uh this is this is scam happened over.
Ramesh_Narayanan: Last 3 plus years through the pandemic and
after that there's been plenty of Interest.
Ramesh_Narayanan: As uh digital systems.
Ramesh_Narayanan: More traction I think the pandemic has
accelerated the demand and we are also feeling the same.
Ramesh_Narayanan: What we basically do at mosip is we build
underlying Platforms in the open source.
Ramesh_Narayanan: For people to create their systems on and run
ID systems have been our Focus.
Ramesh_Narayanan: And the it.
Ramesh_Narayanan: Apart from providing the platform we also help
countries with the actual uh adoption by way of training their
people building capacity.
Ramesh_Narayanan: Supporting them with issues in the platform.
Ramesh_Narayanan: and so.
Ramesh_Narayanan: We have close to 80 plus partners.
Ramesh_Narayanan: who have.
Ramesh_Narayanan: Been working with us for the last.
Ramesh_Narayanan: Years it it grew from an initial set of a
handful.
Ramesh_Narayanan: To this number over the years and this consists
of.
Ramesh_Narayanan: A platform is deeply people who offer biometric
components people who offer.
Ramesh_Narayanan: Ation services and so on.
Ramesh_Narayanan: We also work with several.
Ramesh_Narayanan: Non-governmental organizations for research and
collaborations in technology as well as.
Ramesh_Narayanan: Non-technology areas uh in terms of inclusion.
Ramesh_Narayanan: Bias recognition and management and so on so
this is to keep ourselves sharp and in line with expectations and
emerging Trends also.
Ramesh_Narayanan: Largely are learning happen from the
deployments that we do.
Ramesh_Narayanan: And from the trends that are happening in the
industry.
Ramesh_Narayanan: The over the last few years we have actually
built several Solutions we started off with.
Ramesh_Narayanan: An identity issuance and life cycle management
system which is what.
Ramesh_Narayanan: Most of us the modular open source identity
platform it included identity verification capabilities also in
it.
Ramesh_Narayanan: This is where we started with this was the
intent behind this was to be able to issue IDs for.
Ramesh_Narayanan: People who don't have IDs.
Ramesh_Narayanan: So several countries had uh poor coverage.
Ramesh_Narayanan: They were looking for systems that could be
used and this was positioned.
Ramesh_Narayanan: For those countries.
Ramesh_Narayanan: Are um initial adoption has been primarily in
Africa and parts of Asia.
Ramesh_Narayanan: uh Moro.
Ramesh_Narayanan: Togo and Ethiopia and Africa and the
Philippines in Asia who have gone live with the system.
Ramesh_Narayanan: Have been using the most of platform for this.
Ramesh_Narayanan: But in the last couple of years we have started
adding additional uh capabilities to start unlocking the value of
having an identity.
Ramesh_Narayanan: So on top of this foundational a real identity
that that we have been issuing we wanted to create a digital
Authentication.
Ramesh_Narayanan: Uh and digital.
Ramesh_Narayanan: Identity stack which will allow people access
to services do kyc.
Ramesh_Narayanan: Solutions which were purely targeting the
digital access space.
Ramesh_Narayanan: And this started including credentials and the
original format which is where our journey with verifiable
credentials began.
Ramesh_Narayanan: And then we extended this to uh as as we
started working with this we extended this usage from online to
offline.
Ramesh_Narayanan: Usage by promoting digital wallets.
Ramesh_Narayanan: And uh and building this digital wallets we
recognize that these digital wallets are not going to be just
for.
Ramesh_Narayanan: the ID.
Ramesh_Narayanan: That we have.
Ramesh_Narayanan: And uh that's where uh we have been combining
the digital identity and the wallet together.
Ramesh_Narayanan: Focusing on not just uh this but all kinds of
credentialing.
Ramesh_Narayanan: So we have started some work on the
credentialing area also.
Ramesh_Narayanan: While these were all infrastructure that we
were building to help countries.
Ramesh_Narayanan: Start issuing IDs offering Digital Services on
top of that and so on we wanted to have.
Ramesh_Narayanan: a powerful.
Ramesh_Narayanan: Demonstrator of how this ID can be used so we
started working on.
Ramesh_Narayanan: Open g2p platform which uh basically helps
with.
Ramesh_Narayanan: Benefits delivery for government to people
programs.
