- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Sun, 10 Aug 2025 20:57:50 +0200
- To: Tim Bouma <trbouma@gmail.com>
- Cc: Daniel Hardman <daniel.hardman@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>, "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
- Message-ID: <CAKaEYh++8kKDjTc1BOvfnu5QOFFHTL8hijeKBirt3_M_EYvLNQ@mail.gmail.com>
ne 10. 8. 2025 v 0:03 odesílatel Tim Bouma <trbouma@gmail.com> napsal: > Personally, I’ve come to the conclusion that we require a protocol where > the core primitive is ‘issuance’ (signing) such that there is no privileged > role of ‘issuer’ and/or ‘verifier’. Anyone using this so-called protocol, > no matter how disadvantaged they might be, must be on equal footing with > the strongest of users, namely government. > > As things stand now, the current protocols simply reinforce the status > quo, and for the majority that’s ok, or don’t know anything differently. > That’s also ok, for the current generation of solutions, but we need to > start looking past that horizon. > I think you can sign arbitrary JSON without an issuer using the canonicalization spec. It would just be a separate work item. > > Tim > > > On Sat, Aug 9, 2025 at 5:50 PM Daniel Hardman <daniel.hardman@gmail.com> > wrote: > >> >> I would like to share an experience so that my strong words have some >> softening context. >> >I wanted to come back to this email, as it's been echo'ing in my head >> >> Thank you for the kind and thoughtful response, Manu. >> >> >> I think it is dangerous to build an ecosystem where proof of >> personhood is largely assumed to come from governments. >> >Yes, agreed; that should not be the only source, but I expect it will >> be a primary source for some time to come. >> >> I'd like to clarify my mental model, because there seems to be both >> important alignment and important divergence between mine and yours, Manu. >> >> Speaking of government, you used the phrase "be the only source". My >> language was similarly general "proof of personhood comes from". In a >> sense, it might seem that we're saying almost the same thing. But Let me >> get more granular. >> >> I have no problem at all with the idea that a government-governed process >> should be the common/default "source" or where "proof of personhood comes >> from" -- in the near term or into the infinite future. My beef is with the >> easy conflation of "source" and "issuer". A government process can produce >> personhood evidence, but I don't want the identifier of the government to >> be used as the *issuer* of that evidence. EVER. Hard stop, exclamation >> point, non-negotiable human rights core principle that we don't stray from >> even in version 0.1 of a system. And I believe we can actually achieve and >> enforce this by being very careful with our definitions, which is why I'm >> trying to be so picky about language. >> >> On what basis could we maintain the distinction between "source" and >> "issuer"? In my mind, an acceptable process for issuing personhood evidence >> would be whatever the government designs, and could use whatever >> infrastructure the government provides -- but would result in issuance by a >> named human being who has a publicly known legal identity endorsed by that >> government for issuance of personhood credentials. This would make proof of >> personhood just like an adoption decree -- signed by an individual human >> judge who has delegated legal authority from the government -- NOT signed >> by "the government" as an impersonal bureaucracy. >> >> I also don't want any fields in a personhood credential to attest to any >> characteristics of legal identity, because legal identity characteristics >> are changeable, whereas humanity is not. Conflating the two is dangerous. >> The only fields that should exist in a personhood credential are various >> biometrics and metadata about the issuance/level of assurance. A government >> credential that attests to legal identity for a person is derivative of, >> not equivalent to, proof of personhood, and modeling it any other way is >> both a concept error and a human rights violation. It elevates government >> opinion about legal identity facts to a place those facts do not belong, >> which is on the level of human dignity. >> >> If we do it the way I'm recommending, then tribal elders or doulas in >> remote highlands somewhere naturally function as peers of judges, which is >> factually accurate, reasonable, just, and inclusive. The only difference >> between their evidence output is whether you like the governance -- again, >> factually