February 2024 - WG-RIUP - mailman.kantarainitiative.org

Government funded low-cost mobile devices
by Jorge Flores 25 Mar '24

25 Mar '24

I wanted to share a couple references to examples of government fund low-cost mobile devices that are often issued out to the poor or migrants https://www.fcc.gov/general/lifeline-program-low-income-consumers https://www.nbcnews.com/tech/mobile/these-states-depend-obama-phone-most-n3… https://www.cnn.com/2022/06/05/us/border-migrants-cell-phones-cec/index.html [signature_1798251717] Jorge Flores | Co-founder and CTO | Email: jorge(a)entidad.io | https://www.entidad.io<https://www.entidad.io/>

3 2

Why New York’s Plan to Give Migrants Debit Cards Came Under Fire - The New York Times
by Noreen Whysel 24 Feb '24

24 Feb '24

I know Wole, the founder of the company, MoCaFi, that was selected to provide debit cards to migrants in NYC. The pilot program provides $12 per day, in lieu of directly providing fresh food which had been underutilized, so a lot of the food spoiled. The debit card program requires recipients to be staying at one of the program’s hotels and that they have children. They also have to sign a pledge that they will only use it for food and baby supplies. It’s one of those “nanny” policies that is fairly common in NYC programs. It can only be used at grocery stores, greenmarkets and bodegas. I thought maybe it was a concession to the right, but there is a lot of disinformation about it anyway. https://www.nytimes.com/2024/02/23/nyregion/migrants-debit-cards-adams.html Noreen

2 2

RIUP WG meeting tomorrow, Feb 20, at 1 PM ET Status of Kantara publication document template?
by jim kragh 20 Feb '24

20 Feb '24

*RIUP's 1st/3rd Tuesday Meeting Link:* https://us06web.zoom.us/j/87499194761?pwd=cmhDTHBXV2VTbFBMZzllMlZVbnFoZz09 Meeting ID: 874 9919 4761 *Passcode: 837815* Dial by your location +1 346 248 7799 US (Houston) +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) +1 253 215 8782 US (Tacoma) +1 301 715 8592 US (Washington DC) +1 312 626 6799 US (Chicago) Meeting ID: 874 9919 4761 Passcode: 837815 You might recall last week that Noreen sent our WG this message with a link (below) to the *Vinton Cerf* article *Validating Factual Personal Information. In addition to this article, Noreen, Jorge and Tom *shared some* FNO* (first name only) thoughts and comments and Tom followed that with a bit of text in the link below. *Side note*: I am hopeful my dentist will see me tomorrow PM, thanks to a chipped tooth, I would be dropping off the call and Justin, Vice Chair, would be carry the discussion forward with Noreen and Tom. May all have a restful night, Jim *From Noreen*:Vint Cerf seems to be hinting toward the process we are working on in PEMC, MAAS and RIUP, only he doesn’t mention “mobile” or “wallet”. It seems like what he is describing for the most part already exists. But duplicates the problem of storing data in a browser or at the verifier. He does mention a registry several times. https://m-cacm.acm.org/magazines/2024/2/279540-validating-factual-personal-… The Naming of People ( tried to capture the issue here - our industry is making the problem worse. ..tom) Innovation has applied to Identifiers <https://tcwiki.azurewebsites.net/index.php?title=Identifier> applied to people. In Roman times, the family name (gens) was important, in Ancient Israel it was the tribal association. In western land the patronym became common. In Spain the matronym as added after the patronym. The Picts of Scotland used just the matronym. Confusion was crated when the location of these surnames turned out to very different in different part of the world. In 2024 we are still trying to reconcile these traditions with technology. 1. Dissolution of Monasteries: Henry VIII dissolved numerous monasteries and convents as part of the English Reformation. These religious institutions had often been centers of education, record-keeping, and administration. With their dissolution, many records were lost, including those containing information about lineage and family names. 2. Land Ownership and Taxation: As part of his reforms, Henry implemented a system of land ownership and taxation. To efficiently collect taxes and administer land, it became essential to have clear identification of individuals. Surnames played a crucial role in this process. 3. Formation of Parish Registers: The dissolution of monasteries also led to the establishment of parish registers. These registers recorded baptisms, marriages, and burials within parishes. Surnames were used to distinguish individuals, especially in densely populated areas. 4. Standardization and Legal Documentation: Henry’s government emphasized the need for standardized legal documentation. Surnames facilitated legal transactions, inheritance, and property rights. People began adopting fixed family names, which were passed down through generations. 5. Social Mobility and Identity: The use of surnames allowed for greater social mobility. Individuals could establish their identity beyond their occupation or location. It also provided a sense of belonging and lineage While Henry VIII didn’t explicitly demand the use of surnames, his policies indirectly encouraged their adoption. The dissolution of monasteries, administrative reforms, and the need for clear identification all contributed to the widespread use of surnames in England. Technology Unfortunately technology is created mostly in European-originated countries so we have absurdities like the following which mixes the idea of Surname (a logical type) with Firstname (a position type). Clearly this is an absurdity brought about by chauvinistic attitudes by developers.[1] <https://tcwiki.azurewebsites.net/index.php?title=Innovation#cite_note-1> "familyName": "Castafiori", "firstName": "Bianca", Be well! J

