Re: questions about Ayra

Hi Drummond,

Indeed your answers help clarify my understanding of Ayra.

My first question however was about the governmental legal power of outlawing specific communities.

In some cases the issue might just be that you are not allowed to interact anymore but whatever history you had will be tolerated and not prosecuted.

But in other cases, and to refer to Christopher Allen’s work (https://www.blockchaincommons.com/articles/echoes-history/) without the intent of making a Goodwin point, having a registry could prove harmful for companies (and specifically the people behind them)  or individuals that may now have incriminating proof of their participation to an ecosystem of trust and reputation.

So my question was more again about the “safeguards” that the Ayra network can recommend to the networks that abide to its framework. I can accept that this could be out of scope for Ayra to define, but as I understood it each network that wants to interact in the network of networks has an incentive to follow the general rules of the Ayra framework, so there could be some set of rules and contingency plans on how to protect its members. But I might be thinking too far ahead.


Thanks


Julien

From: Drummond Reed <Drummond.Reed@gendigital.com>
Date: Friday, 7 February 2025 at 07:38
To: Julien Fraichot <Julien.Fraichot@hyland.com>, W3C Credentials CG (Public List) <public-credentials@w3.org>
Subject: [EXTERNAL] Re: questions about Ayra
Julien, apologies for the delay; been a heavy week. See inline. From: Julien Fraichot <Julien. Fraichot@ hyland. com> Date: Tuesday, February 4, 2025 at 11: 03 PM To: W3C Credentials CG (Public List) <public-credentials@ w3. org> Subject: 

Julien, apologies for the delay; been a heavy week. See inline.

From: Julien Fraichot <Julien.Fraichot@hyland.com>
Date: Tuesday, February 4, 2025 at 11:03 PM
To: W3C Credentials CG (Public List) <public-credentials@w3.org>
Subject: questions about Ayra
Hi Drummond,

Thanks for the presentation yesterday. After reading the different papers a few questions remain unanswered for me at this point, and I felt they may be beneficial to the rest of the CCG so I’m using this channel to ask them. They are in no particular order, just as they came to me while reading the different documents:


What if you are part of a community that becomes illegal? How can you prevent your exposure to/activity with this community from binging trouble to yourself/your company?



First, let me clarify that Ayra is a network of digital trust ecosystems. Each Ayra-recognized ecosystem is sovereign, i.e., it has its own governance and its own trust registr(ies). So any policies about control over trust relationships within that ecosystem are governed by that ecosystem, not the Ayra Association.



Can you selectively disclose your relationships?



If that question is directed at the Ayra Network Credentials that I described towards the end of Tuesday’s call, then the answer is yes. Our assumption is that First Person Credentials, as described in this Ayra white paper [ayra.forum]<https://urldefense.com/v3/__https:/ayra.forum/ayra-network-effects-whitepaper/__;!!C8mu0vCj!dengyqk_LjFwMdp26C5txbNNmXdED8vmyEXMQ4kH96A5tScZWbXF6p9bcp-xjAeypUm3SDBVvjhPjAPx729Vd5MbeJvptOBb$>, will use ZKP for selective disclosure and privacy-preservation. The work of fully specifying the Ayra Network Credentials family is still to be done at the Ayra Association, however, so I invite anyone interested to get in touch about participation [ayra.forum]<https://urldefense.com/v3/__https:/ayra.forum/contact/__;!!C8mu0vCj!dengyqk_LjFwMdp26C5txbNNmXdED8vmyEXMQ4kH96A5tScZWbXF6p9bcp-xjAeypUm3SDBVvjhPjAPx729Vd5MbeLzMnw2d$>.



What are the security measures to prevent unwanted discovery (of relationships or self identity)? As in any agent manages to tie the dots between your different profiles?



Again, if your question is about First Person Credentials, the proposed design is that the personal relationship graph created by verifiable relationship credentials (VRCs) uses pairwise private DIDs that are entirely private to an individual’s own digital wallet or vault. So any sharing of any portion of that personal relationship graph is controlled by that individual.



