4G/ Guardianship Showcase - The Sovrin Working Group Tech Requirements and Implementation Guidelines
Guardianship Showcase - The Sovrin Working Group Tech Requirements and Implementation Guidelines
Tuesday 4G
Conveners: John Phillips & Jo Spencer
Notes-taker(s): John Phillips & Jo Spencer (others welcome!)
Tags for the session - technology discussed/ideas considered:
Guardianship
Solve guardianship using verifiable credentials
Guardianship and impersonation are different things!
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Presentation link: https://docs.google.com/presentation/d/1aGTPmlno3WScpSYMs1HLhWsrVRx9B-I0yhOQsRgmqRw/edit?usp=sharing
Sovrin is looking to promote the governance process and where guardianship fits in. The IdRamp wallet is an example of how the wallet could provide helpful features.
Philippe Page (The Human Colossus) - We are turning a “birth attestation” into a VC is a particularly complex problem. The allocation of a DID to the delegate is going to be a problem as it is “too dangerous”. We need to understand the social scenario and then apply the technical solution.
ESSIF-lab healthcare scenarios. KERI is key - we can’t rely on the human context, we have to rely on the cryptography
Philippe - Consent is another concept that should be considered as a “building block” - lots of interest in this topic from the group…
ZOOM CHAT:
06:02:39 From John Phillips to Everyone : https://docs.google.com/document/d/1DnyG5hhZeM3Nwkm0yQJs2Bjj-dTjtjPcybbyEa3XSoM/edit
06:04:06 From Sterre den Breeijen to Everyone : 232323
06:07:22 From Jan Lindquist to Everyone : are the slides available on the internet?
06:07:55 From Jo Spencer to Everyone : link is in the meeting minutes... https://docs.google.com/presentation/d/1aGTPmlno3WScpSYMs1HLhWsrVRx9B-I0yhOQsRgmqRw/edit?usp=sharing
06:09:11 From Jo Spencer to Everyone : Whitepaper is here.. https://sovrin.org/wp-content/uploads/Guardianship-Whitepaper2.pdf
06:09:32 From Sterre den Breeijen to Everyone : (spoiler alert: this whitepaper is in the process of being updated)
06:09:54 From Jo Spencer to Everyone : Good point...
06:10:32 From Jo Spencer to Everyone : We're looking for people to join the team in doing the update
06:11:23 From Ken to Everyone : Deputy vs Confused Deputy
06:13:21 From Jan Lindquist to Everyone : maybe jumping ahead but is the direction in Sovrin based on Aries rfc 103 and if yes is there an open source component to demonstrate it
06:14:14 From Jo Spencer to Everyone : Useful Jan - have you looked at this in detail?
06:14:58 From Sterre den Breeijen to Everyone : Jurisdiction is meant as a concept: a company can also be a Jurisdiction
06:16:28 From Jo Spencer to Everyone : Sure thing... a Bank can issue a VC that they (and others) use because otherwise they keep forgetting that this exists....
06:18:53 From skyberg to Everyone : I think you hit on an important differentiator, John. Guardianship is NOT impersonation.
06:19:33 From Jo Spencer to Everyone : The terms used are Transparent (good) and Opaque (bad)
06:19:45 From Sterre den Breeijen to Everyone : the eSSIF-Lab: https://essif-lab.eu/
06:25:44 From skyberg to Everyone : Sorry for joining late. Is there a link to the docs?
06:26:03 From Hira Siddiqui to Everyone : https://sovrin.org/wp-content/uploads/Guardianship-Whitepaper2.pdf
06:26:13 From skyberg to Everyone : Thank you!
06:26:41 From Jo Spencer to Everyone : We're just in the process of publishing these... Sovrin will be doing the process..
06:27:51 From Jo Spencer to Everyone : The whitepaper needs updating. Please join the group if you're keen to be involved.
06:28:20 From Jo Spencer to Everyone : The Tech Requirements and Implementation Guidelines are just about to be published..
