Sovrin AMA (Part 1)
Convener:Phil Windley & Jim Fenton
Notes-taker(s): (1) Phil Windley & (2) Jim Fenton
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
(1) Notes from Phil Windley:
Jim Fenton had read the Sovrin White paper (https://sovrin.org/wp-content/uploads/2018/03/Sovrin-Protocol-and-Token-White-Paper.pdf) and had questions.
We worked our way through the white paper with Jim asking questions and Phil answering with the help of others. Jim’s questions sparked other questions from participants.
The discussion focused on areas like:
1. The need for decentralized identifier discovery in an adversarial environment
2. The details of Sovrin credential exchange
3. The architecture of Sovrin
(2) Notes from Jim Fenton:
This session was an open discussion of questions and answers about the Sovrin white paper, available at:
Questions were seeded by Jim Fenton, who recently read the white paper, and most answers were supplied by Phil Windley. Other questions and clarifications were supplied by others in the session.
The questions included (page references are to the above PDF):
- (page 6 bottom) Given that there is an existing trust relationship, why doesn't the verifier already have the issuer's public key?
- (page 7 bottom) The issue with PKI seems to be with the CAs. Why not just have the issuer sign the assertion with their key?
- (page 9 middle) The link for Validated transactions points to a bitcoin document. Validation is undoubtedly different for Sovrin; what does it consist of?
- (page 9 bottom) Why is immutability of records important?
- (page 9 bottom) What is "self service"? Isn't this done by stewards, not users?
- (page 10 top) "No registration authority": Isn't the blockchain, in effect, a registration authority?
- (page 11 top) Who signs the public key assertion on the Sovrin blockchain? You need to trust that signature, too.
- (page 13, top) Why not use one of these , like DNS?
- (page 13, middle) "never be taken away" Why is this a threat?
- (page 17) How does one get claims for new DIDs? Do you need to give all DIDs to each claim provider?
- (page 22) Comment: quantum computing will cause problems for Sovrin public keys as well.
- (page 23, bottom) Does the past failure of ZKP to catch on stem from lack of infrastructure, or from desire by relying parties to get as much information as possible?
- (page 26, top) Access to Sovrin is not necessarily password-free.
- (page 28, bottom) Compliance costs for businesses are often low: direct financial losses akin to shoplifting for financial institutions, and arguably low penalties for breaches of personal information. As a result, there was little interest in deploying earlier federated technologies. Are the incentives high enough for deployment of a very new technology?