accurate, reasonable, just, and inclusive. If, on the other hand, >> "the government" is the issuer of proof of personhood -- or if we have >> fields in the schema of such a credential that only governments can attest >> to -- we permanently prevent humans from becoming peers of institutions on >> the question of humanness. >> >> --Daniel >> >> On Sat, Aug 9, 2025 at 11:40 AM Manu Sporny <msporny@digitalbazaar.com> >> wrote: >> >>> On Sun, Jul 20, 2025 at 6:40 PM Daniel Hardman <daniel.hardman@gmail.com> >>> wrote: >>> > I would like to share an experience so that my strong words have some >>> softening context. >>> >>> I wanted to come back to this email, as it's been echo'ing in my head >>> for the past several weeks and I wanted to acknowledge the sharing of >>> a personal experience, thank Daniel for sharing it, and recognize >>> where Daniel is coming from... which is from one of many acutely human >>> experiences, which I hope is what we're all trying to improve with our >>> work. >>> >>> For those of you that might have visited countries where you show >>> your, or your child's, only form of international identification, only >>> to have (without warning) security personnel walk away with it or >>> suggest that they will keep it, is terrifying. The flush of >>> adrenaline; the heat on your face, hits you before you can process >>> what's going on. I'm sorry you had that experience, and I'm glad it >>> worked out in the end... and both you and I know it does not always >>> work out in the end. >>> >>> > How does this relate to personhood credentials? I think it is >>> dangerous to build an ecosystem where proof of personhood is largely >>> assumed to come from governments. >>> >>> Yes, agreed; that should not be the only source, but I expect it will >>> be a primary source for some time to come. >>> >>> > If we raise the stakes further -- governments now decide who the rest >>> of the world can/should believe is human (and thus worthy of human rights), >>> I think we are truly in scary territory. >>> >>> I agree. >>> >>> > Doctors or nurses who sign birth certificates should be able to attest >>> humanness. Tribal elders should be able to attest humanness. Government >>> vetting processes that prove humanness should be signed by a human >>> employee, not by the government itself, because it is the human rather than >>> the bureaucracy that is safely definitive on this question. We should NEVER >>> forget this. >>> >>> Yes, also agree. >>> >>> I would hope that most in this community would agree with all of the >>> above. What concrete set of things to do about it is the question... >>> >>> My hope is that focusing on a few things help: >>> >>> * Ensure that one can prove things about your or others in a way that >>> is so broadly disseminated that "confiscating the original documents" >>> becomes something that cannot happen. That is, ensure broad >>> dissemination, true ownership, and consent over transmission of >>> digital credentials. >>> >>> * Ensure that one can prove things about yourself at the proper level >>> of pseudonymity for the transaction. That is, no phone home, prove >>> things in zero knowledge, etc. >>> >>> * Ensure that fundamental human rights are not centralized purely with >>> government bureaucracies. That is, enable a broad base of issuers and >>> many equivalent roots of trust. >>> >>> I think the folks in this community endeavoring to standardize stuff >>> are actively working on at least the three items above, but at levels >>> that are frustratingly slow. We're putting a lot of effort into the >>> first bullet item, trying as hard as we can to move the second one >>> forward (but have been slowed by the painfully slow IETF CFRG review >>> process and a disinterest by a number of governments and private >>> industry in funding the work), and are missing a truly compelling >>> solution for the last item (though birth certificates and notaries do >>> provide for alternate, positive paths forward... alongside local >>> government agencies). >>> >>> I don't expect any of this will reduce the feeling of concern about >>> proof of personhood and government intervention in that regard. I just >>> wanted to note that we are working on technologies that I hope align >>> more with addressing your concerns than ceding all authority on >>> human-ness to large and indifferent bureaucracies of any kind. >>> >>> -- manu >>> >>> -- >>> Manu Sporny - https://www.linkedin.com/in/manusporny/ >>> Founder/CEO - Digital Bazaar, Inc. >>> https://www.digitalbazaar.com/ >>> >>
Received on Sunday, 10 August 2025 18:58:06 UTC