...
- Antitrust Policy and introductions - VB duration-depends on participation
- Roadmap for 2020 - further detail
- ID WG TSC report
- Privacy laws and Identity Blockchain implications.
- Privacy laws across the world with aside on state laws of US- Vipin Bharathan
- Future talks (we are working with some of these folks on nailing down dates)
- A talk by Kim Cameron .- Feb 5th
- Guardianship - a Sovrin whitepaper
- Identity for IOT- Blockchain implications Bhawana Singh, JNU
- ID2020: What happened and why is it important Vipin Bharathan
- ravidilse - Privacy laws in India: new ruling. PDP
- A talk by Kim Cameron .- Feb 5th
- Ongoing:
- Identity WG Implementer call - report -
- Meeting Notes 2020-01-16+Identity+WG+Implementers+Call Daniel Bluhmor Richard Esplin or anyone who was on the call
- A GitHub repo was created under Hyperledger for IDWG.
- Discuss IDWG paper
- Kiva - current status.
- Implementing metrics from Chaoss... DCIWG- let us discuss.
- Identity WG Implementer call - report -
...
Rouven Heck - Consensys - lead EA Alliance Identity Working Group. Interrelated to H Identity. Works with industry to align work towards standards for Identity systems across blockchain technologies. Leader of Identity ViewPort, DIF, etc. Proposed personal data stores, under control of the subject- cross collaboration meeting. DIF based working group to collaborate. Legal frameworks to place as the standards formalize - collaborate W3c and DIF. Vipin asks is member only? Rouven states likely to be open. Looking at secure messaging between DIDs. Launched meeting within DIF.
Tony Bellan - interested in learning more about Fabric. Bit4id Innovation -
Paolo Campegiani - Italy - work for DID provider. Project leader for new technical report on existing DLTC system - working ISO 307 standardization committee. Interested in current status of Indy and how things are progressing.
Dan Bachenheimer - with Accenture Digital Identity Team (biometrics). In Davos, completed a briefing on digital identity.
Roland Aerosuerete - on mute
Rohit Shitre - Working with AyanWorks as a blockchain developer. Working on HL Indy.
Tony Bellan
Recording
Minutes
Anti-trust Policy and Code of Conduct
Introductions (10-15 seconds)
Vipin - ask why spend time on introductions. Brings out what people are working on.
Purpose and Motive - Identity Working Group
Work Product - white paper and presentations.
How to get knowledge from different groups such as W3c, DIF, etc., into the Hyperledger conversation. Helps to focus on Identity.
The 'State of Identity' consider a comprehensive view. Kim Cameron will present 2/5. Identity of IoTs - smart city initiatives, Guardianship, and more presentations for the rest of the year. Open for presentation suggestions.
Identity TSC report - link on wiki to current report.
Personal Data Protection laws recently launched in India. Vipin will discuss transnational privacy laws.
Looking for patterns in the regulation and consider how we can adopt blockchain implementation to come up with ways to approach. Challenges -
Data - such as surveillance - emergent effects led to problems such as subversion of democracy, social credit scoring, and other ways in which unregulated state of affairs led to complete destruction of privacy. Europe started campaign against unregulated data collection - led to regulation written by legislators and lawyers - those with little exposure to true technology. Regulations, meant to be technology neutral, resulted in overreach. Both pendulum extremes led to the current situation. Some of the laws led to data localization - what happens if someone commits a crime and flees to another country? Will the data be available? Priority is to control data - in country. Exceptions include programs such as National Right to Information.
Comment: Tony Bellan. US Citizen - discussion sparked with GDPR. California with CCPA - did something similar to, not quite the same as GDPR. Learning differences between the two scopes - not necessarily models to follow. Since established, seem to be working off of that. Data rights, identity, using GDPR and CCPA as benchmarks.
US on map - no initiatives or information - lack of federal law for privacy. US and AK shown in white. Also have white in China; however, China wants to or has already developed privacy law that no one knows. In China - on the one hand people wanting to protect, on the other hand mass surveillance and social credit scoring.
If developing a global blockchain platform with transnational collaboration - how do you implement cross-jurisdiction protections?
Perhaps as simple as no private information on the blockchain, including private DIFs. What is the scope of the conversation?
PII not on blockchain? How to localize? How to access by authorized parties? Not only PII that is protected - transaction information, metadata.
Privacy - personal data - laws are in place - privacy protection and comply with GDPR. Conversation is separate - privacy or privacy on blockchain.
What about correlating with transactions? Then poor design. Scope of DLT - if audit transactions on the ledger - can't be pseudo anonymously identifiable.
The ledger becomes pure proofs? Yes. Hashes? Workgroup 29 EU GDPR - encrypted data should not be put on chain. Hashes or salted hashes, maybe? Privacy lawyers? Reverse engineer? Gray area - don't do it. Don't put hashes of PII on-chain.
Other systems will do PII storage and identity proofing? Identity management systems, covered ISO 307. Security and Identity management systems.
Safe? Not according to the news. Perhaps insider threats or poor implementation. Not a DLT thing unless you scope it into the conversation. DLT is a system of records somehow. CORDA is a bilateral system, visible to parties on transaction, not others.
Right of erasure? How do you remove? Direct impact on adoption of adoption of a particular ledger.
Focus - what is written to the ledger, including transaction audits. And, what should transaction audits be comprised of? Transaction audits to PII? In India or CORDA conversation - if implemented based on based practice - pairwise pseudo channels with service requestor and service provider. Only those two know - like FIDO - you can have a different DID - thousands of private DIDs for one service provider? How do we have privacy protection on the ledger?
Have to expose data to verifier? Verifier has the right to copy the data? As service provider. You can de-link Issuer from Verifier. On the ledger will be whatever available to make pairwise DID conversation more private. In the end, the Service Provider is capturing data and associating it with a person. The doctor knows who you are.
How do you protect on-chain in a DLT. As soon as I give a pairwise pseudo-anonymous channel - we're off-chain and in a different domain. That's any Identity management domain. Rife with leak problems.
Certain headings, if you go to Consumer Rights and Business Obligations - all are present in one form or another. Some laws do not protect certain items. Say all going to be implemented in Identity and Access Management Systems and we are the 'glue'.
If a customer wants access to collect data and ask for it - lots of ideas with cryptography, zero knowledge proofs, etc. Need to discuss what is stored and not in the ledger. Do we need a ledger? The accumulator and transaction audits. The accumulator keeps track of valid verifiable credentials and revoked verifiable credentials.
SSI - what is the latest state of DIDs and SSI technology including Indy, Aries, and other associated.
End of meeting.