http://www.petzel.com/exhibitions/2016-09-08_simon-denny/
Sincerely,
John Wunderlich
@PrivacyCDN <https://twitter.com/PrivacyCDN>
Call: +1 (647) 669-4749
eMail: john(a)wunderlich.ca
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. If you are not the intended recipient
you are notified that disclosing, copying, distributing or taking any
action in reliance on the contents of this information is strictly
prohibited.
Hi folks - I'd like to test out a variation on the typical definition of
'identity'.
If it gets traction in this group, it could possibly be a way to express
the "requirements" that this digital identity thing has of the blockchain
and smart contracts capabilities (which is one way to view the mandate of
the DG). You will probably notice a mash-up and blending of several
different well-known concepts and definitions to try and adopt those
aspects of the other representations (user-centric, VRM,
OpenNotice/Consent/Information Sharing, myData, privacy principles,
self-sovereign and many more)
*tl;dr*
*By describing digital identity in terms of information records that may
contain 'identity' information, we can talk about actors and services that
use the information assets rather than a more abstract notion of identity
as a right or embodied characteristic of an entity. NB: Other works can
deal with credentials and authentication - this is not that - this is about
the information itself.*
So: I'd appreciate your observations and comments directly or to the list.
I'm not really looking for word-smithing advice but rather: is the
following a reasonable working definition? A secondary thought is: given
the capabilities and features of blockchains and smart contracts, do the
descriptions of 'self-sovereign' and 'administrative' identity information
(records) lead to obvious and useful explorations of requirements?
I await the deluge of critical thought and advice ;-)
andrew.
===============
Digital Identity:
-
The identifiers, credentials and the credentials’ authenticators that an
Entity uses to claim that they are the Subject of a Digital Identity
Information Record.
-
The Digital Identity Information Records in any storage location.
There are many schools of thought about what a digital identity represents
and the uses for digital identities. Each has a different taxonomy to
describe the different types and characteristics of those identities.
The school of thought related to the personal data ecosystem, personal data
stores, and self-sovereign identity (see Searls, Windley, Blakley, Cameron,
et al) uses at least two major categories, paraphrased and expanded below:
Administrative identity information: labels used to keep track of entities,
their information records and the services they use. These labels are
controlled by the issuer. A common example today are email addresses used
as login identifiers.
Self-sovereign identity information: information about the entity that is
controlled by the entity and released on the authority of that entity.
Self-sovereign identity information may include identifiers or attributes.
Self-sovereign identity information can be used to assert facts about the
self without subservience to a central authority.
*Digital Identity Information Record:*
-
The information records containing information about an Entity that can
be used to attempt to identify or distinguish the Entity from other
Entities in a population
-
The Digital Identity may or may not enable unique distinguishment of
an Entity in a population
-
Can contain personal information, personally identifiable
information, identity attribute information.
-
The record may also contain, secondarily, non-personal or
non-identity information. It is uncommon to see ‘pure’ Digital Identity
Information Records because the records contain information
related to the
purposes of the record holder. The main point being that the record has a
direct association to the Entity.
- Can also contain information about relationships and bindings
===============
*Andrew Hughes *CISM CISSP
Independent Consultant
*In Turn Information Management Consulting*
o +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road,
Victoria, BC V8P 2H8
AndrewHughes3000(a)gmail.com
ca.linkedin.com/pub/andrew-hughes/a/58/682/
*Identity Management | IT Governance | Information Security *
http://kantarainitiative.org/confluence/display/BSC/2016-09+%28September+20…
Agenda:
- Report
<http://kantarainitiative.org/confluence/display/BSC/Report+from+the+Blockch…>
writing
Attending: Eve, Thomas, Thorsten, Andrew, John W, Jim H, Matisse
We have a LOT of new information sources, including some comparative
material, to help us complete our thematic introduction in the report.
(One new source shared on the call: Stellar info
<https://www.stellar.org/developers/guides/concepts/scp.html>.)
Is it meaningful to achieve "transactional empowerment" use cases if you
are some way down the path of decentralization, or must you reach 100%
decentralization? Andrew suggests that where perfect decentralization can't
be achieved, transparency and accountability can shore up the necessarily
centralized parts of the system. Having "an authority" (vs. "your peers")
detect a transgression requires traditional controls. But, speaking of
roles here, depending on what sort of blockchain technology *and*
governance model *and* blockchain contents are involved, are they really
"your peers"? There seem to be a lot of ways that the node miners'
interests may not be strictly aligned with yours.
Matisse believes the main value of choosing blockchain for "transactional
empowerment" would be smart contracts – being able to withdraw your consent
from a contract and, say, get your money back from a smart vending machine.
Jim notes that smart contracts are really a different technology from
blockchain – based on blockchain technology but a specific application that
requires "contract semantics" at the nodes.
Regarding economic efficiencies, a big attraction of Bitcoin use cases has
been to make transactions more efficient by removing intermediaries.