Ramesh_Narayanan: And uh this this actually uses the ID that that
is issued.
Ramesh_Narayanan: Using these platforms it's well integrated as a
demonstrator.
Ramesh_Narayanan: And this is something that that we have been
able to actually showcase as well as deploy.
Ramesh_Narayanan: This module works with most of based systems as
well as existing ID systems that they may already have so it's
not opinionated to uh just most of solutions.
Ramesh_Narayanan: Going beyond the foundational idea there are
there are lots of systems which are looking at sectoral ideas for
example Health ID or student ID and so on and using the same set
of principles that we have been building other.
Ramesh_Narayanan: Solutions we have started some work on.
Ramesh_Narayanan: Registries for sectoral IDs also.
Ramesh_Narayanan: And this is all possible because of our
approach we have been always thinking of modularity in the way we
build our Solutions and also very responsible development by way
of promoting reuse of existing.
Ramesh_Narayanan: Open source tools as well as our own components
that we are building.
Ramesh_Narayanan: So these Solutions.
Ramesh_Narayanan: They all share uh lots of the components and
they can all be used independent of each other in most cases for
example the digital wallet that we.
Ramesh_Narayanan: Can work with.
Ramesh_Narayanan: Issue and services or it can also work with
other issuers.
Ramesh_Narayanan: So it nothing is tied.
Ramesh_Narayanan: Are locked in into the whole stack or whole
solution landscape that we offer people can pick and choose the
solutions that they want to use or they can actually also work
with this whole Suite.
Ramesh_Narayanan: This um there's a quick overview of what we
have in the uh.
Ramesh_Narayanan: Editions platform we have 2 parts 1 is.
Ramesh_Narayanan: Something that supports the ideations and life
cycle management which includes a self-service pre-registration.
Ramesh_Narayanan: And uh online or offline mode.
Ramesh_Narayanan: Of registration this is this is a activity that
requires.
Ramesh_Narayanan: Uh contact if Biometrics are collected if there
is no Biometrics involved this can be totally offline and remote.
Ramesh_Narayanan: Once the ID is issued.
Ramesh_Narayanan: Then get to the second part of the story which
requires.
Ramesh_Narayanan: Usage of the ID so we have an authentication
Service and then we have resident services which allow.
Ramesh_Narayanan: Users to manage their uh ID credentials and
then we have a partner management module which which allows the
ID system to manage who gets access to.
Ramesh_Narayanan: What kind of kyc uh policies they are enabled
to so that data sharing can be strictly on a need to know basis
and regulated.
Ramesh_Narayanan: And our entire development has been led by what
we call as a principle that development approach privacy security
Open Standards these are all some of the things that we try to
make sure we use or incorporate in at every step of the work so
we have several privacy features extensibility features the
ability to customize configure localize these Solutions.
Ramesh_Narayanan: So multi-language support is a great example of
how this can actually be used in different country contexts for
example in Morocco it is um used.
Ramesh_Narayanan: With French and Arabic while Ethiopia uses.
Ramesh_Narayanan: In English Philippines uses.
Ramesh_Narayanan: English and so on so there are choices that
people can make.
Ramesh_Narayanan: And the system can be configured or extended
to.
Ramesh_Narayanan: Meet specific requirements.
Ramesh_Narayanan: Once we go beyond the ID issue and life cycle
management we had to cater to a variety of requirements some some
countries opt for initial infrastructure.
Ramesh_Narayanan: Which is basically online and centrally used
for authentication there are other cases where there is a need
for a combination of centralized as well as decentralized use of.
Ramesh_Narayanan: And in in more advanced cases where uh people
don't want.
Ramesh_Narayanan: Centralized verification at all pure offline
usage or decentralized usage of ID verification.
Ramesh_Narayanan: is need.
Ramesh_Narayanan: We have a bouquet of.
Ramesh_Narayanan: Modules and services that caters to all these
kind of needs.
Ramesh_Narayanan: Verification Services the underlying core
support for any kind of Channel actually lies in the.
Ramesh_Narayanan: Pi that we offer.
Ramesh_Narayanan: PA has 2 flavors on it's a simple yes no API
which.
Ramesh_Narayanan: The uh given the identifier of the user and the
authentication factors comes back with the yes or no.
Ramesh_Narayanan: So whether it's.
