Versions Compared

Old Version 12

changes.mady.by.user Eve Maler

Saved on

compared with

New Version 13

changes.mady.by.user Eve Maler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Attending: Eve, Thomas, Matisse, Kathleen, SteveO, Thorsten

Meeting logistics: Just a reminder: No meeting Thursday: Just a reminder...this Thursday. Also, when we take up meeting again next week, UK and Europe clocks will have changed, but US clocks won't have, and US Pacific is our normative time zone (see timeanddate.com for "summertime skew" details...). Please keep an eye on and/or subscribe to our calendar!

New book: Don't miss Thomas's new book, called Trust::Data: A New Framework for Identity and Data sharing! Wow. Congratulations!

Sovrin answers: You can find them forwarded to in your inbox or in the email archive. See also the paper Thorsten mentioned in email.

Overall, Eve's question for each use case, differentially, is: How much does limiting the risk of a "pure public blockchain technology" approach impact the goals of the use case, and particularly in our case where the use case goals are for empowerment? E.g., for some fintech use case where you want to speed up business and protect against legal risk, maybe limiting the "distributedness" of the blockchain to your enterprise – that is, inside your firewall – could be fine. But for other use cases, that could seriously harm you goal. So for today, given that Sovrin has a goal of self-sovereign identity, have they been able to successfully mitigate risk while enjoying/providing the benefits of blockchain ("walked the line correctly")?

...

There are some "anonymous authorization" (Shibboleth) and "claims-based access control" (UMA) use cases, indeed. (And notice that these use cases didn't require blockchain for resolution! But to be solved) But quite often, (empowered) service operators do need to know who they're dealing with among (currently disempowered) individuals. See Latanya Sweeney's research on the ability to re-correlate individuals from a few attributes (; hence Eve's skepticism about ZKP , approaches (which Sovrin criticizes as well!)). Users also have real incentives to share data with services in many cases because otherwise the services can't function.

Are there any services accepting Sovrin credentials yet? These are apparently called "stewards".

...