Sovrin AMA – Part II

From IIW

Sovrin AMA (Part 2)

Day/Session:Wednesday 4B

Convener:Phil Windley & Jim Fenton

Notes-taker(s): (1) Phil Windley & (2) Jim Fenton

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

(1) Notes from Phil Windley:

We continued to work our way through the white paper with Jim asking questions and Phil answering with the help of others. Jim’s questions sparked other questions from participants. 

The discussion continued to focus on areas like:

1. The need for decentralized identifier discovery in an adversarial environment

2. The details of Sovrin credential exchange

3. The architecture of Sovrin

(2) Notes from Jim Fenton:

Here's a short summary (includes part 2 from Wednesday).

This session was an open discussion of questions and answers about the Sovrin white paper, available at:

Questions were seeded by Jim Fenton, who recently read the white paper, and most answers were supplied by Phil Windley. Other questions and clarifications were supplied by others in the session.

The questions included (page references are to the above PDF):

  • (page 6 bottom) Given that there is an existing trust relationship, why doesn't the verifier already have the issuer's public key?
  • (page 7 bottom) The issue with PKI seems to be with the CAs. Why not just have the issuer sign the assertion with their key?
  • (page 9 middle) The link for Validated transactions points to a bitcoin document. Validation is undoubtedly different for Sovrin; what does it consist of?
  • (page 9 bottom) Why is immutability of records important?
  • (page 9 bottom) What is "self service"? Isn't this done by stewards, not users?
  • (page 10 top) "No registration authority": Isn't the blockchain, in effect, a registration authority?
  • (page 11 top) Who signs the public key assertion on the Sovrin blockchain? You need to trust that signature, too.
  • (page 13, top) Why not use one of these , like DNS?
  • (page 13, middle) "never be taken away" Why is this a threat?
  • (page 17) How does one get claims for new DIDs? Do you need to give all DIDs to each claim provider?
  • (page 22) Comment: quantum computing will cause problems for Sovrin public keys as well.
  • (page 23, bottom) Does the past failure of ZKP to catch on stem from lack of infrastructure, or from desire by relying parties to get as much information as possible?
  • (page 26, top) Access to Sovrin is not necessarily password-free.
  • (page 28, bottom) Compliance costs for businesses are often low: direct financial losses akin to shoplifting for financial institutions, and arguably low penalties for breaches of personal information. As a result, there was little interest in deploying earlier federated technologies. Are the incentives high enough for deployment of a very new technology?