Trust / Risk Metrics in SSI - What can we learn from technical trust in order to inform human trust

From IIW

Trust/Risk Metrics In SSI – What Can We Learn From Technical Trust In Order To Inform Human Trust

Session: 12F

Convener: Will Abramson & Nicky Hickman

Notes-taker(s): Scott Mace

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Nicky: Will & I have been working on establishing SSI with blockchain paper. We want to get to emetrics. Get your input. Interest from Sovrin framework governance WG. Want ultimately to get to a Net Promoter Score for trust.

See the slides here http://drive.google.com/file/d/1J_dpAdP5c641QhJCmatCcaq6ZVc1uCdl/view?usp=sharing

See the spreadsheet with some ideas on measuring Sovrin Governance Framework principles with ‘fancy maths’ http://docs.google.com/spreadsheets/d/1NHs-3rmfu8z59LeaE2Ey9HkEu0OoRUjJufbMhfewmls/edit?usp=sharing

see Will’s paper on ‘What can a verifier learn’ http://docs.google.com/document/d/1Y_qACJ6wcaLQXqd2zRboK0l7c02pnmz0tOTc2AkCWHg/edit?usp=sharing

Will: Crypto is the hard facts we can use to help us make decisions.

joehsy: NPS is based on surveys.

Nicky: It’s the softer side of trust, an NPS survey. Qualitative metric. One of a number of metrics you might use. See how systems are performing. What that means in terms of repeatability in anatomy of trust. NPS works across industries. We all struggle with trustmarks. In world of brands & retailing, people tell you when brands they trust and which they recommend.

Will: What perspective are you measuring from. Who are you, what role do you play? What metrics can you use? And are they measurable?

Dennis: SSI is private?

Will: Some markers can be used.

joehsy: Session yesterday talked about ways to measure SSI adoption. Level of activity.

Nicky: KPIs when managing consumer-facing identities, adoption comes in here with reach, number of customers. Number of wallets wouldn’t necessarily tell you the number of unique individuals. Then density, number of relying parties, verifiers, how useful is this wallet. Helps you build momentum in the market. Then things like frequency. A customer who has a wallet that he or she never uses is not that valuable to a corporation.

[Shares ToIP Stack slide]

Iain Henderson: Used to run 2007 Trust Index, reverse engineers getting a good score. [Shares slide]. In the process of building that again for GDPR]. [Link in chat to this slide.]

pknowles: This is proper trust.

Will: Is it worth it to me to become a verifier?

Nicky:What will drive trust in SSI? An application in healthcare, academia, elsewhere?

pknowles: SSI will save companies a huge amount of money. Measure it before & after

Nicky: No one got what the guy who invented the first water turbine had made. “That water made the light come on.” We need that for SSI. Just demonstrating the applicability.

Karyl Foster: Feels like identity is a pervasive innovator. I’ve been told it’s the death of good entrpreneurs. Different events will accelerate the market. Like COVID, more secure contact lists.

Nicky: How could it enable interoperability? Single sign on, account matching.

joehsy: Workday is a mainstream enterprise company, successful adoption will drive a lot of consumer trust. Need a set of killer apps where everyone has a DID wallet, and people realize what else they can do vs the usual authentication by other means.

Will: How many DID wallets do people have.

joehsy: I have a few, no place to use them.

Iain: Until 3 months ago, I worked for a company that had Workday. HR record request took about 4 weeks to get. Employee should have access. It’s not the SSI that’s important, it’s what I can do with it.

Jeffrey Aresty: SSI for voting, everyone would have it. Vote by mail is what we get. Notary is a form of a trust. Real estate closing is a piece of digital truth. No question if both sides to a transaction are authenticating this is what we signed, hashed in pic & doc form, that’s the closest thing you can get to 100% truth. Who’s issuing the birth certificate? The midwife knows what happened. The bureaucrat has least knowledge. We’re doing a lot of that in Africa. You don’t have the state involved unless you have national ID cards. They want to use them to empower themselves. A lot of interesting transactional business there.

Nicky: This picture [User stories will fit into standard IAM workflow] is the whole human trust thing. Excited with some of the work being done in Aries with continuous integration of governance frameworks. Governance typically a document, the rest being computer processes, was well made. Measuring conformance could reinforce trust.

Jeffrey: In Africa, imagine 60 years ago in the U.S. Regional setups, growth opportunities. The justice frameworks aren’t nearly the obstacles they are here. Unlikely to happen where politics are involved. You can put SSI into motion in these countries. We are training HS kids to HS kids, Texas to Zambia, kids can do the work. They need something that shows they graduated with a competency in something...justice typically measures cost, not impact.

Nicky: I love the certainty of cryptographic trust. Is there an intermediate between that and human trust - call it technical trust in a business process.

pknowles: Cryptographic trust is assurance. A little weird to me.

Zoom Session Recording (link provided by Will Abramson): http://www.dropbox.com/s/1b4fiji2kjxn984/zoom_0.mp4?dl=0


14:02:37 From Sterre den Breeijen : fine

14:14:47 From Elias Strehle : Could you share a link to the presentation?

14:15:33 From Nicky Hickman : will put online after this to share

14:16:01 From Elias Strehle : Could you share the link to the "fancy mathematics" on the previous slide then? :)

14:16:57 From Nicky Hickman : http://docs.google.com/spreadsheets/d/1NHs-3rmfu8z59LeaE2Ey9HkEu0OoRUjJufbMhfewmls/edit?usp=sharing

14:19:49 From Karyl Fowler, Transmute : @Iain that reminds me of this privacy plugin from Osano: https://www.privacymonitor.com/

14:20:25 From Karyl Fowler, Transmute : trust ratings that just measure what companies are doing against their own T&Cs

14:20:44 From Iain Henderson : Thanks Karyl, i’ll have a look

14:21:59 From Iain Henderson : Yes, PrivacyMonitor looks very useful

14:22:27 From joehsy : PrivacyMonitor reminds me of this: http://pribot.org/polisis

14:23:22 From Karyl Fowler, Transmute : ^^THAT is cool.

14:25:10 From Nicky Hickman : great links, please put them in the notes. Thank you!

14:26:28 From scottmace : I will copy the entire chat to the notes when we conclude

14:33:08 From joehsy : Sorry got to drop off to a meeting. Great stuff!

14:33:24 From Nicky Hickman : thanks for coming bye..

14:34:31 From Nicky Hickman : Thank you scott

14:51:10 From Wip : http://docs.google.com/document/d/1Y_qACJ6wcaLQXqd2zRboK0l7c02pnmz0tOTc2AkCWHg/edit?usp=sharing