Child pages
  • 2016-12 (December 2016) Meetings
Skip to end of metadata
Go to start of metadata

2016-12 (December 2016) Meetings

This page records the Discussion Group's meeting notes for December 2016. We meet Tuesdays at 7:30am PT / 10:30am ET / 3:30pm UK / 4:30pm CET and Thursdays at 11am PT / 2pm ET / 7pm UK / 8pm CET for 60 minutes. US times are normative during daylight saving time changes. We use Kantara Line A (US +1-805-309-2350, Skype +99051000000481, international optionsweb interfacemore info, code 4022737) and for screen sharing. See the DG calendar for our full meeting schedule. Previous meeting minutes are here: JulyAugustSeptemberOctober, November.

Thursday, December 15


  • Craft scenarios that aim to maximally empower a person (possibly choosing one or more of those that appear in these notes, but try not to be too UMA-specific!), and work on setting forth the requirements for DLT- and other-related technologies that they'd have to meet

Attending: Eve, Thomas, Kathleen, Susan

What does "empowered" actually mean? Eve points to her "user-centric" criteria as one way to get sharper-edged (see below). What scenarios should we collect? Thinking of financial transactions (since Thomas has been hanging out with FIs (smile) ), that should include getting "universal access" to data, even if (say) it's jointly owned, as in joint accounts. But it's more than data; it's actual transacting, as in payments and buying stuff. Also, online apps should ask for only what's needed, and there should be a sort of "Good Housekeeping seal" she can trust. Think of Uber and what it knows and shares. There's helping Alice make a decision about clinical trials and to what purposes her health data is put. Genomic data is a case of data that's both "jointly owned" and not deidentifiable. (BTW, research isn't covered by HIPAA.)

Suggestion: We need to a) define empowerment, b) select final scenarios, c) assess specific technologies, not very broad ones, and then d) ultimately make observations and even compare them before e) writing recommendations. There is sentiment for using the "user-centric" materials to start to define empowerment.

Let's dig up that other "blockchain identity" technology that's certificate-related from our notes. That should be one of the technologies we assess, along with Sovrin, UMA, Opal, and (what else? other stuff in our outline, etc.).

No official meetings next week or for the rest of the year. Thomas and Eve and whoever else cares to join will have ad hoc meetings during our normal slots. Eve will ask KI stuff to remove the official calendar entries, but we'll advertise the opportunities appropriately.

Tuesday, December 13


  • Report work and recommendations

Attending: Eve, Matisse, Thomas, Susan, John W, Colin, Kathleen

Symbiont spoke at the NAIC conference yesterday about identities (corporate exclusively?) and smart contracts. This relates to beneficial ownership. We appear to be on the cusp of this being figured out because of the pressure from corporations, at least. So it may behoove us to make recommendations about natural-person identity work regarding several efforts, e.g. several WGs in Kantara. Susan also attended the Smart Contract Alliance event this past week, where there were three regulatory agencies represented, speaking about how things might work for them. Personal identities are going matter to them, but they have no concept of this – they just know about KYC (Know Your Customer) in a regulatory sense. "If you want universality, it must be imposed by some external standard. If you want autonomy, you must recognize individual choice. These two are in some sense antithetical." If something like Sovrin is widely adopted, Eve suspects its uses would devolve to KYC-type use cases.

We could essay some of these principles (and oxymorons?) in our intro. There are no silver bullets in "self-sovereign identity".

Microsoft announced that Dan Buckner is forming a unit around something similar. Thomas notes: It's all about the data, and who has control over it. Is it considered a joint asset or not? A concept called the LLP – Limited Liability Persona – used to be floated (by Bob Blakley? Burton Group folks, at any rate). Some banks do seem interested in giving their individual customers control over releasing their own KYC data in personal data store-like fashion, DLT or no.