Ramesh_Narayanan: But whether it's the right user.
Ramesh_Narayanan: The second flavor is a kyc endpoint which takes
similar inputs except that this shares authorized.
Ramesh_Narayanan: Kyc results so.
Ramesh_Narayanan: It's possible through policy to control what
gets shared to which relying party using this kyc endpoint.
Ramesh_Narayanan: We have support for anonymous.
Ramesh_Narayanan: Identifiers and tokens in this so that people
don't have to share their permanent ID numbers to a relying
parties so short-lived ID tokens can be used.
Ramesh_Narayanan: And anywhere where Biometrics are used for as
authentication factors we have a support where the Biometrics
get.
Ramesh_Narayanan: Encrypted on the capture device itself and then
gets sent to the server where only the authentication server can.
Ramesh_Narayanan: Crypto Biometrics for any comparison this
prevents.
Ramesh_Narayanan: Building local databases of Biometrics or reuse
of those biometrics.
Ramesh_Narayanan: In other places.
Ramesh_Narayanan: Where Biometrics are not used we have other
authentication factors like 1-time passwords.
Ramesh_Narayanan: And bins and so on and we also have the ability
to extend.
Ramesh_Narayanan: Using protocols like web Bots and uh.
Ramesh_Narayanan: To to support additional methods for uh.
Ramesh_Narayanan: Optional factors for Authentication.
Ramesh_Narayanan: On top of this.
Ramesh_Narayanan: we have.
Ramesh_Narayanan: Built uh open ID connect based solution which
allows people to.
Ramesh_Narayanan: Simplify the integration to this API the API is
routed using ID provider.
Ramesh_Narayanan: And uh this ID provider is a plug-in into the
Signet solution that we have eignet can be plugged in.
Ramesh_Narayanan: Or the plug-in can be developed in eignet for
not just mosip but for other systems also.
Ramesh_Narayanan: In fact we have done something of that sort
exactly in Cambodia where cambodia's existing.
Ramesh_Narayanan: ID system is is the 1 that's fronted by eignet
and uh the IDP their talks to their systems.
Ramesh_Narayanan: So what is Signet offers is the ability to use
the government issued ID.
Ramesh_Narayanan: For login and authentication and uh login
basically starts giving you access to various systems without
having to create too many credentials username passwords
everywhere.
Ramesh_Narayanan: This service is run by authorized people uh.
Ramesh_Narayanan: You will be you'll be getting a uniform
experience across portals and you'll be sharing.
Ramesh_Narayanan: Your authentication factors and data or even
your ID number only in these set of authorized providers.
Ramesh_Narayanan: So all kinds of relying parties don't keep
getting don't get access to it.
Ramesh_Narayanan: They only get access to.
Ramesh_Narayanan: Token that is returned to them and any kind of
consented attributes that are shared as part of the open ID
connect process.
Ramesh_Narayanan: Uh we also have started incorporating support
for our.
Ramesh_Narayanan: Offline usage or offline authentication any
Signet by way of being able to hand over the authentication
completion to the wallet.
Ramesh_Narayanan: Once the user to sign in they redirect them to
eignet.
Ramesh_Narayanan: And they can either complete the authentication
on eignet or they can actually.
Ramesh_Narayanan: take over.
Ramesh_Narayanan: Uh from their wallet completed on the wallet
and E then.
Ramesh_Narayanan: Redirects them back to the aligned parties
portal after the authentication is completed.
Ramesh_Narayanan: So this uh as in yeah.
Kimberly Linson: Thank you is it is it all right if Manu jumps
in with a question at this point.
Manu Sporny: Hi uh ramish this is this has been uh fantastic so
far I've I have a question though on eignet um uh it it sounds
like a centralized solution so I'm I'm trying to understand it
sounds like eignet would everything would route through eignet
and I and I get the benefit of not exposing all the other relying
parties to the information that might go through eignet but you
know I'm I'm trying to square that with the the decentralized you
know message that you started off with so so who runs these
Signet like is it like login.gov in the United States where all
you know all login to Federal systems go through login.gov so you
have to have a login.gov account how I'm trying to understand the
the centralization characteristics of the eignet.
Ramesh_Narayanan: Yeah excellent question man it is an online
solution and.