2 1

that naming of people
by Tom Jones 20 Feb '24

20 Feb '24

I found the *BIT* document to be horribly US centric. Here is a comment i shared with others on names - Perhaps we should take that up? The Naming of People Innovation is impacting Identifiers applied to people. In Roman times, the family name (gens) was important, in Ancient Israel it was the tribal association. In western land the patronym became common. In Spain the matronym is added after the patronym. The Picts of Scotland used just the matronym. Confusion was created when the location of these surnames turned out to be very different in different parts of the world. In 2024 we are still trying to reconcile these traditions with technology. 1. Dissolution of Monasteries: Henry VIII dissolved numerous monasteries and convents as part of the English Reformation. These religious institutions had often been centers of education, record-keeping, and administration. With their dissolution, many records were lost, including those containing information about lineage and family names. 2. Land Ownership and Taxation: As part of his reforms, Henry implemented a system of land ownership and taxation. To efficiently collect taxes and administer land, it became essential to have clear identification of individuals. Surnames played a crucial role in this process. 3. Formation of Parish Registers: The dissolution of monasteries also led to the establishment of parish registers. These registers recorded baptisms, marriages, and burials within parishes. Surnames were used to distinguish individuals, especially in densely populated areas. 4. Standardization and Legal Documentation: Henry’s government emphasized the need for standardized legal documentation. Surnames facilitated legal transactions, inheritance, and property rights. People began adopting fixed family names, which were passed down through generations. 5. Social Mobility and Identity: The use of surnames allowed for greater social mobility. Individuals could establish their identity beyond their occupation or location. It also provided a sense of belonging and lineage While Henry VIII didn’t explicitly demand the use of surnames, his policies indirectly encouraged their adoption. The dissolution of monasteries, administrative reforms, and the need for clear identification all contributed to the widespread use of surnames in England. And in China where the surname is the first name: 1. Chinese mythology traces the establishment of surnames back to the legendary figure Fuxi (with the surname Feng). Fuxi is said to have introduced surnames to distinguish different families and prevent marriages between people with the same family names. 2. Prior to the Warring States period (around the fifth century BC), only ruling families and the aristocratic elite possessed surnames. 3. These surnames are exclusively patronyms. Women typically do not change their surnames upon marriage, except in places with more Western influences. Meanwhile western countries are either combining patronyms and matronyms or following the Chinese tradition of allowing women to keep their surname after marriage. Technology Unfortunately technology is created mostly in European-originated countries so we have absurdities like the following which mixes the idea of Surname (a logical type) with Firstname (a position type). Clearly this is an absurdity brought about by chauvinistic attitudes of developers.[1] <https://tcwiki.azurewebsites.net/index.php?title=Innovation#cite_note-1> "familyName": "Castafiori", "firstName": "Bianca", - Draft Model Law on the Use and Cross-border Recognition of Identity Management and Trust Services <https://documents.un.org/doc/undoc/gen/v22/009/38/pdf/v2200938.pdf?token=2S…> goes into some detail on named trust registries. - https://en.wikipedia.org/wiki/Machine-readable_passports <https://en.wikipedia.org/wiki/Machine-readable_passport> have varying name fields based on the available space in the electronic readable part. It is known as Surname followed by Given Names (abbreviated if necessary). It is not clear if either the surname or the given names are actually lists (or includes spaces). - It might be instructive to look at a passport from Spain to see how they accommodate matronyms. - ..tom

