Awesome-Mirrors/decentralized-id.github.io
1
0
Fork 0
mirror of https://github.com/Decentralized-ID/decentralized-id.github.io.git synced 2025-01-25 13:57:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

organization

Browse Source
This commit is contained in:
⧉ infominer 2022-12-04 02:46:02 -05:00
parent 18794aca8f
commit 063d78881c
52 changed files with 1210 additions and 1255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

351
_posts/identosphere-dump/WorkingGroupNewsletterDigest.md
View File

@ -1,351 +0,0 @@
---
published: false
---
# WorkingGroupNewsletterDigest
## DID Working Group
* [https://www.w3.org/2019/did-wg/](https://www.w3.org/2019/did-wg/) - Website
* [https://lists.w3.org/Archives/Public/public-did-wg/](https://lists.w3.org/Archives/Public/public-did-wg/) - LIst Archives
Hot Threads
* [Current status of DID Core implementations (June 2021)](https://lists.w3.org/Archives/Public/public-did-wg/2021Jun/0012.html)
Our latest implementation report for DID Core is available here:
* [https://w3c.github.io/did-test-suite/#spec-statement-summary](https://w3c.github.io/did-test-suite/%23spec-statement-summary)
Here are the remaining items that the WG needs to discuss on the upcoming call:
#1: Are the hl, relativeRef, and service implementations independent enough?
* [...]
#2: Are we letting the JSON serialization keep unimplemented features?
* [...]
#3: What are we going to do with deactivated, nextUpdate, and nextVersionId?
* [Negative press related to DIDs and VCs](https://lists.w3.org/Archives/Public/public-did-wg/2021Jun/0032.html) Manu Sporny (29 June)
Just drawing your attention towards this:
* [https://twitter.com/harryhalpin/status/1409615372538548227](https://twitter.com/harryhalpin/status/1409615372538548227)
![https://www.notion.soimages/image2.png](https://www.notion.soimages/image2.png)
* [https://lists.w3.org/Archives/Public/semantic-web/2021May/0177.html](https://lists.w3.org/Archives/Public/semantic-web/2021May/0177.html)
These are things that I would expect we would normally just ignore, but I've received a number of private emails over the tweet above from various decision making parties inside the EU requesting that we respond publicly to theses sorts of accusations.
The accusations are being taken seriously by some because Harry Halpin is ex-W3C staff. Also note that he his company is developing "competing technology" to DIDs and VCs.
Just raising awareness here as Harry's campaign is having a negative effect on adoption of VCs and DIDs.
Ted Thibodeau Jr Shares
it was not the only nor the first related tweet emanating from Harry --
* [https://twitter.com/search?q=W3C%20(DID%20OR%20%22Verifiable%20Credentials%22%20OR%20VCs)%20(from%3Aharryhalpin)&src=typed_query&f=live](https://twitter.com/search?q%3DW3C%2520(DID%2520OR%2520%2522Verifiable%2520Credentials%2522%2520OR%2520VCs)%2520(from%253Aharryhalpin)%26src%3Dtyped_query%26f%3Dlive)
Nor has he limited his commentary to Twitter --
* [https://www.google.com/search?q=W3C+(DID+OR+%22Verifiable+Credentials%22+OR+VCs)+%22harry+halpin%22](https://www.google.com/search?q%3DW3C%2B(DID%2BOR%2B%2522Verifiable%2BCredentials%2522%2BOR%2BVCs)%2B%2522harry%2Bhalpin%2522)
* [Subject Identifiers (IETF SECEVENT)](https://lists.w3.org/Archives/Public/public-did-wg/2021Apr/0017.html) Justin Richer (9 April)
The Security Events working group in the IETF (SECEVENT) has a standards-track draft for describing “subject identifiers” in various contexts.
* [https://tools.ietf.org/id/draft-ietf-secevent-subject-identifiers-07.html](https://tools.ietf.org/id/draft-ietf-secevent-subject-identifiers-07.html)
In short, its a way to say “this item is an email and heres its value”, or “this item is an issuer/subject pair, here are those values”. This is useful in a variety of contexts where you want to identify someone but might have a variety of ways to do so.
I spoke with the editor of the draft to propose that we add a “did” format into this document, now that DID core is reasonably stable and the CR is published. She agreed that it would make sense but would rather have the experts in the DID community propose the actual text for the added section.
## Credentials Community Group
* [https://github.com/w3c-ccg/](https://github.com/w3c-ccg/meetings) - GitHub
* [https://www.w3.org/community/credentials/](https://www.w3.org/community/credentials/) - W3C Community Page
* [https://lists.w3.org/Archives/Public/public-credentials/](https://lists.w3.org/Archives/Public/public-credentials/) - Mailing List Arcives
* [https://w3c-ccg.github.io/](https://w3c-ccg.github.io/) - GItHub Pages Site
Hot Threads
* [2 special topics IIWs](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0293.html) Kaliya IDwoman
we are pulling together these as an experiment based on feedback from the community in the closing circle of the last IIW.
1) User-Experience and SSI on July 22nd. 8am - 2pm pacific time.
* [www.eventbrite.com/e/159946001797/?discount=CCG_25](http://www.eventbrite.com/e/159946001797/?discount%3DCCG_25)
2) The Business of SSI on August 4th 8am-2pm pacific time.
* [https://www.eventbrite.com/e/the-business-of-ssi-an-iiw-special-topic-12-day-virtual-event-tickets-161249943923](https://www.eventbrite.com/e/the-business-of-ssi-an-iiw-special-topic-12-day-virtual-event-tickets-161249943923)
We also have [IIW33 set now as a virtual event October 12-14](https://www.eventbrite.com/e/internet-identity-workshop-iiwxxxiii-33-2021b-tickets-160257990965) - we had too much uncertainty around travel for folks outside the US who are now 50% of attendees, delta+ variants, fires in California at that time of year and wanting to provide hybrid participation options and not having time.
* [Fake CDC vax cards now being sold to anti-vaxxers](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0077.html)  Moses Ma (Thursday, 8 April)
Just wanted to share this with those working on C19 vax certs:
From: [https://www.infosecurity-magazine.com/news/scammers-sell-fake-covid19/](https://www.infosecurity-magazine.com/news/scammers-sell-fake-covid19/)
The security firm DomainTools claims to have seen authentic-looking CDC cards selling for as little as $20 each on domains like covid-19vaccinationcards[.]com, which features a Lets Encrypt TLS certificate. “Though selling a printed card is not necessarily illegal, the pricing, logo and cardstock of these vaccination records demonstrate a level of intent to pass as legitimate cards from the CDC,” explained DomainTools senior security researcher, Chad Anderson.
and
From: [https://www.tomsguide.com/news/fake-covid-vaccination-cards](https://www.tomsguide.com/news/fake-covid-vaccination-cards)
Israeli security firm Check Point reports that fake American and Russian vaccination certificates are being sold online for between $100 and $200. Fake COVID-19 negative test results cost as little as $25, while (likely fake) COVID-19 vaccine sells for about $500 per vial.
* [Vaccination Certificate Test Suite](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0081.html)  Manu Sporny (Thursday, 8 April)
As some of you know, a few of the members in the W3C Credentials Community Group have been working on a Vaccination Certificate Vocabulary[1]. The World Health Organization has recently published a Release Candidate data model dictionary for Smart Vaccination Cards[2]. The CCG has also been working on a Verifiable Credentials HTTP API[3].
The WHO guidance covers 28 types of vaccines that we (as a global society)
depend on, including Measles, Smallpox, Polio, Yellow Fever, COVID-19, and
others. We (Digital Bazaar) thought it might be interesting to see if we could
create an interoperability test suite for the WHO Smart Vaccination Card work using the tools listed above.
...
- A test suite containing 1,624 tests covering the
28 vaccine types in the WHO vocabulary.
- 7 independent vendor implementations issuing and
verifying each others WHO Smart Vaccination Cards.
- 1,623 passing tests demonstrating true
interoperability!
You can view the latest Vaccination Certificate test suite report here:
* [https://w3id.org/vaccination/interop-reports](https://w3id.org/vaccination/interop-reports)
* [Regarding CBOR-LD Web Transports](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0100.html)  Orie Steele (Saturday, 10 April)
> I pushed up this small demo showing how to transport JSON-LD as CBOR-LD over QR Code and Web NFC.
* [transmute-industries/cbor-ld-web-transports](https://github.com/transmute-industries/cbor-ld-web-transports) github
* [CBOR-LD stabilization (was: Re: Regarding CBOR-LD Web Transports)](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0127.html)  Manu Sporny (Wednesday, 21 April)
> Digital Bazaar has a few updates to share with the community.
>
> 1. With a huge thank you to Dave Longley, a new version of the CBOR-LD library, with generalized and stable algorithms, and that works in the browser and node.js, has been released:
>
> [https://github.com/digitalbazaar/cborld](https://github.com/digitalbazaar/cborld)
>
> 2. We have split out the CBOR-LD command line interface into a separate project:
>
> [https://github.com/digitalbazaar/cborld-cli/tree/initial](https://github.com/digitalbazaar/cborld-cli/tree/initial)
>
> 1. DB has released a CBOR-LD to QR Code image library for encoding and decoding Verifiable Presentations:
>
> [https://github.com/digitalbazaar/vpqr](https://github.com/digitalbazaar/vpqr)
>
> 1. After some consultation with Mattr and Transmute, we've settled on a base32 alphanumeric QR Code encoding that is 10% more  space efficient than base64url byte mode. This is important because this format is compatible with hundreds of QR Code readers on the market. Every QR Code reader that we've tested has worked with this new format.
* [Zero Trust Architecture in the White House Executive Order on Cybersecurity](https://lists.w3.org/Archives/Public/public-credentials/2021May/0062.html) Adrian Gropper (Friday, 14 May)
Please read Section 3 in the EO
* […]
It may be time for us to explain Zero-Trust Architecture relationship to
VCs and DIDs. My not-so-hidden agenda includes priority for considering
authorization and delegation in our protocol work but our diverse community of security experts will surely make this a much broader discussion.
* [Executive Order on Improving the Nations Cybersecurity](https://comms.wiley.law/e/knewjcfglctwt7w/a7406307-5755-44fa-a5c5-22dd04d9e9a7)
Sec. 3.  Modernizing Federal Government Cybersecurity.
(a)  To keep pace with todays dynamic and increasingly sophisticated cyber threat environment, the Federal Government must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Governments visibility into threats, while protecting privacy and civil liberties.  The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.
* [One subject, 2 VCs, 2 duplicate properties](https://lists.w3.org/Archives/Public/public-credentials/2021May/0075.html) Michael Herman (Trusted Digital Web) (Tuesday, 18 May)
*   Erin is the Subject of 2 Verifiable Credentials: VC1 and VC2
*   VC1 has 2 properties: "age" and "hairColor"
*   VC2 has the same 2 properties (by name): "age" and "hairColor"
Questions
1.  Assuming VC1 and VC2 apply/are valid at the same instant in time, can the value of the "age" property (or the "hairColor" property) be different in V1 compared to V2?
2.  What makes sense? ...what is realistic? ...how should VCs behave in this regard?
* [RE: Cryptographically Enforceable Issuer Policies (forked](https://lists.w3.org/Archives/Public/public-credentials/2021May/0108.html) Joosten, H.J.M. (Rieks) (Friday, 21 May)
Before answering your question, let me tell you this is still stuff we are coming to grips with - it is the subject of a masters thesis that Naveena Anaigoundanpudur Karthikeyan is working on with TNO. So what I write below are ideas that I still need to see verified.
* [...]
parties that issue credentials under such a policy must (be able to) determine
*   That he attributes that a KeySmith uses to generate decryption keys are sufficient for expressing its policy
*   That the process that the KeySmith uses to validate the attributes that parties provide as they request a decryption key, provides sufficient assurance that the (cryptograhpic) evaluation of the policy is also valid. And I think this is the trickiest part.
From: Steve Magennis
Subject: RE: One subject, 2 VCs, 2 duplicate properties
... forking the conversation r.e. Cryptographically Enforceable Issuer Policies @Joosten, H.J.M. (Rieks), how would it be  determined if a Verifier satisfies policy conditions? Really interesting idea.
* [CCG 101 - Help us know what is needed!](https://lists.w3.org/Archives/Public/public-credentials/2021May/0150.html) Victor Syntez (Tuesday, 25 May)
I've invited you to fill out the following form:
CCG 101 - Help us know whats needed!
To fill it out, visit:
* [https://docs.google.com/forms/d/e/1FAIpQLSe3OakcEg8IfWXYALg10eiii2hiLKq2vXC-yazpPk0QVzIMzQ/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link](https://docs.google.com/forms/d/e/1FAIpQLSe3OakcEg8IfWXYALg10eiii2hiLKq2vXC-yazpPk0QVzIMzQ/viewform?vc%3D0%26amp;c%3D0%26amp;w%3D1%26amp;flr%3D0%26amp;usp%3Dmail_form_link)
* [CCG updates to cgbot and scribe-tool](https://lists.w3.org/Archives/Public/public-credentials/2021May/0169.html)  Manu Sporny (Sunday, 30 May)
New CCG infrastructure features:
- Auto-presence - No one is required to present+ themselves any more. The cgbot does it for us now, saving our feeble sausage fingers from being over exerted.
- The Ryan Grant, Who We All Know And Love, Would Like To Know Where The Raw Transcripts Are Feature - When the cgbot closes out the meeting, it will let everyone in IRC know where the raw transcripts, audio, and video files are so anyone can download them and/or remix them to spread CCG propaganda. This will hopefully also save Heather from having to document yet another piece of tribal CCG knowledge.
- The You Exist Even Though You're Not in people.json Feature - When someone is present+'d, which is anyone that joins the call now thanks to auto-presence, that person will show up in the attendees list. This achieves two things 1) the poor minutes publisher can update the people.json at their leisure instead of being blocked by it whenever a new person shows up to a call, and 2) we get a more accurate record of attendees.
- The Fellow Jitser Invisibility Decloaker Feature - If you join the meeting with a new browser, or in Incognito mode, and you change your name from "Fellow Jister" to your preferred name, you never show up in the attendee list. People that change their names now show up in the attendee list. If you want to stay pseudonymous just give yourself an unrecognizable name... like "Robot Overlord".
* [...]
These are baby steps towards an attempt at auto-transcription and auto-publication of minutes. There are a few things that aren't automated yet (like auto-detecting the meeting name)... ETA on those upgrades is unknown since all these upgrades are on a best effort basis.
* [[CEIP] Draft paper on Cryptographically Enforceable Issuer Policies](https://lists.w3.org/Archives/Public/public-credentials/2021May/0170.html)  Joosten, H.J.M. (Rieks) May 30
my colleague Sterre and I drafted [a paper that we provisionally called Cryptographically Enforceable Issuer Policies](https://docs.google.com/document/d/1c8kIUqB2BBzM3usfD0_s5wu_z6K2KndzJ4uK_oZcPOs/edit?usp%3Dsharing), which describes our current thinking on this topic.
The paper isnt finished. We need more text in the discussions section, and hope that by making the draft available well get the discussions that we (or you?) can describe in there. Also, we might have missed stuff that you as a reader need for a proper understanding of what this is all about, and to start pondering for what (other) purposes all this might be used. Or why this proposal is a very bad idea that we should not spend any more time on.
* [VC HTTP Authorization Conversation](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0009.html) Adrian Gropper June 2
The diversity of our community is a plus. To begin a conversation on VC access controls, I suggest this short intro to the differences between OAuth 2.0 and GNAP:
* [https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-05.html#name-compared-to-oauth-20](https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-05.html%23name-compared-to-oauth-20)
My goal is to arrive at a shared understanding of what would be minimum needed to support both OAuth2 and GNAP for securing access to a VC.
* [Identifiers in Verifiable Credentials](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0023.html) Kerri Lemoie June 6
"When expressing statements about a specific thing, such as a person, product, or organization, it is often useful to use some kind of identifier so that others can express statements about the same thing. This specification defines the optional id property for such identifiers. The id property is intended to unambiguously refer to an object, such as a person, product, or organization. Using the id property allows for the expression of statements about specific things in the verifiable credential."
In the credentialSubject property it seems clear that the id can represent the subject that the claim is about but Im not clear on the uses for the optional id in the vc assertion. It would be helpful to learn about some examples or suggested uses.
For some context: in VC-EDU, were discussing Open Badges as VCs. Open Badges have historically mostly been verified via issuer hosted URLs.  One of the reasons to move away from hosted URLs is to remove the dependence on the issuer for verification. However, there may continue to be use cases for when an Open Badge should still be verified through its hosted url.
* [Selective Disclosure of lists](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0048.html) David Chadwick June 8
The user's VC has a property with a list of values (e.g. names of role holders). The user only wants to disclose n of m of this list to the verifier.
How can the verifier determine the difference between
i) a list with only n entries
ii) a list that has more than n entries but the user has withheld some of them.
Then we have the case where
iii) the list is genuinely empty because e.g. the role, has not been assigned to anyone yet, and
iv) the user does not want to tell the verifier any of the list values.
Re: Understanding @contexts and credentialSchemas Jun 10
This won't be a complete answer, but at the time of publication I believe that field was used in 2 ways.
1. with json schema, see this for example -
* [https://w3c-ccg.github.io/vc-json-schemas/](https://w3c-ccg.github.io/vc-json-schemas/)
2. with hyperledger indy zkp-cl signature vc's
In both cases, "credentialSchemas" was more about the VC data shape and type, whereas contexts and JSON-LD are best used only for semantics.
There are other tools like SHACL that can help do linked data shape constraints, perhaps someone might use them with credentialSchemas in the future.
but AFAIK, "credentialSchemas" is focused on the credential data shape. And "@context" is focused on the semantics and term definitions used in the credential.
OS
On Wed, Jun 9, 2021 at 5:15 PM Kerri Lemoie <klemoie@concentricsky.com>
wrote:
> Hello all,
>
> Im reviewing this: [https://www.w3.org/TR/vc-data-model/#data-schemas](https://www.w3.org/TR/vc-data-model/%23data-schemas)
>
> Could folks please explain to me the uses of credentialSchemas in
> comparison to @context files in JSON-LD? Is it that @context files name the
> attributes and credentialSchemas provide the information about how to
> validate the data/semantics?
* [California Digital Vaccine Record based on VCs](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0191.html) Heather Vescent June 18
May be of interest: [https://www.latimes.com/california/story/2021-06-18/california-unveils-system-to-provide-digital-covid-19-vaccine-records](https://www.latimes.com/california/story/2021-06-18/california-unveils-system-to-provide-digital-covid-19-vaccine-records)
SMART Health Card Framework: [https://vci.org/about#smart-health](https://vci.org/about%23smart-health)
To achieve this purpose, the founding members of VCI™ have collaborated to develop (1) the SMART Health Cards Framework Implementation Guide based on the World Wide Web Consortium (W3C) Verifiable Credential and Health Level 7 (HL7) SMART on FHIR standards, and (2) the SMART Health Cards: Vaccination & Testing Implementation Guide.
If you are in California, you can get your vaccine record here: [https://myvaccinerecord.cdph.ca.gov/](https://myvaccinerecord.cdph.ca.gov/)
* [Re: The dangers of using VCs as permission tokens (was: PROPOSALs for VC HTTP API call on 2021-06-22)](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0244.html) Manu Sporny
On 6/24/21 12:35 PM, Kyle Den Hartog wrote:
> Agreed, when it comes to the number of checks that occur it's much greater
> because of the delegation. With that in mind, looking at the semantics only
> of the system VCs in my opinion weren't optimally designed for permission
> tokens. This difference between the two requires that an implementation
> that wants to support both claims tokens and permissions tokens has to
> grapple with the different mental model that arise when trying to stuff
> these things together. This introduces additional complexity. Additionally
> it leads to weird statements that are being made where it's difficult to
> tell if the VC is behaving like a claims token or a permissions token.
Yes, exactly this. Exactly what Kyle states above is the reason why it's so complicated (and thus dangerous) to use VCs as permissions tokens.
This is one of the primary reasons that we separated out the Authorization Capabilities work from the Verifiable Credentials work. Things get really complicated when you start mixing authz/authn/claims/permissions into a Verifiable Credential. Just because you can do it doesn't mean you should.
Much of the complexity that gets created in such a system that mixes all those concepts together goes away when you clearly separate claims tokens from permissions tokens.
I suggest that folks take a look at Kyle's post to see how intractable the problem becomes when you don't do proper separation of concerns and depend on attributes to convey permissions:
* [https://kyledenhartog.com/example-authz-with-VCs/](https://kyledenhartog.com/example-authz-with-VCs/)