Ramesh_Narayanan: The way you deploy it can actually be the the
choice of was deploying it and if there is 1 single system
obviously it becomes centralized.
Ramesh_Narayanan: That but it's also possible for us to actually
support multiple underlying ID providers like how it is in France
the France connect solution for example talks to.
Ramesh_Narayanan: Various underlying parties right so eignet does
not have any persistence layer.
Ramesh_Narayanan: Other than the user consent.
Ramesh_Narayanan: Doesn't it doesn't store any user information
or ID or anything of that sort.
Ramesh_Narayanan: And uh what what basically means is that if the
underlying IDs are many then based on which ID is used.
Ramesh_Narayanan: Authentication Services of that particular
system are used.
Ramesh_Narayanan: That system would know so it centralized to
that extent but essentially it it can act in a federation mode or
in a centralized mode.
Ramesh_Narayanan: but if.
Ramesh_Narayanan: If you're handing.
Ramesh_Narayanan: It over to the.
Ramesh_Narayanan: Right then the authentication happens against a
credential which is there in the wallet in which case you're not
hitting the centralized systems is hitting the user's wallet.
Ramesh_Narayanan: This is where the support for decentralized
usage comes in in the e-cigarette portion but it is essentially
an online uh centralized system run by some particular provider.
Ramesh_Narayanan: I hope that answers your question.
Manu Sporny: It did thank.
Ramesh_Narayanan: So as 1 of indicated this is not a solution
that.
Ramesh_Narayanan: We wanted to make sure that this has a path to
uh decentralized usage also where this becomes actually a Cygnet
becomes.
Ramesh_Narayanan: And complete the authentication on the wallet
so that that's our.
Ramesh_Narayanan: Uh that's 1 Pathway to decentralization which
is supported in a signal.
Ramesh_Narayanan: When it comes to a wallet we built uh this
wallet NG a normal um.
Ramesh_Narayanan: Wallet would mostly be used as a store.
Ramesh_Narayanan: And it will be a protected wallet.
Ramesh_Narayanan: Maybe there's a way to unlock it and so on but
in our case we have taken the wallet.
Ramesh_Narayanan: And added an additional feature by adding an
authenticator in it.
Ramesh_Narayanan: What we do is we.
Ramesh_Narayanan: Most of the issuance software it it generates
verifiable credentials by default for ID credentials these can
then be downloaded onto the wallet using issuance software.
Ramesh_Narayanan: Uh we had started off with a custom integration
and retrieval mechanism using our API.
Ramesh_Narayanan: Ally but then once we had open ID for VC
issuance.
Ramesh_Narayanan: Protocol um once it was created we actually
have implemented that I think we are right now supporting.
Ramesh_Narayanan: Implementers draft level is something that we
are supporting and you so we can download the credential onto the
wallet using open ID for VCI.
Ramesh_Narayanan: And this credential is uh the way that open ID
for VC it's done is through eignet so there is an authentication
of the user and then they download their credential.
Ramesh_Narayanan: So we bind the wallet to the user's ID
credential.
Ramesh_Narayanan: Which means subsequently when you want to do
authentication we can actually do authentication against the
credential which is there in the wallet.
Ramesh_Narayanan: And uh we support a face authentication
offline.
Ramesh_Narayanan: Uh for actually doing the presence verification
and a biometric binding of the.
Ramesh_Narayanan: User to the credential as well as uh for the
authentication itself so these are um.
Ramesh_Narayanan: This is the authentication capability that is
supported in our wallet.
Ramesh_Narayanan: From a pure credentials perspective apart from
the store we have the ability to share the.
Ramesh_Narayanan: Credentials either through QR code if it's a
very small credential that can be fitted into 1.
Ramesh_Narayanan: Else we have a Bluetooth low energy based
peer-to-peer sharing.
Ramesh_Narayanan: That we have built this uses open ID for VP
over ble as the protocol.
Ramesh_Narayanan: And as I mentioned it has uh e signate
integration 1 for uh.
Ramesh_Narayanan: Download of the credential and second for.
Ramesh_Narayanan: The Handover of authentication from eignet to
the wallet.
Ramesh_Narayanan: There are cases where the phones that are
available in the market are not.
Ramesh_Narayanan: Secure uh or they don't have they're not
smartphones and they're not maybe capable of doing all that we
are proposing here so for these cases.
