[MINUTES] CCG Atlantic Weekly 2026-01-20 from meetings@w3c-ccg.org on 2026-01-20 (public-credentials@w3.org from January 2026)

From: <meetings@w3c-ccg.org>
Date: Tue, 20 Jan 2026 15:57:51 -0800
To: public-credentials@w3.org
Message-ID: <CA+ChqYd7s+Rvt+vdTcD6BuGJ7E7KUzLtqN4zDnH+i9AwKanocw@mail.gmail.com>
W3C Community Group Meeting Summary

*Date:* 2026/01/20 *Time:* 11:55 EST

*Attendees:* Benjamin Young, Brent Zundel, Dmitri Zagidulin, Drummond Reed,
Erica Connell, Geun-Hyung Kim, Greg Bernstein, Gregory Natran, Harrison
Tang, Ivan Dzheferov, JeffO - HumanOS, Jennie Meier, Kaliya Identity Woman,
Kayode Ezike, Mahmoud Alkhraishi, Otto Mora, Parth Bhatt, Phillip Long, Rob
Padula, Ted Thibodeau Jr, Will Abramson
------------------------------
Meeting Summary

Drummond Reed presented an in-depth overview of the First Person Project
and the Decentralized Trust Graph working group. The presentation focused
on the challenges and solutions related to proof of personhood, agenthood,
and building a decentralized trust ecosystem. Key concepts discussed
included Decentralized Identifiers (DIDs), Verifiable Credentials,
Verifiable Relationship Credentials (VRCs), and the role of Zero-Knowledge
Proofs (ZKPs) in privacy-preserving interactions. The discussion also
touched upon the application of these concepts to AI agents and the future
development of interoperable wallets and trust protocols.
------------------------------
Topics Covered

   - *Introduction to First Person Project and Decentralized Trust Graph:*
   Overview of the project's goals and its origin within the Linux Foundation.
   - *Proof of Personhood:* Discussion on the necessity of proving human
   identity, especially in the context of AI, and exploring solutions beyond
   biometrics.
   - *Decentralized Trust Graph (DTG):* Explanation of the DTG as a graph
   of trust relationships, analogous to a social graph, but focused on trust.
   - *Verifiable Credentials and DIDs:* The foundational role of DIDs and
   verifiable credentials in building the trust graph.
   - *Verifiable Relationship Credentials (VRCs):* The concept of VRCs as a
   new type of credential for establishing peer-to-peer trust relationships.
   - *Agenthood and AI Agents:* Applying the principles of identity and
   verifiable relationships to AI agents, enabling them to act on behalf of
   humans.
   - *Categories of DIDs:* Discussion on relationship DIDs, membership DIDs
   (mDIDs), and persona DIDs for managing identity and correlation.
   - *Credential Types in DTG:* Overview of edge credentials (VRCs,
   Verifiable Membership Credentials), annotation credentials (persona DIDs),
   and endorsement credentials.
   - *Interoperability and Trust Protocols:* The importance of
   interoperability and the role of protocols like DIDComm and trust protocols
   in enabling seamless communication.
   - *Linux Kernel Project Application:* Use case of the First Person
   Project for enhancing the Linux kernel's web of trust for developer
   contributions.
   - *Verifiable Trust Communities and Networks:* The concept of structured
   ecosystems for issuing and managing credentials.
   - *Future Development and Resources:* Information on ongoing work,
   available documentation, and task forces within the Decentralized Trust
   Graph working group.

------------------------------
Key Points

   - The First Person Project and the Decentralized Trust Graph working
   group are rapidly developing standards to address the proof of personhood
   and agenthood challenges.
   - DIDs and Verifiable Credentials are the core building blocks, with a
   focus on self-certifying DID methods.
   - Verifiable Relationship Credentials (VRCs) are crucial for
   establishing direct, cryptographically verifiable links between individuals
   or entities.
   - The concept of "agenthood" allows AI agents to have verifiable
   identities and relationships, controlled by a human or organization.
   - The project aims to avoid global biometric databases and prioritize
   privacy-preserving solutions through technologies like Zero-Knowledge
   Proofs (ZKPs).
   - Interoperability is a key goal, with efforts to define standard trust
   protocols and develop test suites.
   - The Linux kernel project's existing web of trust is a significant
   early use case for these new technologies, aiming to modernize and secure
   the contribution process.
   - The development of Verifiable Trust Communities and Networks is
   essential for scaling the issuance and management of credentials.
   - The project recognizes the need for human-readable data alongside
   machine-readable credentials to enhance user experience.
   - The DTG working group is actively developing a robust glossary and
   bootstrapping documentation to clarify concepts and guide implementation.
   - Collaboration with other initiatives, such as the Seros project and
   Dubdub wallet, is ongoing to promote interoperability and adoption.

Text:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-atlantic-weekly-2026-01-20.md

Video:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-atlantic-weekly-2026-01-20.mp4
*CCG Atlantic Weekly - 2026/01/20 11:55 EST - Transcript* *Attendees*

Benjamin Young, Brent Zundel, Dmitri Zagidulin, Drummond Reed, Erica
Connell, Geun-Hyung Kim, Greg Bernstein, Gregory Natran, Harrison Tang,
Ivan Dzheferov, JeffO - HumanOS, Jennie Meier, Kaliya Identity Woman,
Kayode Ezike, Mahmoud Alkhraishi, Otto Mora, Parth Bhatt, Phillip Long, Rob
Padula, Ted Thibodeau Jr, Will Abramson
*Transcript*

Drummond Reed: says, "Dr. for some reason opened the browser." So, I'm
going to rejoin via the Google Meet app. I'll be right back.

