Hi James,

Native block chains have little in the way of security.  Boiled down, they are a set of transaction records bound together by PKI in a chain of trust.  The provenance of the actors interacting with the chain depends upon a Proof of Work, which requires significant computational power to do.  

As with any database, access control is essential for the business use of any block chain, for reasons of compliance and risk management.   This normally needs to be federated and high assurance, if it is supporting the sharing of sensitive information across organisations.   Block chain requirements for federated high assurance AAA (Authentication, Authorisation and Accountability) are emerging.  PKI federation per ISO 29115 is the norm for high assurance federated identity management, signature and encryption - all of these functions are required to support privacy and commercial sensitivities too. 

The potential exists to leverage PKI federation to support the block chain itself, the access control, privacy, smart contracts, secure payments and more. It could potentially replace the proof of work.   It also has the potential to support interoperability across/between compliant block chains.  This could be vital to support scalability, as the computing power to support a block chain can grow exponentially as the chain grows.    

Use cases and products in the financial sector are expanding fast, with many banks indicating that they will enter the market later this year.  Some governments are experimenting/piloting too.  However, perhaps more interesting, is the number of non-financial block chain initiatives that are starting up in different industry sectors.

Your point about IoT and domestic sensors is interesting.  Many organisations are hovering around this area, particularly telcos, promising announcements in 2017.  Much to discuss, I am sure.

As I said to Colin Wallis, do we want to attract some of the telcos and BC start ups into this group and, if so, what is the value prop?

My tuppence for the moment.

Patrick

Patrick Curry
Director

British Business Federation Authority - BBFA Ltd
M: +44 786 024 9074
T:   +44 1980 620606
patrick.curry@bbfa.info
www.bbfa.info – a not-for-profit, self-regulating body   



On 14 Jul 2016, at 13:30, James Hazard <james.g.hazard@gmail.com> wrote:

Jeff, 

Thanks and agreed.  I am not the most technical of the people on this list (and seek to be corrected), so here is how it looks:

1.  Blockchain is an inappropriate platform for many uses. Blockchains are, as you say, slow, redundant, and not privacy-preserving.  Other databases are more appropriate for most transacting. If there is a non-technical basis for trust, which is the case in most interpersonal transacting, then you don't need a blockchain.  

2.  Git, IPFS, Interledger, Corda (not intended as a complete list, but what has caught my eye) seem well-positioned to provide crypto-based notarization and synchronization of records.  

3. Within an organization, records will be stored in conventional databases or modern equivalents such as graph databases.  Those records will originate from multiple sources. There needs to be proof that the internal record is the same as the original.  Some see a future of IPFS as the canonical format for storage, with operational or analytic work being done in graph databases.

4. Blockchains appear to be a good solution, perhaps the only solution, to the worst case - where there isn't a basis for trust.  In the IoT, this worst case will become very widespread - when your thermostat (door clicker or pacemaker) tells the furnace to turn on, the furnace needs to authenticate the thermostat and receive tokens that will allow the furnace to order more fuel. The internet connection might be down and the house working on battery backup, so they need to sort this out themselves.  Once telecoms are reestablished, the record of their interaction will want to be integrated into and validated by the homeowner's off-site canonical image of themselves, and then destroyed.  

5. This worst-case, blockchain-based scenario must inform the design of the platform, but most social interactions will be done without blockchains. 

Eager for correction. 

Jim


On Thu, Jul 14, 2016 at 6:27 AM, j stollman <stollman.j@gmail.com> wrote:
I am concerned that there may be an important misunderstanding about the power of blockchain in a large scale deployment with regards to query capability.

It is easy to add transactions of all kinds to the blockchain.  It is harder to query the blockchain efficiently to get information out.  The blockchain does store data, but it is not a database.  It does not directly support indexed fields that make queries efficient and scalable.  With crypto-currencies such as Bitcoin, all transactions are for anonymous, fungible, virtual assets (e.g., Bitcoins).  But once the transactions become explicit, unique, assets (e.g., various identity attributes or consent receipts unique to particular websites or transactions), it becomes necessary to find individual needles in the haystack.  And the latency for such searches degrades rapidly as the blockchain grows larger.

Because scalability and performance are merely assumed and not explicitly specified in our discussions, I wanted to point out that  just because something can be added to a blockchain does not imply that it will be scalable and provide adequate performance.  To assume this could lead to a lot of churn.

Thank you.

Jeff


---------------------------------
Jeff Stollman
stollman.j@gmail.com
1 202.683.8699

Truth never triumphs — its opponents just die out.
Science advances one funeral at a time.
                                    Max Planck

On Wed, Jul 13, 2016 at 6:50 PM, James Hazard <james.g.hazard@gmail.com> wrote:
On the theme of Patient Consents, I put one of the documents that John suggested into modular format.  The organization of the document follows the original, with meaningful names for the various sections based on my hunches.  The names for roles are not yet meaningful, just placeholders.   


On Tue, Jul 12, 2016 at 11:23 AM, Eve Maler <eve.maler@forgerock.com> wrote:
http://kantarainitiative.org/confluence/display/BSC/2016-07+%28July+2016%29+Meetings#id-2016-07(July2016)Meetings-TuesdayJuly12

Attending: Thomas, Eve, Jim, Scott S, Don, Marc, Philippe, Thorsten, Ann, John W

The May 23-24 event at MIT, variously called Digital Contracts, Identities, and Blockchain and Digital Identities, Contracts, and Blockchain, had some notes as output. Here are relevant links:

For a candidate use case, Jim proposes: Patient consent, in a context of 3-4 countries – e.g., including France, Germany. Leverage the GA4GH (Global Alliance for Genomics and Health) and genetic research. Jim has been discussing this use case with Bart Suiches of Philips Blockchain Lab. Would this be about storing consents? The GA4GH folks have a committee that created a model data sharing consent form in CommonAccord. There's capacity for it to be signed.

Would the Consent Receipts work be able to handle a machine-readable representation? It might need to be extended. This would be a good use case for extensibility for that spec.

Culture might be the biggest barrier around consent – IRBs and equivalents would have trouble conceiving of consent as anything but a one-way door. John notes that there are six different ways to get approval to process data, and only one of them is consent. John recommends narrowing down this as a use case a bit, since it involves research and IRBs and such and takes it out of the full health regulatory environment (at least in the Canadian system). This is really a "health research" use case more than a "healthcare" use case, as it stands.

AI: John to share research consent templates with Jim/the group.

On Thursday, Scott will present a sample use case template into which we can fill use case content. Everybody should take the opportunity to get familiar with the linked material above, and start to think about their own use cases they'd like to collect.

Eve Maler
ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
ForgeRock Summits and UnSummits are coming to Sydney, London, and Paris!


_______________________________________________
DG-BSC mailing list
DG-BSC@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-bsc




--
@commonaccord

_______________________________________________
DG-BSC mailing list
DG-BSC@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-bsc





--
@commonaccord
_______________________________________________
DG-BSC mailing list
DG-BSC@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-bsc