2017-01 (January 2017) Meetings
This page records the Discussion Group's meeting notes for January 2017. We meet Tuesdays at 7:30am PT / 10:30am ET / 3:30pm UK / 4:30pm CET and Thursdays at 11am PT / 2pm ET / 7pm UK / 8pm CET for 60 minutes. US times are normative during daylight saving time changes. We use Kantara Line A (US +1-805-309-2350, Skype +99051000000481, international options, web interface, more info, code 4022737) and http://join.me/findthomas for screen sharing. See the DG calendar for our full meeting schedule. Previous meeting minutes are here: July, August, September, October, November, December.
Thursday, January 26
- Report work
Attending: JeffS, Thomas, Kathleen, Devon,
Kathleen: looking for definitions of "Provenance" (from Jim/Thomas). Thomas: we never did define "provenance". There is also "proof of existence" - example from JMoehrke where people wish to show they have an idea (i.e. patent) without revealing.
Thomas: how is this done today? Kathleen/Devon: example of sending a closed envelope to yourself, timestamped by the US Post Office. Thomas: can also go to a notary.
Jeff: blockchain already exists globally, so easier to use as notary.
Kathleen: new use case. New President wants services to be given to citizens only. So you could use something like blockchain.
Report status. Kathleen already written HL7. Devon working on the legal contracts. Thomas: Rose/Fullbrighrt report. Devon has read both.
Thomas: R3 is working on methods/avenues for dispute resolution. Devon: contracts have to indicate which jurisdiction it applies in, and location of dispute res.
Kathleen: possibility in future to have a court where parties need to escrow funding for post-transaction disputes. JeffS: if escrow exists, then you can pursue this as recourse.
Thomas: DAO mentiuoned that participants do not have an external arbitration/dispute process. So developer who siphoned off $60Mis correct in saying he was obeying rules in DAO. Thomas asks Devon: if we wrote a paper-contract and states that there are no disputes allowed, can one of us still go to court of law: Answer is Yes.
Devon: the code in DAO is "law" according the DAO. Permissioned blockchains (operated by private groups) in the future may define its own dispute resolution jurisdiction.
Kathleen: back to the trust question. Difficult to legislate how much trust people must have. JeffS: but that one-to-one.
Thomas: social trust can be seeded by government (e.g. buying car from manufacturer that satisfies gov envronment regulations, eg. EPA). Kathleen: eBay is another example of social trust (between sellers and buyers). Some existing systems/markets may not need to move to bchains as they are working just fine.
JeffS: technologists' dream. Kathleen: when monetary assets are involved.
Thomas: definition of technical trust from TCG. Compute unit must be able to operate unhindered and must be to report outcome truthfully. Devices that operate as specified, every time, creates technical trust on the part of the user. Thomas will add text.
Kathleen: social trust and economic trust. The "markets are operating fairly". Thomas: social trust is a much broader matter, involves consumer perception (e.g. bad PR from Silk Road/Bitcoin).
JeffS: Social trust is multiple layers. Party who you are transacting with. Enforceability of contract. Enforcer of the contrtact. Trust in the service itself. Some people may not want to play.
Kathleen: car example. JeffS: Volkswagen issue in the US. So broad, it bcame national issue. National institution got involved.
Thomas: should gov get involved in overseeing a global blockchain. Example of NASDAQ. JeffS: what will be the jurisdiction. Kathleen: it should be global. What if a bloc of nations refuses to accept. JeffS: like bitcoin, there needs to be incentives built-in. Brokers today need to be registered (e.g. in the US).
Kathleen: which gov dept is doing registrations. JeffS: not sure. Thomas: mentions Treasury's project on LEI company-numbering scheme (like D&B).
Tuesday, January 24
- Report work
Attending: Eve, Matisse, Susan, Devon, Marco, Kathleen, Adrian, Thomas
Kathleen notes that HL7 has woken up to blockchain, and says it will be doing something by 2018.
Adrian will be speaking at Harvard Law School on Thursday on "free, independent health records"; the talk will include a lot about UMA. PPR will be filling comment on the Sedona work.