In terms of the logical choices of where to store a person's PII:

  • Traditionally: Attributes have been stored in something like a directory server, more "voluminous" records (e.g. EHRs) might be stored in something like a CMS, and other databases such as RDBMSes might be used for other personal data. Organizations in charge of collecting and generating this data are by regulation, profit motive, and custom responsible for managing its security and data protection.
  • Also: Data can be stored on a client device. It can be protected in various fashions (e.g. encrypted with a private key). (added 2016-12-15; accidentally left off last week)
  • With DLTs in the picture: Other options become available:
    • Public ledger:Conventional wisdom has already formed, it seems, that you don't put PII on a public ledger. The reasons are: bloat, distributedness, and consumer management of private keys. The two other options given this are:
      • Pointers from the public ledger to other traditional server-side storage (a la Blockstack, in presumably most implementations?)
      • Pointers from the public ledger to client-side storage (a la Sovrin)
    • Private ledger: This can be secured by any traditional means, so it doesn't suffer from the weaknesses of the public ledger approach.

AI: Eve and Thomas: Put the above text in the draft report.

There's an interesting challenge with allowing people to control access/permissioning as the primary goal vs. allowing people to control personal data as the primary goal. Client devices are generally not meant to be running all the time (e.g. to serve relevant data), whereas a transaction (such as making a payment) generally requires that a service be up and running. Imagining that a person's mobile device is a storageless UMA authorization server that can access what it needs in the cloud and makes a callback, would that work if a requesting party Bob tries to access Alice's resource? 

Next time: Craft scenarios that aim to maximally empower a person (possibly choosing one or more of those that appear in these notes, but try not to be too UMA-specific!), and work on setting forth the requirements for DLT- and other-related technologies that they'd have to meet in order to meet our DG's goals for transactional empowerment of individuals.

Thursday, December 1


  • Discuss end-stage recommendations

Attending: Thomas, Eve, John W, Susan

Susan attended the Wall St. Blockchain event, which had a lot on smart contract standards. Cook County had announced a land records project, but that didn't have a wide enough scope. Illinois has now announced something. So this suggests needing guidance. At banking conferences, there's an assumption that banks can/should serve as IdPs, but then there's the unbanked. OTOH, in the actual identity world, in some countries, this has "been solved" through legislation where governments either do or don't contract with banks to provide IdP services. The IdP value prop hasn't seemed to look that great in the last 15 years so far for banks. (We also note that R3 is losing members...)

Should we try and provide recommendations around the societal/political implications, or just technical? (See the Traveling Salesman movie for a good take, and the paper The Moral Character of Cryptographic Work.) Our use cases do already have societal, social, and cultural implications. Is this about autonomy, or consent? Let's not hassle this out here! See the new paper A Typology of Privacy if you want to go all Socratic.

Eve shared her recent talk on where user-centric identity went wrong (link forthcoming) and how to improve such technology. The "sharper-edged criteria", most of them from 2008, could be useful in pressing for assessing empowerment of people in transacting. The notion of fostering more "peer-like" relationships in a metaphorical sense is behind the criteria:

  1. Does the solution make the right thing to do be the easiest thing to do?

  2. Does the solution enable unilateral user actions that have unambiguously positive outcomes?

  3. Does the solution make what people actually want to do possible?

  4. Does the solution respect and balance all ecosystem parties’ needs?

  5. Does the solution make consent more meaningful?

  6. Is the system’s architecture applicable to multiple or future problems in a clean way?

What is the definition of self-sovereign, actually? Phil W has mentioned that he considers UMA to be a self-sovereign technology, interestingly. Is the definition "I get to host it (what?) where I want to host it"? Or is it "I get to move it (what?) whenever I want/to wherever I want"? Or simply "I have high (significantly higher than before) leverage/negotiating power with the other side"? Is that last one a definition of being able to act as a (metaphorical) peer? Do we need more criteria, or more crisp criteria?

AI: Eve: Provide the rest of the information backing up her user-centric/self-sovereign analysis, and also distribute the newest Sovrin answers to followup questions posed by Eve.

AI: John W: Next week, take a look at Eve's materials and his own "broken"-themed blog post and essay definitions.

No meetings next week; let's all write our assigned pieces instead!

  • No labels