12
_posts/identosphere-dump/assorted.md
View File

@ -19,19 +19,12 @@ RIF Identity
A short timeline highlights just how quickly SSI has developed. It underlines the path and development of the evolution of Internet Identity.
* [2022: LOOKING AT THE YEAR AHEAD](https://mydata.org/2022/01/11/2022-looking-at-the-year-ahead/) MyData
As MyData Global saw in our [reflection on 2021](https://mydata.org/2021/12/17/2021-in-review-the-events-and-activities-shaping-the-personal-data-landscape/), the transformation towards a human-centric personal data economy is underway. This transformation is driven by two forces: first, the dominant unethical approaches to personal data are starting to show how unsustainable they really are.
* [WAO wraps up for the holidays](https://blog.weareopen.coop/wao-wraps-up-for-the-holidays-c85bff4c910c) We Are Open Co-op
Great Work on Badges!
In May, we did some [workshopping with the crypto platform NEAR](https://weareopen.coop/near/), which was the first time we accepted cryptocurrency as part of our fee. In May, We Are Open Cooperative also [turned 5 years old](https://blog.weareopen.coop/wao-turns-five-30747f4df0f9). We celebrated this momentous occasion by launching our [new website](https://weareopen.coop/) and adding more stuff to our [free learning resource hub](https://learnwith.weareopen.coop/).
* [2021 in review: The events and activities shaping the personal data Landscape](https://mydata.org/2021/12/17/2021-in-review-the-events-and-activities-shaping-the-personal-data-landscape/) MyData
2021 has been a productive year for MyData Global, and a significant one for the wider personal data world. The [Facebook Files](https://twitter.com/mydataorg/status/1446435772857524224?s%3D20) helped raise the issue of personal data and ethics to the general public, and the EUs Data Governance Act has helped put into practice many of the changes [MyData Global has been advocating for](https://mydata.org/2021/10/28/mydata-and-the-european-unions-latest-data-developments/).
* [An Outlook on 2022](https://jolocom.io/blog/an-outlook-on-2022/) JoloCom
For us, interoperability will remain a very present topic for the next year ([https://jolocom.io/blog/can-we-avoid-a-ssi-babel/](https://jolocom.io/blog/can-we-avoid-a-ssi-babel/).
@ -121,11 +114,6 @@ Kim joined us again in 2020, after he retired from Microsoft and gave a differen
Kim attended nearly all the European Identity Conferences (EIC), from the very first one back in 2007, to 2019 and inspired us with his visionary, content-rich yet entertaining keynote talks and panel sessions. Have a look at his 2019 talk about privacy in the platform economy (“[Turning the Web Right Side Up](https://www.kuppingercole.com/watch/eic2019_14_09_cameron)”, his visionary “[Identity Services 2020](https://www.kuppingercole.com/watch/eic15_keynote_cameron)” talk at EIC 2015, where he also reflected on 15 years
* [In Praise of Kim Cameron](https://openid.net/2021/12/04/in-praise-of-kim-cameron/) OpenID Foundation
Not only did Kim “inject his 7 laws of identity into Microsofts DNA”, but did so throughout todays growing global digital identity ecosystem.
Kim was crafty. He not only injected his thinking into Microsoft; as a champion of the Identity Standards Community, Kim embedded his thinking into the standards that inform many of the identity systems operating at scale today.
* [There are no words, really, but I will try](https://www.linkedin.com/feed/update/urn:li:activity:6872285572124221440/) Jamie Lewis

9
_posts/identosphere-dump/companies/companies.md
View File

@ -958,3 +958,12 @@ Besides marking an important technical milestone, the migration also represents
* [Whats new in sideos 2.0](https://www.sideos.io/media-hub/simple-data-management-suite-trustless-interactions) SideOS
sideos is a simple data ecosystem backed by a new web standard: self-sovereign identity, or SSI.
## Magic Labs
* [Building a low-code, opinionated approach to plug & play login](https://medium.com/magiclabs/building-a-low-code-opinionated-approach-to-plug-and-play-login-21bb30dca9a4) Magic Labs
Magic Login Form represents a new onboarding experience for end-users, so we wanted to revamp our own onboarding experience for developers to match. Learning about auth can quickly derail any developers good day. Striking the balance between good UX and good security can just boggle the mind.

6
_posts/identosphere-dump/educational-resources/business.md
View File

@ -120,9 +120,6 @@ Theres an economic theory here: Free customers are more valuable than captive
Wed get the startup founders to figure out the biggest assumptions they were making across user risk (do people want this?), business risk (can this be the center of a viable business?), and feasibility risk (can we build this in a scalable way with the time, team, and resources potentially at our disposal?). And then wed ask them to go out and figure out how to de-risk those assumptions in the real world, usually by talking to experts and asking smart questions.
* [View From The Field, Riley Hughes](https://www.youtube.com/watch?v%3Dz3H40QAEJnw%26t%3D2s) Trust Over IP Foundation
Perspectives on the business problems being addressed by ToIP-aligned solutions. Primary research performed by Trinsic to get to the core issues getting in the way of scaling adoption of trust solutions. Riley presents his results and offers perspectives on how to overcome the various challenges.
* [Working Spaces Are Ecosystems Too!](https://www.youtube.com/watch?v%3DMfBoUDNcyW4) Autumn Watkinson - Trust over IP Foundation
@ -192,9 +189,6 @@ Identiverse follow-up
The common law system countries (AU, CA, NZ, UK & US) left the market to work out identity, and the market “decided” that theres no need for IdPs. Let us respect that decision. The market has been trying to tell us for over a decade: IDENTITY IS NOT FOR SALE!
* [Does “data monetisation” lead towards more fairness, sustainability, and prosperity for all?](https://www.mydata.org/2022/07/13/data-monetisation/) MyData
As this is a complex and often polarising issue, it must be discussed with patience, diligence, and determination. MyData Global has not yet reached a position on the topic. In this piece, we share our considerations and questions, and hope to inspire you to join this important deliberation.
* [Subscriptification](https://blogs.harvard.edu/doc/2022/07/15/subscriptification/) Doc Searls

25
_posts/identosphere-dump/educational-resources/critique.md
View File

@ -4,6 +4,31 @@ published: false
# Critique
* [Negative press related to DIDs and VCs](https://lists.w3.org/Archives/Public/public-did-wg/2021Jun/0032.html) Manu Sporny (29 June)
Just drawing your attention towards this:
* [https://twitter.com/harryhalpin/status/1409615372538548227](https://twitter.com/harryhalpin/status/1409615372538548227)
![https://www.notion.soimages/image2.png](https://www.notion.soimages/image2.png)
* [https://lists.w3.org/Archives/Public/semantic-web/2021May/0177.html](https://lists.w3.org/Archives/Public/semantic-web/2021May/0177.html)
These are things that I would expect we would normally just ignore, but I've received a number of private emails over the tweet above from various decision making parties inside the EU requesting that we respond publicly to theses sorts of accusations.
The accusations are being taken seriously by some because Harry Halpin is ex-W3C staff. Also note that he his company is developing "competing technology" to DIDs and VCs.
Just raising awareness here as Harry's campaign is having a negative effect on adoption of VCs and DIDs.
Ted Thibodeau Jr Shares
it was not the only nor the first related tweet emanating from Harry --
* [https://twitter.com/search?q=W3C%20(DID%20OR%20%22Verifiable%20Credentials%22%20OR%20VCs)%20(from%3Aharryhalpin)&src=typed_query&f=live](https://twitter.com/search?q%3DW3C%2520(DID%2520OR%2520%2522Verifiable%2520Credentials%2522%2520OR%2520VCs)%2520(from%253Aharryhalpin)%26src%3Dtyped_query%26f%3Dlive)
Nor has he limited his commentary to Twitter --
* [https://www.google.com/search?q=W3C+(DID+OR+%22Verifiable+Credentials%22+OR+VCs)+%22harry+halpin%22](https://www.google.com/search?q%3DW3C%2B(DID%2BOR%2B%2522Verifiable%2BCredentials%2522%2BOR%2BVCs)%2B%2522harry%2Bhalpin%2522)
* [An Examination of the Biases within Commercialized Identity](https://www.pingidentity.com/en/company/blog/posts/2021/biases-commercialized-identity.html) on [Hello User Podcast](https://www.pingidentity.com/en/company/podcast.html)
“There is no discipline for software engineers when it comes to identity and privacy due to the pace at which they are expected to build, but this will likely change because of liabilities and regulation.”

56
_posts/identosphere-dump/educational-resources/data-governance.md
View File

@ -13,7 +13,7 @@ published: false
- [Data Trusts Initiative](https://datatrusts.uk/) - interdisciplinary programme that pursues research at the interface of technology, policy and the law to better understand the role data trusts can play
- [Data Futures](https://foundation.mozilla.org/en/initiatives/data-futures/) - Research to shift power through data governance - Mozilla Foundation
- [The Data Economy Lab](https://thedataeconomylab.com/) - unlock the societal value of data while safeguarding the rights of individuals and communities.
- [Practising data stewardship in India, early questions](https://www.adalovelaceinstitute.org/blog/practising-data-stewardship-in-india/) - could data stewardship help to rebalance power towards individuals and communities? ALI
- [Doing good with data: what does good look like when it comes to data stewardship?](https://www.adalovelaceinstitute.org/blog/what-does-good-look-like-data-stewardship/) ALI
- [@CjColclough](https://twitter.com/CjColclough) shares: [Towards Workers' Data Collectives](https://www.thewhynotlab.com/post/towards-worker-data-collectives) (The Why Not Lab)Written for [Just Net Coalition](https://justnetcoalition.org/) and [IT for Change](https://itforchange.net/) Digital New Deal [essay series](https://itforchange.net/digital-new-deal/)
* [Local-first software: You own your data, in spite of the cloud](https://www.inkandswitch.com/local-first.html)
@ -79,43 +79,6 @@ I re-read [Zhamak Dehghani](https://twitter.com/zhamakd) s [original](http
Probably because the alternatives produce even more income.
* [Catalysing transformative change: new project to produce innovative services in smart cities](https://mydata.org/2021/09/02/catalysing-transformative-change-new-project-to-produce-innovative-services-in-smart-cities/) MyData
“Cities around the world are racing ahead to be smarter by taking ethical approaches to personal data”, explains Teemu Ropponen, General Manager of MyData Global “MyData Global is a centre of excellence for personal data management expertise, with the H3C project we are bringing together city administrations, companies and individuals to find solutions that put people in control of their personal data”
* [Introducing the Me2B 101 Flash Guide Series](https://me2ba.org/introducing-the-me2b-101-flash-guide-series/) Me2B Alliance
When we started drafting the Respectful Tech Specification a couple of years ago, it was immediately obvious that we didnt have an adequate vocabulary to describe personal experiences in the digital world—never mind measure them.
* [Flash Guide #5: Online Me2B Deals: Currencies in the Digital World and the Price of “Free”](https://me2ba.org/flash-guide-5-online-me2b-deals-currencies-in-the-digital-world-and-the-price-of-free/)
The Me2B Deals or transactions that occur online typically involve three types of “currency”: money, attention or data. [...] What sets online data monetization apart from the other two currencies is that often, customers have no idea what they are paying with or that they are paying at all.
* [Flash Guide #6: Online Me2B Relationships](https://me2ba.org/flash-guide-6-online-me2b-relationships/)
our relationship with connected technology includes a set of “hidden affiliates” (third party integrations) that most of us are not aware of. This guide describes how these relationships conscious or not emerge as we interact with digital technologies.
* [Flash Guide #7: The Me2B Lifecycle: Overlaying Social Norms on the Digital World](https://me2ba.org/flash-guide-7-the-me2b-lifecycle-overlaying-social-norms-on-the-digital-world/)
This real life social context is currently missing in both existing privacy regulation and in industry standards models for ethical technology [...] Our model helps course-correct connected technology by pinpointing how the digital Me2B experience deviates from important social behavioral norms.
* [Flash Guide #8: Digital Me2B Commitments & Deals](https://me2ba.org/flash-guide-8-digital-me2b-commitments-deals/)
This guide provides examples of common Commitments and Deals, and shows how they map to the stages of a Me2B Lifecycle. It also reflects social norms for being anonymous, recognized, or known at each stage.
* [Flash Guide #9: The 10 Attributes of Respectful Me2B Commitments](https://me2ba.org/flash-guide-9-the-10-attributes-of-respectful-me2b-commitments/)
The Me2B Respectful Tech Specification measures technology behavior against 10 attributes that respectful Me2B Commitments should possess. These attributes represent how technology should treat us and our data at every step along the Me2B Relationship Lifecycle.
* [Flash Guide #10: Data Flow & the Invisible Parallel Dataverse](https://me2ba.org/flash-guide-10-data-flow-the-invisible-parallel-dataverse/)
Our personal data flows do not start light and increase with time and trust. Instead, a firehose of personal information is released and shared with a host of unseen third parties as soon as we open an app or website. Me2BAs Respectful Tech Specification V.1 is largely focused on testing for these invisible parallel dataverse data flows.
* [12 ways a human-centric approach to data can improve the world](https://me2ba.org/world-economic-forum-12-ways-a-human-centric-approach-to-data-can-improve-the-world/) Me2B Alliance
Twenty-five quintillion bytes of data are generated every day. Thats 25,000,000,000,000,000,000. In this era of data abundance, its easy to think of these bytes as a panacea informing policies and spurring activities to address the pandemic, climate change or gender inequality but without the right systems in place, we cannot realize the full potential of data to advance a sustainable, equit
* [PERSONAL DATA HOLDS THE KEY FOR SUSTAINABLE CITY LIFE](https://mydata.org/2021/09/13/personal-data-holds-the-key-for-sustainable-city-life-but-rewards-must-be-balanced-with-risks-to-digital-rights/) MyData
* [Japan-based Dixon Siu to join the Board of aNewGovernance AISBL](https://www.anewgovernance.org/2021/09/15/japan-based-dixon-siu-to-join-the-board-of-anewgovernance-aisbl/)
Given his breadth of experience and alignment with a number of strategic sectors where aNewGovernance is currently developing ecosystems, I am sure, he will bring incredible contribution.
@ -295,20 +258,3 @@ TreeLDR is an open-source developer tool with a DSL that makes managing data sch
Our open banking platform is guided by our [data responsibility principles](https://www.mastercard.com/news/perspectives/2022/data-responsibility-and-inclusion/). Mastercard
* [Rulebook overcomes the lack of trust in data sharing](https://www.mydata.org/2022/08/30/rulebook-overcomes-the-lack-of-trust-in-data-sharing/) MyData
The data sharing market is taking off and there is enormous uncaptured value. Many organisations are looking for new trustworthy ways to create value from data collaboration. Individuals can also benefit tremendously if data can be more readily shared across service providers.
* [Training: Building smart cities services 2.0](https://oldwww.mydata.org/h3c/) MyData
You will learn about business models, compliance with complex regulatory regimes, standards, and governance mechanisms. You will be connected with EU funding opportunities, and you will learn how to build successful partnerships with companies and cities
* [What Metas Profit Drop Might Say About Consumer Sentiment on Data Privacy](https://anonyome.com/2022/09/what-metas-profit-drop-might-say-about-consumer-sentiment-on-data-privacy/) Anyonyome
* [Skills for creative futures? MyData starts the Cyanotypes project.](https://www.mydata.org/2022/09/21/mydata-starts-cyanotypes-project/) MyData
* [What to make of data sovereignty](https://www.mydata.org/2022/09/26/data-sovereignty/) MyData
Data sovereignty has gained much recent attention, whilst interpreted in varied ways. MyData Global describes in this blog post what to make of data sovereignty when taking a human-centric approach to personal data.