Mahmoud Alkhraishi: Hello We're going to be starting in three minutes.

Mahmoud Alkhraishi: All right, looks like we've had people joining us
tapering off. So, let's just get started. thank you everyone for joining
us. It's January 20th, and welcome to the CCG call. As a reminder, we have
a code of ethics and professional conduct. Please make sure that you review
it and you adhere to it. We are quite happy with how everything has been
going recently and we would love for it to continue. IP note, anyone can
participate in these calls. All substantive contributions to the CCG must
have signed the full IPR agreements. And do we have any announcements today
before we get started?

Mahmoud Alkhraishi: Does anyone have anything they'd like to share? All
right. hearing none, Drummond, would you mind if you just quickly introduce
yourself and what you're going to be talking about?

Drummond Reed: Yeah, Happily. Can you hear me? Just double checking to make
sure my sound's good.

Mahmoud Alkhraishi: Yes, we hear you.

Drummond Reed: Very happy to be here. sorry I only occasionally am able to
make CCG calls. I try whenever I can and I do listen to a lot of the
recordings because this is an amazing amazing group. It always has been. so
as of this year I think it's 34 years working in this space. I know that
sounds like a very long time but it's been a very long journey. if folks
are familiar with the internet identity workshop event that happens every
six months. The next one is number 42 in April and I've been to every
single one of those. so we're going on the end of 21 years. yeah, there's
Kalia right there.
00:05:00

Drummond Reed: who has also been to every one of them. and I have to say it
is not only the most amazing event that's help driven the whole way forward
but it's totally infected all the events that I try and organize now I
lobbyed it to OpenSpace the way I've learned it at IW. so that's a plug for
that event and the other IW inspired events that are happening. Kalia has
probably shared those or can put them in the chat because there's DICE is
coming up again I think in June if I'm remember correctly. Anyway, been all
those and helped author a book on self-s sovereign identity in 2021.

Drummond Reed: was a co-editor of the W3C DIDS spec. thank you. it's I must
say I'm going to talk about DIDs a lot today because DIDs are the very
heart of the subject I'm going to be talking about what we're doing with
firstperson project and the decentralized trust graph working group which
I'm going to say right up front is a joint working group of trust and the
decentralized identity foundation diff both of those organizations as
you're probably aware are u

Drummond Reed: under part of the Linux Foundation. Trust RP is now actually
a project under LFD decentralized trust and decentralized identity
foundation is its own standalone project. We collaborate a lot and on this
particular Decentralized Trustcraft working group. we're a joint working
group. We have a bunch of folks from both organizations. and it's and I'll
say right up front what I'm going to talk about. This is the fastest moving
standards effort in the history of my 33 years in the industry. It is I
mean things like trust and diff are emerging standards organizations like
CCG we can move for pretty fast compared to the processes of a full W3C
working group or ITF working group or ISO or that kind of stuff. but this
is just going at blazing speed because there's huge interest in this topic.

Drummond Reed: so that's a prelim. if there are not any questions about
that, I'm happy to dive in and share an update to the last time we were
here, which I think we were mostly talking about IRA and trust registries
and sort of the birth of the first person project. and today I'm ready to
go much deeper into it if that's what folks would like to Cool. then I will
share my screen if everything works properly here. I have to go to it is a
Chrome tab but I've got to pick out which one should be that one All right.
Hit share on that. And Go to full screen. One second there.

Drummond Reed: That's interesting. That's how it goes to fall. is this
showing? Okay. You can see the screen well enough.

Mahmoud Alkhraishi: Yes.

Drummond Reed: All I have fair amount of content to share here. I'm happy
if it's not going to be easy to see the way it's displaying right now. I
won't see the hands or comments. So, please just interrupt me if anyone has
a question as we go along and hopefully should be plenty of time for
questions at the end. so, I'm going to drive towards explaining how the
first person project and first person identity as people refer to it
ultimately applies to AI agents. which is obviously a very hot topic and
one that has become very relevant to what we're doing, the first person
project.

Drummond Reed: but in order to do that I first have to explain are we
actually doing the first person project so I can understand why it's
relevant in that way and that's what I'll try and do as quickly as I can.
So I always love the name of this thing and I put this right up front. if
you want a copy of this deck, it's a Google slides deck available to
anyone. just grab that right now. In fact, boy, I'm suddenly thinking I
hope I made the deck public. if for any reason that doesn't work and I'd
forgotten to make it public, I will do that. I'm pretty sure I did. or
someone could just tell me and I will do that. Anyway, I have other QR
codes in the deck itself. You can always snap those directly, but if you
get the whole deck, you get all of this stuff. And I'll say right up front,
a lot of what's covered in here is covered in much greater depth in the
FirstPerson project white paper that we put out last September.
00:10:00

Drummond Reed: we've done one new version and we're working on the second
one. It should be ready later this week. we're just updating it as the
space evolves and this next update will have several updates related to
what I'm going to cover here today with progress in the decentralized trust
working group. which I'm going to abbreviate in this DTG if you hear me say
that in the rest of the presentation. DTG is decentralized trust. Very high
level. what are we all about? this is our one slide description.

