Re: questions about Ayra

Love the thread đź‘Ť

Just want to make a side note that because we ran out of time this Tuesday,
we will have Darrell, Drummond, Andor, and David back to do a deeper dive
into Ayra and its trust framework of trust frameworks on Tuesday, April
22.

Sincerely,

*Harrison Tang*
CEO
 LinkedIn  <https://www.linkedin.com/company/spokeo/> •   Instagram
<https://www.instagram.com/spokeo/> •   Youtube <https://bit.ly/2oh8YPv>


On Fri, Feb 7, 2025 at 8:55 AM Julien Fraichot <Julien.Fraichot@hyland.com>
wrote:

> Hi Drummond,
>
>
>
> Indeed your answers help clarify my understanding of Ayra.
>
>
>
> My first question however was about the governmental legal power of
> outlawing specific communities.
>
>
>
> In some cases the issue might just be that you are not allowed to interact
> anymore but whatever history you had will be tolerated and not prosecuted.
>
>
>
> But in other cases, and to refer to Christopher Allen’s work (
> https://www.blockchaincommons.com/articles/echoes-history/) without the
> intent of making a Goodwin point, having a registry could prove harmful for
> companies (and specifically the people behind them)  or individuals that
> may now have incriminating proof of their participation to an ecosystem of
> trust and reputation.
>
>
>
> So my question was more again about the “safeguards” that the Ayra network
> can recommend to the networks that abide to its framework. I can accept
> that this could be out of scope for Ayra to define, but as I understood it
> each network that wants to interact in the network of networks has an
> incentive to follow the general rules of the Ayra framework, so there could
> be some set of rules and contingency plans on how to protect its members.
> But I might be thinking too far ahead.
>
>
>
>
>
> Thanks
>
>
>
>
>
> Julien
>
>
>
> *From: *Drummond Reed <Drummond.Reed@gendigital.com>
> *Date: *Friday, 7 February 2025 at 07:38
> *To: *Julien Fraichot <Julien.Fraichot@hyland.com>, W3C Credentials CG
> (Public List) <public-credentials@w3.org>
> *Subject: *[EXTERNAL] Re: questions about Ayra
>
> Julien, apologies for the delay; been a heavy week. See inline. From:
> Julien Fraichot <Julien. Fraichot@ hyland. com> Date: Tuesday, February
> 4, 2025 at 11: 03 PM To: W3C Credentials CG (Public List)
> <public-credentials@ w3. org> Subject:
>
> Julien, apologies for the delay; been a heavy week. See inline.
>
>
>
> *From: *Julien Fraichot <Julien.Fraichot@hyland.com>
> *Date: *Tuesday, February 4, 2025 at 11:03 PM
> *To: *W3C Credentials CG (Public List) <public-credentials@w3.org>
> *Subject: *questions about Ayra
>
> Hi Drummond,
>
>
>
> Thanks for the presentation yesterday. After reading the different papers
> a few questions remain unanswered for me at this point, and I felt they may
> be beneficial to the rest of the CCG so I’m using this channel to ask them.
> They are in no particular order, just as they came to me while reading the
> different documents:
>
>
>
> What if you are part of a community that becomes illegal? How can you
> prevent your exposure to/activity with this community from binging trouble
> to yourself/your company?
>
>
>
> First, let me clarify that Ayra is a network of digital trust ecosystems.
> Each Ayra-recognized ecosystem is sovereign, i.e., it has its own
> governance and its own trust registr(ies). So any policies about control
> over trust relationships within that ecosystem are governed by that
> ecosystem, not the Ayra Association.
>
>
>
> Can you selectively disclose your relationships?
>
>
>
> If that question is directed at the Ayra Network Credentials that I
> described towards the end of Tuesday’s call, then the answer is yes. Our
> assumption is that First Person Credentials, as described in this Ayra
> white paper [ayra.forum]
> <https://urldefense.com/v3/__https:/ayra.forum/ayra-network-effects-whitepaper/__;!!C8mu0vCj!dengyqk_LjFwMdp26C5txbNNmXdED8vmyEXMQ4kH96A5tScZWbXF6p9bcp-xjAeypUm3SDBVvjhPjAPx729Vd5MbeJvptOBb$>,
> will use ZKP for selective disclosure and privacy-preservation. The work of
> fully specifying the Ayra Network Credentials family is still to be done at
> the Ayra Association, however, so I invite anyone interested to get in
> touch about participation [ayra.forum]
> <https://urldefense.com/v3/__https:/ayra.forum/contact/__;!!C8mu0vCj!dengyqk_LjFwMdp26C5txbNNmXdED8vmyEXMQ4kH96A5tScZWbXF6p9bcp-xjAeypUm3SDBVvjhPjAPx729Vd5MbeLzMnw2d$>
> .
>
>
>
> What are the security measures to prevent unwanted discovery (of
> relationships or self identity)? As in any agent manages to tie the dots
> between your different profiles?
>
>
>
> Again, if your question is about First Person Credentials, the proposed
> design is that the *personal relationship graph* created by *verifiable
> relationship credentials (VRCs)* uses *pairwise private DIDs* that are
> entirely private to an individual’s own digital wallet or vault. So any
> sharing of any portion of that personal relationship graph is controlled by