1 0

Fwd: 2024.02.16
by Noreen Whysel 18 Feb '24

18 Feb '24

3 2

formated DII doc
by Tom Jones 16 Feb '24

16 Feb '24

I could not get the level two headers to work as advertised If anyone knows how to make the Kantara template work, please help. ..tom

1 0

Validating Factual Personal Information | February 2024 | Communications of the ACM
by Noreen Whysel 12 Feb '24

12 Feb '24

Vint Cerf seems to be hinting toward the process we are working on in PEMC, MAAS and RIUP, only he doesn’t mention “mobile” or “wallet”. It seems like what he is describing for the most part already exists. But duplicates the problem of storing data in a browser or at the verifier. He does mention a registry several times. Vint sits on one of my boards and I can see if he’s interested in joining a call sometime. https://m-cacm.acm.org/magazines/2024/2/279540-validating-factual-personal-… Noreen

1 0

the current working document
by Tom Jones 06 Feb '24

06 Feb '24

https://docs.google.com/document/d/1-amM1fVtVKEILrXFbLBnVZ9S_BfpZW3s/edit?u…

1 0

RIUP WG meets tomorrow at 1 PM ET, February 6, 2024
by jim kragh 06 Feb '24

06 Feb '24

*RIUP's 1st/3rd Tuesday Meeting Link:* https://us06web.zoom.us/j/87499194761?pwd=cmhDTHBXV2VTbFBMZzllMlZVbnFoZz09 Meeting ID: 874 9919 4761 *Passcode: 837815* Dial by your location +1 346 248 7799 US (Houston) +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) +1 253 215 8782 US (Tacoma) +1 301 715 8592 US (Washington DC) +1 312 626 6799 US (Chicago) Meeting ID: 874 9919 4761 Passcode: 837815 Good evening! Below is a use case outline that RIUP WG members cultivated 2+ months ago that we can use as a starting point for our work group meeting tomorrow. Sample Use Cases include the farm workers below, indian reservations and corrections for starters Owned by Noreen Whysel <https://kantara.atlassian.net/wiki/people/5d5f436f17bc890d28ef6291?ref=conf…> Last updated: Nov 21, 2023 <https://kantara.atlassian.net/wiki/pages/diffpagesbyversion.action?pageId=2…> 1 min read *Farm Worker Use Case* - Tend to move as family - Tend to be more than one worker per family - Only one phone per family - Phone can be lost or lent to someone else - Organization providing services: - United Farmworkers - Cirrus (spelling) - Low assurance since it is used for more than one person. - Credentials themselves could have high assurance How it works - Assign a DID - User gets the wallet and user attaches the credentials they want to it - High quality credentials associated with the DID - Enables lightweight identity structure - Can’t do heavy weight without enrollment system *Successful Use Cases*: - Louisiana allows people to place in a digital wallet for $6 - Red Cross and Farm Workers' Union have “Circle of Trust/Identity” that allows individuals within one's social group to attest to a person’s identity - Ukraine: online bank accounts are attached to mobile devices used to verify identity *Other Possible Use Cases:* Services in other countries (Simone) - Going on foreign travel soon - Interested to see how 3rd world countries handle ID for various purposes. United Way (TomJ) - Concerned about deduplication to avoid fraud. Deduplication is contracted out to another entity. 2 methods: avoid killing patients, avoid fraud. Carmen at ONC working on patient matching. *Issues*: - Bev: Classification needs to be dynamic, multidimensional to address multitude of complex situations - Tom: Identity and identifier (association with the identity) needs to be separate - Bev: Self-asserted identity