Drummond Reed: what is the main thing we're doing here is trying to come up
with an answer to this question the whole problem of proof of personhood
and what happened was once and I'll explain how we got started down that
road is once we looked at the overall solution of decentralized trust graph
we realized that we were also laying the foundation for this second problem
how do you prove that a personal AI agent is acting on your behalf as a
real person. So, as you'll see, that's led to the idea of agenthood and,
I'll talk about that's where I'm driving with the whole thing is to talk
about agenthood. And this all originated, not at one, but across work going
on at all four of these different projects at the Linux Foundation. the one
I haven't mentioned so far is Open Wallet Foundation.

Drummond Reed: That's where some of the relevant code digital wallets are
and credentials the heart of solving this. So all four of these are
involved but this is not just a Linux foundation thing either. one of the
reason I love being here at CCG is you're working on and have been working
on key pieces of the puzzle as is W3C. the active discussion on did cell if
it's pronounced that way CL cryptographic event log that's a particular
approach to self-certifying identifiers which we absolutely love at trust
of RP we have a task force called bidskid for self-certifying identifiers
so we strongly believe that's the right direction and that's what we're
planning to use in the first person project so many others

Drummond Reed: folks are going to be involved. But I just sort of
originated here now. why is the Linux Foundation the first customer? I want
to explain this because it explains a lot about how the project's evolved
and where it's going. And this is Jim Zlin giving the keynote address at
the Lim Foundation member summit last March. the next one's coming up at
the end of February in the same location the Silverado Resort in Napa,
California. but you can see the title of his opening keynote there. and we
knew he was going to talk about this but I was sitting in the front row and
we had a workshop planned that he was going to be leading the next day on
first-person credentials. We didn't realize he was going to devote his
whole keynote to that topic.

Drummond Reed: He started with the story of the XZ attack which if you're
not familiar with it, I highly recommend this Wired magazine story. It
basically became very close to being the worst malware attack ever. because
it was on a core utility of the Linux DRO and had it been successful, had
it not been detected by a ciduous developer at Microsoft, it would have
been the worst backdoor, distribution ever. And this scared the pants out
of Jim and the Linux Foundation, the projects there. And it's one of the
reasons they said, "Hey, we need to turn Hyperledger to LFD decentralized
trust."

Drummond Reed: and this was his next slide. He then turned around because
he'd been briefed on first person project for the last couple months said,
"Yeah, we need to do this." And these are and then he went on to say we'd
given him this slide. This is part of our deck explaining what we're doing
and I'll talk more about this later and then he concluded why should we
start with open source projects to invest in this kind of infrastructure
and he had a very impassioned set of reasons these are all just slide
pictures I took with my iPhone of his slide sitting in the front deck and
he felt that open source has these values permissionless entry and
worldwide participation that are super important and if they start to get
eroded either
00:15:00

Drummond Reed: by malware or by the AI agents now being used for a lot of
coding jobs and contributing directly to repos. If they started to degrade
the trust, it could be an existential threat to the entire industry. So he
not only on this slide made it clear where he wanted to start, he was
explicit. He wanted us to start a first-person project which is all
volunteer at that point has been up until literally a few days ago with the
Linux kernel and my jaw was on the floor at that point. It's like what he
wants us to start with the most valuable open source project in the world.
Turns out there are good reasons for it which I'll talk on a little bit
later.

Drummond Reed: And then this was his last slide that we had again part of
the deck we'd used to brief the LF management team. To successfully solve
this problem, we not only need capabilities in wallets, we need a
particular family of credentials that I'll talk about today and systems
adopting this. in fact, we've developed a term that I'm going to use
throughout this presentation called a verifiable trust community. And
that's a very specific kind of ecosystem that participates on the
decentralized trust graph. So we need all three of these. And this through
line we drew says and we must have interoperability. we need a solution out
there that does not face the interop problems that we have in so much of
SSI today.

Drummond Reed: we've made a lot of progress, a lot of pieces, but those
pieces don't fit together into something that really scales and has strong
network effects. And we feel that at least in this area, we can solve that
problem if we can get all three lined up. So, again, I'm happy to at these
chapter headings stop and Tell me if there are any questions that have come
up something that someone wants me to address. If not, I will go on to the
next part. All right. So, what's the answer? Yes, this is a proof of
personhood problem. and as long as I've been in this industry, I think it
is the oldest and hardest problem Our whole motivation was to solve it
without using any form of global biometric database. which meant not using
one of these.

Drummond Reed: And if you don't recognize that I'm not going to say
anything further. It's just a particular effort in the space that has
privacy implications that just have scared the pants out of a bunch of us.
but the one thing I can say is it did massively what it represents is the
tremendous interest in as Genai takes off so hard it's put a huge spotlight
on the proof of personhood problem and said we have to solve it if we're
going to be able to distinguish between humans and AI agents between human
AI generated content we need a solution and the fact

Drummond Reed: that Sam Alman at OpenAI is the co-investor of this project
and the orb tells you how important it is to that group but we need a
solution that doesn't use that and turns out the heart of that solution was
in this wonderful paper that I don't know how many folks on this call here
were actually co-authors I can't see the list right now but I know that a
number of

Drummond Reed: that are active in CCG were contributors to this paper. just
as far as I'm concerned changed the game in terms of proof of personhood
when it came out. the folks in the yellow highlights were authors of the
paper that attended DARPA had a personhood workshop in Orlando February of
last year, so just under a year ago. and those four people Stephen Adler
gave the keynote there on the whole premise of the paper which you can
summarize and I highly recommend at least reading the executive summary.
It's about four and a half pages has a great infographic but in that
executive summary it really says it comes down to these two key elements.