12
_posts/identosphere-dump/educational-resources/explainer.md
View File

@ -511,8 +511,6 @@ Web 3 has brought a new way to engage with websites, and dare I say, it is almos
We are freeing ourselves from the management of “data hash” which leads to a centralization or complexification of verification procedures. This makes our solution new compared to traditional blockchain applications on the market.
* [TrustOverIP Model](https://trustoverip.org/wp-content/toip-model/)
* [What are Verifiable Credentials? Why do they matter?](https://flur.ee/2022/01/10/what-are-verifiable-credentials-why-do-they-matter/)
Authority Does Not Require Centralized Power
@ -526,9 +524,6 @@ Verifiable credentials and verifiable credential management technology offer a d
As S. Shakthi and I noted in a recent [research paper](https://journals.openedition.org/samaj/6279), digital identity systems are widely seen as datafiers by virtue of their core property of reducing the person to machine-readable data. A datafier is a system that performs the crucial operation of converting the physical into digital. A different, contrasting view is also emerging in research: digital identity systems are increasingly seen as platforms, i.e. “technological building blocks” on which different types of complements can be constructed.
* [Identity in the 21st Century India: Where are we?](https://www.crubn.com/_files/ugd/3e90e2_82e2de11e1194f1c93ed68c411d78564.pdf?index%3Dtrue) Crubn
This whitepaper is an attempt to understand identity from a governance perspective and the various methods of identification used. In particular, it'll analyse India's digital identity infrastructure its motivations, the benefits it has yielded, and the dangers that might adversely impact it.
* [Self-Sovereign Identity: The Foundation of the Digital Wallet](https://www.nevis.net/en/blog/how-does-self-sovereign-identity-ssi-work) Nevis
@ -554,10 +549,6 @@ FANTASTIC NEW TALK!!!!
WE have a wikipedia article!
* [RADIO WITH PICTURES](https://trustoverip.org/blog/2022/03/02/radio-with-pictures/) Trust over IP
Exploring why human trust should be an essential design element in the next generation of digital solutions
* [Take Control of Your Data with Self-Sovereign Identity](https://rainfall.one/news/61dd6a20f4f3e8002260b268) Rainfall One
The SSI identity system gives you the ability to authenticate your own identity, using credentials you have been issued or information you can verify directly, which is stored in a digital wallet.
@ -1280,6 +1271,3 @@ Technically, Verifiable Claims are claims made about a “subject” (identified
On this episode of “Money Reimagined,” hosts [Michael Casey](https://twitter.com/mikejcasey) and [Sheila Warren](https://twitter.com/sheila_warren) are together again but this time, at Converge22 by Circle. They discuss the challenges of identity and verification in the U.S. and in other countries with [Daniel Buchner](https://www.linkedin.com/in/dbuchner/), head of decentralized identity at [Block](https://block.xyz/); and [Chi Nnadi](https://www.linkedin.com/in/chinnadi/?originalSubdomain%3Dke), the co-founder and CEO at [Mara](https://mara.xyz/).
* [India-stack and self-sovereign identity | EUBS 2022](https://www.youtube.com/watch?v%3Dof-iuDZpWuA)
a panel discussion with Akhilesh Srivastava (IT Advisor at Government of Uttarakhand), Mallikarjun Karra (Director of Research And Partnerships at Timechain Labs), Prof. Sandeep Shukla (Computer Science & Engineering at Indian Institute of Technology Kanpur), Swapnil Pawar (Founder of Newrl) and Ishan Roy (Head of Blockchain at Tamil Nadu E-Governance Agency)

10
_posts/identosphere-dump/educational-resources/future.md
View File

@ -51,12 +51,10 @@ A comprehensive Article on CoinDesk about the future and what SSI looks like in
> The hardest part ahead is not the technology, its the wholesale re-conceptualization of what is required for a global verification network that puts the power of the network back into the endpoints that is you and me.
* [Four Future Scenarios about Identity & Access in 2040](https://esatus.com/wp-content/uploads/Broschuere_eng_final.html).We talk aboutTotal Surveillance,Mega Corporations,Identity Chaos&Self-Sovereign Identity 2.0.
> After a look into the past and present, we now fast-forward to the year 2040, where we meet Julia and accompany her through her everyday life. In four different IAM future scenarios, which can be viewed separately, we will understand how life under total surveillance feels for Julia. In times where identity chaos prevails, we can see what it means when Julia can no longer be sure about her digital identity, with only her physical identity being certain. In a world dominated by mega corporations Julias experiences with her employer show us the far-reaching significance and influence such corporations have gained in relation to IAM. Finally, we experience how Julia is able to regain her informational self-determination thanks to her identity wallet - Self-Sovereign Identity 2.0.
* [The Future of Work & Skills a human-centric skills data space](https://mydata.org/skillsdata) MyData
* [Whitepaper](https://drive.google.com/file/d/1QPbc1mwVUj7Tttb4MA9VMRT-bJgjqwqI/view)
> In order to improve the competitiveness of EUs workforce, the strategy identifies a need for high-quality data for qualifications, learning opportunities, jobs and skill sets of people.
* [The Future of Identity. A collection of interconnected research](https://borgbraincrypto.medium.com/the-future-of-identity-eee42109efd2)
* [Scaling the personal data economy, MyData 2020](https://www.youtube.com/watch?v=xNTuuOAZ1Uc)
> using Futures Thinking to envision how different business strategies, policies and actions implemented in the personal data ecosystem can pave the path towards the Desirable Future.
* [What does it take to develop human-centric solutions for the built environment?](https://mydata.org/2022/05/13/built-for-people/) MyData ([Video](https://www.youtube.com/watch?v%3DVCjW0_NAPmQ)
> Building better, more human-centric solutions in smart cities starts by realising that citizens and their digital footprints are not merely aspects to monitor and evaluate. They are active participants in the cities we live and work together and need to be engaged in designing better cities and managing the data about themselves. This is not important only for respecting citizens rights, but it is crucial to building sustainable services and humane cities.
* [On Abortion and Data](https://www.mydata.org/2022/06/30/on-abortion-and-data/) MyData
> A basic insight of MyData is that the current systems of data are asymmetrical, imbalanced, and unfair. A basic motivation of MyData is to fix this by addressing business, legal, technical, and societal aspects of those systems.
* [Towards Self-Sovereign Identity with Tykn Co-Founders, Khalid Maliki and Jimmy J.P. Snoek](https://open.spotify.com/episode/37WCJ39VocsCKrgBEK3doO) Ubisecure LTADI
> The conversation details the 'three pillars of SSI' (verifiable credentials, decentralised identifiers and blockchain), how SSI fits with existing processes, what it should appear as to end users (and what level of education they need around the technology), the importance of accessibility for inclusivity, and what's next for Tykn. "In 5 years, people should take [SSI] for granted" Khalid Maliki
* [5 identity priorities for 2021—strengthening security for the hybrid work era and beyond](https://www.microsoft.com/security/blog/2021/01/28/5-identity-priorities-for-2021-strengthening-security-for-the-hybrid-work-era-and-beyond/) Microsoft

6
_posts/identosphere-dump/educational-resources/governance.md
View File

@ -88,10 +88,6 @@ a simple mechanism to provide public information concerning an entity by adverti
> Machine-readable governance is composed of elements that help to establish trust and enable interoperability: trusted participants, schemas (templates for structuring information in a credential), and rules and flows for presenting credentials and verifying them. Machine-readable governance can be hierarchical. Once a governance system is published, other organizations can adopt and then amend or extend the provided system.
* [ToIP Releases Additional Tools for Governance and Trust Assurance in Digital Trust Ecosystems](https://trustoverip.org/news/2021/11/12/toip-releases-additional-tools-for-governance-and-trust-assurance-in-digital-trust-ecosystems/)
Following the [September announcement of its first tools for managing risk in digital trust ecosystems](https://trustoverip.org/blog/2021/09/23/trust-over-ip-foundation-issues-its-first-tools-for-managing-risk-in-digital-trust-ecosystems/), today the ToIP Foundation announced three more pairs of tools to assist in the task of generating digital governance and trust assurance schemes
* [3 Stages of a Pan-African Identity Framework for Establishing Self-Sovereign Identity With Blockchain](https://www.frontiersin.org/articles/10.3389/fbloc.2021.631640/full) Solomon Darnell, Joseph Sevilla
Three stages have been identified as necessities to accomplish the development of this system before opening it further beyond the pan-African worldwide community. The three stages are defined by systems that allow for biometric/demographic registration (stage 1), interoperability and security hardening (stage 2), and biometric modality data analysis/organization/association (stage 3).
@ -258,8 +254,6 @@ Links from chat: [http://emoglen.law.columbia.edu/LIS/archive/privacy-legis/IST
* [https://institutionalgrammar.org/wp-content/uploads/Instructional_materials/IG-2.0-Cheat-Sheet-v1.pdf](https://institutionalgrammar.org/wp-content/uploads/Instructional_materials/IG-2.0-Cheat-Sheet-v1.pdf)
* [ISO/IEC 29100:2011 - Information technology — Security techniques — Privacy framework](https://www.iso.org/standard/45123.html)
* [At a Crossroads: Personhood and Digital Identity in the Information Society](https://www.oecd.org/sti/ieconomy/40204773.doc)
* [https://github.com/Open-Notice/OPN-Workshop-05-04-21](https://github.com/Open-Notice/OPN-Workshop-05-04-21)

5
_posts/identosphere-dump/educational-resources/media-coverage.md
View File

@ -3,3 +3,8 @@
* [Verifiable Credentials go mainstream at Identiverse 2022](https://www.biometricupdate.com/202206/verifiable-credentials-go-mainstream-at-identiverse-2022) Biometric Update
Verifiable Credentials was a breakthrough topic and its clearly on the path to mainstream adoption. Main sessions by Microsoft and Avast showcased their application of VCs in the IAM landscape, showing VCs arent the future anymorethey are the present.
* [Huge data leak shatters the lie that the innocent need not fear surveillance](https://www.theguardian.com/news/2021/jul/18/huge-data-leak-shatters-lie-innocent-need-not-fear-surveillance)
Few pause to think that their phones can be transformed into surveillance devices, with someone thousands of miles away silently extracting their messages, photos and location, activating their microphone to record them in real time.
Such are the capabilities of Pegasus, the spyware manufactured by NSO Group, the Israeli purveyor of weapons of mass surveillance.

3
_posts/identosphere-dump/educational-resources/resources.md
View File

@ -12,9 +12,6 @@ It combines a clear, jargon-free introduction to this blockchain-inspired paradi
DIF has launched a massive Decentralized Identity [Knowledgebase](https://identity.foundation/faq/), structured as a long series of frequently-asked questions and answers. This synthesizes a year of educational efforts in the interop WG, blog posts, newsletters, and many other DIF inputs in a format we hope will be helpful as a reference and onboarding document throughout the decentralized identity space.
* [Trust Over IP Foundation Issues its First Tools for Managing Risk in Digital Trust Ecosystems](https://trustoverip.org/blog/2021/09/23/trust-over-ip-foundation-issues-its-first-tools-for-managing-risk-in-digital-trust-ecosystems/)
as we move into decentralized identity management, where individuals manage credentials in their own digital wallets, we need new risk management tools designed for this paradigm
* [Global Verifiable Credential Adoption](https://trinsic.notion.site/trinsic/Global-Verifiable-Credential-Adoption-78c7e4c5f2a34a228a55d03db54ab399) Trinsic (Notion)
🔥 This is a community resource for tracking the adoption of verifiable credentials around the world. Please have a look around and join 10+ others who have contributed!

