Zoom Logo

Webinar: Trust over IP and Government (8am PT) - Shared screen with speaker view
Pekka Kahri
Good evening from Helsinki!
Man Ho
Good morning everyone, from Hong Kong.
Catherine Millett
Hello, I am Catherine Millett from ETS in Princeton, NJ in the USA. Excited to be at my first Trust Over IP Foundation event.
Vitus Ammann
Good evening from Switzerland!
Steven Milstein
Good morning from Montreal, Canada!
Marco Tulio da Silva Lima
Good evening from Brazil.
Alan Sherriff
And good afternoon from London :-)
Özgür Deniz Günseli
Hello I am Deniz Günseli from Ecospend-London
Kiran Gopinath
Hello from San Jose CA.
Pasi Sinervo
good evening from Finland Inari village
Anjana Jayaweera
Good morning from Singapore (Its 16th Dec here :) )
David Luchuk (Trust over IP)
Welcome to everyone and thank you for taking the time to join us today.
Tim Dutta
Good Morning all from Chennai India
Daniel Bachenheimer
Hello from Metro Washington, DC
Tim Dutta
Hello, I am Jegan Selvaraj from Chennai, India. Great to be at Trust Over IP Foundation event.
David Luchuk (Trust over IP)
Please don’t hesitate to float a question through the Q&A function. Our panelists will try to answer as many as possible, which will be posted to all.
Vitus Ammann
Why do we need the service domains. Isn't it just the holders keeping all credentials together in their wallet be it identity or health credentials?
Jefferson Braswell
I apologize in advance, but I am going to enter a “chat” message that is admittedly too long for this medium, but which summarizes a question/issue that can or should be addressed at some point. I will post the message as a series of 4 chat messages.
Jefferson Braswell
1) The OMG Blockchain Platform Special Interest Group (PSIG) has issued and RFI that "aims to gain a better understanding of the self-sovereign identity space. In particular, the Blockchain PSIG is exploring the potential for standards setting in the area of contextually constrained or ‘disposable’ self-sovereign identity arrangements, building on top of existing W3C standards for self-sovereign identity [DID] and verifiable credentials [VC]."
Jefferson Braswell
2) "A potential new development in this area is the notion of SSIDs that exist and are used within a specific limited time frame, known as ‘disposable’ SSIDs. Since that time frame would generally be the duration of some specific usage context, these can also be thought of as contextual. The term ‘ephemeral’ is also sometimes used for these, since the significant feature is not that they must necessarily expire at a specific time, but that they are expected to be short lived, being limited to their specific usage context, for example some specific part of a journey."
Jefferson Braswell
3) I don't particularly like the term "disposable" (it sounds like a "burner phone"), and I think the degree of persistence of a VC -- and how a VC is "retired" (canceled, expired, revoked) – is critical to both the actual trust in a VC as well as the details of what is required to support VC infrastructure operationally. An LEI is globally persistent; a single ticket to an event is valid one time and can only be used once.
Jefferson Braswell
4) If VCs are to be trusted for identity, then perhaps they should not be conflated with being directly created with "ephemeral" lifetimes, but, rather, a separate class of object that has contextual constraints should reference a VC.
Lisa Seim
Who owns the data Chris? Where is the data stored? A traditional data base or through a cloud service provider?
Jefferson Braswell
VCs would have certainly been useful to help avoid the scandal of certain parents’ hiring others to take College Board tests in place of their children, would it not ?
Dan Gisolfi
What is the purpose of government as an intermediary such as NSC when in the digital model Student and academic institution and/or Employer can interact peer-to-peer?
Chris Buchanan - MITRE
@Jefferson Braswell: If you can pay the test taker to cheat, you might also be able to buy the VC from them. This very question opens another line of thought in which VCs may need additional authentication mechanisms for some circumstances. This in turn leads to another question of where the line belongs for things like biometrics embedded in VCs. These are difficult problems for which solutions spawn new difficult problems.
Jefferson Braswell
@Chris: true enough !
Jefferson Braswell
Congratulations to GLEIF for this very significant initiative !
How do vLEI enable legal backing of contract signed using it?
Daniel Bachenheimer
@Chris - the VC may contain biometric information that can bind the presenter to the Holder/Subject (to a specified AAL)
Jefferson Braswell
@Peter: question re issuing in digital form: how does that enable (or, how can you prevent) the document to itself be captured and used fraudulently ?
@Karla: Does it also work the same way for cross border agreements?
Chris Buchanan - MITRE
@Daniel Bachenheimer - Yes - VCs can hold any data. But how do you prevent biometrics being insisted upon improperly by verifiers who don’t need it? Users already suffer from an inverted power structure with respect to digital identity and while the incorporation of biometrics will be necessary, who stands between the user and the verifier who insists upon it needlessly? I think we need to do AAL levels at the edge device and rely on verification vice authentication except in cases where the edge device cannot meet the acceptable risk levels of the verifier. However we need to have some public regulation / guidance for when it is appropriate for a verifier to ask for additional authentication. Looking to NIST to revise 800-63 to recognize this problem.
David Luchuk (Trust over IP)
To all - please consider posting any of your open/unanswered questions in the QA so that panelists can see them as “open.”
Jefferson Braswell
excellent (encryption is the key) thanks !
Catherine Millett
Peter, thank you for the great image of empowering Canadians.
Chris Ingrao
Apologies for posting answer to prior question here in chat. @Steven McCown posted: Will the Lumedic platform require a “Lumedic App” or will users be able to receive & assert the relevant Verifiable Credentials via a standards-compliant app?” Ideally, we will create reciprocity agreements with other layer 4 ecosystem partners to facilitate true interoperability. This is the intent of The Exchange. If you are aware of another Layer 4 ecosystem, please send me contacts and we will get to work!
Kaliya Young
Exciting work to make VCs work with paper QR codes and on smart cards that are very low cost. This technology has to work for everyone.
Daniel Bachenheimer
@Chris - Verifiers (Service Providers) who ask Holders/Subjects to selectively disclose non-proportional data may loose business , reputation, etc
Line Kofoed
We wrote an article on “Verify the Verifier – Anti-coercion by Design” together with TNO’s Oskar van Deventerhttps://bloqzone.com/who-wants-to-know/
Drummond Reed
I highly recommend that article
Line Kofoed
Thanks, Drummond!
Linda VanHorn
Excellent Panel! Thanks - Linda Van Horn @iShareMedical
Kalyan Kulkarni
Great topics
Michael Shea
Thank you! Excellent presentations and exchanges!
Great sharing. Thank you to all the panelist
Catherine Millett
Thank you for this great session. Learned a lot and enjoyed the learning.
Chris Buchanan - MITRE
@Daniel - I’d like to ensure that. :)
Daniel Bachenheimer
thank you - see you tonight!
Alan Sherriff
thanks, great session!
Pasi Sinervo
thank you