Drummond Reed: to verifiable credentials, zero knowledge proofs, and if
designed to do what that paper said, then we could get there. I don't need
to talk to anyone here about the trust triangle, the other upper half of
this what at trust or pee we call the governance diamond which you often
need to scale it. I will point out that scaling usually requires some
solution to what is often a trust registries or trust list. It's not the
only way to do that, but it is a widely implemented way. At Trust IP, we've
been developing the trust query protocol for four years. It's just
finishing its public review for 2.0.
00:20:00

Drummond Reed: So, we're very very bullish on that solution being able to
scale verifiable credential ecosystems, digital trust ecosystems. so the
essence from the standpoint of these credentials of what the PhD paper I'm
just going to use that initials for personhood credentials comes down to
this. every verifiable trust community that adopts governance to say we
will issue those credentials exactly one per human in our community.

Drummond Reed: that's the essence of what PhDs do and the paper does not
say how do you go do this. It doesn't have schemas for person with
credentials and it doesn't have a governance system or a design for a
network of issuers to do this. but that is what the paper basically says
this is what we think is needed. why these are the potential risks that
need to be addressed and mitigated and we're hoping folks go out and do
this and that's what the first person project was all about. the reason it
took off starting really is because over at trust IP which started in 2020
we had been working on call it related aspects of the problem.

Drummond Reed: So when that paper came out, we already had an effort going
around in the direction of proof of personhood. And what we saw was that
personhood credentials were one of a family of verifiable credentials that
could be used to build what we call a decentralized trust graph. all three
of those words it is a raph very much like a social graph. However, they're
about trust relationships, not social relationships. And the key is can we
make it decentralized? There is no centralized root node. It is like the
internet or arguably even more decentralized than the internet. because
it's all bids at the core. So our perspective was that in addition to PHC's
there was a second fundamental new type of credential for peer trust
relationships.

Drummond Reed: And they're actually pairs of credentials that we call
verifiable relationship credentials or VRC's. And since this is the heart
of what makes up the decentralized trust graph and what will power this the
first person network I'm sharing this we had several sessions on this at
the spring the April IW of last year and Phil Windley who is a co-founder
of IW wrote this great blog post that really goes into a lot of more detail
than what I cover here today. So, I just wanted to highlight that.

Drummond Reed: but quickest my favorite way to describe what are you really
doing with first-person credentials and I mean with verifiable relation
credentials and why this is particularly relevant not to the Linux kernel
project is the way that Jim Zlin put it in his keynote address at the Linux
Foundation member summit last Jim characterized it this way. They are the
ultimate instant key signing party. the whole idea of key signing parties
emerged with Phil Zimmerman and PGP I guess we're talking 30 years ago now.

Drummond Reed: And the Linux kernel today still it's now GNU privacy guard
is the GPG implementation of PGP and the Linux kernel has roughly 65
developers and to become a direct contributor to the Linux kernel your GBG
excuse GPG keys must be signed by two other members of that web address.
00:25:00

Drummond Reed: It is a classic web of trust. It's all based on the GPG code
that apparently is not getting very well maintained. It's a manual process.
There's one person on the Linux kernel team that works for the Linux
Foundation that has to maintain that. and so what they saw with what we're
describing with first person credential decentralized trust graph was a way
to modernize this whole thing, automate it and make it basically even more
secure and more privacy preserving. so I'm going to show you the exact
slides. once he used that analogy, in his opening keynote, we created the
following slides. We actually created animated versions of them. I'm not
going to do that. We don't have time here today, but I'm going to show you
exactly how that works so you understand the core DNA that we're after.
this is part one of the two parts.

Drummond Reed: and in this particular case, we're showing a person-toperson
relationship in a ceremony that is essentially the same thing you would go
through if you're going to form a contact on LinkedIn or WhatsApp or Signal
or Telegram. in fact, the only popular chat app that doesn't support R
codebased contact or relationship formation is iMessage because Apple wants
you to do it with their bump whatever that feature is but everyone else
does it with QR codes.

Drummond Reed: And whenever you're doing that with one of those apps on one
of those networks, the connection you're forming is on that network, I
can't tell you how many people I tend I use it all the time. I form a
signal connection with someone and then I need to send them a calendar
invite, And I'm like, okay, what's your email address? it's a
networkspecific connection. What we're talking about here is a wallet
towallet or we tend to use the term agent wallet because we need to talk
about the functionality wrapped around the wallet. So that will end up
being directly between Bob and Alice with no inter intermediary no specific
network. It is literally owned by the two of them. how do you do that? Of
course you do it with ds and did doc exchange.

Drummond Reed: In this case, Alice shows the QR code to Bob who scans it,
says yes, I want the relationship. Bob's wallet has either generates a key
pair or has pre-generated key pair. we're recommending a self-certifying
identifier. So, it can generate the associated doc and share that back with
Alice at the network address that she shared. And of course, be could be
whatever to get that back to Alice. She verifies that and Bob's signature
on that and then she does the same thing in and to reciprocate with What
they have done there it's just a key exchange and did exchange but they've
created a new private channel with pairwise on either side that they can
now use for anything any kind of secure private confidential communication
that they want to make between each other.