20
_posts/identosphere-dump/events/EIC.md
View File

@ -16,13 +16,6 @@ Go to Kuppinger Cole for [ON-DEMAND ACCESS](https://www.kuppingercole.com/book/e
For me, the most relevant new topic and trend was to finally see the convergence of decentralized identities (DID) and traditional approaches on IAM starting. DID, also referred to as SSI (Self Sovereign Identity) or verifiable credentials, is a concept where the user has a wallet that holds proofs of identities and attributes.
* [OIDF Workshop at EIC 2022 — Tuesday, May 10, 2022](https://openid.net/workshops/workshop-at-eic-2022/)
The OpenID Foundation hosted a workshop at [EIC 2022 in Berlin](https://www.kuppingercole.com/events/eic2022/) that was part of the pre-conference workshops on Tuesday, May 10, 2022.
The Foundation was thrilled to welcome and introduce two of the 2022 Kim Cameron Award winners, Rachelle Sellung and Alen Horvat at the workshop. The Foundation will soon publish blogs from Rachelle and Alen describing their experiences at EIC 2022.
* [Download workshop presentations](http://openid.net/wordpress-content/uploads/2022/05/OIDF_Workshop-at-EIC_FINAL_2022-05-11.pptx)
* [What the EIC Decentralized Identity Award Means For Indicio](https://indicio.tech/what-the-eic-decentralized-identity-award-means-for-indicio/) Indico
@ -36,21 +29,8 @@ Explore the inflection points of identity governance and administration (IGA) th
ABB is being honored for its Global IAM initiative, established to improve security, compliance, and operations, and ensure access management is properly overseen. But with operations in over 100 countries,180,000 employees,13,000 servers, 6,500 applications, hundreds of HR systems, and a complex Active Directory implementation, this is not an easy undertaking.
* [Announcing the 2022 OpenID Foundation Kim Cameron Award](https://openid.net/2022/04/08/announcing-the-2022-openid-foundation-kim-cameron-scholarship/) OpenID
Award recipients will be studying, researching, interning or working in a field relevant to one or more [OpenID Foundation working groups](https://openid.net/wg/) and consistent with Foundations Mission. The recipients will also be invited to participate in Foundation breakout meetings at the European Identity Conference and Identiverse which will provide exposure to both the Foundations business as well as leading technologists.
GAIN was a big topic of discussion
* [Nat Sakimura @_nat_en · May 12](https://twitter.com/_nat_en/status/1524654753917153280)
GAIN: The Global Assured Identity Network [@OIX_Nick](https://twitter.com/OIX_Nick) and [@gailhodges](https://twitter.com/gailhodges) on the main stage.
![https://www.notion.soimages/image4.png](https://www.notion.soimages/image4.png)
* [Protocols, Standards, Alliances: How to Re-GAIN the Future Internet from the Big Platforms](https://www.kuppingercole.com/watch/eic2022-panel-gain-future-internet) Kuppinger Cole
just like trade unions helped the working class during the industrial revolution to fight for their rights. In this panel session, we will discuss about the enablers of such a different approach and the requirements to actually be successfull.
## Tweeters

15
_posts/identosphere-dump/events/calendar.md
View File

@ -3,6 +3,21 @@ published: false
---
# Events Calendar
* [2 special topics IIWs](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0293.html) Kaliya IDwoman
we are pulling together these as an experiment based on feedback from the community in the closing circle of the last IIW.
1) User-Experience and SSI on July 22nd. 8am - 2pm pacific time.
* [www.eventbrite.com/e/159946001797/?discount=CCG_25](http://www.eventbrite.com/e/159946001797/?discount%3DCCG_25)
2) The Business of SSI on August 4th 8am-2pm pacific time.
* [https://www.eventbrite.com/e/the-business-of-ssi-an-iiw-special-topic-12-day-virtual-event-tickets-161249943923](https://www.eventbrite.com/e/the-business-of-ssi-an-iiw-special-topic-12-day-virtual-event-tickets-161249943923)
We also have [IIW33 set now as a virtual event October 12-14](https://www.eventbrite.com/e/internet-identity-workshop-iiwxxxiii-33-2021b-tickets-160257990965) - we had too much uncertainty around travel for folks outside the US who are now 50% of attendees, delta+ variants, fires in California at that time of year and wanting to provide hybrid participation options and not having time.
* [MyData Global](https://www.mydata.org/events/) Annual + Regional + Organizational

40
_posts/identosphere-dump/interop.md
View File

@ -4,7 +4,6 @@ published: false
# Interop
* [Prioritizing Individual Sovereignty over Interoperability](https://jolocom.io/blog/decentralized-identifiers-design-challenges/) Jolocom and Danube tech
* [Trust over IP Foundation Introduces a New Tool for Interoperable Digital Trust](https://trustoverip.org/blog/2020/10/19/trust-over-ip-foundation-introduces-a-new-tool-for-interoperable-digital-trust/)
* [Different approaches to Interoperability](https://www.evernym.com/blog/getting-to-practical-interop-with-verifiable-credentials/) by Daniel Hardman of Evernym
> Several VC ecosystems have grown up around the VC spec. Each touts standards compliance and interoperability, yet they do not currently interoperate with one another. Lets have a look at their differences and commonalities, and then explore a simple proposal that might make which language your VCs “speak” as transparent as which language you choose when you watch a movie.
@ -53,29 +52,14 @@ Were very pleased to announce that our proposal “Presentation Exchange
Well be providing a Presentation Exchange that creates interoperability between W3C DIF-compliant Verifiable Credentials and Hyperledger Aries-based Verifiable Credentials for the European Blockchain Services Infrastructure (EBSI).
- [Digital Bazaar Interop 1B](https://www.youtube.com/watch?v%3D-sr-7E7q79E)
- [Digital Bazaar Interop 1A](https://www.youtube.com/watch?v%3Demu301gvMJE)
* [Setting Interoperability Targets Part 1 of 2](https://medium.com/decentralized-identity/setting-interoperability-targets-part-1-of-2-c6cbeaf82e98) Decentralized Identity Foundation
These will probably always differ and make a universal abstraction impossible; and thats not a bad thing! These requirements are always going to be specific to each regulatory context, and without them, innovation (and large-scale investment) are endangered by regulatory uncertainty.
* [Setting Interoperability Targets Part 1 of 2](https://medium.com/decentralized-identity/setting-interoperability-targets-part-1-of-2-c6cbeaf82e98) DIF
The Interoperability working group will be tracking them and providing guidance and documentation where possible. Importantly, though, there is a new DIF Working Group coming soon, the Wallet Security WG, which will dive deeper into these profiles and requirements, benefiting from a narrow scope and IPR protection, allowing them to speak more bluntly about the above-mentioned details.
* [Setting Interoperability Targets Part 2 of 2](https://medium.com/decentralized-identity/setting-interoperability-targets-part-2-of-2-671f8faa8ecb) DIF
Having shown in our last piece how interoperability “profiles” are designed, we now tackle some key technical problem areas ripe for this kind of profile-first interoperability work across stacks.
* [Release of the Good Health Pass (GHP) Interoperability Blueprint](https://trustoverip.org/news/2021/08/12/release-of-the-good-health-pass-ghp-interoperability-blueprint/) TrustoverIP
After a public review period during June with stakeholders in air travel, government, healthcare, hospitality, and other affected sectors, the Blueprint was finalized in mid-July for final approval and publication. “Publication of the V1.0.0 Blueprint is just the first step in seeing interoperable privacy preserving digital health passes adopted in order to support people being able to gather together again with lower personal and public health risk,” said Kaliya Young, chair of the Working Group and Ecosystems Director at CCI. “Our next task is collaborating with real world implementers to fill in any remaining gaps to get to an interoperable system and working with LFPH and other partners to deliver open source code that can be deployed.”
* [SSI Interoperability Demo NB Orbit Mobile Wallet, PwC, Copper Mountain & BC Mines](https://northernblock.io/ssi-interoperability-demo-nb-orbit-mobile-wallet-pwc-copper-mountain-bc-mines/) NorthernBlock ([Video](https://www.youtube.com/watch?v%3DWkPuEuf9K3Y)
In collaboration with the BC Mines Trust Ecosystem, we demonstrate interoperability between organizations using the BC Gov Business Partner Agent and the NB Orbit Mobile Wallet for managing sustainable mining practices.
* [DHS SVIP Demo Week Day 2 Blockchain & DLT September 15, 2021](https://vimeo.com/showcase/8833272)
* [Setting Interoperability Targets Part 2 of 2](https://blog.identity.foundation/setting-interoperability-targets-2/) Decentralized Identity Foundation
Having shown in our last piece how interoperability "profiles" are designed, we now tackle some key technical problem areas ripe for this kind of profile-first interoperability work across stacks.
* [Decentralzied Mapping Initiative](https://whimsical.com/decentralized-mapping-exercise-CUhk3dT4RUZvGa4Lt7rNvD)  DIF Interop WG
@ -172,14 +156,6 @@ The European Commission and the European Blockchain Partnership are laying the f
* [01:04:16](https://www.youtube.com/watch?v%3D54WrOZ2IEZE%26t%3D3856s) Demo 3: A student gets access to local discounts using municipality credential based on a European student card
* [Our Interoperability Work in the Decentralized Identity Foundation](https://developer.tbd.website/blog/our-interop-work-in-dif/) TBD
More details about the Conformance Test Suite that was developed by members of DIF and our interoperability test reports can be found here:
- [TBDs test results of JWS Test Suite](https://identity.foundation/JWS-Test-Suite/%23tbd)
- [Spruces test results of JWS Test Suite](https://identity.foundation/JWS-Test-Suite/%23spruce)
At TBD, we support open standards wherever appropriate, and all of our projects are open source.
* [Spruce and TBD Demonstrate Decentralized Identity Interoperability](https://blog.spruceid.com/spruce-and-tbd-demonstrate-decentralized-identity-interoperability/) SpruceID
@ -193,11 +169,6 @@ The "Data Governance and Semantics" project featured three webinars introducing
Spruce and TBD are the first two organizations to demonstrate support for all [five JWS algorithms](https://w3id.org/security/suites/jws-2020%23jose-conformance) for [JsonWebSignature2020](https://w3c-ccg.github.io/lds-jws2020/) (Data Integrity Proofs) and JWTs, for VCs and [W3C Verifiable Presentations](https://www.w3.org/TR/vc-data-model/%23presentations-0) (VPs), which is a major step toward vendor interoperability.
More details about the Conformance Test Suite which was developed by members of the [Decentralized Identity Foundation](https://identity.foundation/) and the interoperability test reports can be found here:
- [TBDs test results of JWS Test Suite](https://identity.foundation/JWS-Test-Suite/%23tbd)
- [Spruces test results of JWS Test Suite](https://identity.foundation/JWS-Test-Suite/%23spruce)
* [SSI Report - Interoperability](https://www.youtube.com/watch?v%3DezInITzb9p4) RootsID
Interoperability is the ultimate challenge of a Decentralized Self-Sovereign Identity. Hyperledger Aries is hosting an Interopathon to showcase all the work their community has done to promote Interoperability. We have also started discussions about a standard import/export format that would further improve interop across identity agents.
@ -206,12 +177,11 @@ Interoperability is the ultimate challenge of a Decentralized Self-Sovereign Ide
This represents the last phase of the AS4EDI20 project to implement the CEF eDelivery AS4 profile in Europe. This project is co-financed by the European Commission through the CEF Telecom program and managed by HaDEA, with action number 2020-EU-IA-0024.
* [DIF Interoperability Survey](https://docs.google.com/forms/d/e/1FAIpQLSfbFh4DQeyI0msXsWvfpbrtYEfgQrGRD7tw4d2Rg0NEyhvcKQ/viewform)
We are keen to support more interoperability activity and hopefully testing this fall and winter. In order to do this we would like to gather feedback from the community as to where we are at so we can assess how to move forward.
Please Note: Information on this survey will be shared with the chairs of the DIF Interop Group
* [A pilot project for interoperable decentralised identity between Aigües de Barcelona, CaixaBank and Validated ID](https://www.validatedid.com/post-en/open-innovation-project-for-the-collaboration-between-large-companies-and-emerging-companies) Validated ID
The lines of action of the laboratory are framed in six blocks: resilient water resources, the impact of global change; efficient infrastructure management; the environment and health; water and energy; and water demand management. The projects developed contribute to the achievement of one or more Sustainable Development Goals, putting the citizen at the center of digital transformation and advocating a perspective on technological humanism.
They are actually coming to the [Interoperability Working Group](https://www.notion.so/Interoperability-WG-a42995c37e2a4511a10aea96cdbccc38) this coming week to share results. Here is what they had to say about SSI:
A Self- Sovereign Identity can unlock the full potential of the digital global economy. The identity of people, organizations and things is relevant to any transaction, while protecting Personal Identifiable Information (PII) is of increasing importance.

2
_posts/identosphere-dump/open-source-projects/decentralized-identity-foundation.md
View File

@ -1,2 +0,0 @@
# Decentralized Identity Foundation

12
_posts/identosphere-dump/open-source-projects/tools-code.md
View File

@ -73,9 +73,6 @@ A short note to point folks at Seth Godins recent podcast about Project Debt.
- Why saying NO to those simple things may be the best thing. For some hints on how to do that see [Say No With Grace](https://www.continuumloop.com/say-no-with-grace/).
Give it a listen on [Overcast](https://overcast.fm/%2BL0YUSAwxA) (my fave) or  [Apple Podcasts](https://podcasts.apple.com/us/podcast/project-debt/id1345042626?i%3D1000536252965).
* [Dangling Domain From SDK Installed in 150+ Apple Apps Putting Kids, Families and Crypto Traders at Risk](https://me2ba.org/dangling-domain-from-sdk-installed-in-150-apple-apps-putting-kids-families-and-crypto-traders-at-risk/)
TLDR: The Me2B Alliance believes apps including the AskingPoint SDK should be safe from malicious redirects or other exploits.
* [Welcome to Docks API - Testnet Sandbox](https://blog.dock.io/welcome-to-docks-api-testnet-sandbox/)
@ -266,11 +263,7 @@ This is so exciting to see what Wayne and his team are building.
* [Spruce Systems introduces DIDKit](https://sprucesystems.medium.com/introducing-didkit-an-identity-toolkit-e0dfa292f53d)
> DIDKit is a cross-platform toolkit for working with W3C Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). It allows you to resolve and manage DID documents, and also manage the entire lifecycle of Verifiable Credentials including their issuance, presentation, and verification.
* [A repository of JSON Schemas for Verifiable Credentials](https://github.com/rsksmart/vc-json-schemas)
> The Credential Schema is a document that is used to guarantee the structure, and by * [OpenID Foundation is Hiring a new Executive Director](https://openid.net/2020/11/17/openid-foundation-executive-director-job-description/)
> The OpenID Foundation is seeking an Executive Director with the experience, skills, strategic vision, and commitment to advancing the Foundations open standards initiatives. This is a unique opportunity to lead a well-respected, member-driven, vendor-neutral, international standardization organization.
extension the semantics, of the set of claims comprising a Verifiable Credential. A shared Credential Schema allows all parties to reference data in a known way
> The Credential Schema is a document that is used to guarantee the structure, and by
* [Spruce Systems Developer Update #4](https://sprucesystems.medium.com/spruce-developer-update-4-cd6472c58fe1)
- The [Tezos DID Method](https://did-tezos-draft.spruceid.com/) specifies how Tezos can be used for DID creation and management, compatible with the issuance, storage, and verification of Verifiable Credentials.
@ -310,9 +303,6 @@ This weekend I worked on making a [github action](https://github.com/features/ac
* [@mfosterio · Apr 29](https://twitter.com/mfosterio/status/1520130657468440576) Twitter
I created a DID at [http://GoDiddy.com](https://t.co/QhwQhqUz0k) did:key:z6MkfxFPD3vwny367HZVQoqUnKatH4RTHEitcbEdvxst3nZm#z6MkfxFPD3vwny367HZVQoqUnKatH4RTHEitcbEdvxst3nZm DIDs are important in Self Sovereign Identity. You can learn about DIDs [@bluesky_commons](https://twitter.com/bluesky_commons)
* [What does it take to develop human-centric solutions for the built environment?](https://mydata.org/2022/05/13/built-for-people/) MyData ([Video](https://www.youtube.com/watch?v%3DVCjW0_NAPmQ)
Building better, more human-centric solutions in smart cities starts by realising that citizens and their digital footprints are not merely aspects to monitor and evaluate. They are active participants in the cities we live and work together and need to be engaged in designing better cities and managing the data about themselves. This is not important only for respecting citizens rights, but it is crucial to building sustainable services and humane cities.
* [Scale Your Decentralized Identity Solution by Upgrading to the Indy DID Method](https://indicio.tech/scale-your-decentralized-identity-solution-by-upgrading-to-the-indy-did-method/) Indicio
Again, the Indy DID Method is not an optional upgrade. Its a major development that delivers interoperability.