1 1

Fwd: W3C Workshop Report: Secure the Web Forward
by Tom Jones 01 Feb '24

01 Feb '24

an effort is underway to secure the web https://www.w3.org/2023/03/secure-the-web-forward/report.html their first priorities are "start by documenting threat models on the web and* formulating end-user stories related to security to inform standardization groups*, developers, and policy makers." I would like to add this effort as one of the targets of the RIUP use cases that are now under development in RIUP ..tom ---------- Forwarded message --------- From: Ian Jacobs <ij(a)w3.org> Date: Thu, Feb 1, 2024 at 11:24 AM Subject: Fwd: W3C Workshop Report: Secure the Web Forward To: <public-payments-wg(a)w3.org> Dear Web Payments WG, For those interested in security, W3C published today a report from the September 2023 Workshop "Secure the Web Forward”: https://www.w3.org/2023/03/secure-the-web-forward/report.html Ian Begin forwarded message: *From: *xueyuan <xueyuan(a)w3.org> *Subject: **W3C Workshop Report: Secure the Web Forward* *Date: *February 1, 2024 at 12:59:05 AM CST *To: *chairs(a)w3.org *Resent-From: *chairs(a)w3.org Dear Chairs, The report from the W3C Secure the Web Forward Workshop [1], held online in September 2023 in coordination with OpenSSF, OWASP and OpenJS, is now available: https://www.w3.org/2023/03/secure-the-web-forward/report.html This report contains a brief summary, collects highlights from the live sessions, links to the presentation videos, and details next steps. The workshop was organized to review the state of technologies (existing, in development, or proposed), guidelines, tools, and documentation available to developers to secure applications deployed on the web, and coordinate relevant activities. About 30 people attended the live sessions to discuss the 9 selected position papers along 3 different themes: supply chain security (including Software Bills of Materials, also known as SBOMs), JavaScript security, and developer awareness. Participants acknowledged the growing complexity of web applications and of security related web technologies (e.g., CORS, Content Security Policy), which together makes it challenging for developers to secure applications. The main outcomes are that: - The use of SBOMs, which some regulations may require, could help developers keep track of security vulnerabilities. - A verification mechanism, such as the Source Code Transparency proposal, would allow browsers to validate that the application resources received match the resources advertised by the application developer in a web bundle or an SBOM and possibly analyzed by security researchers. - In parallel, JavaScript execution could be split in Compartments to isolate third party code and keep their power under control. Making this foolproof with the design of the DOM API remains a challenge. - Additionally, same origin realms can be manipulated by an attacker against the web application itself when they are not properly handled. Web applications should have the ability to control, at load time, how the potentially untrusted code they contain can create or access same origin realms. - Cookies are another source of security vulnerabilities. The deprecation of third party cookies creates a unique opportunity to revise the defaults of the cookies model for the web for increased security. - Regardless of technical solutions, a documentation effort is warranted: tutorials, how-tos, references, guides and best practices, targeted at developers as well as policy makers. On top of progressing technical topics mentioned above, one of the suggested next steps is to initiate an activity, possibly hosted within a W3C Community Group, set to take a holistic approach to security and coordinate collaborations with other organizations (OpenSSF, OWASP, OpenJS, Open Web Docs, MDN, IETF, etc.). This activity could start by documenting threat models on the web and formulating end-user stories related to security to inform standardization groups, developers, and policy makers. Progress on this proposal is tracked in a GitHub issue [2]. Interested parties can contact Francois Daoust <fd(a)w3.org>. W3C thanks those who helped with the organization and execution of the workshop, including members of the Program Committee, speakers, the MDN team, the WebDX Community Group and workshop participants. For Philippe le Hégaret, Strategy Lead; Xueyuan Jia, W3C Marketing & Communications [1] https://www.w3.org/2023/03/secure-the-web-forward/ [2] https://github.com/w3c/secure-the-web-forward-workshop/issues/42 -- Ian Jacobs <ij(a)w3.org> https://www.w3.org/People/Jacobs/ Tel: +1 917 450 8783

2 1

2024

2023

WG-RIUP February 2024 ----- 2024 ----- May 2024 April 2024 March 2024 February 2024 January 2024 ----- 2023 ----- December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023

WG-RIUP February 2024