Drummond Reed: that does not yet set up It just sets up this channel at the
top you see in pink. Now we're going to do the verifiable credential
exchange which is also probably pretty straightforward. So first once
Alice's did dock is back and verified. Bob's agent will create this. This
is very simple blueprint. we now have actual schema proposals in the
decentralized trustcraft working group but the essence of it is the pair of
ds a date stamp and a signature that's a verifiable relation credential
that Bob creates and issues to Alice verifies the signature everything's
good she does the same thing to reciprocate to Bob checks that signature
now they have just exchanged this is the end of the key signing party

Drummond Reed: because they now exchanged signed credentials for of each
other's dits. That's the essence of a VRC. And that gets us partway into
the story. I have I think two or three more chapters to go. Again, just
going to stop and see while I'm on this. Are there any key questions or
burning issues around this? Again, I can't see the hands chat. No, that's a
very good question…

Otto Mora: Drummond, who says that Alice or Bob are humans besides they
themselves asserting it? is there a root prior to that or is this just over
time you build up enough of these where it becomes undisputable that is a
person?
00:30:00

Drummond Reed: which leads right into this slide.

Drummond Reed: So what we saw sort of the big a for us that were working on
this at trust over AP when the person with credentials paper came out we're
like it's not one or the other it's both what you get if you think of this
as you're building a graph okay and you're building a graph where there
essentially from the standpoint of a trust standpoint the root nodes are
any issuer of a personhood credential right anywhere

Drummond Reed: literally obviously any professional association, any online
group even but that actually says we have governance such that others can
rely on the fact that we issue personal credentials according to the
requirements in that paper and again I refer to that 63page paper as going
deep into what are the actual crimes we're doing. But it just comes down to
those issuers are the ones that establish both it's a real human and it's
unique in their scope. It's not globally unique.

Drummond Reed: So I think the average person will end up with I don't know
it could be at least a dozen personhood credentials from different
community verifiable trust communities they're part of right a company a
university a school obviously government once we get to that point although
a notary could produce a personhood credential on behalf from a passport or
government ID document if you trust that notary to be in that THC issuer
role.

Drummond Reed: So it's that credential that produces the proof of
personally being unique and then VRC's are only counted towards a trust
graph if you can produce a ZKP proof that you both have personhood
credentials and that's what makes or the unique personhood credential in
this community that Bob and Alice issued means they can have one verifiable
trust relationship. They can't just create, a thousand VRC's to try and
They have a thousand relationships because they can only prove one
relationship with the PHC in that community. Does that help answer your
question?

Otto Mora: So I guess knowing who the issuer of that personal credential
matters I guess or has some weight to it, right? One university may be more
reputable than another and a person may be more reputable than others.

Otto Mora: The CKP seems to be like more I have enough of these from a
given set of people.

Drummond Reed: Yes. Yes,…

Drummond Reed: that is exactly and they talk about that in the personial
paper that the ZKP is how you don't have to reveal what relationships you
have, but that you have up to a threshold of either PHC's or verifiable
relationships within those PHC communities. we cover that in more depth in
the first person project white paper. but that ZKP capability is critical.
I don't have any slides about it, but if folks are familiar with the
SiOros, ation New Swedish Foundation founded just under a year ago. that's
developing the Dub worldwide wallet.

Drummond Reed: and to meet the EU standards and once as I understand it's
already six member states have committed to certifying that wallet. Leaf
Johansson recently was announced as the new executive director for Seros.
He is committed and we're already collaborating with him on getting to a
ZKP architecture that will support this. they want to be able to use the
same thing for the EU DID credentials. So that ZKP is a really key piece.
It's one of the remaining hard problems in the space. Anyone on this call
that's interested in that, please feel free to get in touch with me because
we're trying to get sort of critical mass together around that problem. But
yeah, that is a really key piece of it.

Drummond Reed: And to your point, how do you actually scale the issuers
that do meet those requirements that you can rely on? That is what we call
verifiable trust network. And that's exactly what the first person project
has spawned the first person cooperative to develop the first person
network. And that network is a network of these issuers that will meet
those governance requirements. it's taking what's in the personal
credentials paper and saying, how do we actually make this a real thing
that can scale? that's a hard problem we're working on.
00:35:00

Otto Mora: Hello.

Drummond Reed: All I want to make a couple last points.

Drummond Reed: So once we started the work of the decentralized trustcraft
working group which launched last September like I said things have been
moving really fast and clarity's been coming in several areas a little
which I can show you and otherwise you can get pointers to everything else
we've got either between the first person white paper or the decentralized
trust graph repos. But first thing I want to talk about is we realize there
are a couple essentially categories of DIDs. They're not different methods.
we think all this can be done with self-certifying DID methods is what
we're recommending and did sell may end out.

Drummond Reed: I love the fact that the did sell and did webv dialogue is
going on so robustly right now because there is going to be I think the
successor to did web that's actually both secure and very scalable and very
decentralized. But regardless of the DID method there these different types
of DIDs and the DIDs we talked about before we call relationship DIDs. the
ones that Bob and Alice exchanged that are just used to-peer. They're not
intended to pro any correlation at all. But of course, you need to have
what we call intentional correlation in order to prove you are within a
group or across groups of any kind of level trust communities.

Drummond Reed: So for that we said we need to really think about not just
key management but did management in what we call sovereign wallet. And so
this bottom category of relationship did or dids for short those are the
ones that are automatically created and used in every relationship you
create on the decentralized trust graph. And as I said, they won't just be
verifiable trust community. We'll get to person to agent. but when you join
a community, when you need to be able to show I am a member of this
community and you can recognize me as a member of that community, that's a
second category we call membership ds or mdids.