Verifiable claims: We looked at Manu's responses to Adrian's questions. Adrian is advocating for moving away from federation. Thomas and Eve's analysis focused on being dubious about much being new in the approach vs. what's possible with JWTs, and this being troublesome from the perspective of "respecting and balancing all ecosystem parties' needs". Kathleen comments that for our readers to consider the spectrum of ecosystems (tight to loose), what is the most an individual should "have to put with" just to get the service they want and have trust? The goal should be to find discoverable semantics, and compute the trust you need.
One thing we missed in the W3C charter is that it talks about extensible semantics. But otherwise it doesn't differentiate what it's trying to do from other claim formats.
The temptation is to design a JWT-based format that has the extensions that do what VC is doing! Susan observes that it was ID2020 that was the impetus. She suggests going back to the VC people and asking for a brief analysis that shows a compare/contrast over existing tools in extended form, for the empowerment goals we hold (the charter doesn't mention this goal). Lowering friction in development and deployment is one that we're concerned about (for accelerating adoption and also for reducing complexity = greater security); can they speak to that?
Thomas notes that people are starting to change out the word "trust" for the word "blockchain". Yikes! But then it still gets down to key management; the problem hasn't gone away. This could turn into an Observation.
AI: Eve: Ask Manu if it's okay to share his responses with the group, and let him know that we're discussing our whole analysis.
Thursday, January 19
- Report work
Attending: Eve, Devon, JohnW, Adrian, Colin L.
We discussed the CommonAccord section in the report. John created a diagram (file name "BSC DG Decision-Making Power 2017-01-19.png" on Eve's computer) to describe the opportunity to even things up. Eve suggests creating an Observations section talking about contractual mechanisms and tensions around them, with the diagram as a centerpiece; it would pull in a lot of mentions of the tech/techs. Some Recommendations that may fall out could do with strengthening the connection between legal and smart contracts in a formal way.
We discussed the Legal Contracts section. We debated the order of tech/tech sections; it would be nice to have Smart Contracts and Legal Contracts very near each other. The notion of "fully executed legal contracts" brings them together conceptually.
Next Tuesday: Look at Manu's answers on Verifiable Claims, and look at Eve's putative new sections, and look at the User-Submitted Terms section from JohnW.
(NOTE: Eve can't make next Thursday's call because she'll be doing a Data Privacy Day event in SF, and hopes Thomas can run it.)
Tuesday, January 17
- Report work
Attending: Eve, Devon, Matisse, Marco, JohnW, Susan, Adrian
AI: Eve: Mark the old version of the report as truly obsolete now.
We commented on the OPAL/Enigma section for Thomas to work on.
We commented on the UMA Legal Toolkits section for Eve to work on.
We commented on the Consent Receipts section for JohnW to work on.
The UMA Legal subgroup may try to have an ad hoc F2F meeting during #RSAC.
Thursday, January 12
- Report work
Attending: Eve, Thomas, Kathleen, Devon, Adrian, Colin, JohnW
The current exercise is to rationalize the entire ToC and outline. Devon has moved over all the text from the old report – thank you, Devon!
We started discussing Verifiable Claims again; Adrian has gotten some more information about the role of Linked Data as a differentiator vs. JWT.
Devon and Kathleen are working on OPAL/Enigma content. Kathleen has gotten the okay to bring on HL7 work around creating trust contracts on the fly for, e.g., a research repository controller and a researcher (or anyone) comes with a "safe query" (for differential privacy).
Devon offers to fill in the Legal Contracts section. Excellent!
AIs for Tuesday's meeting:
- Eve: Write UMA and Sovrin section
- Devon: Write Legal Contracts section
- Kathleen: Work on HL7 subsection
- Kathleen: Expand JohnW's use case section
- JohnW: Continue working on his technology/technique sections
- Eve: (stretch goal) Revise Intro
We agreed it's a good idea for us to have our own Skype chat room and not barge in on UMA chat room, so if anyone has a Skype handle that Eve ("xmlgrrl") doesn't know about, please feel free to send an invite to her.
Tuesday, January 10
- Report work
Attending: Eve, Adrian, Matisse, Thomas, Susan, JohnW
Eve gave an update on the efforts to move to the new report doc. Devon is helping Thomas and Eve with some key overall editing tasks.
