...
| Table of Contents | ||||||
|---|---|---|---|---|---|---|
|
Thursday, November 3
Agenda:
- Report writing – Sovrin Foundation questionnaire answers discussion
Attending: Eve, Thomas, Kathleen, Scott S, Susan
What's the right way to proceed? We don't have a lot of time to engage in a back-and-forth; we should write in our report whatever our analysis is, and if we have dissenting opinions we can attach those in appendices or whatever.
Let's bubble up the reason for Sovrin's existence. The vision is, of course, familiar, with a new technology being introduced to solve it better than before. In May, Thomas asked Chris Allen "How do you get the counterparty to accept what's being offered?" (In this case, it's a relying party accepting a self-sovereign identity.) Thomas points to a different system that leverages blockchain to provide somewhat similar capability, CONIKS: The individual can generate new key pairs, and there's a ledger that records the history of the key pairs over time. Binding the record to a (say) proofed identity is the exercise left for the reader, so IAM would still be needed. It's a kind of key directory that gives correlatability over time of a set of keys. Maybe this, and Sovrin, and certificate transparency, all are different approaches to the "blockchain identity use case".
Eve temporarily climbed up on a soapbox 
to rant about identity as, in great part, a function of an individual's relationship with an organization (e.g. vendor or whatever). Thomas points out this is in Chapter 2 of his new book! Thus, many attributes/claims that the organization has to store are unique to that organization, and it's inefficient and pointless for the individual to store them in tamper-proof form anywhere else. Susan points out that "self-sovereign" has grabbed the world's imagination, and a lot of it has to do with consent.
A big concern of Eve's is: When we're talking about autonomous individuals, in the cases of what solutions does Alice have to go get an app from an app store or a browser plugin (thinking of things like "Sovrin clients")? The thinking is that requiring users to take an extra step is likely to make a solution fail unless some vertically integrated provider (like Apple or Google) builds it in, or some country forces the solution. A big question is: "What does the consumer want?" Does Alice want to install something?
Sovrin does add a unique multi-stakeholder governance model, which mitigates risk well beyond what Ripple could do beyond its four virtual walls.
We do seem to have gained some consensus here on skepticism about the longstanding aims of the user-centric/self-sovereign movement, which we'll have to capture in our report and share back with the various stakeholders.
Tuesday, November 1
Agenda:
...
Smart contracts vs. legal contracts: How has this difference been articulated? Barclays has written a paper, and we've discussed it some (need for jurisdiction information and formal identification of parties). The MIT event had some discussion as well, with Bart Suichies' comparison table (was that distributed to the list?). Where does the role of consensus come in? Any delta is relevant to our report-writing, especially as it relates to identity. Scott D has the action to write about legal contracts. Thomas listed four elements: parties (majority have 2), terms of the contract, consensusconsensus/verifiability (other parties can independently check whether the terms were executed on), semantic connection between legal prose and machine-readable code.
...