2019-11-13
Agenda
- Antitrust Policy and introductions - VB
- Identity WG Implementer call - report -
- Meeting Notes 2019-11-07+Identity+WG+Implementers+Call Daniel Bluhmor Richard Esplin or anyone who was on the call
- Short talk on FATF beneficial ownership paper.
- LEI PoC using verified credentials
- http://2019.eurofiling.info/wp-content/uploads/2019-06-18_KarlaMcKenna_GLEIF.pdf
The PoC was implemented as follows:
- GLEIF verifies INSEE, the national statistics bureau of France, as a LEI issuing organization (LOU) ) and uses uPort to issue a credential that acknowledges its role as an issuer of LEIs as well as digital credentials for legal entities.
- INSEE, upon verification of Societe Generale’s data associated with its status as a legal entity (addresses, subsidiaries, jurisdiction, etc.) and information about its corporate officers (name, role), issues it a credential containing the LEI.
- Societe Generale then, as a verified business, issues a role credential to a person acting in an official role.
- These persons now, armed with their digital credentials, are able to sign and submit regulatory filings to regulators, like the Banque de France.
- ID2020: What happened and why is it important Vipin Bharathan
- Discuss IDWG paper
- Aadhaar section-look at reworked areas - Nitin Agarwal/Kaliya Young
- A GitHub repo was created under Hyperledger for IDWG; Details to follow.
- Kiva - current status. After the UNGA- any one from Kiva (Matt Raffel or Camilo Parra )
- Implementing metrics from Chaoss... DCIWG- let us discuss.
- Future talks (we are working with some of these folks on nailing down dates)
- FATF guidance on digital Identity (Stephane Mouy) on the 27th of Nov.
- A talk by Kim Cameron .
- A Talk by Darrell O'Donnell on Digital Wallets
- A talk by Nitin Agarwal on India consent layer - coincident with Jan L in the generic context.
Attendees
Name | Organization | |
---|---|---|
Independent | kellycooper.2ds@gmail.com | |
evernym | ||
evernym | ||
Marvin Berstecher | esatus AG | m.berstecher@esatus.com |
Recording:
A longer version on TOIP from Helsinki watch the first 26 minutes or so
Minutes
Anti-trust policy reviewed.
Introductions:
Drummond Reed - Evernym Chief Trust Officer. Board member Sovrin Foundation.
Vipin Bharathan - 5 years blockchain. Financial Services, now independent consultant (dlt.nyc). Work on systems toward privacy-preserving architectures.
Marvin Berstecher esatus
Richard Esplin - products - Evernym. Upstream projects like Identity WG. Bring into actual code to deploy in a couple of years.
Kelly Cooper - working on Identity White Paper.
Drummond - current presentations on Sovrin, etc.
Three efforts ( Legal underpinning for DPR, TOIP, guardianship)
By Drummond
Sovrin - by December 4, 2019, will submit the data protection revisions to the SVF. Finished 2nd generation in March. Tackled everything except GDPR compliance (DPR compliance). DPR is the generalized form of Data Protection Rules.
A number of our stewards and customers pointed out GDPR is one set of compliance regulations. Some potential Sovrin customers are governments.
Provinces of BC and Ontario, for example.
Transaction endorser agreement. The transaction author is anyone who wants to write to the Sovrin Network.
Working with BC.gov to close on addressing issues.
How does SSI, which is ultimately backed by blockchain immutable ledgers, GDPR rights of data subjects (right of erasure)? In systems like Sovrin, there is very little on the ledger. Widely acknowledged even a DID, if it identifies an individual (even pseudo-anonymous) is subject to GDPR. Eight documents involved. Contract - transaction author agreement. Sovrin is a legal representative of the stewards as a whole. There will be a web page, there currently is a diagram.
Three roles GDPR sets out. GDPR did not anticipate SSI where the ultimate data controller is the individual. Individuals and Things will eventually be able to write to the ledger. Two policy paths, the only path today is permission write access. Driving toward public write access. Now, need to go through Transaction Endorser > Steward > you submit a proper transaction that is validated and it goes on the ledger. In public, transaction authors write directly to the ledger via the Stewards, with a fee to be paid in SOV tokens . This means the section on the left of the document will transition to the right of the document. (no commitment to Sovrin tokens or dates - only future possibility)
Revisions to the SVF. The legal analysis arrived at is to say, the role of the Sovrin Foundation is not as a data controller; transaction authors are the data controllers. The role of SF is something called a joint controller that does not have control; for legal purposes called a designated data controller. Stewards have contracts for SF. Transaction authors and transaction endorsers - SF transaction author agreement.
Vipin: Initial paper by Satoshi - ledger becomes mutable (erasure). Especially if the ledger is to stand forever. Any human construction designed to stand forever never does. SF write rules and expect people to implement a real system. DPR bodies need to revisit these ideas, otherwise, no real system will be built that conforms to the specifications.
Drummond: Actually 'pruning' is a possibility. However, given pseudo-anonymous nature of ledger - DIDs and public keys, less concern because there's also a pending question. If you destroy the private key have you effectively deleted the data?
Vipin: What about a cold storage wallet?
Drummond: Counter argument, individual's right to erasure. You control the data, you can erase the data. Working with Stewards. There is a task force called the Guardianship Task Force - Guardianship White Paper will launch in Toronto 11/21 at an event on Digital Identity (SSI) and Dementia. Put together by Secours.io. Drummond will speak and launch the paper. Deep discussion and exploration of the concept of guardianship and identity. Maintaining a digital wallet and the credentials needed for someone unable to control themselves.
Hyperledger Aries Announcement RFC published: published The Trust over IP Stack. https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0289-toip-stack/README.md
Discussion in Decentralized Identity foundation if the set of RFCs will be housed there.
Paper roadmap and comments
Comments on the Hyperledger Identity white paper. How do get a snapshot basis into the paper since topic is constantly evolvinbg. Web of Trust - snapshot. Getting the paper into GitHub. Version 2019. Start on version 2020. Will be in GitHub this week.
Potential implementations for paper.
https://www.coindesk.com/culedger-evernym-release-digital-id-blockchain-credit-unions
Issues with labeling implementation and decentralized implementation. (Decentralization as a panacea)
FATF beneficial ownership discussion:
Vipin: Rules within which the financial system operates. Multiple ways to deal with the beneficial ownership conundrum. Registries should contain accurate information about owners. Remove bearer shares or nominees who are delegated to act on the benefit of someone else (don't see the real owner). All of these are real problems and how do we solve them through the constructs we have today? How do we move things to edge devices in a good way?
FATF Provides guidance, but if you don't follow, jurisdiction may be deemed high risk and may fall out of the global financial system or operates on a high margin basis. This guidance or recommendations become important in real financial systems or real interchanges.
Beneficial ownership paper - discusses for companies - legal persons - legal identifier. One way to identify entities. GLEIF houses the legal entity identifiers. The GLEIF has worked with uPort to use credentials to support who can control corporation, employees, roles of the corporation. Including regulatory filings. The corporation exists as a legal entity. At the end, people are filing. Chain of credentialing that follows the GLEIF situation. At the end of the chain are the actual individuals who can act on behalf of the company.
EURO Filing - eurofiling.info
LEI and Digital Verifiable Credentials. How GLEIF could work with INDY PoC.
Industry pushback
No structure today to support selective disclosure as part of the proofing process in identity. Will selective disclosure be used?