9
_posts/identosphere-dump/open-standards/authorization/README.md
View File

@ -1,5 +1,14 @@
# Authorization Protocols
* [VC HTTP Authorization Conversation](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0009.html) Adrian Gropper June 2
The diversity of our community is a plus. To begin a conversation on VC access controls, I suggest this short intro to the differences between OAuth 2.0 and GNAP:
* [https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-05.html#name-compared-to-oauth-20](https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-05.html%23name-compared-to-oauth-20)
My goal is to arrive at a shared understanding of what would be minimum needed to support both OAuth2 and GNAP for securing access to a VC.
## oCap
- [Hygiene for a computing pandemic: separation of VCs and ocaps/zcaps](https://lists.w3.org/Archives/Public/public-credentials/2020Dec/0028.html)
- You *could* implement zcap-ld on top of VCs…

9
_posts/identosphere-dump/open-standards/complementary/README.md Normal file
View File

@ -0,0 +1,9 @@
# Complementary to VC / DID standards
## Contents
- JSON-LD ✓
- JSON
- KERI ✓
- Cryptography
- BBS ✓

31
_posts/identosphere-dump/open-standards/complementary/cbor.md Normal file
View File

@ -0,0 +1,31 @@
# Concise Binary Object Representation (IETF)
* [Regarding CBOR-LD Web Transports](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0100.html)  Orie Steele (Saturday, 10 April)
> I pushed up this small demo showing how to transport JSON-LD as CBOR-LD over QR Code and Web NFC.
* [transmute-industries/cbor-ld-web-transports](https://github.com/transmute-industries/cbor-ld-web-transports) github
* [CBOR-LD stabilization (was: Re: Regarding CBOR-LD Web Transports)](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0127.html)  Manu Sporny (Wednesday, 21 April)
> Digital Bazaar has a few updates to share with the community.
>
> 1. With a huge thank you to Dave Longley, a new version of the CBOR-LD library, with generalized and stable algorithms, and that works in the browser and node.js, has been released:
>
> [https://github.com/digitalbazaar/cborld](https://github.com/digitalbazaar/cborld)
>
> 2. We have split out the CBOR-LD command line interface into a separate project:
>
> [https://github.com/digitalbazaar/cborld-cli/tree/initial](https://github.com/digitalbazaar/cborld-cli/tree/initial)
>
> 1. DB has released a CBOR-LD to QR Code image library for encoding and decoding Verifiable Presentations:
>
> [https://github.com/digitalbazaar/vpqr](https://github.com/digitalbazaar/vpqr)
>
> 1. After some consultation with Mattr and Transmute, we've settled on a base32 alphanumeric QR Code encoding that is 10% more  space efficient than base64url byte mode. This is important because this format is compatible with hundreds of QR Code readers on the market. Every QR Code reader that we've tested has worked with this new format.
* [Mike Jones shares](https://self-issued.info/?p=2136) that CBOR (Concise Binary Object Representation)  is officially a [specification at IETF](https://www.rfc-editor.org/rfc/rfc8943) - woohoo! and it is a key part of [ISOs mDL standard](https://www.iso.org/committee/45144.html) (date fields must use it).
> The Concise Binary Object Representation (CBOR), as specified in RFC 7049, is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation.
* [https://youtu.be/fEBNGj377Vc](https://youtu.be/fEBNGj377Vc)
Second demo video using a different potential flow: [https://www.youtube.com/watch?v=fEBNGj377Vc](https://www.youtube.com/watch?v%3DfEBNGj377Vc)
Paper VCs are hard to bring to parity with “digital VCs”. The biggest issue is binding subject to holder and verifying that. There were also callouts on how do you prevent replication.
Traditionally, QR codes with the entire VC can be put onto a piece of paper. We proposed compression on those QR codes using CBOR-LD that reduces size of codes by 50%.
Alternative ways include adding VCs into NFC chips and adding the NFC identifier as a claim to the VC preventing duplication. There is a cost overhead to this compared to paper but is a cost potentially worth occurring.

8
_posts/identosphere-dump/open-standards/crypto.md
View File

@ -108,3 +108,11 @@ If you are interested in contributing, please feel free to open issues here: []
* [And a pretty good game plan from CISA with some timing implications here](https://www.cisa.gov/uscert/ncas/current-activity/2022/07/05/prepare-new-cryptographic-standard-protect-against-future-quantum)
The TLDR is to assume that we need hard answers as a community, and at the standards level, on crypto agility by 2024, as well as support for the key algorithms as listed above.
* [[CEIP] Draft paper on Cryptographically Enforceable Issuer Policies](https://lists.w3.org/Archives/Public/public-credentials/2021May/0170.html)  Joosten, H.J.M. (Rieks) May 30
my colleague Sterre and I drafted [a paper that we provisionally called Cryptographically Enforceable Issuer Policies](https://docs.google.com/document/d/1c8kIUqB2BBzM3usfD0_s5wu_z6K2KndzJ4uK_oZcPOs/edit?usp%3Dsharing), which describes our current thinking on this topic.
The paper isnt finished. We need more text in the discussions section, and hope that by making the draft available well get the discussions that we (or you?) can describe in there. Also, we might have missed stuff that you as a reader need for a proper understanding of what this is all about, and to start pondering for what (other) purposes all this might be used. Or why this proposal is a very bad idea that we should not spend any more time on.

17
_posts/identosphere-dump/open-standards/decentralized-identifier.md
View File

@ -231,3 +231,20 @@ point that we can finish off a first pass of a did:key test suite.
* [...] [https://github.com/w3c-ccg/did-method-key/pull/51](https://github.com/w3c-ccg/did-method-key/pull/51)
* [Current status of DID Core implementations (June 2021)](https://lists.w3.org/Archives/Public/public-did-wg/2021Jun/0012.html)
Our latest implementation report for DID Core is available here:
* [https://w3c.github.io/did-test-suite/#spec-statement-summary](https://w3c.github.io/did-test-suite/%23spec-statement-summary)
Here are the remaining items that the WG needs to discuss on the upcoming call:
#1: Are the hl, relativeRef, and service implementations independent enough?
* [...]
#2: Are we letting the JSON serialization keep unimplemented features?
* [...]
#3: What are we going to do with deactivated, nextUpdate, and nextVersionId?

2
_posts/identosphere-dump/open-standards/exchange-protocol/didcomm.md
View File

@ -113,3 +113,5 @@ Work Item within DIF right now - envelope format with some other opinions we may
- Aries RFCs for payloads that go in JWE envelopes.
- Send envelopes over HTTP as a starting point
Michale Herman [is excited](https://twitter.com/mwherman2000/status/1511550968617263114) about the new  #VCA (Verifiable Credential Authorization) using the new #VCTPS (Secure Verifiable Credential Transport Protocol) over #DIDCOMM

3
_posts/identosphere-dump/open-standards/exchange-protocol/mdl.md
View File

@ -48,3 +48,6 @@ A global digital ID association has published steps vendors and others need to t
Spruces continued mission is to let users control their data across the web, whether its web2, web3, or beyond. This also applies to credentials issued by existing entities, such as the Mobile Driver License (mDL) issued by motor vehicle authorities across the world.
- [The selective disclosure industry landscape, including Verifiable Credentials and ISO Mobile Driver Licenses (mDL)](https://datatracker.ietf.org/meeting/114/materials/slides-114-jwp-why-selective-disclosure-00)  [Kristina Yasuda](https://twitter.com/kristinayasuda)
* [Apple announces first states signed up to adopt drivers licenses and state IDs in Apple Wallet](https://www.apple.com/newsroom/2021/09/apple-announces-first-states-to-adopt-drivers-licenses-and-state-ids-in-wallet/)
Arizona, Connecticut, Georgia, Iowa, Kentucky, Maryland, Oklahoma, and Utah are among the first states to bring state IDs and drivers licenses in Wallet to their residents

69
_posts/identosphere-dump/open-standards/id-not-ssi.md
View File

@ -8,73 +8,27 @@ published: false
### Identity not SSI
* [101 Session: UMA - User Manged Access](https://iiw.idcommons.net/3B/_101_Session:_UMA_-_User_Managed_Access) by Eve Maler and George Fletcher
* [Police in Latin America are turning activists phones against them](https://restofworld.org/2021/latin-america-phone-security/)
Experts say that seized devices have become a trove of information for authorities cracking down on social movements and opposition leaders.
* [Calls for New FTC Rules to Limit Businesses Data Collection and Stop Data Abuse](https://anonyome.com/2021/07/calls-for-new-ftc-rules-to-limit-businesses-data-collection-and-stop-data-abuse/)
“I want to sound a note of caution around approaches that are centered around user control. I think transparency and control are important. I think it is really problematic to put the burden on consumers to work through the markets and the use of data, figure out who has their data, how its being used, make decisions … I think you end up with notice fatigue; I think you end up with decision fatigue; you get very abusive manipulation of dark patterns to push people into decisions.
* [Huge data leak shatters the lie that the innocent need not fear surveillance](https://www.theguardian.com/news/2021/jul/18/huge-data-leak-shatters-lie-innocent-need-not-fear-surveillance)
Few pause to think that their phones can be transformed into surveillance devices, with someone thousands of miles away silently extracting their messages, photos and location, activating their microphone to record them in real time.
Such are the capabilities of Pegasus, the spyware manufactured by NSO Group, the Israeli purveyor of weapons of mass surveillance.
* [NSO rejects](https://www.theguardian.com/news/2021/jul/18/response-from-nso-and-governments) this label. It insists only carefully vetted government intelligence and law enforcement agencies can use Pegasus, and only to penetrate the phones of “legitimate criminal or terror group targets”
* [10 assertions about the future of social](https://werd.io/2021/10-assertions-about-the-future-of-social)
We cant solve identity. There will never be a single identity that we use across the web. Instead, there may be open protocols that allow us to auth with different providers.
* [Apple announces first states signed up to adopt drivers licenses and state IDs in Apple Wallet](https://www.apple.com/newsroom/2021/09/apple-announces-first-states-to-adopt-drivers-licenses-and-state-ids-in-wallet/)
Arizona, Connecticut, Georgia, Iowa, Kentucky, Maryland, Oklahoma, and Utah are among the first states to bring state IDs and drivers licenses in Wallet to their residents
* [Decentralized Finance & Self-sovereign Identity: A tale of decentralization, a new paradigm of trust](https://gataca.io/insights/decentralized-finance-self-sovereign-identity-a-tale-of-decentralization-a-new-paradigm-of-trust)
* [How Social Engineering Has (And Hasnt) Evolved Over Time](https://auth0.com/blog/how-social-engineering-has-and-hasnt-evolved-over-time/) auth0
In short: you can deploy all the technological measures you want, but unless you address the human element, an attacker can defeat your defenses with a simple phone call or email.
> In short: you can deploy all the technological measures you want, but unless you address the human element, an attacker can defeat your defenses with a simple phone call or email.
* [My Take on the Misframing of the Authentication Problem](https://kyledenhartog.com/misframing-authn/) Kyle Den Hartog
If you havent [read this paper](https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf) before you design an authentication system youre probably just reinventing something already created or missing a piece of the puzzle
* [...]
can anyone point me to an academic research paper or even some user research that tells me the probability that a users password will be discovered by an attacker in the next year? What about the probability that the user shares their password with a trusted person because the system wasnt deployed with a delegation system? Or how about how the probability will drop as the user reuses their password across many websites? Simply put I think weve been asking the wrong question
* [Developers: SMS Authentication is Challenging](https://medium.com/magiclabs/building-sms-authentication-c2cabccbd5f8) Magic Labs
SMS (Short Message Service) messaging¹, despite a number of material challenges, has broad adoption, international regulations, and support across platforms.
> If you havent [read this paper](https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf) before you design an authentication system youre probably just reinventing something already created or missing a piece of the puzzle \
> [...] can anyone point me to an academic research paper or even some user research that tells me the probability that a users password will be discovered by an attacker in the next year? What about the probability that the user shares their password with a trusted person because the system wasnt deployed with a delegation system? Or how about how the probability will drop as the user reuses their password across many websites? Simply put I think weve been asking the wrong question
* [The Things to Keep in Mind about Auth](https://developer.okta.com/blog/2021/10/29/things-to-keep-in-mind-about-auth) Okta
* [The OpenID Foundation Welcomes Visa to the Board of Directors](https://openid.net/2021/12/07/the-openid-foundation-welcomes-visa-to-the-board-of-directors/) OpenID
Visas leadership in global payments and identity services as well as their longstanding commitment to standards will be of great value as we tailor our strategy to this moment.
* [Self-Sovereign Identity Working Group](https://europeanblockchainassociation.org/eba-working-group-self-sovereign-identity-eussi/) European Blockchain Association in collaboration with the European Commission
Right now, many enterprises and organisations are building their own SSI solutions by implementing the existing standards and protocols. Since all these parties do similar work and have to face similar problems, it is critical for the community to share these learnings and experiences openly.
* [Participate in Alberta's First Verifiable Digital Credentials Pilot](https://pilot.atbventures.com/) ATB Ventures and Govt Alberta
As a part of the pilot, you will add your MyAlberta Digital ID as a verifiable credential to your mobile digital wallet (on your smartphone) and use this digital credential to open an ATB Pay As You Go Account - Digital Credential account with ATB Financial.
* [Okta Joins the OpenID Foundation Board to Further Advance Open Identity Standards](https://openid.net/2021/12/10/okta-joins-the-openid-foundation-board-to-further-advance-open-identity-standards/) OpenID
“OpenID Connect is one of the most adopted identity standards, providing essential functionality to core solutions across the industry,” said Vittorio Bertocci, Principal Architect, Auth0.
* [Building a low-code, opinionated approach to plug & play login](https://medium.com/magiclabs/building-a-low-code-opinionated-approach-to-plug-and-play-login-21bb30dca9a4) Magic Labs
Magic Login Form represents a new onboarding experience for end-users, so we wanted to revamp our own onboarding experience for developers to match. Learning about auth can quickly derail any developers good day. Striking the balance between good UX and good security can just boggle the mind.
* [Developers: SMS Authentication is Challenging](https://medium.com/magiclabs/building-sms-authentication-c2cabccbd5f8) Magic Labs
> SMS (Short Message Service) messaging¹, despite a number of material challenges, has broad adoption, international regulations, and support across platforms.
@ -82,13 +36,6 @@ Magic Login Form represents a new onboarding experience for end-users, so we wan
When you set up a new account, you are often asked to create a password and choose a security question and answer (e.g., What is your mother's maiden name?). Answering security questions based on personal information when you log in to an app or system is called knowledge-based authentication (KBA).
* [A Responsible Reporting Nightmare: Right-clicking is Not a Crime](https://me2ba.org/a-responsible-reporting-nightmare-right-clicking-is-not-a-crime/) Me2Ba
This is a story of a politician who cried “hacker” after a reporter informed a state agency that sensitive information was embedded in their websites HTML source code1. While we wish this was a joke or fictional story it, unfortunately, is not. If the state of Missouri does move forward with the prosecution this state action would sound the alarm for researchers and reporters resulting in a chilling effect on the practice of responsible reporting.
* [OpenID Foundation Publishes Whitepaper on Open Banking](https://openid.net/2022/03/18/openid-foundation-publishes-whitepaper-on-open-banking/) OpenID
The paper documents the international movement towards Open Banking, Open Finance, and secure, consent driven access to all user data. It describes the OpenID Foundation and in particular the Financial-Grade API (FAPI) Working Groups experience with Open Banking ecosystems internationally.
* [Open Badges is now on the plateau of productivity](https://dougbelshaw.com/blog/2022/03/18/open-badges-fers/) Doug Belshaw
@ -99,9 +46,6 @@ Were no longer in the stage of “imagine a world…” but rather “here
Our [understanding](https://twitter.com/toddmckinnon/status/1506184721922859010) is that during January 2022, hackers outside Okta had access to an Okta support employees account and were able to take actions as if they were that employee. In a screenshot shared on social media, a Cloudflare employees email address was visible, along with a popup indicating the hacker was posing as an Okta employee and could have initiated a password reset.
* [OpenID Foundation Publishes Whitepaper on Open Banking](https://openid.net/2022/03/18/openid-foundation-publishes-whitepaper-on-open-banking/)
The OpenID Foundation is pleased to share its new whitepaper, “[Open Banking, Open Data and Financial-Grade APIs](https://openid.net/wordpress-content/uploads/2022/03/OIDF-Whitepaper_Open-Banking-Open-Data-and-Financial-Grade-APIs_2022-03-16.pdf)”. The paper documents the international movement towards Open Banking, Open Finance, and secure, consent driven access to all user data. It describes the OpenID Foundation and in particular the Financial-Grade API (FAPI) Working Groups experience with Open Banking ecosystems internationally.
@ -127,9 +71,6 @@ Womens Rights and Technology Intersection feel very poinient this week
Democrats who have been misguidedly attacking Section 230 of the Communications Decency Act need to wake up now. If they dont [start listening](https://www.thedailybeast.com/want-to-fix-big-tech-stop-ignoring-sex-workers) to the warnings of human rights experts, [sex workers](https://papers.ssrn.com/sol3/papers.cfm?abstract_id%3D4095115), LGBTQ+ folks, and [reproductive rights](https://freedomnetworkusa.org/app/uploads/2020/09/FNUSA-Joins-EARN-IT-Act-Coalition-letter-9.09.2020.pdf) groups, Democrats could help right-wing zealots achieve their goal: mass censorship of online content about abortion.
* [On Abortion and Data](https://www.mydata.org/2022/06/30/on-abortion-and-data/) MyData
A basic insight of MyData is that the current systems of data are asymmetrical, imbalanced, and unfair. A basic motivation of MyData is to fix this by addressing business, legal, technical, and societal aspects of those systems.
## Identity not SSI

9
_posts/identosphere-dump/open-standards/iso.md
View File

@ -7,7 +7,16 @@
## links
* [ISO/IEC 18013-5 vs Self-Sovereign Identity: A proposal for an mDL Verifiable Credential](https://www.procivis.ch/post/iso-iec-18013-5-vs-self-sovereign-identity-a-proposal-for-an-mdl-verifiable-credential) Procivis
in the context of government identity programs we see it as useful to compare them on the following parameters background, credential data model & trust anchor and transmission protocols.
* [Verifiable Driver's Licenses and ISO-18013-5 (mDL)](https://lists.w3.org/Archives/Public/public-credentials/2021Nov/0105.html) Manu Sporny (Monday, 29 November)
> Spruce, MATTR, and Digital Bazaar have collaborated on creating an interoperability test suite for something we're calling the "Verifiable Driver's License" (temporary name):
* [ISO/IEC 18013-5 vs Self-Sovereign Identity: A proposal for an mDL Verifiable Credential](https://www.procivis.ch/post/iso-iec-18013-5-vs-self-sovereign-identity-a-proposal-for-an-mdl-verifiable-credential) Procivis
> in the context of government identity programs we see it as useful to compare them on the following parameters background, credential data model & trust anchor and transmission protocols.
* [ISO/IEC 29100:2011 - Information technology — Security techniques — Privacy framework](https://www.iso.org/standard/45123.html)
* [What Is ISO 27018:2019? Everything Executives Need to Know](https://auth0.com/blog/what-is-iso-27018-2019-everything-executives-need-to-know/)
> ISO 27018 is part of the ISO 27000 family of standards, which define best practices for information security management. ISO 27018 adds new guidelines, enhancements, and security controls to the ISO/IEC 27001 and ISO/IEC 27002 standards, which help cloud service providers better manage the data security risks unique to PII in cloud computing.