However, the world has been finding that technical inefficiencies
(performance challenges) have arisen.
Specific use cases: currency (a la Bitcoin), certification (a la notary
services), smart contracts (a la vending machine, land registry, drone
control)... Jim has made the case that smart contracts need to connect to
the legal world through both format and semantics. A transactional system
presumably must take into account the "business/legal" environment in some
fashion, even if just implicitly (say, by referencing certain
jurisdictional laws, terms, and concepts). So either a smart contract is a
non-contract (the way a contract with a killer would be – though perhaps
with consequences less dire!) or it is a true contract precisely by taking
into account its surrounding business/legal environment through a
standardized format and semantics. It had better be possible for a true
"smart contract" to have parties who have the proper rights and
responsibilities.
AIs:
- Jim: Share his draft Kantara blog post on the list
- Eve: Take the latest notes and try and squeeze them into the report
for review on Thursday
- All: Please review all the resources shared on the list and in the
notes before Thursday
*Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
*ForgeRock Summits and UnSummits* are coming to
<http://summits.forgerock.com/> *London and Paris!*
Matisse has kindly assembled the following materials to help us with our
efforts to analyze and document the tensions/themes. Please see below.
Separately, John W sent me the following link, which contains some
comparative analysis:
https://docs.google.com/presentation/d/11WwKRK8RrGokPvrm3APshHY_DlyYOKz_ipc…
I suspect the best way for us to make progress is for those with keen
analytical and writing skills to do some homework *before* the next
meeting, perhaps with a glass of wine handy. :-)
*Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
*ForgeRock Summits and UnSummits* are coming to
<http://summits.forgerock.com/> *London and Paris!*
---------- Forwarded message ----------
From: mat perugini <mat.perugini(a)gmail.com>
Date: Mon, Sep 26, 2016 at 1:11 AM
Subject: link to some blockchain papers
To: Eve Maler <eve.maler(a)forgerock.com>
Dear Eve,
here is the paper list you have been asking for.
The historical part covers from 1982 to 2009.
The ethereum blog expalins in a very linear way the issue of concurring
blockchains.
Paper: Smart Contract a Preliminary evaluation, exposes the state of my
reasarch at the end of 2015. Even though there are things I have
reconsidered (and that will be better explained in my fnal essay), it
exposes some of the main concepts I am working on.
Kind regards
Matisse
**************************
history
•David Chaum, Blind signatures for untraceable payments, 1982
*http://www.hit.bme.hu/~buttyan/courses/BMEVIHIM219/2009/Chaum.BlindSigForPayment.1982.PDF
<http://www.hit.bme.hu/%7Ebuttyan/courses/BMEVIHIM219/2009/Chaum.BlindSigFor…>*
•David Chaum, Online Cash Cecks, 1989
*https://w2.eff.org/Privacy/Digital_money/?f=online_cash_chaum.paper.txt
<https://w2.eff.org/Privacy/Digital_money/?f=online_cash_chaum.paper.txt>*
•Timothy C. May, The Crypto Anarchist Manifesto, 1988,
*http://www.activism.net/cypherpunk/crypto-anarchy.html
<http://www.activism.net/cypherpunk/crypto-anarchy.html>*
•Nick Szabo, Contracts with Bearers, 1998,
*http://szabo.best.vwh.net/bearer_contracts.html
<http://szabo.best.vwh.net/bearer_contracts.html>*:
•Wei Dai, B-money 1998, *http://www.weidai.com/bmoney.txt
<http://www.weidai.com/bmoney.txt>** <http://www.weidai.com/bmoney.txt>*
•Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, 2008,
http://bitcoin.org/bitcoin.pdf
ethereum blog on public and private blockchains
- https://blog.ethereum.org/2015/08/07/on-public-and-private-blockchains/
my papers on SSRN
- http://papers.ssrn.com/sol3/results.cfm
http://bb9.berlinbiennale.de/blockchain-as-gosplan-2-0/
Thanks, John
4giv spellin errurz from mobile devize
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. If you are not the intended recipient
you are notified that disclosing, copying, distributing or taking any
action in reliance on the contents of this information is strictly
prohibited.
http://kantarainitiative.org/confluence/display/BSC/2016-09+%28September+20…
Agenda:
- Report
<http://kantarainitiative.org/confluence/display/BSC/Report+from+the+Blockch…>
writing
- Search for independent and dependent variables among the
"tensions", as inspired by Kathleen and John W for the report
- Review use case analysis inputs from John W for the report, if
available
Attending: Eve, Matisse, Thomas, Colin, Andrew, Marco
*News: *News has hit of an "editable" blockchain technology
<http://www.econotimes.com/Accenture-creates-Editable-blockchain-prototype-3…>
that Accenture has prototyped. This seems...kind of scammy. They seem to
have created a private blockchain. Does it require proof of work? Is it
really a blockchain? Why would you want to "accelerate...adoption" of
blockchain by removing a key defining feature of actual blockchains? Maybe
this makes enterprises feel cool, but tamper-evident ledgers can be done
right now without having to involve the "b-word". We pronounce this another
b-word: bogus.
