On 31 Oct 2015, at 7:26 AM, j stollman <stollman.j@gmail.com> wrote:Eve,Allow me to correct as mis-statement. One of the benefits of the blockchain is that it creates a transparent, non-reputiatable, transaction log. Claiming to have "lost my key" would not prevent the counterparty from decrypting the transaction as evidence that it took place.Jeff_______________________________________________---------------------------------Jeff Stollman
stollman.j@gmail.com
1 202.683.8699Truth never triumphs — its opponents just die out.Science advances one funeral at a time.Max PlanckOn Sat, Oct 31, 2015 at 7:14 AM, Kelts, David <DKelts@morphotrust.com> wrote:My apologies to the group if I came off salesy. I grabbed an example off the top of my head that made mental sense - all organizations I respect and think people trust - to make a point. Having understood this version of blockchain usage anew, yes I am going to take action to see what my company’s directions will be.
On Oct 30, 2015, at 8:01 PM, BridgeIDentity <tim@BridgeIDentity.com> wrote:
David,Ouch!!!! You hit this on the nail.First off, MIT is awesome and I am loving their work every day.Keep in mind that “the Ledger” you reference is not a ledger. There are multiple ledgers using the base protocol.Public and private mining pools will develop to support every application we can conceive for good and bad reasons.UMA, that matters!Is Morpho willing to create their own open blockchain (i.e. MyMorphoID.com) that I can open link to with say MyBirthID.com? Let me know as I am all ears.It really all comes down to silo and gov protectionism when really it is the UMA focus here. Figure it out or someone else will.If not, please leave your sales pitch at the door!TimFrom: wg-uma-bounces@kantarainitiative.org [mailto:wg-uma-bounces@kantarainitiative.org] On Behalf Of Kelts, David
Sent: Friday, October 30, 2015 2:10 PM
To: Eve Maler; wg-uma@kantarainitiative.org WG
Subject: Re: [WG-UMA] Notes from UMA legal subgroup telecon 2015-10-30This email is an awesome font of information. Thanks.One of the things I learned at IIW (which, of course, could be refutable because it was I who learned it…) is that there are models where you could separate Bitcoins from the Blockchain algorithm and the Distributed Ledger. Bitcoin is an incentive mechanism for miners to solve crypto problems for the right to earn the transaction fees and write the next transaction block to the Ledger. Other models, where, for instance, ‘n’ entities could round robin the writing of the transaction blocks would be less processor intensive and still maintain a perfectly good Distributed Ledger for public use. As a more specific hypothetical example, if MIT and EFF and NIST and ConsentReceipts.org, etc. formed a legal agreement to maintain a Blockchain for public use of consent receipts including the cost impact of the storage space for the ledger, an API could be made available with free and always available public verification. The difficulty would be the legal and cost agreements plus getting a large enough number of trustworthy volunteer block writers, but it would save the expenditure of Bitcoins. Alternatively, the UN or government entities could share Ledger costs. Worldwide birth certificate registry maintained by all countries, etc.Feel free to either refute or laugh at the altruism this would take to implement… but there is some sense behind it and maybe some realistic possibilities.One other question for the consent receipts usage. Since you only append to the chain, wouldn’t the revocation of consent mean that a “get me current state” algorithm for one consumer have to traverse the entire chain?David
Sent: Friday, October 30, 2015 12:07 PM
To: wg-uma@kantarainitiative.org WG
Subject: [WG-UMA] Notes from UMA legal subgroup telecon 2015-10-30· Fri Oct 30 8-9am PT· Voice: Skype: +99051000000481 or US +1-805-309-2350 (international dial-in lines), room code 178-2540#· Screen sharing: http://join.me/findthomas - NOTE: IGNORE the join.me dial-in line shown here in favor of the dial-in info above (Kantara "line C" and the Skype line)
- Report from IIW
- Eve will post John Wunderlich’s Consent Receipt demo video before the meeting
- There was a lot more relevant discussion too
- Input from Andrew Hughes — is he ready yet?
- Walk through Binding Obs to look for fodder
- What can we draw from all of this to shape our next outputs?