Ramesh_Narayanan: Uh we are looking at building a cloud wallet.
Ramesh_Narayanan: Cloud wallet will be a completely encrypted
Cloud store.
Ramesh_Narayanan: Uh which really the user can decrypt by
operating it through a shell app or.
Ramesh_Narayanan: 3 ussd these mechanisms so we are looking at
various cryptographic means where uh the the key for decrypting.
Ramesh_Narayanan: Can be generated on the Fly by the user maybe
using Sim toolkits.
Ramesh_Narayanan: That can that can leverage the capabilities of
the SIM card on their phone so these are mechanisms that we are
looking at to see how.
Ramesh_Narayanan: We can have a hosted wallet Cloud wallet where
again their privacy data privacy is protected.
Ramesh_Narayanan: So this is on the wallet side.
Ramesh_Narayanan: As I was mentioning we combined all of this and
uh you're working on a digital credentialing stack.
Ramesh_Narayanan: So this this triangle is something that you'll
all be familiar with so I won't go deep into it we have added um.
Ramesh_Narayanan: Holder basically is in G wallet but we can
support other wallets also because the insurance protocols that
we are supporting are open.
Ramesh_Narayanan: Chatting with a relying party as I mentioned we
have QR as well as based shares we are looking at adding support
for other protocols also like.
Ramesh_Narayanan: And the relying party can trust the issuer we
have set up some trust mechanism using uh did web and well-known.
Ramesh_Narayanan: Uh specs and uh we again rely on open ID for
VCI Associated uh specifications for these.
Ramesh_Narayanan: The advantages of um.
Ramesh_Narayanan: Are many we have integrated with opencv.
Ramesh_Narayanan: For example for uh issuance of birth
certificates as digital credentials similarly we are issuing we
are working with a couple of countries Bangladesh being 1 for
issue of trade licenses or business incorporation certificates.
Ramesh_Narayanan: This so the issuance model right now supports
we see 1.1.
Ramesh_Narayanan: But we are um having a modular approach where
we can actually start adding.
Ramesh_Narayanan: Credential formats also and as 1 you mentioned
we were waiting for the 2.2 to become an official spec for us to
actually start some work on that.
Ramesh_Narayanan: And I think it looks like it's going to be in
our plans too so.
Ramesh_Narayanan: We have plenty of integration models a place
stages that can be plugged into workflow event based integration
mechanisms data sharing.
Ramesh_Narayanan: With a lot of cryptographic protections built
into it so with this we have integrated with Benefits Delivery
Systems civil registry digital signatures Healthcare systems and
so on many of these are open-source Solutions which can also be
used in case somebody wants to adopt those Solutions.
Ramesh_Narayanan: Wherever possible we work with standards.
Ramesh_Narayanan: Wherever the standards don't meet we try to
work with various industry initiatives and groups to bring in our
inputs and if you see that they are already working along those
lines if there are some emerging drafts we pick those up and
work.
Ramesh_Narayanan: Uh where we have not been able to see anybody
taking any steps we try to actually work with some groups like.
Ramesh_Narayanan: Stack or g2p connect and so on in order to
Define uh some specifications which can then maybe over over time
get into standards process we have 1 um.
Ramesh_Narayanan: 1 initiative and Ile for uh working for secure
biometric devices so this this is the 1 that deals with
encrypting the Biometrics captured on the device in the field
itself in order to provide high level of security for biometric
Authentication.
Ramesh_Narayanan: So all this is to basically work towards our
core objective of creating interoperable systems which are for
everyone.
Ramesh_Narayanan: Global Care Solutions which address everyone
and then.
Ramesh_Narayanan: Identity so that that trust is what drives
usage and the transactions that.
Ramesh_Narayanan: That that are initial part of the.
Ramesh_Narayanan: My digital life that we are all looking forward
to very much.
Ramesh_Narayanan: That that's my presentation but I think I took
more than the 20 minutes I.
Ramesh_Narayanan: Happy to take questions.
Kimberly Linson: Thank you so.
Kimberly Linson: But that was actually really informative and
I'm glad you you checked the time to go through it all uh uh
manual I believe you're first on the queue.