*Tension/theme analysis: *Can a blockchain be considered "a distributed
system" in the formal sense? There are a number of resources we could draw
on to analyze its characteristics if so: scalability, transparency, etc.
See this article
<http://www.theserverside.com/feature/Bitcoins-blockchain-architecture-as-a-…>.
Matisse supports this analysis, as it's the premise of her PhD. thesis!
A neutral way of stating the columns Kathleen has added on the right that
our participants are more invested in, for use-case reasons, would be (all,
please offer feedback on this):
- "Balance of control" in transactions (which can include contracts and
data sharing) – enabling individuals to rise to the level of a "peer" to
traditionally more empowered entities
- "Transactions" is the broadest possible term in common usage
- This item is the broad descriptor
- "Granularity of control" ?? in transactions – enabling not a totality
of trust and liability but an apportioning that is appropriate
- Supposedly Bitcoin, a special-purpose blockchain, has protected
individuals on this dimension, but each smart contract could still leave
individuals open to abuse
- "Dynamism of control" ?? in transactions – enabling individual choice
both over time and just-in-time
When is a public blockchain appropriate, vs. a consortium-model blockchain,
vs. a private blockchain?
*AI:* Matisse: Share pointers to papers to let us analyze specific
blockchain types for next time.
Next time: Get into both specific blockchain mentions and use case-specific
analysis, and try to flesh out the report intro for good and all.
*Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
*ForgeRock Summits and UnSummits* are coming to
<http://summits.forgerock.com/> *London and Paris!*
http://kantarainitiative.org/confluence/display/BSC/2016-09+%28September+20…
Agenda:
- Report
<http://kantarainitiative.org/confluence/display/BSC/Report+from+the+Blockch…>
writing
- Identify strengths and weaknesses of traditional and new
distributed methods of solving use cases
Attending: Eve, Scott S, Jeff, Matisse, Andrew, Jim H, Domenico, John W
Eve reviewed a graph that Kathleen essayed in private email, with three
axes: economic paradigm, (political) governance model, and (openness)
community type. (s/oligarchy/oligopoly/)
We're enthusiastic about finding out how technologies would get plotted. We
wonder if there are exactly three axes and if they're really orthogonal.
Can we start by taking the matrix approach in Kathleen's first email, and
"checking off" (as in John W's Stellar matrix example)
characteristics/features that each technology has? Since there are so many
consensus protocols and they change fast, we want to take a relatively
high-level approach for a key sampling of these.
For the Alice Participates in Bob's Research Study
<http://kantarainitiative.org/confluence/display/BSC/Alice+participates+in+B…>
use case, what are the strengths and weaknesses of doing things using
today's technologies and techniques?
- Registries related to particular diseases, such as cancer –
clinicaltrials.gov – centralized control systems record the outcome of
studies but don't engage with the patient in any way.
- To add such functionality, you'd have to bolt something on, or develop
a linking mechanism in between the two.
How could things be different?
- An information sharing agreement (a la JSON-LD) would point to the
study (which has a study number) and to the data needed (or a pointer to
it).
- Consent?
- Retrofit?
- Efficiency?
- Accountability?
- Trust mechanism? How do you establish that the next slot in the chain
is trustable? To what extent does this involve the "drug of centralization"
once again?
- Automatability/dynamism?
- If solved with "just blockchain", has these S&W
- If solved with "smart contracts", has these S&W
- If solved with both...
- If solved with IPFS...
A pattern we're imagining in the report is that many use cases will have
similar strength and weakness patterns, and we'll want to discuss those in
one big analysis section. Each use case may then have its own small
subsection(s) discussing delta as necessary. For example, if we think that
"automation vs. manual" is a strength of new tech vs. old tech, and
"privacy" is a weakness of new tech vs. old tech, we can say that once in
the big analysis section.
We might end up* recommending a Work Group that develops an architecture,
or set/range of architectures, that targets optimal outcomes among the
strengths, and mitigates the risks among the weaknesses.*
The ISO now has a blockchain group.
Next time:
- Search for independent and dependent variables among the "tensions",
as inspired by Kathleen and John W for the report
- Review use case analysis inputs from John W for the report, if
available
*Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
*ForgeRock Summits and UnSummits* are coming to
<http://summits.forgerock.com/> *London and Paris!*
FYI: John Gregory, the author of this piece is a highly respected lawyer http://www.slaw.ca/2016/09/19/smart-contracts/
John Wunderlich,
Sent frum a mobile device,
Pleez 4give speling erurz
"...a world of near-total surveillance and endless record-keeping is likely to be one with less liberty, less experimentation, and certainly far less joy..." A. Michael Froomkin
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. If you are not the intended recipient
you are notified that disclosing, copying, distributing or taking any
action in reliance on the contents of this information is strictly
prohibited.