Subsequent question, as an individual user with 0 cryptographic knowledge and poor online privacy hygiene, what are the safeguards around my wallet/profile?



That’s a good question, and one that applies to pretty much all use of digital wallets and credentials. I can’t say yet exactly what requirements might be defined at the Ayra Network Credentials Governance Framework level (meaning safeguards that would apply to any Ayra-recognized ecosystem that implements Ayra Network Credentials) vs. safeguards defined at the ecosystem level. Those are the hard policy questions that the Ayra Association was formed to provide a neutral international nonprofit forum to work out (and again, we invite your participation).



if you delete a VRC, does it delete in both sides of the relationship?



First, let me clarify that a VRC is a VC. Thus like any VC, it has an issuer and a holder. From the issuer’s “side”, the issuer can revoke the VRC. From the holder’s “side”, the holder can delete the VRC from the holder’s wallet.



The question you are asking seems most relevant to personal VRCs, which to prevent spoofing need to be bidirectional, i.e., Alice and Bob issue personal VRCs to each other. In that case, each VRC is “half” the relationship. Both Alice and Bob are issuers of VRCs to the other and holders of VRCs from the other.



Either Alice or Bob can revoke the VRC they issued. And either of them can delete the VRC they hold. Whether the protocol for personal VRC exchange (which is still being designed) supports automatic notification of the other party when a personal VRC is revoked by the issuer or deleted by the holder is still TBD. It’s very much like the question of whether you are notified when someone unfriends you or unfollows you on a social network.



as a customer (individual person) can you opt-out of the system?



To clarify again, Ayra as a digital trust ecosystem of ecosystems is not something an individual (or a company) “joins” directly. Only ecosystems are recognized the Ayra Trust Network. So any question of an individual “opting-in” or “opting-out” is an ecosystem policy, not an Ayra policy.



IMPORTANT: The Ayra Association [ayra.forum]<https://urldefense.com/v3/__https:/ayra.forum/__;!!C8mu0vCj!dengyqk_LjFwMdp26C5txbNNmXdED8vmyEXMQ4kH96A5tScZWbXF6p9bcp-xjAeypUm3SDBVvjhPjAPx729Vd5MbeJ_2nQpr$>, the neutral nonprofit Swiss Association established to govern the Ayra Trust Network, does have individual membership (along with civil society, ecosystem, government, and two classes of business membership). But membership in the Ayra Association as a nonprofit governance body is not related to ecosystem recognition in the Ayra Trust Network.



And from a technical perspective I haven’t yet grasped the architecture of the systems: how are the files stored/read, who manages them, as well as are we expecting the system to run in a node like structure spun-up by any individual/companies/governance networks/etc?



Assuming you are asking about the Ayra Trust Network as a heterarchical network of trust registries, each of those is operated (directly, or by a service provider for) the digital trust ecosystem it represents. All Ayra-recognized trust registries (or “trust lists”) speak the same Trust Registry Query Protocol [trustoverip.github.io]<https://urldefense.com/v3/__https:/trustoverip.github.io/tswg-trust-registry-protocol/__;!!C8mu0vCj!dengyqk_LjFwMdp26C5txbNNmXdED8vmyEXMQ4kH96A5tScZWbXF6p9bcp-xjAeypUm3SDBVvjhPjAPx729Vd5MbeD7u-bLZ$> (TRQP), just like all DNS name servers speak the same protocol. But behind each TRQP endpoint, the authority for that trust registry can use any technology or source of authority they want.



I hope this is helpful.



Best,



=Drummond


-----------------------------------------  Please consider the environment before printing this e-mail -----------------------------------------  

CONFIDENTIALITY NOTICE: This message and any attached documents may contain confidential information from Hyland Software, Inc. The information is intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for the delivery of this message to the intended recipient, the reader is hereby notified that any dissemination, distribution or copying of this message or of any attached documents, or the taking of any action or omission to take any action in reliance on the contents of this message or of any attached documents, is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail or telephone, at +1 (440) 788-5000, and delete the original message immediately. Thank you.