Manu Sporny: Thank you yes um uh thank you for that uh romesh
your your work in this space um in in the folks on the mosip team
um it's um very inspiring um it's it's wonderful work um uh and
so I'm I'm wondering um what do you feel you you mentioned the
the gaps in the standards um uh what do you feel was kind of the
the the biggest uh challenge uh for adoption uh that you faced
you know I'm I'm looking at you know the way the the way that
you've you've built this system out um it feels like you know you
almost had to start as an identity provider for kind of central
government government institutions and then build the services
out from there like it was very you know was did you try other
approaches where it was very difficult to kind of start as a
digital wallet provider and then try to provide services uh it it
almost feels like for.
Manu Sporny: Uh or really any any platform to get a hold inside
you know a digital identity you have to have the government
understand that they want that solution and then you have to kind
of work through kind of core services in in government so do you
see any other approaches was that the approach that you had what
were the kind of the biggest challenges to scale to the level
that that you've been able to scale to today.
Ramesh_Narayanan: Yeah I think the challenges have been plenty.
Ramesh_Narayanan: The way you put it across is exactly how it
happened we had to start with addressing the most fundamental
need which was basically fill the Gap where.
Ramesh_Narayanan: H people.
Ramesh_Narayanan: Did not have an ID at all and participation in
any kind of transaction even if it's a physical paper based
transaction was not possible if a person did not have an ID.
Ramesh_Narayanan: Access to financial services uh lot lot of it
was a problem.
Ramesh_Narayanan: I can.
Ramesh_Narayanan: Court examples where.
Ramesh_Narayanan: People were not able to get birth certificates.
Ramesh_Narayanan: Because the parents did not have documents.
Ramesh_Narayanan: and then.
Ramesh_Narayanan: If they don't children don't have birth
certificates they can't.
Ramesh_Narayanan: Get into a vaccination or immunization
schedule.
Ramesh_Narayanan: They can't get into schools so.
Ramesh_Narayanan: May be a lot of it is to do with the policy and
how uh basic services are available but uh the process of using
ID documents to ensure that citizens get benefits as opposed to
all kinds of people who are coming and getting benefits was uh.
Ramesh_Narayanan: Was a problem.
Ramesh_Narayanan: A lot of these Services were subsidized so it
was important to ensure that people got IDs first so that's where
we started.
Ramesh_Narayanan: But we also knew that.
Ramesh_Narayanan: Even as we started uh we were very aware of
concerns around uh privacy.
Ramesh_Narayanan: Of users risks of surveillance.
Ramesh_Narayanan: How centralized systems are looked at somewhere
people like like them somewhere people from upon them we know
that we are getting into a world where we need multiple Solutions
and multiple pathways.
Ramesh_Narayanan: So they were always ready to evolve into
something more than just a centralized system but a government
issued ID was what would bring trust in the ID in the first place
so this is the real ID or the foundational ID that we started
then.
Ramesh_Narayanan: Order to provide mechanisms privacy provide
friendly mechanisms on top of it for ID usage.
Ramesh_Narayanan: We started building features there and then
subsequently we started once the wallet related uh.
Ramesh_Narayanan: Standards and specifications started emerging
better we know that we will not be building something which will
be throwing away so we started working with a draft
specifications and and started working on that aspect.
Ramesh_Narayanan: So the tip um was was 1 of our uh.
Ramesh_Narayanan: Big Inspirations that when we saw the framework
we decided that instead of building just some data and issuing
some ID we'll make sure that we are natively supporting
credentials right from the outset so we started incorporating.
Ramesh_Narayanan: And we see uh even before it became a a full
full accepted spec into our product.
Kimberly Linson: Thank you Harrison you're on the queue.
Harrison_Tang: Yes um Ramesh do you mind uh kind of clarify uh
who are the implementers because earlier you mentioned that
there's Bangor Dash government and I'm guessing Indian
governments like is it just the governments or are there other uh
like businesses or other um entities that that that implemented
this.
Ramesh_Narayanan: Oh actually the governments are the adopters.
Ramesh_Narayanan: Implementations have been uh sometimes carried
out by Common departments themselves and other cases they have
worked with.
Ramesh_Narayanan: Uh ecosystems partners and systems integrators
to actually roll out these Solutions.
Ramesh_Narayanan: Are mandate atmosphere from a funding
perspective has been primarily to help governments.
Ramesh_Narayanan: We have cases where university has actually
picked us up for their student ID and they're doing it on their
own this isn't Argentina.