- AOB
Attending: Eve, Jon, Adrian, Ann, Steve, Thomas, Andrew H, Joni, MarkBlockchainsThese were big at IIW 21! Take a look at the notes page generally, compared to six months ago, when there was one session. A blockchain is a distributed ledger.Our our call today, Thomas, Adrian, and Steve “speak blockchain” pretty well. Thomas noted that MIT Media Labs has a full-time digital currency initiative to combat some of the key (perceived or real) vulnerabilities.One particular session focused on blockchain wrt UMA. The session participants came up with four ideas for potential synergies. The most attractive was using a blockchain for receipts. The newer implementations give the features you’d need for this with colored coins. The costs are latency (hour->day) and monetary costs ($.01 per transaction).In the case of using this technology for contracts, the incentives may be perverse regarding revocation: You typically want each party to protect their private key with their lives. But for contracts, one party may want to go to the judge and say “Sorry, I lost my key, so in fact I can’t prove and you can’t prove I took part in these transactions!” That sounds pretty bad. Then you’re back to key escrow. How much does that solve vs. “centralized” mechanisms? The data is still stored in a decentralized fashion.BLTIt’s not just a sandwich anymore. There’s a bourbon, lemon, and tonic cocktail!PTPThis is the Pumpkin Theater Protocol. Sarah had a consent receipts session act out the UMA protocol with receipts added, protecting a little autumn pumpkin as the resource.Consent Receipts vs. Auditable Transaction ReceiptsConsent Receipts in UMA is the session where Sarah came up with the PTP. We liked the idea of defining a little spec for what Adrian calls a “notice endpoint”. UMA could choose to add this optionally to the protection and authorization APIs, for resource owners and requesting parties, at the authorization server if it wants to. This could make the AS one hub of receipt storage. Andrew notes it could be called the “shoebox endpoint”! :-)Adrian suspects that this could do away with the notion of “informed consent” completely. Wow. This is similar to an article he’s seen making the case that deidentification no longer puts you into a Safe Harbor by avoiding authorization and accountability.This API from the CISWG illustrates how they are going about defining the “minimum viable consent receipt” spec. We showed how it produces (supposedly) human-readable receipts; the JSON output seemed not to be working for the moment but Eve saw it in John Wunderlich’s demo this week (for which she will hopefully be posting video soon).It appears that UX for the policy generator at CR.org is a new substitute for “markdown editing” (or whatever it is) presented in CommonAccord, and the “legal stack” that you can get out of CommonAccord as a template generator could be managed, versioned, and then hashed as a representation of what your contract is.When you put something onto the blockchain, the way the storage works, you only have a tiny amount of space into the scripting area. In the case of ColoredChains.org, they put the distributed hash table key into BitTorrent. You might have a much larger document with megabytes of data that you want to claim and provide a verifiable token for. The blockchain gives you the verifiability you need. A “colored coin” is just the hash piece. BitTorrent uses SHA-1, which isn’t considered secure anymore. So you use SHA-256, use three address slots, and use the second two for a SHA-256 hash broken into two pieces.HIE of OneDazza is running Future of Commerce on Nov 20-22, and Adrian will be launching HIE of One here, which is meant to be the “simplest practical UMA use case”. HIE of One’s project goal is to "provide a standards-based platform for durable relationship between customers and vendors. Our approach lowers the barrier to adoption by the vendors by (i) not introducing a new party to their base customer relationship, (ii) allowing the vendor the option to authenticate any requesting party, just like they do already, and (iii) offering an accessible reference implementation for both the vendor and any requesting party client to test against. The benefit of this approach to both the customer and the vendor is trust, in that valuable behavioral data does not leak to intermediary brokers. We will use UMA 1.0.1 as the core standard and suggest changes for UMA 2.0 as gaps are identified. OpenID Connect, CommonAccord, and MVCR will be referenced as appropriate.”Binding Obligations reviewEve reviewed very briefly how the Binding Obs spec is supposed to work. Andrew is working on doing the same approach for other identity-related protocols.Next stepsIf Andrew can provide us with his requirements by next time, it appears we’ll be very well positioned to start filling in at least some UMA-specific and non-UMA-specific clauses and deciding what technical approach to use and what “legal stacks” to define.One question: Are we interested to use the “sociotechnical systems” language?
This message is only for the use of the intended recipient and may contain information that is CONFIDENTIAL and PROPRIETARY to MorphoTrust USA, LLC. If you are not the intended recipient, please erase all copies of the message and its attachments and notify the sender immediately.
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma