I know Wole, the founder of the company, MoCaFi, that was selected to provide debit cards to migrants in NYC. The pilot program provides $12 per day, in lieu of directly providing fresh food which had been underutilized, so a lot of the food spoiled. The debit card program requires recipients to be staying at one of the program’s hotels and that they have children. They also have to sign a pledge that they will only use it for food and baby supplies. It’s one of those “nanny” policies that is fairly common in NYC programs. It can only be used at grocery stores, greenmarkets and bodegas. I thought maybe it was a concession to the right, but there is a lot of disinformation about it anyway.
https://www.nytimes.com/2024/02/23/nyregion/migrants-debit-cards-adams.html
Noreen
*RIUP's 1st/3rd Tuesday Meeting Link:*
https://us06web.zoom.us/j/87499194761?pwd=cmhDTHBXV2VTbFBMZzllMlZVbnFoZz09
Meeting ID: 874 9919 4761
*Passcode: 837815*
Dial by your location
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 669 900 9128 US (San Jose)
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
Meeting ID: 874 9919 4761
Passcode: 837815
You might recall last week that Noreen sent our WG this message with a link
(below) to the *Vinton Cerf* article *Validating Factual Personal
Information. In addition to this article, Noreen, Jorge and Tom *shared
some* FNO* (first name only) thoughts and comments and Tom followed that
with a bit of text in the link below. *Side note*: I am hopeful my dentist
will see me tomorrow PM, thanks to a chipped tooth, I would be dropping off
the call and Justin, Vice Chair, would be carry the discussion forward with
Noreen and Tom. May all have a restful night, Jim
*From Noreen*:Vint Cerf seems to be hinting toward the process we are
working on in PEMC, MAAS and RIUP, only he doesn’t mention “mobile” or
“wallet”. It seems like what he is describing for the most part already
exists. But duplicates the problem of storing data in a browser or at the
verifier. He does mention a registry several times.
https://m-cacm.acm.org/magazines/2024/2/279540-validating-factual-personal-…
The Naming of People ( tried to capture the issue here - our industry is
making the problem worse. ..tom)
Innovation has applied to Identifiers
<https://tcwiki.azurewebsites.net/index.php?title=Identifier> applied to
people. In Roman times, the family name (gens) was important, in Ancient
Israel it was the tribal association. In western land the patronym became
common. In Spain the matronym as added after the patronym. The Picts of
Scotland used just the matronym. Confusion was crated when the location of
these surnames turned out to very different in different part of the world.
In 2024 we are still trying to reconcile these traditions with technology.
1. Dissolution of Monasteries: Henry VIII dissolved numerous monasteries
and convents as part of the English Reformation. These religious
institutions had often been centers of education, record-keeping, and
administration. With their dissolution, many records were lost, including
those containing information about lineage and family names.
2. Land Ownership and Taxation: As part of his reforms, Henry
implemented a system of land ownership and taxation. To efficiently collect
taxes and administer land, it became essential to have clear identification
of individuals. Surnames played a crucial role in this process.
3. Formation of Parish Registers: The dissolution of monasteries also
led to the establishment of parish registers. These registers recorded
baptisms, marriages, and burials within parishes. Surnames were used to
distinguish individuals, especially in densely populated areas.
4. Standardization and Legal Documentation: Henry’s government
emphasized the need for standardized legal documentation. Surnames
facilitated legal transactions, inheritance, and property rights. People
began adopting fixed family names, which were passed down through
generations.
5. Social Mobility and Identity: The use of surnames allowed for greater
social mobility. Individuals could establish their identity beyond their
occupation or location. It also provided a sense of belonging and lineage
While Henry VIII didn’t explicitly demand the use of surnames, his policies
indirectly encouraged their adoption. The dissolution of monasteries,
administrative reforms, and the need for clear identification all
contributed to the widespread use of surnames in England.
Technology
Unfortunately technology is created mostly in European-originated countries
so we have absurdities like the following which mixes the idea of Surname
(a logical type) with Firstname (a position type). Clearly this is an
absurdity brought about by chauvinistic attitudes by developers.[1]
<https://tcwiki.azurewebsites.net/index.php?title=Innovation#cite_note-1>
"familyName": "Castafiori",
"firstName": "Bianca",
Be well! J
I found the *BIT* document to be horribly US centric. Here is a comment i
shared with others on names - Perhaps we should take that up?
The Naming of People
Innovation is impacting Identifiers applied to people. In Roman times, the
family name (gens) was important, in Ancient Israel it was the tribal
association. In western land the patronym became common. In Spain the
matronym is added after the patronym. The Picts of Scotland used just the
matronym. Confusion was created when the location of these surnames turned
out to be very different in different parts of the world. In 2024 we are
still trying to reconcile these traditions with technology.
1. Dissolution of Monasteries: Henry VIII dissolved numerous monasteries
and convents as part of the English Reformation. These religious
institutions had often been centers of education, record-keeping, and
administration. With their dissolution, many records were lost, including
those containing information about lineage and family names.
2. Land Ownership and Taxation: As part of his reforms, Henry
implemented a system of land ownership and taxation. To efficiently collect
taxes and administer land, it became essential to have clear identification
of individuals. Surnames played a crucial role in this process.
3. Formation of Parish Registers: The dissolution of monasteries also
led to the establishment of parish registers. These registers recorded
baptisms, marriages, and burials within parishes. Surnames were used to
distinguish individuals, especially in densely populated areas.
4. Standardization and Legal Documentation: Henry’s government
emphasized the need for standardized legal documentation. Surnames
facilitated legal transactions, inheritance, and property rights. People
began adopting fixed family names, which were passed down through
generations.
5. Social Mobility and Identity: The use of surnames allowed for greater
social mobility. Individuals could establish their identity beyond their
occupation or location. It also provided a sense of belonging and lineage
While Henry VIII didn’t explicitly demand the use of surnames, his policies
indirectly encouraged their adoption. The dissolution of monasteries,
administrative reforms, and the need for clear identification all
contributed to the widespread use of surnames in England.
And in China where the surname is the first name:
1. Chinese mythology traces the establishment of surnames back to the
legendary figure Fuxi (with the surname Feng). Fuxi is said to have
introduced surnames to distinguish different families and prevent marriages
between people with the same family names.
2. Prior to the Warring States period (around the fifth century BC),
only ruling families and the aristocratic elite possessed surnames.
3. These surnames are exclusively patronyms. Women typically do not
change their surnames upon marriage, except in places with more Western
influences. Meanwhile western countries are either combining patronyms and
matronyms or following the Chinese tradition of allowing women to keep
their surname after marriage.
Technology
Unfortunately technology is created mostly in European-originated countries
so we have absurdities like the following which mixes the idea of Surname
(a logical type) with Firstname (a position type). Clearly this is an
absurdity brought about by chauvinistic attitudes of developers.[1]
<https://tcwiki.azurewebsites.net/index.php?title=Innovation#cite_note-1>
"familyName": "Castafiori",
"firstName": "Bianca",
- Draft Model Law on the Use and Cross-border Recognition of Identity
Management and Trust Services
<https://documents.un.org/doc/undoc/gen/v22/009/38/pdf/v2200938.pdf?token=2S…>
goes into some detail on named trust registries.
- https://en.wikipedia.org/wiki/Machine-readable_passports
<https://en.wikipedia.org/wiki/Machine-readable_passport> have varying
name fields based on the available space in the electronic readable part.
It is known as Surname followed by Given Names (abbreviated if necessary).
It is not clear if either the surname or the given names are actually lists
(or includes spaces).
- It might be instructive to look at a passport from Spain to see how
they accommodate matronyms.
-
..tom
Vint Cerf seems to be hinting toward the process we are working on in PEMC, MAAS and RIUP, only he doesn’t mention “mobile” or “wallet”. It seems like what he is describing for the most part already exists. But duplicates the problem of storing data in a browser or at the verifier. He does mention a registry several times.
Vint sits on one of my boards and I can see if he’s interested in joining a call sometime.
https://m-cacm.acm.org/magazines/2024/2/279540-validating-factual-personal-…
Noreen
*RIUP's 1st/3rd Tuesday Meeting Link:*
https://us06web.zoom.us/j/87499194761?pwd=cmhDTHBXV2VTbFBMZzllMlZVbnFoZz09
Meeting ID: 874 9919 4761
*Passcode: 837815*
Dial by your location
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 669 900 9128 US (San Jose)
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
Meeting ID: 874 9919 4761
Passcode: 837815
Good evening!
Below is a use case outline that RIUP WG members cultivated 2+ months ago
that we can use as a starting point for our work group meeting tomorrow.
Sample Use Cases include the farm workers below, indian reservations and
corrections for starters
Owned by Noreen Whysel
<https://kantara.atlassian.net/wiki/people/5d5f436f17bc890d28ef6291?ref=conf…>
Last
updated: Nov 21, 2023
<https://kantara.atlassian.net/wiki/pages/diffpagesbyversion.action?pageId=2…>
1 min read
*Farm Worker Use Case*
-
Tend to move as family
-
Tend to be more than one worker per family
-
Only one phone per family
-
Phone can be lost or lent to someone else
-
Organization providing services:
-
United Farmworkers
-
Cirrus (spelling)
-
Low assurance since it is used for more than one person.
-
Credentials themselves could have high assurance
How it works
-
Assign a DID
-
User gets the wallet and user attaches the credentials they want to it
-
High quality credentials associated with the DID
-
Enables lightweight identity structure
-
Can’t do heavy weight without enrollment system
*Successful Use Cases*:
-
Louisiana allows people to place in a digital wallet for $6
-
Red Cross and Farm Workers' Union have “Circle of Trust/Identity” that
allows individuals within one's social group to attest to a person’s
identity
-
Ukraine: online bank accounts are attached to mobile devices used to
verify identity
*Other Possible Use Cases:*
Services in other countries (Simone)
-
Going on foreign travel soon
-
Interested to see how 3rd world countries handle ID for various purposes.
United Way (TomJ)
-
Concerned about deduplication to avoid fraud. Deduplication is
contracted out to another entity. 2 methods: avoid killing patients, avoid
fraud. Carmen at ONC working on patient matching.
*Issues*:
-
Bev: Classification needs to be dynamic, multidimensional to address
multitude of complex situations
-
Tom: Identity and identifier (association with the identity) needs to be
separate
-
Bev: Self-asserted identity
an effort is underway to secure the web
https://www.w3.org/2023/03/secure-the-web-forward/report.html
their first priorities are "start by documenting threat models on the web
and* formulating end-user stories related to security to inform
standardization groups*, developers, and policy makers."
I would like to add this effort as one of the targets of the RIUP use cases
that are now under development in RIUP
..tom
---------- Forwarded message ---------
From: Ian Jacobs <ij(a)w3.org>
Date: Thu, Feb 1, 2024 at 11:24 AM
Subject: Fwd: W3C Workshop Report: Secure the Web Forward
To: <public-payments-wg(a)w3.org>
Dear Web Payments WG,
For those interested in security, W3C published today a report from the
September 2023 Workshop "Secure the Web Forward”:
https://www.w3.org/2023/03/secure-the-web-forward/report.html
Ian
Begin forwarded message:
*From: *xueyuan <xueyuan(a)w3.org>
*Subject: **W3C Workshop Report: Secure the Web Forward*
*Date: *February 1, 2024 at 12:59:05 AM CST
*To: *chairs(a)w3.org
*Resent-From: *chairs(a)w3.org
Dear Chairs,
The report from the W3C Secure the Web Forward Workshop [1], held online in
September 2023 in coordination with OpenSSF, OWASP and OpenJS, is now
available:
https://www.w3.org/2023/03/secure-the-web-forward/report.html
This report contains a brief summary, collects highlights from the live
sessions, links to the presentation videos, and details next steps.
The workshop was organized to review the state of technologies (existing,
in development, or proposed), guidelines, tools, and documentation
available to developers to secure applications deployed on the web, and
coordinate relevant activities. About 30 people attended the live sessions
to discuss the 9 selected position papers along 3 different themes: supply
chain security (including Software Bills of Materials, also known as
SBOMs), JavaScript security, and developer awareness. Participants
acknowledged the growing complexity of web applications and of security
related web technologies (e.g., CORS, Content Security Policy), which
together makes it challenging for developers to secure applications.
The main outcomes are that:
- The use of SBOMs, which some regulations may require, could help
developers keep track of security vulnerabilities.
- A verification mechanism, such as the Source Code Transparency proposal,
would allow browsers to validate that the application resources received
match the resources advertised by the application developer in a web bundle
or an SBOM and possibly analyzed by security researchers.
- In parallel, JavaScript execution could be split in Compartments to
isolate third party code and keep their power under control. Making this
foolproof with the design of the DOM API remains a challenge.
- Additionally, same origin realms can be manipulated by an attacker
against the web application itself when they are not properly handled. Web
applications should have the ability to control, at load time, how the
potentially untrusted code they contain can create or access same origin
realms.
- Cookies are another source of security vulnerabilities. The deprecation
of third party cookies creates a unique opportunity to revise the defaults
of the cookies model for the web for increased security.
- Regardless of technical solutions, a documentation effort is warranted:
tutorials, how-tos, references, guides and best practices, targeted at
developers as well as policy makers.
On top of progressing technical topics mentioned above, one of the
suggested next steps is to initiate an activity, possibly hosted within a
W3C Community Group, set to take a holistic approach to security and
coordinate collaborations with other organizations (OpenSSF, OWASP, OpenJS,
Open Web Docs, MDN, IETF, etc.). This activity could start by documenting
threat models on the web and formulating end-user stories related to
security to inform standardization groups, developers, and policy makers.
Progress on this proposal is tracked in a GitHub issue [2].
Interested parties can contact Francois Daoust <fd(a)w3.org>.
W3C thanks those who helped with the organization and execution of the
workshop, including members of the Program Committee, speakers, the MDN
team, the WebDX Community Group and workshop participants.
For Philippe le Hégaret, Strategy Lead;
Xueyuan Jia, W3C Marketing & Communications
[1] https://www.w3.org/2023/03/secure-the-web-forward/
[2] https://github.com/w3c/secure-the-web-forward-workshop/issues/42
--
Ian Jacobs <ij(a)w3.org>
https://www.w3.org/People/Jacobs/
Tel: +1 917 450 8783