W3C home > Mailing lists > Public > public-interledger@w3.org > November 2015

Re: Identity and the need for security

From: Evan Schwartz <evan@ripple.com>
Date: Thu, 5 Nov 2015 09:44:33 +1100
Message-ID: <CAONA2jXSQhEMwHEDR9Kjo8T1pYjXXDkaUfVoBaYCGjHKaUXMgw@mail.gmail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: Adrian Hope-Bailie <adrian@hopebailie.com>, Interledger Community Group <public-interledger@w3.org>
>
> does the interledger network disrupts all the other payment schemes, and
> any participant should go on board as soon as possible, whatever the
> development cost, or does it offer getways to the existing schemes and
> makes its way smoothly among them...?


Integrating ILP should be as easy as possible for any ledger, from banks,
to Bitcoin, to payment service providers. Each should be able to use their
current protocols for interacting with their ledgers, though some will need
to add cryptographic escrow support.

There is more work to be done around identity, KYC/AML issues. For now I
would imagine that schemes for handling that kind of data exchange will
need to be built on top of ILP, and we'll need to see what kind of
information is required for different jurisdictions and use cases. In the
short term, there will probably be use-case-specific schemes, though the
longer term project is to make them ever more interoperable. Arguably, it
makes a big difference to start off with fundamentally interoperable
"rails" for moving money, and ILP is meant to be the simplest, most secure
way of doing this.



> How does ILP handle identity?
>
> In particular what strings are used to
>
> 1. Denote a ledger
> 2. Denote a participate in a ledger, or common participant in two or more
> ledgers
>

In the demo, all ledgers are referenced with their URIs.

Connectors have an API that let's them announce what ledgers they connect.
The connectors' accounts on their ledgers will be referenced differently.
Their quote returns a partially filled object that includes their account
identifiers on both ledgers.

On Fri, Oct 30, 2015 at 1:00 AM, Melvin Carvalho <melvincarvalho@gmail.com>
wrote:

>
>
> On 26 October 2015 at 16:45, Adrian Hope-Bailie <adrian@hopebailie.com>
> wrote:
>
>> Last Arie question:
>>
>> In the case of Identity being critical, would there not be a strong case
>> for Security?
>>
>>    - dynamic keys?
>>       - 3FFA?
>>
>> By this I assume the question is about transactions where the parties
>> must be known due to regulations (KYC/AML)?
>>
>> I wouldn't conflate security and identity. A system like ILP will require
>> that all messaging is done very securely with guarantees of authenticity a
>> given. What this ends up being specifically is yet to be decided I think.
>>
>
> How does ILP handle identity?
>
> In particular what strings are used to
>
> 1. Denote a ledger
> 2. Denote a participate in a ledger, or common participant in two or more
> ledgers
>
>
>>
>> Is a secure transport like TLS and signed messages using a unique keypair
>> for each entity enough. Do the keys need to be part of a chain that is
>> rooted at some specific entity (perhaps for regulatory reasons)?
>>
>> Lots of models and architectures to consider.
>>
>> What will be required is establishing some standards for how identity
>> data will be conveyed and here we should probably look at how this is
>> already done in message standards like ISO 20022 rather than re-invent the
>> data dictionary?
>>
>
>


-- 
Evan Schwartz | Software Architect | Ripple Labs
[image: ripple.com] <http://ripple.com>
Received on Wednesday, 4 November 2015 22:45:21 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 4 November 2015 22:45:22 UTC