Drummond Reed: And when you have joined, you get a person withhood
credential. That's when you're sharing an M did with that community. and
the other members of that community can recognize you by That is
community-based correlation. Then of course you go all the way up to all
right I want to have a persona that I control where it's shared. It might
be a private persona that I only share in certain circumstances or a public
persona that I have as a blogger, an artist or any form a politician, right?

Drummond Reed: anything where you're saying I need to have a public persona
as I might have for instance LinkedIn or blog or a social network but you
can have again as many as you want and it's important because these are
based personas they can be synonymous you can take an artist like Banksy
and Banksy would be able to digitally assert and sign his works without
having to share while Sting's pseudony anonymous. So we've recognized we
have these three core, basically uses or categorizations of DIDs that can
all be the same DID method behind them. It's how it's being used and
managed in your sovereign agent, that gives you this persona control. And
now I'm going to get right down to where we've gone in the decentralized
trust group.

Drummond Reed: This is a diagram from you'll see it in what we call the DTG
glossery that we're creating. That's a QR code if you just want to go
straight to that Google doc that we're working on. it's going to go into
GitHub shortly. We're just developing it as a Google doc. And you can see
we've got these three categories of credentials. So this first category
these we call the edge credentials because they define the actual edges in
the decentralized trust graph and as we talked about verifiable
relationship credential that's what uses our S verifiable membership
credential is how you prove your members. So what happens is a PHC is a
specific kind of Mid.
00:40:00

Drummond Reed: it's a verifiable membership credential issued by a trust
community that is trusted to issue a person with credentials. What we
realized as we were doing this is you can have other kinds of verifiable
trust networks that have other requirements for membership and personhood
credential network It's a very important kind but it's just one kind of
that. So there are many other uses for a decentralized trust graph. So
these define the edges in the graph. These next category are annotations on
those edges. And what we realized is that persona management is an
annotation. Once you have a relationship you can share and that's what we
call the persona dids are for. it's a separate credential.

Drummond Reed: So, I could form a relationship with, Otto, for instance,
and then say, "Hey, Otto, we're having great I want to pull you over into
some, political discussion. I could share my political persona with Otto
and he could decide not to share other personas of his. So, those now can
be managed as separate credentials. you can say the UX is not trivial but
there are already folks that are working on that. So that's where the
petids come in. Now the last credential that I'm going to talk about I
don't have time to go. Invitation credentials by the way are how you
actually grow a trust community by members inviting other members if you
choose to do it that way.

Drummond Reed: the last one I'm going to talk about is verifiable
endorsement credentials because the decentralized trust graph by itself is
not a reputation system right it's just a trust graph but if you want to
add reputation you can do that and that got the name this is wrong that's
supposed to be verifiable endorsement credential but I was creating this
slide last night and popped in I'll fix

Drummond Reed: that verifiable endorsement credential and this is what that
looks like if you take this again this is just example of the same way Bob
would issue a VRC to Alice now that uses art is as I pointed out that's
just a private pair wise okay we have a relationship that's just between
the two of us but if Bob and Alice exchange personas so that if Bob issues
a verifiable endorsement credential to Alice it's actually from a persona
of Bob's that can be verified by whoever she wants to show that to and it's
issued to a persona of Alice's that Alice wants is willing to take those
endorsements against. This is an extremely simple form of reputation called
vouching. I was involved in a social vouching project about 15 years ago
that this actually proved to be very viral.

Drummond Reed: as soon as you get a reputation there's all kinds of
challenges. So proposing there's no global reputation system here. This is
just a type of type of a mechanism for cryptographically verifiable
endorsements that can be used within a verifiable trust community. One of
the reasons we illustrated here is guess who wants to use that starting
with the Linux kernel project. They want developers to be able to vouch for
other developers as an enhancement to the web of trust they have today. So
I think it's not actually a credential type. One more thing I want to talk
about before I get to agents and that is all these things going back and
forth between Alice and Bob right now. They're all machine readable data.
These are to Wallace. there's no real human friendly content in there.

Drummond Reed: And of course, you need that when you connect to someone
else on a network. I love it when you connect on WeChat, because so many of
my contacts there are in Chinese. They have a ceremony where the first
thing you do is you type in, name and a couple other human friendly
addresses so who you've made your connection with a decentralized trust
graph and first person credentials, we can now automate that process in
sharing something that does not have to be a credential. It's simply what
we call a verifiable data structure. It could be and there's already a
proposal to just wrap the arc card in a verifiable credential. But in any
case, it can be shared by Bob with Alice and of course vice versa.

Drummond Reed: as the third step, you share the digs, you establish the
VRC, and then Bob and Alice choose one or more RC cards that establish the
information they want to share. Of course, they can be associated with the
personas that they want to share. So, again, one of the reasons we think of
it as a verifiable data structure is it's dynamic. as they change. These
can all be essentially subscriptions and you can just see pro protocol
message from agent to agent. Here's an updated arcart, it's slots right in.
We'll finally have the self-updating address books that people have talked
about for years.
00:45:00

Drummond Reed: All right, I'm going to wrap up with the last piece is okay,
now that you understand hopefully what first person identity is about. that
people use that term. I'm like it's really, as much decentralized trust
graph presence as anything else. let's talk about How does the model apply
to AI agents? And it's really pretty straightforward. as important it is
for a person to have cryptographically verifiable relationships between
each other and with communities that can happen with AI agents and what it
looks just the same way this is literally the same diagram with a few names
changed because establishing that relationship that's again
cryptographically verifiable both parties can prove that to any other party
they have this relationship this does not tackle

Drummond Reed: Okay, how do we actually delegate what that agent can do?
That's a whole another subject. But the agent now has identity. It has a
verifiable relationships and a controller that can prove that they have
control of that agent. this has been one of the major things that folks are
going. Okay, now we have a way that we can have people proof of personhood,
privacy preserving identity and agents with agenthood and proof of who is
in a control position and that's what folks are excited about. So I will
wrap up here just by this is my epic slide. I wanted to quickly show you
that there is a company in the space I don't know how active they are in
CCG called Affinity. they've been in the SSI space for a long time.