100
_posts/identosphere-dump/open-standards/not-ssi/README.md
View File

@ -12,15 +12,65 @@
## OpenID
* [OpenID Foundation Publishes Whitepaper on Open Banking](https://openid.net/2022/03/18/openid-foundation-publishes-whitepaper-on-open-banking/) OpenID
> The paper documents the international movement towards Open Banking, Open Finance, and secure, consent driven access to all user data. It describes the OpenID Foundation and in particular the Financial-Grade API (FAPI) Working Groups experience with Open Banking ecosystems internationally.
* [OpenID Foundation Publishes Whitepaper on Open Banking](https://openid.net/2022/03/18/openid-foundation-publishes-whitepaper-on-open-banking/)
The OpenID Foundation is pleased to share its new whitepaper, “[Open Banking, Open Data and Financial-Grade APIs](https://openid.net/wordpress-content/uploads/2022/03/OIDF-Whitepaper_Open-Banking-Open-Data-and-Financial-Grade-APIs_2022-03-16.pdf)”. The paper documents the international movement towards Open Banking, Open Finance, and secure, consent driven access to all user data. It describes the OpenID Foundation and in particular the Financial-Grade API (FAPI) Working Groups experience with Open Banking ecosystems internationally.
* [The 7 Laws of Identity Standards](https://openid.net/2021/04/10/the-7-laws-of-identity-standards/) OpenID
1. A identity standards adoption is driven by its value of the reliability, repeatability and security of its implementations.
2. A standards value can be measured by the number of instances of certified technical conformance extant in the market.
3. Certified technical conformance is necessary but insufficient for global adoption.
4. Adoption at scale requires widespread awareness, ongoing technical improvement and a open and authoritative reference source.
5. When Libraries/Directories/ Registries act as authoritative sources they amplify awareness, extend adoption and promote certification.
6. Certified technical conformance importantly complements legal compliance and together optimize interoperability.
7. Interoperability enhances security, contains costs and drives profitability.
* [Security Event Tokens, Subject Identifiers, and SSE/CAEP/RISC Java implementation](https://domsch.com/IIW32/IIW32-openid-sse-model.pdf) Matt Domsch, VP & Engineering Fellow
> • Security Event Tokens RFC 8417
> • Subject Identifiers Internet Draft RFC
> • Shared Signals & Events OpenID Foundation WG
> • Includes RISC, CAEP, and Oauth event profiles
* [Introducing the Global Assured Identity Network (GAIN) Proof of Concept Community Group](https://openid.net/2022/03/02/introducing-the-global-assured-identity-network-gain-proof-of-concept-community-group/)
> The OpenID Foundation is pleased to announce the launch of the Global Assured Identity Network (GAIN) Proof of Concept Community Group, which aims to test the technical hypotheses underlying the [“GAIN Digital Trust”](https://gainforum.org/GAINWhitePaper.pdf) white paper.
* [2021 OpenID Foundation Board Update](https://openid.net/2021/02/09/2021-openid-foundation-board-update/)
> Nat Sakimura and John Bradley were re-elected to new two-year terms as community member representatives. Nat and Johns well-known technical expertise and global thought leadership ensures continuity across working groups and as the Foundation transitions to new leadership in 2021.
* [OpenID Foundation is Hiring a new Executive Director](https://openid.net/2020/11/17/openid-foundation-executive-director-job-description/)
> The OpenID Foundation is seeking an Executive Director with the experience, skills, strategic vision, and commitment to advancing the Foundations open standards initiatives. This is a unique opportunity to lead a well-respected, member-driven, vendor-neutral, international standardization organization.
* [How GAIN Happens, Slowly Then All at Once](https://openid.net/2022/06/03/how-gain-happens-slowly-then-all-at-once/) OpenID
GAIN is marked by a cross sector, crowd sourced, open, global due diligence. GAINs self organized participants are actively seeking evidence that disconfirms the GAIN hypothesis.
* [2022 OpenID Foundation Kim Cameron Award Recipients Announced](https://openid.net/2022/04/29/2022-openid-foundation-kim-cameron-award-recipients-announced/)
> This was the first IIW without Kim Cameron. This was a very fitting announcement.
>
> The OpenID Foundation is pleased to announce the first cohort of awardees for inaugural launch of the Kim Cameron Award Program. We first must thank the many well-qualified applicants who presented compelling interest in user-centric identity.
* [Kim Cameron Award Winner Reflects on EIC](https://openid.net/2022/07/05/rachelle-sellung-2022-kim-cameron-award/) Rachelle Sellung
> In a matter of a few days, I heard many inspiring presentations, had many interesting conversations, and met many wonderful people in this field at the Conference. It has already led to multiple conversations of working together regarding future stakeholder research that will hopefully be useful and support the identity community.
* [OpenID Foundation Publishes “Open Banking and Open Data: Ready to Cross Borders?”](https://openid.net/2022/07/29/whitepaper-open-banking-and-open-data/) OpenID
* [OpenID Foundation Publishes “The Global Open Health Movement: Empowering People and Saving Lives by Unlocking Data” Whitepaper](https://openid.net/2022/07/22/the-global-open-health-movement-empowering-people-and-saving-lives-by-unlocking-data-whitepaper/) OpenID
* [Passing the Torch at the OpenID Foundation](https://self-issued.info/?p%3D2170) Mike Jones
> Today marks an important milestone in the life of the OpenID Foundation and the worldwide digital identity community. Following [Don Thibeaus decade of exemplary service to the OpenID Foundation as its Executive Director](https://openid.net/2021/02/19/resolution-thanking-don-thibeau-for-his-service/), today we [welcomed Gail Hodges as our new Executive Director](https://openid.net/2021/04/28/welcoming-gail-hodges-as-our-new-executive-director/).
* [Announcing the 2022 OpenID Foundation Individual Community Board Member Election](https://openid.net/2021/12/30/announcing-the-2022-openid-foundation-individual-community-board-member-election/)
Board participation requires a substantial investment of time and energy. It is a volunteer effort that should not be undertaken lightly. Should you be elected, expect to be called upon to serve both on the board and on its committees. You should have your employers agreement to attend two or more in-person board meetings a year, which are typically collocated with important identity conferences around the world.
* [The OpenID Foundation Welcomes Visa to the Board of Directors](https://openid.net/2021/12/07/the-openid-foundation-welcomes-visa-to-the-board-of-directors/) OpenID
> Visas leadership in global payments and identity services as well as their longstanding commitment to standards will be of great value as we tailor our strategy to this moment.
* [Okta Joins the OpenID Foundation Board to Further Advance Open Identity Standards](https://openid.net/2021/12/10/okta-joins-the-openid-foundation-board-to-further-advance-open-identity-standards/) OpenID
> “OpenID Connect is one of the most adopted identity standards, providing essential functionality to core solutions across the industry,” said Vittorio Bertocci, Principal Architect, Auth0.
* [Registration - OpenID Foundation Virtual Workshop](https://openid.net/2021/03/01/registration-open-for-openid-foundation-virtual-workshop-april-29-2021/) April 29, 2021
updates on all active OpenID Foundation Working Groups as well the OpenID Certification Program
OpenID Specs Up for Review
> updates on all active OpenID Foundation Working Groups as well the OpenID Certification Program
* [Public Review Period for Second Proposed RISC Profile Implementers Draft](https://openid.net/2022/07/05/public-review-period-for-second-proposed-risc-profile-implementers-draft/)
This specification defines event types and their contents based on the [SSE Framework](https://openid.net/specs/openid-risc-profile-specification-1_0-02.html%23SSE-FRAMEWORK) that are required to implement Risk Incident Sharing and Coordination.
* [Global Assured Identity Network White Paper](https://openid.net/2021/09/20/global-assured-identity-network-white-paper/)
* [Announcing the 2022 OpenID Foundation Kim Cameron Scholarship](https://openid.net/2022/04/08/announcing-the-2022-openid-foundation-kim-cameron-scholarship/) OpenID
> Scholarship recipients will be studying, researching, interning or working in a field relevant to one or more [OpenID Foundation working groups](https://openid.net/wg/) and consistent with Foundations Mission. The scholarship recipients will also be invited to participate in Foundation breakout meetings at the European Identity Conference and Identiverse which will provide exposure to both the Foundations business as well as leading technologists.
* [Security Event Tokens, Subject Identifiers, and SSE/CAEP/RISC Java implementation](https://iiw.idcommons.net/13A/_Security_Event_Tokens,_Subject_Identifiers,_and_SSE/CAEP/RISC_Java_implementation) by Matt Domsch
> Matt presented an overview of the OpenID Foundation Shared Signals and Events Working Group, and his implementation of the object model in an open source Java library at [https://github.com/sailpoint-oss/openid-sse-model/](https://github.com/sailpoint-oss/openid-sse-model/)* [Shared Signal and Events (SSE) working group](https://openid.net/wg/sse/) in the OpenID Foundation.
## FIDO
@ -104,3 +154,47 @@ So, here is my question(s):
- Does the order of the permutations matter?
- If so, what order should they be in?
* [In Praise of Kim Cameron](https://openid.net/2021/12/04/in-praise-of-kim-cameron/) OpenID Foundation
> Not only did Kim “inject his 7 laws of identity into Microsofts DNA”, but did so throughout todays growing global digital identity ecosystem.
>
> Kim was crafty. He not only injected his thinking into Microsoft; as a champion of the Identity Standards Community, Kim embedded his thinking into the standards that inform many of the identity systems operating at scale today.
* [OIDF Workshop at EIC 2022 — Tuesday, May 10, 2022](https://openid.net/workshops/workshop-at-eic-2022/)
> The OpenID Foundation hosted a workshop at [EIC 2022 in Berlin](https://www.kuppingercole.com/events/eic2022/) that was part of the pre-conference workshops on Tuesday, May 10, 2022.\
> The Foundation was thrilled to welcome and introduce two of the 2022 Kim Cameron Award winners, Rachelle Sellung and Alen Horvat at the workshop. The Foundation will soon publish blogs from Rachelle and Alen describing their experiences at EIC 2022.-
* [Download workshop presentations](http://openid.net/wordpress-content/uploads/2022/05/OIDF_Workshop-at-EIC_FINAL_2022-05-11.pptx)
* [Announcing the 2022 OpenID Foundation Kim Cameron Award](https://openid.net/2022/04/08/announcing-the-2022-openid-foundation-kim-cameron-scholarship/) OpenID
Award recipients will be studying, researching, interning or working in a field relevant to one or more [OpenID Foundation working groups](https://openid.net/wg/) and consistent with Foundations Mission. The recipients will also be invited to participate in Foundation breakout meetings at the European Identity Conference and Identiverse which will provide exposure to both the Foundations business as well as leading technologists.
GAIN was a big topic of discussion
* [Nat Sakimura @_nat_en · May 12](https://twitter.com/_nat_en/status/1524654753917153280)
GAIN: The Global Assured Identity Network [@OIX_Nick](https://twitter.com/OIX_Nick) and [@gailhodges](https://twitter.com/gailhodges) on the main stage.
![https://www.notion.soimages/image4.png](https://www.notion.soimages/image4.png)
* [Protocols, Standards, Alliances: How to Re-GAIN the Future Internet from the Big Platforms](https://www.kuppingercole.com/watch/eic2022-panel-gain-future-internet) Kuppinger Cole
just like trade unions helped the working class during the industrial revolution to fight for their rights. In this panel session, we will discuss about the enablers of such a different approach and the requirements to actually be successfull.
* [Shared Signals: An Open Standard for Webhooks](https://openid.net/2021/08/24/shared-signals-an-open-standard-for-webhooks/) OpenID
The OpenID Foundation formed the “[Shared Signals and Events](https://openid.net/wg/sse/)” (SSE) Working Group as a combination of the previous OpenID RISC working group and an informal industry group that was focused on standardizing [Googles CAEP proposal](https://cloud.google.com/blog/products/identity-security/re-thinking-federated-identity-with-the-continuous-access-evaluation-protocol). These represented two distinct applications of the same underlying mechanism of managing asynchronous streams of events. Therefore the [SSE Framework](https://openid.net/specs/openid-sse-framework-1_0-01.html) is now proposed to be a standard for managing such streams of events for any application, not just CAEP and RISC. In effect, it is a standard for generalized Webhooks.
* [Proof-of-possession (pop) AMR method added to OpenID Enhanced Authentication Profile spec](https://self-issued.info/?p%3D2198) Mike Jones
Ive defined an Authentication Method Reference (AMR) value called “pop” to indicate that Proof-of-possession of a key was performed. Unlike the existing “hwk” (hardware key) and “swk” (software key) methods [...] Among other use cases, this AMR method is applicable whenever a [WebAuthn](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/) or [FIDO](https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html) authenticator are used.
- [https://openid.net/specs/openid-connect-eap-acr-values-1_0-01.html](https://openid.net/specs/openid-connect-eap-acr-values-1_0-01.html)
- [https://openid.net/specs/openid-connect-eap-acr-values-1_0.html](https://openid.net/specs/openid-connect-eap-acr-values-1_0.html)
* [OpenID Foundation is Hiring a new Executive Director](https://openid.net/2020/11/17/openid-foundation-executive-director-job-description/)
> The OpenID Foundation is seeking an Executive Director with the experience, skills, strategic vision, and commitment to advancing the Foundations open standards initiatives. This is a unique opportunity to lead a well-respected, member-driven, vendor-neutral, international standardization organization.
>
> extension the semantics, of the set of claims comprising a Verifiable Credential. A shared Credential Schema allows all parties to reference data in a known way
* [Vote for First Implementers Drafts of OIDConnect SIOPV2 and OIDC4VP Specifications](https://openid.net/2022/01/18/notice-of-vote-for-first-implementers-drafts-of-openid-connect-siopv2-and-oidc4vp-specifications/) OpenID
The official voting period will be between Tuesday, February 1, 2022 and Tuesday, February 8, 2022, following the [45-day review](https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/) of the specifications.
* [OpenID for Verifiable Credentials](http://openid.net/wordpress-content/uploads/2022/05/OIDF-Whitepaper_OpenID-for-Verifiable-Credentials_FINAL_2022-05-12.pdf) [...]
The goal of this whitepaper is to inform and educate the readers about the work on the OpenID for Verifiable Credentials (OpenID4VC) specifications family. It addresses use-cases referred to as Self-Sovereign Identity, Decentralized Identity, or User-Centric Identity.

164
_posts/identosphere-dump/open-standards/standards-orgs/standards-organizations.md
View File

@ -16,25 +16,29 @@ published: false
* [Decentralized Profiles group Nov 25th call](https://blog.ceramic.network/dprofiles-call-3/)
Every 6 weeks the at Ceramic meets
* [Digital Identity in response to COVID-19: DGX Digital Identity Working Group](https://www.tech.gov.sg/files/media/corporate-publications/FY2021/dgx_2021_digital_identity_in_response_to_covid-19.pdf)
## ITU-T
## OpenSSF
* [Digital Identity Attestation Roundup - Open Source Security Foundation](https://openssf.org/blog/2021/01/27/digital-identity-attestation-roundup/%23)
We kicked off the first Digital Identity Attestation Working Group meeting under the OpenSSF in August, 2020. The objective of this working group is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance or origin of the code they maintain, produce and use.
* [Digital Identity WG (September 30, 2020)](https://www.youtube.com/watch?t%3D648%26v%3D6Ym5bXRuzZ8%26feature%3Dyoutu.be)
* [UPCOMING COMMUNITY CALL & NEW RESEARCH: BIOMETRICS IN THE HUMANITARIAN SECTOR](https://www.theengineroom.org/upcoming-community-call-new-research-biometrics-in-the-humanitarian-sector/) the Engine Room
In 2018 we worked with Oxfam to publish a [landmark report](https://www.theengineroom.org/wp-content/uploads/2018/03/Engine-Room-Oxfam-Biometrics-Review.pdf) on the use of biometric data fingerprints, iris scans, voiceprints and so on in the humanitarian sector. Our report looked at how these types of data were being collected and used, and raised critical questions around potential risks and harms.
## CASA
* [...]
* [Chain Agnostic Standards Alliance](https://github.com/ChainAgnostic/CASA)
> The Chain Agnostic Standards Alliance (CASA) is a collection of working groups dedicated blockchain protocol-agnostic standards. CASA also publishes [Chain Agnostic Improvement Proposals](https://github.com/ChainAgnostic/CAIPs) which describe standards created by the different working groups.
If youre a humanitarian practitioner or just interested in biometrics and responsible data, please join our upcoming Community Call, where well be introducing the project and hearing from practitioners on the theme. [Register for the call](https://us02web.zoom.us/meeting/register/tZEtf-mhrT4iH9JtwHCe-5UG25QeQZnhRigd)
* [Announcing the 2022 OpenID Foundation Kim Cameron Scholarship](https://openid.net/2022/04/08/announcing-the-2022-openid-foundation-kim-cameron-scholarship/) OpenID
## OASIS
* [OASIS Open Establishes European Foundation to Advance Open Collaboration Opportunities](https://www.oasis-open.org/2021/01/20/oasis-open-establishes-european-foundation-to-advance-open-collaboration-opportunities/)
> “The OASIS Open Europe Foundation gives us a unique opportunity to work with the European Union and EU Member States to advance open source and standards projects,”
Scholarship recipients will be studying, researching, interning or working in a field relevant to one or more [OpenID Foundation working groups](https://openid.net/wg/) and consistent with Foundations Mission. The scholarship recipients will also be invited to participate in Foundation breakout meetings at the European Identity Conference and Identiverse which will provide exposure to both the Foundations business as well as leading technologists.
New IETF protocol
## IETF
* [Secure Credential Transfer](https://www.ietf.org/archive/id/draft-secure-credential-transfer-03.html) Vinokurov, Byington, Lerch, Pelletier, Sha
This document describes a mechanism to transfer digital credentials securely between two devices. Secure credentials may represent a digital key to a hotel room, a digital key to a door lock in a house or a digital key to a car. Devices that share credentials may belong to the same or two different platforms (e.g. iOS and Android). Secure transfer may include one or more write and read operations. Credential transfer needs to be performed securely due to the sensitive nature of the information.
@ -43,65 +47,111 @@ Upcoming Work Group Calls
A lot of activity in this community happens every week in work groups. We are going to make more of an effort to highlight calls that may be of interest to folks and to do more coverage and linking to calls from the previous week that are interesting to a wider audience.
* [Subject Identifiers (IETF SECEVENT)](https://lists.w3.org/Archives/Public/public-did-wg/2021Apr/0017.html) Justin Richer (9 April)
The Security Events working group in the IETF (SECEVENT) has a standards-track draft for describing “subject identifiers” in various contexts.
* [https://tools.ietf.org/id/draft-ietf-secevent-subject-identifiers-07.html](https://tools.ietf.org/id/draft-ietf-secevent-subject-identifiers-07.html)
In short, its a way to say “this item is an email and heres its value”, or “this item is an issuer/subject pair, here are those values”. This is useful in a variety of contexts where you want to identify someone but might have a variety of ways to do so.
I spoke with the editor of the draft to propose that we add a “did” format into this document, now that DID core is reasonably stable and the CR is published. She agreed that it would make sense but would rather have the experts in the DID community propose the actual text for the added section.
## W3C
* [The W3Cs Credentials Community is hosting a session on NFTs and Identity](https://lists.w3.org/Archives/Public/public-credentials/2022Apr/0049.html). 4/12 [9am PST](https://meet.w3c-ccg.org/weekly)
> There has been an explosion of interest in using NFT for identity, along with exploring how they could work with or support DIDs and VCs. Simone Ravaioli, Taylor Kendal and Heather Vescent have invited Evin Mcmullen of [Disco.xyz](https://www.disco.xyz/), Elina Cadouri of [Dock](https://www.dock.io/), Stepan Gershuni of [Affinidi](https://www.affinidi.com/) / [DeepSkills](https://www.deepskills.io/), and Dominik Beron of [Walt.id](https://walt.id/) to share their perspective on NFT identity and where it may overlap with DIDs and VCs
* [does the CCG have any thoughts about possible changes to W3C itself?](https://lists.w3.org/Archives/Public/public-credentials/2022Apr/0067.html)  Daniel Hardman (Saturday, 9 April)
There has been an explosion of interest in using NFT for identity, along with exploring how they could work with or support DIDs and VCs. Simone Ravaioli, Taylor Kendal and Heather Vescent have invited Evin Mcmullen of [Disco.xyz](https://www.disco.xyz/), Elina Cadouri of [Dock](https://www.dock.io/), Stepan Gershuni of [Affinidi](https://www.affinidi.com/) / [DeepSkills](https://www.deepskills.io/), and Dominik Beron of [Walt.id](https://walt.id/) to share their perspective on NFT identity and where it may overlap with DIDs and VCs
This major organizational overhaul to the W3C is also happening at a time of unprecedented activity and change for the internet. Will the web support crypto and Web3 industry proposals? How will the web support advertising? What should be the baseline web browser security standards?
((Evin seems really cool -kaliya))
* [Announcement: W3C to become a public-interest non-profit organization](https://lists.w3.org/Archives/Public/public-credentials/2022Jun/0063.html)  Kimberly Wilson Linson (Tuesday, 28 June)
* [W3C to become a public-interest non-profit organization](https://www.w3.org/2022/06/pressrelease-w3c-le.html.en) W3.org
As W3C was created to address the needs of the early web, our evolution to a public-interest non-profit is not just to continue our community effort, but to mature and grow to meet the needs of the web of the future.
This week, we hit 5k followers on [Twitter](https://twitter.com/DecentralizedID), driven in no small part by attention garnered by our [ToIP & DIF Joint Statement of Support for the Decentralized Identifiers (DIDs) v1.0 specification becoming a W3C Standard](https://blog.identity.foundation/w3cdidspec/)
* [W3C to become a public-interest non-profit organization](https://www.w3.org/2022/06/pressrelease-w3c-le.html.en)
> "We designed the W3C legal entity in a way that keeps our core unchanged," said Dr. Jeff Jaffe, W3C CEO. "Our values-driven work remains anchored in the royalty-free W3C Patent Policy, and the W3C Process Document where we enshrined dedication to security, privacy, internationalization and web accessibility. W3C and its Members will continue to play a fundamental role in making the web work for billions of people."
* [Hedera Hashgraph Joins World Wide Web Consortium (W3C)](https://hedera.com/blog/hedera-hashgraph-joins-world-wide-web-consortium-w3c-new-did-method-published-by-w3c-credentials-community-group)
> We welcome Hedera as a contributing member to the W3C DID Working Group and congratulate their team for reaching this milestone of a published implementation of the latest W3C DID Identifiers v1.0 draft,” said Ivan Herman
* [Block Joins W3C](https://twitter.com/brockm/status/1526723285102120960) [@brockm](https://twitter.com/brockm)
> Today, we became a member of the [@W3C](https://twitter.com/w3c), as part of our commitment to building open standards for an open web. We are committed to advancing and adopting decentralized and privacy-preserving standards for self-sovereign digital identity that benefits all. Not centralized platforms.
* [DIF Steering Committee Election Results 2022](https://blog.identity.foundation/sc-election-2022-results/)
SC Election results: DIF welcomes new SC members Sam Curren, Daniel Buchner, Karyl Fowler, Rouven Heck, Markus Sabadello & Kaliya Young!
Michale Herman [is excited](https://twitter.com/mwherman2000/status/1511550968617263114) about the new  #VCA (Verifiable Credential Authorization) using the new #VCTPS (Secure Verifiable Credential Transport Protocol) over #DIDCOMM
* [What Does Affinidi Do as a Member of the Decentralized Identity Foundation (DIF)?](https://academy.affinidi.com/what-does-affinidi-do-as-a-member-of-the-decentralized-identity-foundation-dif-d9d5146af14) Affinidi
In particular, Affinidi has been at the forefront in building many components such as the [Affinidi Wallet](https://academy.affinidi.com/what-is-affinidis-digital-wallet-1c2a52b4d13f), Schema Manager, [Consent Manager](https://build.affinidi.com/), and more that have enhanced the adoption of decentralised identity among communities and individuals.
* [Security Event Tokens, Subject Identifiers, and SSE/CAEP/RISC Java implementation](https://iiw.idcommons.net/13A/_Security_Event_Tokens,_Subject_Identifiers,_and_SSE/CAEP/RISC_Java_implementation) by Matt Domsch
Matt presented an overview of the OpenID Foundation Shared Signals and Events Working Group, and his implementation of the object model in an open source Java library at [https://github.com/sailpoint-oss/openid-sse-model/](https://github.com/sailpoint-oss/openid-sse-model/)
* [Drilling down: Co-development](https://medium.com/decentralized-identity/drilling-down-co-development-in-the-open-765a86ab153f) DIF
> - What “standardization” means to DIF and what DIF means to standardization.
- A newbie-friendly survey of how DIF relates to nearby organizations with overlapping or related foci.
- What “co-development” and “coöpetition” really mean, concretely
* [OASIS Open Establishes European Foundation to Advance Open Collaboration Opportunities](https://www.oasis-open.org/2021/01/20/oasis-open-establishes-european-foundation-to-advance-open-collaboration-opportunities/)
> “The OASIS Open Europe Foundation gives us a unique opportunity to work with the European Union and EU Member States to advance open source and standards projects,”
* [Shared Signal and Events (SSE) working group](https://openid.net/wg/sse/) in the OpenID Foundation.
## Interop
They are actually coming to the [Interoperability Working Group](https://www.notion.so/Interoperability-WG-a42995c37e2a4511a10aea96cdbccc38) this coming week to share results. Here is what they had to say about SSI:
A Self- Sovereign Identity can unlock the full potential of the digital global economy. The identity of people, organizations and things is relevant to any transaction, while protecting Personal Identifiable Information (PII) is of increasing importance.
* [Open call to kickoff the upcoming Wallet Security WG at DIF](https://lists.w3.org/Archives/Public/public-credentials/2021Feb/0114.html) March 1st
> Bastian, Paul writes:
> I will present motivation, goals and a first roadmap.
> Very short summary:
> - standardized wallet security is necessary for sensitive credentials like id-cards, payment credentials or more
> - create a specification and interface to communicate about wallet capabilities, security, regulation-conformance and other points of security-relevant interoperability
> - define mechanism to enable wallet security assertions, certification and ways to prove them
> - define specifications about wallet user authentication, ways how to ensure them and how to communicate them to issuers/verifiers
* [Calander Invite](https://forms.gle/t6wDnipR2md3WWKj7) • [Wallet Security WG Charter](https://docs.google.com/document/d/18H2hVjHZEBjbnzod8tLogJIEzySdecbk9d-QBJaqHP0/edit) • [Wallet Security Mailing list](https://lists.identity.foundation/g/wallet-security)
### VC-EDU
* [VC-Educational Task Force](https://w3c-ccg.github.io/meetings/2022-04-18-vc-education/) VCEdu Mailing List
> Dmitri Zagidulin: “with invisi edu here we've got two pressing problems [...] verifiable credentials that are going to be displayed in wallets but we also would like to bind them to more traditional display artifacts such as PDFs and that's what James is going to be talking about and the second one is [..] we want issuers to [...] at least advise to wallets, verifiers, and other software how to display the credential”
Dmitri Zagidulin: “with invisi edu here we've got two pressing problems [...] verifiable credentials that are going to be displayed in wallets but we also would like to bind them to more traditional display artifacts such as PDFs and that's what James is going to be talking about and the second one is [..] we want issuers to [...] at least advise to wallets, verifiers, and other software how to display the credential”
* [Chain Agnostic Standards Alliance](https://github.com/ChainAgnostic/CASA)
### CCG - Credentials community group
The Chain Agnostic Standards Alliance (CASA) is a collection of working groups dedicated blockchain protocol-agnostic standards. CASA also publishes [Chain Agnostic Improvement Proposals](https://github.com/ChainAgnostic/CAIPs) which describe standards created by the different working groups.
* [Harrison new Co-Chair of the CCG and CEO of Spokeo explaining SSI](https://twitter.com/TheCEODad/status/1545907309435428864) Harrison Tang @TheCEODad
* [Secure Data Storage](https://identity.foundation/working-groups/secure-data-storage.html)
Self-sovereign identity, or SSI, is basically an identity owned by you - the user. In self-sovereign identity, you control and manage the access to your information
* [https://github.com/w3c-ccg/](https://github.com/w3c-ccg/meetings) - GitHub
* [https://www.w3.org/community/credentials/](https://www.w3.org/community/credentials/) - W3C Community Page
* [https://lists.w3.org/Archives/Public/public-credentials/](https://lists.w3.org/Archives/Public/public-credentials/) - Mailing List Arcives
* [https://w3c-ccg.github.io/](https://w3c-ccg.github.io/) - GItHub Pages Site
* [CCG 101 - Help us know what is needed!](https://lists.w3.org/Archives/Public/public-credentials/2021May/0150.html) Victor Syntez (Tuesday, 25 May)
I've invited you to fill out the following form:
CCG 101 - Help us know whats needed!
To fill it out, visit:
* [https://docs.google.com/forms/d/e/1FAIpQLSe3OakcEg8IfWXYALg10eiii2hiLKq2vXC-yazpPk0QVzIMzQ/viewform?vc=0&amp;c=0&amp;w=1&amp;flr=0&amp;usp=mail_form_link](https://docs.google.com/forms/d/e/1FAIpQLSe3OakcEg8IfWXYALg10eiii2hiLKq2vXC-yazpPk0QVzIMzQ/viewform?vc%3D0%26amp;c%3D0%26amp;w%3D1%26amp;flr%3D0%26amp;usp%3Dmail_form_link)
* [CCG updates to cgbot and scribe-tool](https://lists.w3.org/Archives/Public/public-credentials/2021May/0169.html)  Manu Sporny (Sunday, 30 May)
New CCG infrastructure features:
- Auto-presence - No one is required to present+ themselves any more. The cgbot does it for us now, saving our feeble sausage fingers from being over exerted.
- The Ryan Grant, Who We All Know And Love, Would Like To Know Where The Raw Transcripts Are Feature - When the cgbot closes out the meeting, it will let everyone in IRC know where the raw transcripts, audio, and video files are so anyone can download them and/or remix them to spread CCG propaganda. This will hopefully also save Heather from having to document yet another piece of tribal CCG knowledge.
- The You Exist Even Though You're Not in people.json Feature - When someone is present+'d, which is anyone that joins the call now thanks to auto-presence, that person will show up in the attendees list. This achieves two things 1) the poor minutes publisher can update the people.json at their leisure instead of being blocked by it whenever a new person shows up to a call, and 2) we get a more accurate record of attendees.
- The Fellow Jitser Invisibility Decloaker Feature - If you join the meeting with a new browser, or in Incognito mode, and you change your name from "Fellow Jister" to your preferred name, you never show up in the attendee list. People that change their names now show up in the attendee list. If you want to stay pseudonymous just give yourself an unrecognizable name... like "Robot Overlord".
* [...]
These are baby steps towards an attempt at auto-transcription and auto-publication of minutes. There are a few things that aren't automated yet (like auto-detecting the meeting name)... ETA on those upgrades is unknown since all these upgrades are on a best effort basis.
* [https://www.w3.org/community/credentials/](https://www.w3.org/community/credentials/)
* [https://lists.w3.org/Archives/Public/public-credentials/](https://lists.w3.org/Archives/Public/public-credentials/)
* [IRC mailing list bridge](https://lists.w3.org/Archives/Public/public-credentials/2022Apr/0117.html) Charles E. Lehner (Saturday, 23 April)
Notifications of messages to this mailing list (public-credentials) are now sent to our IRC channel (#ccg).
* [re: How to contribute to new standards work? (was:Re: RDF Dataset Canonicalization - Formal Proof)](https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0172.html) Manu Sporny (Tuesday, 10 August)
* [The CCG Work Item process is outlined here](https://docs.google.com/document/d/1vj811aUbs8GwZUNo-LIFBHafsz4rZTSnRtPv7RQaqNc/):
* [Here's how you get started:](https://docs.google.com/document/d/1vj811aUbs8GwZUNo-LIFBHafsz4rZTSnRtPv7RQaqNc/edit%23heading%3Dh.f28tyzjvad8g)
This process is open to anyone -- no W3C Membership dues, fees, etc. required to participate.
* [Reminder: You can present to the CCG](https://lists.w3.org/Archives/Public/public-credentials/2022Mar/0151.html)
This is a friendly reminder that anyone in the community that is doing something interesting that you think the community should know about whether that work is done here in the CCG or elsewhere, can email the chairs with what you want to share and we can get you on the calendar. It's best if you email all 3 chairs.
* [Clarity about the group charter](https://lists.w3.org/Archives/Public/public-credentials/2022Jun/0044.html) Manu Sporny (Wednesday, 22 June)
there are statements like: "Buy our products! We're the best!" (with nothing else that we can learn from) that is frowned upon... but, in general, even if it is a feature in one of your products, chances are that we want to hear about it if it has relevance to how we might interoperate on that feature (or use it to meet a goal of the community).
* [2022-2026 Verifiable Data Standards Roadmap [DRAFT]](https://lists.w3.org/Archives/Public/public-credentials/2022Mar/0068.html)  Manu Sporny (Saturday, 12 March)
![https://www.notion.soimages/image1.png](https://www.notion.soimages/image1.png)
## DID Working Group
* [https://www.w3.org/2019/did-wg/](https://www.w3.org/2019/did-wg/) - Website
* [https://lists.w3.org/Archives/Public/public-did-wg/](https://lists.w3.org/Archives/Public/public-did-wg/) - LIst Archives