> that individual.
>
>
>
> Subsequent question, as an individual user with 0 cryptographic knowledge
> and poor online privacy hygiene, what are the safeguards around my
> wallet/profile?
>
>
>
> That’s a good question, and one that applies to pretty much all use of
> digital wallets and credentials. I can’t say yet exactly what requirements
> might be defined at the Ayra Network Credentials Governance Framework level
> (meaning safeguards that would apply to any Ayra-recognized ecosystem that
> implements Ayra Network Credentials) vs. safeguards defined at the
> ecosystem level. Those are the hard policy questions that the Ayra
> Association was formed to provide a neutral international nonprofit forum
> to work out (and again, we invite your participation).
>
>
>
> if you delete a VRC, does it delete in both sides of the relationship?
>
>
>
> First, let me clarify that *a VRC is a VC*. Thus like any VC, it has an
> issuer and a holder. From the issuer’s “side”, the issuer can revoke the
> VRC. From the holder’s “side”, the holder can delete the VRC from the
> holder’s wallet.
>
>
>
> The question you are asking seems most relevant to personal VRCs, which to
> prevent spoofing need to be bidirectional, i.e., Alice and Bob issue
> personal VRCs to each other. In that case, each VRC is “half” the
> relationship. Both Alice and Bob are issuers of VRCs to the other and
> holders of VRCs from the other.
>
>
>
> Either Alice or Bob can revoke the VRC they issued. And either of them can
> delete the VRC they hold. Whether the protocol for personal VRC exchange
> (which is still being designed) supports automatic notification of the
> other party when a personal VRC is revoked by the issuer or deleted by the
> holder is still TBD. It’s very much like the question of whether you are
> notified when someone unfriends you or unfollows you on a social network.
>
>
>
> as a customer (individual person) can you opt-out of the system?
>
>
>
> To clarify again, Ayra as a digital trust ecosystem of ecosystems is not
> something an individual (or a company) “joins” directly. Only ecosystems
> are *recognized* the Ayra Trust Network. So any question of an individual
> “opting-in” or “opting-out” is an ecosystem policy, not an Ayra policy.
>
>
>
> IMPORTANT: The Ayra Association [ayra.forum]
> <https://urldefense.com/v3/__https:/ayra.forum/__;!!C8mu0vCj!dengyqk_LjFwMdp26C5txbNNmXdED8vmyEXMQ4kH96A5tScZWbXF6p9bcp-xjAeypUm3SDBVvjhPjAPx729Vd5MbeJ_2nQpr$>,
> the neutral nonprofit Swiss Association established to govern the Ayra
> Trust Network, does have individual membership (along with civil society,
> ecosystem, government, and two classes of business membership). But
> membership in the Ayra Association as a nonprofit governance body is not
> related to ecosystem recognition in the Ayra Trust Network.
>
>
>
> And from a technical perspective I haven’t yet grasped the architecture of
> the systems: how are the files stored/read, who manages them, as well as
> are we expecting the system to run in a node like structure spun-up by any
> individual/companies/governance networks/etc?
>
>
>
> Assuming you are asking about the Ayra Trust Network as a heterarchical
> network of trust registries, each of those is operated (directly, or by a
> service provider for) the digital trust ecosystem it represents. All
> Ayra-recognized trust registries (or “trust lists”) speak the same Trust
> Registry Query Protocol [trustoverip.github.io]
> <https://urldefense.com/v3/__https:/trustoverip.github.io/tswg-trust-registry-protocol/__;!!C8mu0vCj!dengyqk_LjFwMdp26C5txbNNmXdED8vmyEXMQ4kH96A5tScZWbXF6p9bcp-xjAeypUm3SDBVvjhPjAPx729Vd5MbeD7u-bLZ$>
> (TRQP), just like all DNS name servers speak the same protocol. But behind
> each TRQP endpoint, the authority for that trust registry can use any
> technology or source of authority they want.
>
>
>
> I hope this is helpful.
>
>
>
> Best,
>
>
>
> =Drummond
>
>
> ----------------------------------------- Please consider the environment
> before printing this e-mail -----------------------------------------
>
> CONFIDENTIALITY NOTICE: This message and any attached documents may
> contain confidential information from Hyland Software, Inc. The information
> is intended only for the use of the individual or entity named above. If
> the reader of this message is not the intended recipient, or an employee or
> agent responsible for the delivery of this message to the intended
> recipient, the reader is hereby notified that any dissemination,
> distribution or copying of this message or of any attached documents, or
> the taking of any action or omission to take any action in reliance on the
> contents of this message or of any attached documents, is strictly
> prohibited. If you have received this communication in error, please notify
> the sender immediately by e-mail or telephone, at +1 (440) 788-5000, and
> delete the original message immediately. Thank you.
>

Received on Sunday, 9 February 2025 20:46:57 UTC