Versions Compared

Old Version 12

changes.mady.by.user Eve Maler

Saved on

compared with

New Version Current

changes.mady.by.user Eve Maler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Attending: Eve, Thomas, Matisse, Kathleen, SteveO, Thorsten

No meeting ThursdayMeeting logistics: Just a reminder...

New book: Don't miss Thomas's new book, called Trust::Data: A New Framework for Identity and Data sharing! Wow.

Sovrin answers: You can find them forwarded to the email archive. See also the paper Thorsten mentioned.

Overall, Eve's question for each use case, differentially, is: How much does limiting the risk of a "pure public blockchain technology" approach impact the goals of the use case, and particularly in our case where the use case goals are for empowerment? E.g., for some fintech use case where you want to speed up business and protect against legal risk, maybe limiting the "distributedness" of the blockchain to your enterprise – that is, inside your firewall – could be fine. But for other use : No meeting this Thursday. Also, when we take up meeting again next week, UK and Europe clocks will have changed, but US clocks won't have, and US Pacific is our normative time zone (see timeanddate.com for "summertime skew" details...). Please keep an eye on and/or subscribe to our calendar!

New book: Don't miss Thomas's new book, called Trust::Data: A New Framework for Identity and Data sharing! Wow. Congratulations!

Sovrin answers: You can find them in your inbox or in the email archive. See also the paper Thorsten mentioned in email.

Overall, Eve's question for each use case, differentially, is: How much does limiting the risk of a "pure public blockchain technology" approach impact the goals of the use case, and particularly in our case where the use case goals are for empowerment? E.g., for some fintech use case where you want to speed up business and protect against legal risk, maybe limiting the "distributedness" of the blockchain to your enterprise – that is, inside your firewall – could be fine. But for other use cases, that could seriously harm you goal. So for today, given that Sovrin has a goal of self-sovereign identity, have they been able to successfully mitigate risk while enjoying/providing the benefits of blockchain ("walked the line correctly")?

...

There are some "anonymous authorization" (Shibboleth) and "claims-based access control" (UMA) use cases, indeed. (And notice that these use cases didn't require blockchain for resolution! But to be solved) But quite often, (empowered) service operators do need to know who they're dealing with among (currently disempowered) individuals. See Latanya Sweeney's research on the ability to re-correlate individuals from a few attributes (; hence Eve's skepticism about ZKP , approaches (which Sovrin criticizes as well!). Users also have real incentives to share data with services in many cases because otherwise the services can't function.

Are there any services accepting Sovrin credentials yet? These are apparently called "stewards".

We looked at the Technical Foundations paper. The observer/validator/governance paradigm seems well thought out. Thomas noted that the widening circles of nodes looks like what Ripple has. The governance model could perhaps be a model/template for other use cases as well.

...

AI: Everyone please continue to review the questionnaire answers (two sections left to go) and provide thoughts in email. We can send our questions to the Sovrin folks after our review is complete.

Tuesday, October 18

Attendees: ScottS, Kathleen, Matisse, Thomas, JohnW

AIs for Report:

  • Text from contributors
  • Terminology and definitions

Report to dos:

Kathleen working on HL7. Jim Hazard has been talking in UMA legal, with many similarities with FHIR work. Question is what will the Smart Contract look like, what will it do. Adrian also writing up text.

Kathleen: reach out to Jim for text. Also Adrian has text from the ONC Blockchain Challenge.

Thomas: anything missing from the Report? Kathleen: need a definition of SC. Scott: yes, we’re not quite there. Also expand to a list/taxonomy of definitions and terminologies for the report.

Potential Liaisons: groups that members of BSC are involved and list of relevant orgs looking at SC

  • HL7
  • GA4GH: Global Alliance four Genomic Health
  • CommonAccord
  • GTRI: Georgia Tech Research Institute
  • OTTO: Open Trust Taxonomy for OAuth
  • Federated Authorization
  • Smart Contracts Alliance
  • Kantara’s liaison with JTC1/ISO (Identity Assurance & Management)
    • UMA WG
    • CIS WG
  • New ISO group on blockchains (ISO TC307)
  • Sovrin
  • JLINC protocol – JSON-LD may be used for SC.
  • BlockchainCanada.org

AI: Thomas: start email thread on definition of SC.

Thursday, October 13

Agenda:

...