Platform Deep-Dive of: Qredo
Session Topic: Platform Deep-Dive of QREDO – ID•PRIV•AUTH
Convener: Hugh Pyle
Notes-taker: Dave Sanford
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps: Doc gave an intro - could have been written by Project VRM, founders came from Visa Europe which is a non-profit. IIW has ability to support and vet.
Qredo provides end-to-end crypto and a framework for other stuff.
Hugh - Everyday stuff is broken. Applying for a service where you don't have an existing relationship:
- progressive disclosure
- hard to negotiate as an individual
General-purpose platform architecture for authentic communications:
Will provide value to app developers, first on cell phone delivery stuff.
Zero id. Establish trust by having a conversation, but if I come to the conversation with credentials that make me trusted in some context (old enough to have a drink - but not leaving other information).
Doc - trying to make the digital world more like the ordinary world, in the physical world I can interact without leaving persistent knowledge beyond what is needed for the transaction.
Need to be able to:
- send a message securely
- apply for a loan - don't need to disclose who I am, but may need to disclose the value of my assets in a way that is verifiable
- sell a guitar - don't want them to hold my 'reputation', beginning to look like intent casting
- prove that I'm over 21 at the bar - single transaction from me and the bar staff to validate my age
- split a cab fare (cash scenarios without using cash or credit cards), how do I leave a tip, or deal with folks I don't inherently trust, strangers
Rendezvous - I can make up a string, one time only 'rendezvous' tag. Public tag can have $5 (for example), at the same time an ephemeral key is created and only known by the two parties (shared secret) and an anonymous conversation - that is available from the tag.
Secure interpersonal cloud:
- Authenticated personal data
Conversations can start without me sharing identity and only the context needed other than what is required for the conversation. Doesn't imply any context even for future conversations from the same entities.
Lots of discussion about when keys become compromised does that compromise previous transactions.
Cash is just one kind of high valued conversation.
Identity and authenticity
Enforce using crypto what other people enforce using policy.
Very little of this is new technology.
All of this is programmable. Application developer uses Qredo SDK for:
` iOS, Android, Linux, Windows, OSX
App builds user interface and behavior
Uses all the full Certificate Authority technology, the new piece is the 'rendezvous' and the ability to discover using the 'skyhook'
Qredo does not have a direct relationship with the end user. The app developer and the service provider do have relationships with Qredo.
Discovery of rendezvous names looks a lot like intent casting.
Having different identity types allows you to add identity into the conversation - you don't start with identity but you can add it in as it provides value.
Hugh will also send slides.