Sorry to have missed Eve on her soapbox. Is it better if there are skeptics in the crowd?

I don't understand the structure of this Kantara report exercise but it sounds like we're looking for a consensus position with a possible minority report. If the "self-sovereign technology stack" turns out to be a minority opinion, I'll be happy to edit it.

My soapbox is THCB - I expect Self-Sovereign Identity in Healthcare to get posted in the next day or three. Here's my source file.

Adrian


On Thu, Nov 3, 2016 at 4:10 PM, John Moehrke <johnmoehrke@gmail.com> wrote:
+1

JohnM

John Moehrke
Principal Engineering Architect: Standards - Interoperability, Privacy, and Security
CyberPrivacy – Enabling authorized communications while respecting Privacy
M +1 920-564-2067
JohnMoehrke@gmail.com
https://www.linkedin.com/in/johnmoehrke
https://healthcaresecprivacy.blogspot.com
"Quis custodiet ipsos custodes?" ("Who watches the watchers?")

On Thu, Nov 3, 2016 at 2:12 PM, John Wunderlich <john@wunderlich.ca> wrote:
3 cheers for Eve on a soap-box. Sorry I missed it. 
John Wunderlich,

Sent frum a mobile device,
Pleez 4give speling erurz

"...a world of near-total surveillance and endless record-keeping is likely to be one with less liberty, less experimentation, and certainly far less joy..." A. Michael Froomkin

_____________________________
From: Eve Maler <eve.maler@forgerock.com>
Sent: Thursday, November 3, 2016 3:00 PM
Subject: [DG-BSC] Notes from BSC telecon Thursday, November 3
To: <dg-bsc@kantarainitiative.org>



http://kantarainitiative.org/confluence/display/BSC/2016-11+%28November+2016%29+Meetings#id-2016-11(November2016)Meetings-Thursday,November3

Agenda:

  • Report writing – Sovrin Foundation questionnaire answers discussion

Attending: Eve, Thomas, Kathleen, Scott S, Susan

What's the right way to proceed? We don't have a lot of time to engage in a back-and-forth; we should write in our report whatever our analysis is, and if we have dissenting opinions we can attach those in appendices or whatever.

Let's bubble up the reason for Sovrin's existence. The vision is, of course, familiar, with a new technology being introduced to solve it better than before. In May, Thomas asked Chris Allen "How do you get the counterparty to accept what's being offered?" (In this case, it's a relying party accepting a self-sovereign identity.) Thomas points to a different system that leverages blockchain to provide somewhat similar capability, CONIKS: The individual can generate new key pairs, and there's a ledger that records the history of the key pairs over time. Binding the record to a (say) proofed identity is the exercise left for the reader, so IAM would still be needed. It's a kind of key directory that gives correlatability over time of a set of keys. Maybe this, and Sovrin, and certificate transparency, all are different approaches to the "blockchain identity use case".

Eve temporarily climbed up on a soapbox  to rant about identity as, in great part, a function of an individual's relationship with an organization (e.g. vendor or whatever). Thomas points out this is in Chapter 2 of his new book! Thus, many attributes/claims that the organization has to store are unique to that organization, and it's inefficient and pointless for the individual to store them in tamper-proof form anywhere else. Susan points out that "self-sovereign" has grabbed the world's imagination, and a lot of it has to do with consent.

A big concern of Eve's is: When we're talking about autonomous individuals, in the cases of what solutions does Alice have to go get an app from an app store or a browser plugin (thinking of things like "Sovrin clients")? The thinking is that requiring users to take an extra step is likely to make a solution fail unless some vertically integrated provider (like Apple or Google) builds it in, or some country forces the solution. A big question is: "What does the consumer want?" Does Alice want to install something?

Sovrin does add a unique multi-stakeholder governance model, which mitigates risk well beyond what Ripple could do beyond its four virtual walls.

We do seem to have gained some consensus here on skepticism about the longstanding aims of the user-centric/self-sovereign movement, which we'll have to capture in our report and share back with the various stakeholders.

Eve Maler
ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
The ForgeRock Identity Summit is coming to Paris in November!





This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

_______________________________________________
DG-BSC mailing list
DG-BSC@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-bsc



_______________________________________________
DG-BSC mailing list
DG-BSC@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-bsc




--

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.

DONATE: http://patientprivacyrights.org/donate-2/