Drummond Reed: this is a diagram that they've produced showing how they see
this whole process of agthood working with the idea that in this gray box
you've got a AI infrastructure provider often called AI agent provider who
says yeah I provide AI agents in this case to enterprise customers but you
could do a similar version of this for individuals and that they envision
the process this way. The enterprise says, "Hey, I want an AI agent to be
provisioned." They go through a provisioning process and the agent receives
both the DIDs we talked for identity and the credentials about its
capabilities. And once that is provisioned, the details go back to the
enterprise.

Drummond Reed: The enterprise then together with the endpoint to
communicate with the agent. the enterprise checks that in step three here
says show me your credentials and the agent responds back with the
credentials. The enterprise next says okay I'm going to verify those
against the trust registry of agents by that agent r. Everything checks
out. They verified it. the enterprise says, "Okay, I know you're a valid
agent provisioned by this provider. I'm now going to issue you the
credentials you need to operate on my behalf." And once they've done that,
then now that trusted agent is registered in their own trust registry as an
agent that can act on behalf of that enterprise.

Drummond Reed: So you could see how this whole thing of agenthood fits
right into agent workflows. And Affinity, I've already seen the app. I'm
going to see a new version of it next week. they have an app. It uses for
all of these communications. And the cool thing is in that app can interact
with humans and agents in exactly the same interface. you can create groups
of any combination of humans and agents. and it's not theoretical. It's
working. I think they're going to have it on the market later this year.
And in fact, they're going to show a version of it at this event. That's
the last thing I'm going to share with you at the first event that I'm
aware of that's focused entirely on u personhood and agenthood.
00:50:00

Drummond Reed: It's the day before the Linux Foundation member summit which
is 24th and 25th same location Silverado Resort Napa California. I don't
have a QR code but if you just search summit on human agency you'll go
right there and it is the Linux Foundation member summit which is only
available limit members it is you have to apply if you're interested in
this topic and you're available I strongly recommend it. We got an amazing
set of speakers that have been lined up there. Clay Shery is going to give
the keynote. Jim Zamlin's going to give it a keed up. So, last thing I'm
going to say is just if you're interested in any of this decentralized
trough graph working group, we started these actually one other task force
on risk assessment harms prevention, but these are the task forces we're
working on. that's a QR code to go to the homepage for that working group.
I have another one for the first person project white paper.

Drummond Reed: And then lastly for we have mail list and that is it and I
guess we have about 10 minutes for questions.

Mahmoud Alkhraishi: Thank you, Drummond. Any questions from anyone? T.

Ted Thibodeau Jr: Yeah, I'd just like to get that slide deck link in the
chat as a URL.

Ted Thibodeau Jr: QR codes are great, but they're not as easy as everybody
wants them to be.

Drummond Reed: You've got it.

Drummond Reed: Give me just a second and I actually can double check and
make sure this is public. don't let me fix this right now. because yeah,
typical I made a copy of this deck and forgot I'm making it wide open right
now. In fact, I'm going to make it and the comment capability. And here's
the link. And I'll put it in the chat. One second. Here we There you go.

Mahmoud Alkhraishi: Auto. I think a lot.

Otto Mora: Yeah. No, congratulations, Drama. Amazing work. I mean, I could
see so many good things coming out of this. Especially love the mention of
the biometrics heavy project that will not mention here, but that I agree
is very harmful out there. also I had spoken to Jeff Turk about this and if
you guys want to collaborate with us at diff we have this community schemas
repo which if you want to host your schema there you're welcome to do it
and I think would be great as well. And we can also talk about
standardizing the members in the credential schemas repo perhaps in the
future which I think would be really cool as well.

Otto Mora: But also just wondering so in the Linux Foundation type of
example you have enough of these Linux core developers let's say that
there's a trusted circle of Linux core developers maybe 15 of them would I
need to have let's say at least five or let's say three of those Linux core
developers giving me that backing of you're a trusted developer you're okay
to commit changes into the Linux kernel core. how would I know that I have
a credential from that set of limited people,…

Otto Mora: trusted people versus just any person or is that part of the set
KP details?

Drummond Reed: It's …

Drummond Reed: it's such a great question. I'm putting in links to two
active they're currently Google Docs just because they've been evolving
very quickly, but then they're going to be going into the DTG credentials
task force repos and one is the glossery of the terms I was using. We found
that we need a pretty robust glossery to be very specific about things like
verifiable trust communities, verifiable trust networks. but the second one
auto is once we had sort of worked out what the Lego blocks were that set
of seven credentials you saw there.