Ramesh_Narayanan: And uh we have uh somebody actually building a
sectoral IDs in India for healthcare using some of our Solutions
so yes it's we expect it to be used Beyond.
Kimberly Linson: Harrison did you have another question.
Harrison_Tang: Yes uh so separate questions um first of all it's
quite impressive that uh Mastiff actually tackles multiple uh
aspects and facets of identity uh from issuance right wallets and
so on so on so my question is like what is the toughest.
<phil_long_(t3)> It appears verification is done by the issuer,
rather than an independent verification service. Is that
accurate?
Harrison_Tang: Challenge right what's the toughest problem like
when you marginalize the identity problems um like for example
earlier you talked about authentications biometric like keeping
it uh secure private and things like that like which part uh when
you're working on different parts and different modules for like
B term which which module is the hardest.
Ramesh_Narayanan: Rather than module I would say the the aspect
that we find it the hardest is actually inclusion.
Ramesh_Narayanan: The the diversity of the population is such
that there are challenges in terms of infrastructure there are
challenges in terms of digital Savvy as well as many other many
other factors.
Ramesh_Narayanan: So cost lots of factors are there so we have to
make sure that.
Adrian Gropper: We have to make sure that.
Ramesh_Narayanan: uh we.
Ramesh_Narayanan: Had to have a.
Ramesh_Narayanan: And not just 1 so that that I think was 1 of
the biggest challenges that we had.
Kimberly Linson: Great thank you uh Adrian.
Adrian Gropper: Uh in the example you mentioned India sector
role in healthcare in particular uh what's the relationship uh
that you have with adhar.
Adrian Gropper: As the national ID for things like that.
Ramesh_Narayanan: Yeah um so other is is built by the uidai and
run for India's national like program so we don't have anything
to do with that right that's a totally independent system.
Ramesh_Narayanan: So mosip is uh incidentally built in India but
it's a totally new system built from scratch.
Ramesh_Narayanan: The Health Care System might use the underlying
other for.
Ramesh_Narayanan: Verification against the foundational ID but
what we are uh what most of is used for us building the sectoral
identity for the same person.
Rashmi_Siravara: Uh Ramesh if I can ask you um a query based on
the other discussion that you were uh you are having so the
verification is done even for the pan card since other card has
certain requirements or is it uh only there is no identification
or verification needed for that since you work with the
governments and they are scaling it.
Ramesh_Narayanan: So we don't work with the Indian government
actually um so I can't I can't answer to that um this particular
thing I think there are.
Ramesh_Narayanan: Uh as is the case in most places for different
processes people can produce 1 of many IDs.
Ramesh_Narayanan: So it could be the tax number or it could be
the.
Ramesh_Narayanan: National ID and so on right so I think those
are processes.
Ramesh_Narayanan: By respective applications.
Ramesh_Narayanan: Even if somebody's using the national ID in
cases where they have deployed most of most of offers the
solutions for quick verification easy verification.
Ramesh_Narayanan: in online.
Rashmi_Siravara: Right that's the main reason I asked you because
the ekyc is in feature right now at every payment Gateway right I
mean in international transaction verifications dates credentials
all of it so I just wanted to know if you are directly working
with the government or it's just in the peripheral collaboration
that uh you're talking about yeah thank you.
Kimberly Linson: All right may I know your next step on the
queue.
Manu Sporny: Um right so so the the quite this question has more
to do with the standards work so you you mentioned a set of
standards that are missing now around trust Frameworks and
Biometrics and and things of that nature um and so you know since
many of us here work in standards setting organizations global
standard setting organizations I'm curious what kind of work we
can focus on next that would be most helpful to you understanding
that they're limitations like w3c doesn't work on biometric
anything right they they're they the position is kind of the
opposite they're kind of it I think antibiotics they focus more
on web athn and types of authentication that's cryptographic and
unlabel and and and stuff like that so you know there's certain
things where we can't really help around I think the biometric
portion of it but there are other places where I think we could
help you mentioned QR codes in uh uh.
Manu Sporny: Down into small.
Manu Sporny: We do have work on you know taking a verifiable
credential in compressing it using core LDS so that you can
express it in a QR code with a digital signature in that sort of
thing very important for offline uh scenarios um we are also you
know have a work item in this group around uh trust Frameworks
effectively the you know the authorized verifiers issuers you
know lists work um that that is going on what what's the what's
the biggest pain point for you like if if there was a a new
standard that we could work on in the next you know year or so
and get done what would be the highest priority standard uh we
could work on.
