Zoom Logo

Webinar: Trust over IP and Government (8am PT) - Shared screen with speaker view
Pekka Kahri
19:44
Good evening from Helsinki!
Man Ho
20:12
Good morning everyone, from Hong Kong.
Catherine Millett
20:19
Hello, I am Catherine Millett from ETS in Princeton, NJ in the USA. Excited to be at my first Trust Over IP Foundation event.
Vitus Ammann
20:56
Good evening from Switzerland!
Steven Milstein
21:07
Good morning from Montreal, Canada!
Marco Tulio da Silva Lima
21:33
Good evening from Brazil.
Alan Sherriff
21:35
And good afternoon from London :-)
Özgür Deniz Günseli
21:36
Hello I am Deniz Günseli from Ecospend-London
Kiran Gopinath
21:48
Hello from San Jose CA.
Pasi Sinervo
21:48
good evening from Finland Inari village
Anjana Jayaweera
22:20
Good morning from Singapore (Its 16th Dec here :) )
David Luchuk (Trust over IP)
23:07
Welcome to everyone and thank you for taking the time to join us today.
Tim Dutta
23:09
Good Morning all from Chennai India
Daniel Bachenheimer
23:17
Hello from Metro Washington, DC
Tim Dutta
25:08
Hello, I am Jegan Selvaraj from Chennai, India. Great to be at Trust Over IP Foundation event.
David Luchuk (Trust over IP)
35:57
Please don’t hesitate to float a question through the Q&A function. Our panelists will try to answer as many as possible, which will be posted to all.
Vitus Ammann
44:18
Why do we need the service domains. Isn't it just the holders keeping all credentials together in their wallet be it identity or health credentials?
Jefferson Braswell
52:19
I apologize in advance, but I am going to enter a “chat” message that is admittedly too long for this medium, but which summarizes a question/issue that can or should be addressed at some point. I will post the message as a series of 4 chat messages.
Jefferson Braswell
52:44
1) The OMG Blockchain Platform Special Interest Group (PSIG) has issued and RFI that "aims to gain a better understanding of the self-sovereign identity space. In particular, the Blockchain PSIG is exploring the potential for standards setting in the area of contextually constrained or ‘disposable’ self-sovereign identity arrangements, building on top of existing W3C standards for self-sovereign identity [DID] and verifiable credentials [VC]."
Jefferson Braswell
52:57
2) "A potential new development in this area is the notion of SSIDs that exist and are used within a specific limited time frame, known as ‘disposable’ SSIDs. Since that time frame would generally be the duration of some specific usage context, these can also be thought of as contextual. The term ‘ephemeral’ is also sometimes used for these, since the significant feature is not that they must necessarily expire at a specific time, but that they are expected to be short lived, being limited to their specific usage context, for example some specific part of a journey."
Jefferson Braswell
53:11
3) I don't particularly like the term "disposable" (it sounds like a "burner phone"), and I think the degree of persistence of a VC -- and how a VC is "retired" (canceled, expired, revoked) – is critical to both the actual trust in a VC as well as the details of what is required to support VC infrastructure operationally. An LEI is globally persistent; a single ticket to an event is valid one time and can only be used once.
Jefferson Braswell
53:23
4) If VCs are to be trusted for identity, then perhaps they should not be conflated with being directly created with "ephemeral" lifetimes, but, rather, a separate class of object that has contextual constraints should reference a VC.
Lisa Seim
54:48
Who owns the data Chris? Where is the data stored? A traditional data base or through a cloud service provider?
Jefferson Braswell
01:03:43
VCs would have certainly been useful to help avoid the scandal of certain parents’ hiring others to take College Board tests in place of their children, would it not ?
Dan Gisolfi
01:10:35
What is the purpose of government as an intermediary such as NSC when in the digital model Student and academic institution and/or Employer can interact peer-to-peer?
Chris Buchanan - MITRE
01:10:39
@Jefferson Braswell: If you can pay the test taker to cheat, you might also be able to buy the VC from them. This very question opens another line of thought in which VCs may need additional authentication mechanisms for some circumstances. This in turn leads to another question of where the line belongs for things like biometrics embedded in VCs. These are difficult problems for which solutions spawn new difficult problems.
Jefferson Braswell
01:18:17
@Chris: true enough !
Jefferson Braswell
01:18:55
Congratulations to GLEIF for this very significant initiative !
Gordon
01:21:23
How do vLEI enable legal backing of contract signed using it?
Daniel Bachenheimer
01:21:57
@Chris - the VC may contain biometric information that can bind the presenter to the Holder/Subject (to a specified AAL)
Jefferson Braswell
01:28:33
@Peter: question re issuing in digital form: how does that enable (or, how can you prevent) the document to itself be captured and used fraudulently ?
Gordon
01:30:52
@Karla: Does it also work the same way for cross border agreements?
Chris Buchanan - MITRE
01:32:54
@Daniel Bachenheimer - Yes - VCs can hold any data. But how do you prevent biometrics being insisted upon improperly by verifiers who don’t need it? Users already suffer from an inverted power structure with respect to digital identity and while the incorporation of biometrics will be necessary, who stands between the user and the verifier who insists upon it needlessly? I think we need to do AAL levels at the edge device and rely on verification vice authentication except in cases where the edge device cannot meet the acceptable risk levels of the verifier. However we need to have some public regulation / guidance for when it is appropriate for a verifier to ask for additional authentication. Looking to NIST to revise 800-63 to recognize this problem.
David Luchuk (Trust over IP)
01:33:42
To all - please consider posting any of your open/unanswered questions in the QA so that panelists can see them as “open.”
Jefferson Braswell
01:35:22
excellent (encryption is the key) thanks !
Catherine Millett
01:35:49
Peter, thank you for the great image of empowering Canadians.
Chris Ingrao
01:36:25
Apologies for posting answer to prior question here in chat. @Steven McCown posted: Will the Lumedic platform require a “Lumedic App” or will users be able to receive & assert the relevant Verifiable Credentials via a standards-compliant app?” Ideally, we will create reciprocity agreements with other layer 4 ecosystem partners to facilitate true interoperability. This is the intent of The Exchange. If you are aware of another Layer 4 ecosystem, please send me contacts and we will get to work!
Kaliya Young
01:36:33
Exciting work to make VCs work with paper QR codes and on smart cards that are very low cost. This technology has to work for everyone.
Daniel Bachenheimer
01:36:51
@Chris - Verifiers (Service Providers) who ask Holders/Subjects to selectively disclose non-proportional data may loose business , reputation, etc
Line Kofoed
01:38:04
We wrote an article on “Verify the Verifier – Anti-coercion by Design” together with TNO’s Oskar van Deventerhttps://bloqzone.com/who-wants-to-know/
Drummond Reed
01:38:35
I highly recommend that article
Line Kofoed
01:39:24
Thanks, Drummond!
Linda VanHorn
01:46:54
Excellent Panel! Thanks - Linda Van Horn @iShareMedical
Kalyan Kulkarni
01:47:23
Great topics
Michael Shea
01:47:36
Thank you! Excellent presentations and exchanges!
Gordon
01:47:50
Great sharing. Thank you to all the panelist
Catherine Millett
01:48:34
Thank you for this great session. Learned a lot and enjoyed the learning.
Chris Buchanan - MITRE
01:48:37
@Daniel - I’d like to ensure that. :)
Daniel Bachenheimer
01:48:37
thank you - see you tonight!
Alan Sherriff
01:48:40
thanks, great session!
Pasi Sinervo
01:48:45
thank you