Adrian described the value proposition of Verifiable Claims: It "kills the need for federation" because, in a triple-blind manner, the RP can verify a claim directly from the issuer. Thomas's and Eve's analysis didn't find this to be true in any special way; the technology looks extremely similar to JWTs, for example, and the notion of an RP is a federation notion and requires trust to be established somehow. Adrian will review, discuss with Manu (the draft spec author), and get back to the group.
Thomas has filled out the OPAL/Enigma section; no analysis section yet.
What's the best way to drive to consensus on the analysis of each section?
Thomas, Eve, and Devon will continue editing, and will draw the DG's attention to new sections for timely review. Scheduled meetings will focus on analysis and review.
Thursday, January 5
- Report work
Attending: Eve, Adrian, Susan, Thomas, Colin, Devon
AI: Eve: Put a note in our wiki report version to redirect to our GDoc version, or remove it entirely.
Taqanu has put in for Kantara Identity and Privacy Incubator (KIPI) funding. This is an initiative for identity and privacy funding (was CCICADA). They describe themselves as:
"Our goal is to create a mobile banking service for people without a fixed address, to help provide access to the financial ecosystem. Eventually opening communication with and scaling to markets in emerging economies. Our core offerings are: ++ Free debit card for anyone, anywhere ++ Accounts in every country within the same bank ++ Easy account setup ++ Personal Identification management ++ Blockchain (BC) based, transparent ledger"
Hence seemingly a good match for our use case criteria. Colin will introduce them to Eve in email, and she'll send them the questionnaire. SecureKey has gotten investment for blockchain-based efforts, and they are on the Kantara board, so let's at least ask them for feedback on our report, if not as well contributing a use case; Colin will reach out and cc Susan (whose connection is through Mary Hodder and IDESG). Susan can also send the questionnaire to Bitpesa, and we'll see how much time we have to combine what we get.
Discussion of the prescription use case submitted by Adrian (which Eve will forward to the list, for full context): By "The current introduction of hospitals and other institutional intermediaries into the prescription order process" is meant identity management/authentication (for checking the physician's identity) and the management of EHRs (because the prescription is generated within the EHR system). There is rent-seeking by the systems that have performed this consolidation. The goal with the use case is to have the clinician use as many as three apps or more, e.g. one for login, one for proving you deserve to prescribe, one for payment, etc. The idea is that they're horizontal and you'd have way fewer in total.
Adrian has commented that the Sedona report's logical model of EHR discovery trust (p. 64 here) doesn't account for decentralization, which blockchain can enable. Sedona is an influencer on e-discovery; lawyers and Google and MSFT and others do pay attention to it. So we may want to reflect on this in our Observations section, given that we have several use cases that have implications for health. We recognize that health data itself wouldn't be stored on a blockchain, but the generally accepted approach would be to store a transaction record stating something happened, then a later transaction record stating something else happened (or even some previous record had to be corrected), etc.
Tuesday, January 3
- Report work
Attending: Eve, Thomas, Kathleen, Matisse, Thorsten, Adrian, Susan, Devon (finishing law school, studying data privacy), SteveO, JohnW
Our DG's life is extended just for this next month.
Kathleen points to the 21st Century Cures Act (house bill link). It calls for a trust framework. Adrian notes that it mentions longitudinal health records, which is a novel challenge in the patient context vs. clinical research (subjects). See his blog post.
To pick a fintech use case, can we find one with an individual perspective vs. an institutional perspective? Can we pick one from Sedona that has the right characteristics? Susan notes that Everledger is working to ensure that the ethical diamond use case is protecting workers etc., not just tracking the diamonds. What about BanQu ("Dignity Through Identity") as a financial use case for empowerment? Susan has talked to the principal.
AI: Eve to send the questionnaire to Susan for sharing with the BanQu person and to Adrian for sharing with the Consensys people.
AI: Thomas: Fill out the questionnaire for Enigma/Opal.
AI: Adrian: Fill out the questionnaire for his use case (and/or write the full use case! ).
AI: Eve: Flesh out report outline (hopefully together with Thomas), completing AIs in report comments, before our Thursday meeting.