Drummond Reed: the test could we explain step very very precisely exactly
how verifiable trust community bootstrap itself would start up right and it
wasn't an abstract process because the folks asking the questions were the
ones working on the Linux kernel project it's called the Linux kernel
maintainer verification project LKMV they were saying okay we got the
credentials they've actually been implemented they've been following the
schema work
00:55:00

Drummond Reed: and implementing them in Rust and they're okay but now we
have to give instructions to the developers working with the person that
current currently maintains the GPG web of trust and they're saying okay
how do we actually bootstrap this thing so we wrote this document it's
about 15 pages it just goes step through four phases of how you grow a
community now that is explicitly we put in a big note it's

Drummond Reed: web of trust model but we explain all communities follow
their own policies so your question of how many relationships do you need
to qualify for things that's up to the community you see what I'm saying
the rules in a corporation small or large veus cooperative versus an online
social group it's all policydriven

Drummond Reed: And the building blocks of the graph are the same. This is
where we're going, it's ds to the core, but how you turn around and make
decisions about trusting or membership or that's all based on your own
policies for building up the community and then what proofs you want
against the trust graph and the reason for ZKP is to allow those proofs to
be privacy preserving when they need to be. that's the point that I think
the person with credential makes so well is if you're going to standardize
on how you can have those credentials, you absolutely have to have them to
be privacy preserving. but in certain communities, of course, as an
employee in a company, you're going to need to be identify yourself in many
cases as an employee as but that's something that's always if you have ZKP,
you can always reveal the data. You just don't have to reveal the data.

Drummond Reed: So I highly recom I love by the way you can comment on those
documents. this is glossery and the bootstrapping process are great ways to
really wrap your head around this stuff.

Otto Mora: Awesome. Thank you.

Phillip Long: Drummond. Yes,…

Drummond Reed: I think Phillip Yes.

Phillip Long: Drummond. Nice to hear I'm still a little con. You were
talking about obviously the importance of the interoperability of these
various components. And the question that I'm not clear on is it looks as
though there's a bunch of services that the wallets that you're talking
about that manage these particular kinds of credentials are going to need
to have in order to take advantage of them. And I'm not clear on what are
the minimum protocol requirements that the wallets needs to have to
exchange things. is DIDCOM the framework that you're using? And secondly,
in order to use them what are these additional services that are presubly
con contemporary wallets for verifiable credential management,…

Phillip Long: for example, likely lack?

Drummond Reed: absolutely excellent question and…

Drummond Reed: you're quite right. The next stage as we want to get out the
DTG credential spec and get that into working draft and implementation
draft our goal is to do that this quarter because as I said there are
already implementations so we want to get squared up there. The next step
will be what at trust over P I know we call trust house protocols can run
over any transport that will carry them. deadcom is currently the default
and being used out there and of course it is a major product of diff and
folks like affinity are using it and scaling it very nicely and there are
many others in that space that are doing that.

Drummond Reed: They're not the only ones. at Trust IP, you're probably
aware we've been working on the trust bending protocol. Lot of call it
overlap or similarities. it's …

Phillip Long: They change.

Drummond Reed: a different layering than didcom, but in the end they both
accomplish the same thing. did confidential exchange. So trust protocols
all use that private channel and you're absolutely right.

Drummond Reed: There are certain trust house protocols and that's the next
step that's in the charter for the DTG working group to say here's the
trust house protocols and the key thing we'll be after especially the first
person project and the first cooperative is interoperability test suites so
that if a community says we want to join we're going to say that's
fantastic you've got the governance now make sure that you have your trust
registry you pass the owner for the test suites just like it works with
anything else that you want to scale a network effect so, we've got a lot
of work in front of us.
01:00:00

Drummond Reed: We're only just started down the road, but that's the next
stage of what we'll need to do, Phil.

Phillip Long: Got it.

Phillip Long: So, we're in the process of architecting a credential wallet
for the US Chamber of Commerce Foundation and a web wallet. And the
question, I guess, will be how soon is enough detail available to consider
that in the design work that will start in the next couple of weeks
actually.

Drummond Reed: Hopefully happy to have an offline discussion about that
just to see,…

Drummond Reed: how quickly things can line up. I know, for example, I was
only exposed to the Seros project and Dubdub wallet, their effort starting
at the last IW. but they are super leaning into those same things. if Yeah,
definitely. org is again I wasn't aware of them until IW, but the only
wallet I'm aware of that's already essentially as as of IW six member
states that said we're going to certify that wallet. So they've got some
really good innovative features and…

Phillip Long: Mhm. We need to look at them.

Phillip Long: Thank you.

Drummond Reed: we're going to collaborate with them on the ZKP architecture.

Drummond Reed: So, anyone else who's interested in that, definitely get in
touch with the Seros folks. and by the way, anyone interested in anything
about the first person project, as I said, there's the main list. I think
there it is. I put the link in for that as well. And, we have established
First Cooperative is still fledgling, but we're going to start growing it
up. We've just got our first tiny bit of funding for it. we hope to get
more funding going into Q2. so I happy to come back and…

Drummond Reed: provide reports as often as you want to have us Thanks so
much.

Mahmoud Alkhraishi: Thank you,…

Mahmoud Alkhraishi: Thank you everyone for your questions. I'm just going
to jump in here just because we're at time. this was an absolutely
wonderful presentation. Very appreciated and I mean, I guess drums dropped
in some places where you can reach out to him and please feel free. Thank
you everyone and talk to you all soon. Have a great rest of your day.

Drummond Reed: Thanks everyone. You bet. Bye-bye.
Meeting ended after 01:02:46 👋

*This editable transcript was computer generated and might contain errors.
People can also change the text after it was created.*
Received on Tuesday, 20 January 2026 23:58:00 UTC