<kimberly_wilson_linson> Great question Manu!
<dmitri_zagidulin> and is that standard 'Trust Registries' :)
Ramesh_Narayanan: Yeah actually um.
Ramesh_Narayanan: The core LD.
Ramesh_Narayanan: That you mentioned right we we had we needed it
2 years ago when people were issuing cards with QR codes embedded
in them so we had to build a cwt based.
Ramesh_Narayanan: Approach where we have to make certain
assumptions about.
Ramesh_Narayanan: The envelope as well as the content in order to
make sure that it fits and is usable cryptographically verifiable
and and still interpretable so you'll be happy to look at what
how it how sibo LDS.
Ramesh_Narayanan: Been used actually to to support this so we
felt that the VC envelope itself was.
Ramesh_Narayanan: Big lot of work on the metadata.
Ramesh_Narayanan: Area was very rapidly changing and.
Ramesh_Narayanan: And and moving I think that that's 1 area where
we would like Clarity more than anything else.
Ramesh_Narayanan: Specifically on on standards I I will get back
we have a laundry list at what what would take the cake what what
would be high priority something that we can probably revert back
to there are there are a few pain points that we have and we'll
be actually very glad to talk about those um talk about this pain
points while we see does not address schemas there is also a need
to agree upon some common schemas for simplifying interpretation.
Ramesh_Narayanan: of the data.
Ramesh_Narayanan: Especially for cross.
Ramesh_Narayanan: So crossborder usage related cases change uh
the trust as well as the uh the content related requirements it
puts additional expectations on that I think those are areas that
are beginning to emerge we are working with the West African.
Ramesh_Narayanan: Region for where they want a regionally
interoperable ID so to be able to address that we will need
actually need specifications uh for that.
Ramesh_Narayanan: Another um area where we are facing challenges
uh there's some some amount of Divergence between what verifiable
credentials does as work and uh mdl does this work at ISO MDOC
set of standards and it's um if if there's some possible way to
reduce the.
Ramesh_Narayanan: Deviations and and arrive at some common set of
specifications which which support different kinds of credential
types for example in India there's been signed XML.
Ramesh_Narayanan: That has been issued for ages and this was even
before anybody was imagining credentials as a first standards
rated work right so and that also needs to be supported so there
are many cases where we would need different types of credentials
formats to be supported and I think we'll need to have for
interoperability common uh Frameworks.
Ramesh_Narayanan: And it can't be in isolation imagine different
ways in different continents.
Kimberly Linson: Thank you Dimitri I'm gonna let you have the
last question of the day.
Dmitri Zagidulin: Oh sure thing thank you um uh thanks for me
really enjoyed your presentation what uh specification do you use
for trust Registries for lists of known issuers and verifiers and
is that something uh most of would be interested in
collaborating.
Ramesh_Narayanan: We would be um right now uh for the wallet we
have a wallet server and the wallet server.
Ramesh_Narayanan: Is the 1 that feeds the trust registry or gives
access to the wallet.
Ramesh_Narayanan: So we have kept it simple um till till we get
good Clarity on.
Ramesh_Narayanan: Being able to refer to some common
infrastructure.
Ramesh_Narayanan: For Discovery we are using um for for a given
issuer discovery of other things we are using well-known specs.
Ramesh_Narayanan: So that that's our current simplified approach.
Ramesh_Narayanan: We are open to anything from a simple GitHub.
Ramesh_Narayanan: Onward still a registry which is publicly
acknowledged.
Ramesh_Narayanan: Or uh acceptable to everyone.
<harrison_tang> Thank you, Ramesh, for a great presentation
today! Thanks for dropping by CCG.
Kimberly Linson: Great thank you again so much for being here um
and sharing um this with us it was really interesting and and uh
very applicable to my own work so I'm excited to thank you uh and
thank you everyone for participating today and we will see you
next uh next Tuesday at the same time thank you all.
Ramesh_Narayanan: Thank you for the opportunity why.
Kimberly Linson: Recording has stopped.

Received on Tuesday, 6 February 2024 23:13:02 UTC