Agenda:

• Report writing – Sovrin Foundation questionnaire answers discussion

Attending: Eve, Thomas, Kathleen, Scott S, Susan

What's the right way to proceed? We don't have a lot of time to engage in a back-and-forth; we should write in our report whatever our analysis is, and if we have dissenting opinions we can attach those in appendices or whatever.

Let's bubble up the reason for Sovrin's existence. The vision is, of course, familiar, with a new technology being introduced to solve it better than before. In May, Thomas asked Chris Allen "How do you get the counterparty to accept what's being offered?" (In this case, it's a relying party accepting a self-sovereign identity.) Thomas points to a different system that leverages blockchain to provide somewhat similar capability, CONIKS: The individual can generate new key pairs, and there's a ledger that records the history of the key pairs over time. Binding the record to a (say) proofed identity is the exercise left for the reader, so IAM would still be needed. It's a kind of key directory that gives correlatability over time of a set of keys. Maybe this, and Sovrin, and certificate transparency, all are different approaches to the "blockchain identity use case".

Eve temporarily climbed up on a soapbox  to rant about identity as, in great part, a function of an individual's relationship with an organization (e.g. vendor or whatever). Thomas points out this is in Chapter 2 of his new book! Thus, many attributes/claims that the organization has to store are unique to that organization, and it's inefficient and pointless for the individual to store them in tamper-proof form anywhere else. Susan points out that "self-sovereign" has grabbed the world's imagination, and a lot of it has to do with consent.

A big concern of Eve's is: When we're talking about autonomous individuals, in the cases of what solutions does Alice have to go get an app from an app store or a browser plugin (thinking of things like "Sovrin clients")? The thinking is that requiring users to take an extra step is likely to make a solution fail unless some vertically integrated provider (like Apple or Google) builds it in, or some country forces the solution. A big question is: "What does the consumer want?" Does Alice want to install something?

Sovrin does add a unique multi-stakeholder governance model, which mitigates risk well beyond what Ripple could do beyond its four virtual walls.

We do seem to have gained some consensus here on skepticism about the longstanding aims of the user-centric/self-sovereign movement, which we'll have to capture in our report and share back with the various stakeholders.