06:29:00 From skyberg to Everyone : “privacy by opacity”. Is that like “security by obfuscation”? :)
06:29:16 From Jo Spencer to Everyone : Nice!
06:32:05 From skyberg to Everyone : Extreme noob question: Guardianship feels like an “entitlement” credential. Are there any similar Decentralized ID around entitlements?
06:33:22 From Jo Spencer to Everyone : They are certainly contextual. The Verifier decides what the Guardian is allowed to do and when... I would say that all VCs are entitlements
06:33:52 From Sterre den Breeijen to Everyone : *issuer, the verifier decides whether to accept this VC
06:39:21 From Ken Adler | ThoughtWorks | San Francisco | He/Him to Everyone : “Relationship Credentials”
06:41:59 From Katrie Lowe to Everyone : The more common situation that most people normally have to deal with I imagine is more of a delegation of authority situation rather than guardianship (sorry I might be mixing terminology meanings). I'm wondering whether verifiers (like the bank example you gave) really need to be issuing separate credentials to the delegate or whether I as the original holder should be able to just issue a delegation credential to the person I want to represent me and that should be enough to recognise my wishes?
06:42:36 From skyberg to Everyone : Business relationships are based on “ownership” Ie, dependency = subsidiary, etc. I think “ownership” is likely not a good term to apply to human entities.
06:47:23 From John Phillips to Everyone : Two hands raised, we'll get to you...
06:47:38 From skyberg to Everyone : Actually, banks do allow “authorized users” on an account - which is a form of delegation.
06:50:57 From Jo Spencer to Everyone : That's more like a joint account or small business accounts... All possible, but that's not typically delegation that isn't seen by the bank. Financial POA is the complex and legal process normally in my experience
06:51:43 From skyberg to Everyone : That’s true, Jo.
06:53:09 From Jo Spencer to Everyone : https://www.eventbrite.nl/e/tickets-techruption-stagegate-meeting-ssi-guardianship-poc-results-148912135205
06:55:53 From Sterre den Breeijen to Everyone : https://service.ssi-lab.nl/ SSI service provider to ensure interop
07:02:34 From skyberg to Everyone : Just curious. Why do you see KERI as a requirement?
07:04:18 From Sterre den Breeijen to Everyone : perfect example why a bunch of technologists should not decide what guardianship look like ;)
07:04:37 From Sterre den Breeijen to Everyone : but also context, business requirements etc should be taken into account!
07:12:16 From skyberg to Everyone : That makes sense! If guardianship is a relational entitlement within the context of a specific jurisdiction, then cross-jurisdictional engagements become challenging.
07:15:18 From skyberg to Everyone : Best meeting of the day! Thanks everyone!
07:16:34 From Jo Spencer to Everyone : Thanks, really appreciate your input!
07:16:48 From skyberg to Everyone : In a perfect world, the authoritative source of a guardianship VC is the jurisdiction itself?
07:17:17 From Hira Siddiqui to Everyone : How can we pitch in to help with the guardianship whitepaper etc?
07:19:08 From skyberg to Everyone : This starts to sound a lot like Trust Frameworks. In order to understand what an IAL3 assurance attestation means, you need to reference the trust framework. Can’t consume the assurance statement independent of that trust framework.
07:19:14 From Jo Spencer to Everyone : The Sovrin Guardianship WG Group is here … https://guardianshipwg.atlassian.net/wiki/spaces/GWG/overview or just reach out to John or Jamie Stirling or I
07:19:30 From Hira Siddiqui to Everyone : Thanks!
07:19:31 From Jo Spencer to Everyone : https://groups.google.com/a/sovrin.org/g/guardianship
07:19:41 From skyberg to Everyone : So, maybe a guardianship VC needs to include the jurisdictional reference also.
07:19:56 From Sterre den Breeijen to Everyone : yes, we included that i nthe requirements
07:20:02 From Jo Spencer to Everyone : Exactly - it's proposed...
07:20:03 From skyberg to Everyone : So, I’m a guardian under COPPA, or something.