100
_posts/identosphere-dump/open-standards/standards.md
View File

@ -74,16 +74,6 @@ Purple - General crypto packaging/protocol standards
Orange - Application layer standards
* [The 7 Laws of Identity Standards](https://openid.net/2021/04/10/the-7-laws-of-identity-standards/) OpenID
1. A identity standards adoption is driven by its value of the reliability, repeatability and security of its implementations.
2. A standards value can be measured by the number of instances of certified technical conformance extant in the market.
3. Certified technical conformance is necessary but insufficient for global adoption.
4. Adoption at scale requires widespread awareness, ongoing technical improvement and a open and authoritative reference source.
5. When Libraries/Directories/ Registries act as authoritative sources they amplify awareness, extend adoption and promote certification.
6. Certified technical conformance importantly complements legal compliance and together optimize interoperability.
7. Interoperability enhances security, contains costs and drives profitability.
* [Verifier Universal Interface by Gataca España S.L.](https://essif-lab.eu/verifier-universal-interface-by-gataca-espana-s-l/)
> This draft version can be found at [https://gataca-io.github.io/verifier-apis/](https://gataca-io.github.io/verifier-apis/) and has been built using ReSpec.
> This draft version for VUI includes today 6 APIs:
@ -162,14 +152,6 @@ SDTT is a tool from Google which began life as the [Rich Snippets Testing Tool](
## Standards
* [ToIP Primer](https://trustoverip.org/wp-content/uploads/sites/98/2020/05/toip_050520_primer.pdf)
A history of procedural trust, leading to an overview of the TOIP stack.
* [ToIP Stack Diagram Preview](http://elanica.com/sandbox/)
Interactive
* [Decentralized Identity FAQ](https://identity.foundation/faq/%23agent-frameworks-infrastructure-layer-2)
DIF
@ -181,11 +163,8 @@ At its core, WACI can be thought of as a handshake using classic, industry-stand
* [The Verifiable Economy: Fully Decentralized Object (FDO) Example: Bobs UDID Document](https://hyperonomy.com/2021/06/15/the-verifiable-economy-fully-decentralized-object-fdo-example-bobs-udid-document/)
Strongly-typed Code to Generate Bobs UDID Document
* [Security Event Tokens, Subject Identifiers, and SSE/CAEP/RISC Java implementation](https://domsch.com/IIW32/IIW32-openid-sse-model.pdf) Matt Domsch, VP & Engineering Fellow
> • Security Event Tokens RFC 8417
> • Subject Identifiers Internet Draft RFC
> • Shared Signals & Events OpenID Foundation WG
> • Includes RISC, CAEP, and Oauth event profiles
* [Schema.org is ten!](http://blog.schema.org/2021/06/schemaorg-is-ten.html)
@ -198,12 +177,6 @@ talks like [“Simplify Your Least-Privilege Journey with Access Analysis”](h
* [Kaliya Young on Identikit with Michelle Dennedy](https://identitywoman.net/podcast-identikit-with-michelle-dennedy/)
our latest series examining the evolution of digital identity, and how self-sovereign identity, specifically, can advance a consent-based economy.
* [Shared Signals: An Open Standard for Webhooks](https://openid.net/2021/08/24/shared-signals-an-open-standard-for-webhooks/) OpenID
The OpenID Foundation formed the “[Shared Signals and Events](https://openid.net/wg/sse/)” (SSE) Working Group as a combination of the previous OpenID RISC working group and an informal industry group that was focused on standardizing [Googles CAEP proposal](https://cloud.google.com/blog/products/identity-security/re-thinking-federated-identity-with-the-continuous-access-evaluation-protocol). These represented two distinct applications of the same underlying mechanism of managing asynchronous streams of events. Therefore the [SSE Framework](https://openid.net/specs/openid-sse-framework-1_0-01.html) is now proposed to be a standard for managing such streams of events for any application, not just CAEP and RISC. In effect, it is a standard for generalized Webhooks.
* [Managed Open Projects: A New Way For Open Source and Open Standards To Collaborate](https://www.oasis-open.org/2021/09/08/managed-open-projects/)
I recently pointed out in a [TechCrunch contribution](https://techcrunch.com/2021/06/09/a-revival-at-the-intersection-of-open-source-and-open-standards/) that the open source and open standards communities need to find ways to team up if they are to continue driving innovation and  development of transformative technologies to push our society forward.
@ -217,10 +190,6 @@ JSON has its place. But I think we're overusing it in places where a good notati
Since February he has also been the informal chair of the [Hospitality and Travel Special Interest Group](https://www.notion.so/dif/HOSPITALITY-TRAVEL-SIG-242105321e1747f8bce776bf634a55b3), a subset within the Decentralized Identity Foundation, an organization creating technical specifications and reference implementations for decentralized identity and working with industries for commercial applications of such technologies.
### OpenID trying to make play in the “trusted identities” online space
* [Global Assured Identity Network White Paper](https://openid.net/2021/09/20/global-assured-identity-network-white-paper/)
* [Sign in with Ethereum](https://login.xyz/) is being developed by Spruce
@ -240,14 +209,6 @@ Lohan Spies, Technical Lead, Yoma
* [Explore Affinidi Schema Manager](https://ui.schema.affinidi.com/schemas/)
* [Proof-of-possession (pop) AMR method added to OpenID Enhanced Authentication Profile spec](https://self-issued.info/?p%3D2198) Mike Jones
Ive defined an Authentication Method Reference (AMR) value called “pop” to indicate that Proof-of-possession of a key was performed. Unlike the existing “hwk” (hardware key) and “swk” (software key) methods [...] Among other use cases, this AMR method is applicable whenever a [WebAuthn](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/) or [FIDO](https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html) authenticator are used.
- [https://openid.net/specs/openid-connect-eap-acr-values-1_0-01.html](https://openid.net/specs/openid-connect-eap-acr-values-1_0-01.html)
- [https://openid.net/specs/openid-connect-eap-acr-values-1_0.html](https://openid.net/specs/openid-connect-eap-acr-values-1_0.html)
* [DIDs are not enough - we need an Authoriziation standard too](https://medium.com/energy-web-insights/api-access-security-for-dapps-cfcfa928623c) Energy Web
If you are a developer and want to write a DApp [...] you probably are using API-Keys in your front-end. If this is the case, then you should consider the security risk the publication of the API-Key in your front end represents and ask yourself if it would make sense to switch to a user authentication scheme.
@ -261,11 +222,6 @@ We have a new suite of badges to encourage participation, create value for other
Considering that the group has accomplished these goals, there is currently no more need for dedicated calls. Work on the Universal Resolver work item will continue on Github (under the [Universal Resolver](https://github.com/decentralized-identity/universal-resolver) and [Identifiers &Discovery](https://github.com/decentralized-identity/identifiers-discovery/) and on DIF Slack in the Identifiers & Discovery Working Group channel, #wg-id.
* [First Official Me2B Alliance Recommendation](https://me2ba.org/first-official-me2b-alliance-recommendation/)
In a sense, this recommendation is a kind of abbreviation of the key things that our specifications test for. And youll be able to see that soon as the Me2B Safe Website Specification for Respectful Technology is currently in the membership review stage of the approval process.
* [Discover Open Badges 3.0!](https://app.participate.com/communities/keep-badges-weird/62003f3f-a7ba-4f6a-990a-64d6f893016d/announcements/0bc15852-0f91-48c8-a7ca-478b246b553c) Keep Badges Weird
1. Check out the (accepted) [Open Badges 3.0 proposal](https://github.com/IMSGlobal/openbadges-specification/files/6977048/Proposal-Open-Badges-3.0-update-08-11-2021.pdf)
@ -305,9 +261,6 @@ What already exists, more recently: [fine-grained permissions 1](https://blog.oc
* [Vote for First Implementers Drafts of OIDConnect SIOPV2 and OIDC4VP Specifications](https://openid.net/2022/01/18/notice-of-vote-for-first-implementers-drafts-of-openid-connect-siopv2-and-oidc4vp-specifications/) OpenID
The official voting period will be between Tuesday, February 1, 2022 and Tuesday, February 8, 2022, following the [45-day review](https://openid.net/2021/12/17/first-public-review-period-for-openid-connect-siopv2-and-oidc4vp-specifications-started/) of the specifications.
* [NFTs, Verifiable Credentials, and Picos](https://www.windley.com/archives/2021/10/nfts_verifiable_credentials_and_picos.shtml) Phil Windley
@ -327,10 +280,6 @@ This is the Use Case Implementation Workstream of the [COVID Credentials Initia
* [@csuwildcat](https://twitter.com/csuwildcat) shares
> As of Friday, we believe v1 of ION is functionally code complete, and the Sidetree Working Group at DIF (@DecentralizedID) should have a v1 spec candidate ready for the underlying protocol by Jan 21st. Public v1 launch of the ION network on Bitcoin mainnet is just weeks away.
* [What Is ISO 27018:2019? Everything Executives Need to Know](https://auth0.com/blog/what-is-iso-27018-2019-everything-executives-need-to-know/)
> ISO 27018 is part of the ISO 27000 family of standards, which define best practices for information security management. ISO 27018 adds new guidelines, enhancements, and security controls to the ISO/IEC 27001 and ISO/IEC 27002 standards, which help cloud service providers better manage the data security risks unique to PII in cloud computing.
* [What's New in Passwordless Standards, 2021 edition!](https://techcommunity.microsoft.com/t5/identity-standards-blog/what-s-new-in-passwordless-standards-2021-edition/ba-p/2124136) (Microsoft)
> The Web Authentication API (WebAuthn) Level 2 specification is currently a Candidate Recommendation at the W3C. "Level 2" essentially means major version number 2.
>
@ -341,43 +290,6 @@ This is the Use Case Implementation Workstream of the [COVID Credentials Initia
> ISO 27001 is also the cornerstone of a growing international consensus about data security best practices. Australia based its federal Digital Security Policy on ISO 27001. Likewise, ISO 27001 can provide guidance on how to meet the standards of other data privacy laws, such as the GDPR, which often direct companies to it as an example of universal best practices. So if you abide by ISO 27001s recommendations, youre on the right track for legal compliance, not to mention improved data security.
### Data Privacy Vocab
* [OPN-R (Open Public Notice - Rights) - starting Notice & Control Language - for people to use rights and govern identity (govinterop) with @ Kantara, ToiP and W3C Data Privacy Vocabulary using international vocab - from ISO/IEC 29100 Legal Framework Vocabulary](https://iiw.idcommons.net/22F/_OPN-R_-_Open_Public_Notice_-_Rights_-_starting_Notice_and_Control_Language) by Mark Lizar
The language consists of
- International standard vocabulary for security and privacy frameworks provides roles and actors to govern the transfer of personal data.
- The active state notice and consent receipt - is a format for generating consent records from notice/policy - which provides people with information to use rights. .
- W3C Data Privacy Control Vocabulary and ISO/IEC 29100, Legal Framework Vocabulary
This language can be used to auto generate receipts to process rights and negotiate terms ..  At Kantara we are working to use the standards to auto read the notices/polices to provide a conformance / trust assessment for people so they can see risk independently of the service provider
We discussed these projects and have some links
For more info
Goto Kantara ANCR WG [https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=140804260](https://kantarainitiative.org/confluence/pages/viewpage.action?pageId%3D140804260)
W3C DPV CG - [https://dpvcg.github.io/dpv/](https://dpvcg.github.io/dpv/)
ToiP -  ISWG - Notice & Consent Task force for a Privacy Controller Credential
* [https://wiki.trustoverip.org/pages/resumedraft.action?draftId=72226&draftShareId=8b665919-3b23-4a4d-be90-26947c7ae82c&](https://wiki.trustoverip.org/pages/resumedraft.action?draftId%3D72226%26draftShareId%3D8b665919-3b23-4a4d-be90-26947c7ae82c%26)
ToiP Privacy Risk -
Data Privacy Impact Assessments
- Breaking down -
-
Kantara - ANCR -
Showing off the work and topics
- Privacy as Expected - a gateway to online consent
- 2 Factor Consent (2FC)
* [https://kantarainitiative.org/confluence/collector/pages.action?key=WA&src=sidebar-pages](https://kantarainitiative.org/confluence/collector/pages.action?key%3DWA%26src%3Dsidebar-pages)
W3C Data Privacy Vocabulary Control
@ -518,10 +430,6 @@ The concept behind a Trust Registry is that a Wallet needs to know which decentr
* [Open Network for Digital Commerce](https://en.wikipedia.org/wiki/Open_Network_for_Digital_Commerce) is a non-profit established by the Indian government to develop open ecommerce. The goal is to end platform monopolies in ecommerce using an open protocol called [Beckn](https://developers.becknprotocol.io/). I'd never heard of Beckn before. From the reaction on the VRM mailing list, not many there had either.
* [BCGov improves sustainability reporting with digital trust technology](https://trustoverip.org/blog/2022/08/29/toip-steering-committee-member-the-government-of-british-columbia-improves-sustainability-reporting-with-digital-trust-technology/) ToIP
Digital credentials can be checked in real time, expediting access to trustworthy information. These trusted, verifiable digital credentials are the core digital trust technologies being piloted and the trust ecosystem in which they operate are defined in ToIP architecture, governance, and related documents.
* [Apple, with support from Google, just announced the Mobile Document Request API](https://github.com/WICG/proposals/issues/67) Web Incubator CG
> The API is concerning because it lists "Define the native communication between the User Agent and the application holding the mdoc." as out of scope. That is, digital wallet selection is out of scope. Also out of scope is "issuing" and "provisioning". The specification focuses on delivery from a digital wallet to a website.
* [Premature Standardization & Interoperability](https://www.continuumloop.com/premature-standardization-interoperability/) Continuum Loop
@ -537,10 +445,6 @@ Cardano showing interest in our work
* [Circle and Industry Leaders Have Built the First Decentralized Identity Proof-of-Concept for Crypto Finance using Verite Credentials](https://www.circle.com/en/pressroom/circle-and-industry-leaders-have-built-the-first-decentralized-identity-proof-of-concept-for-crypto-finance-using-verite-credentials) Circle
Circle joined other crypto and blockchain companies in February 2022 to introduce Verite as a open-source framework for decentralized identity credential issuance, custody and verification. Verite is designed to help make it safer, easier and more efficient to do business across the transformative worlds of DeFi and Web3 commerce.
* [TBD Partners with Circle!](https://developer.tbd.website/blog/tbd-circle-partnership/) TBD
TBD and [Circle](https://www.circle.com/en/?_gl%3D1*14yjcwp*_up*MQ..%26gclid%3DCjwKCAjwm8WZBhBUEiwA178UnPZbgZJJxhwK7ivE5Yx9FGW8PQ31-hc1O-njcLOmzcN2nzLz110FihoCgV4QAvD_BwE) are collaborating on a set of open standards and open source technologies aimed at enabling global-scale, mainstream adoption of digital currency in payments and financial applications. The first step of which will support cross-border remittances and self-custody wallets that can hold stablecoins.

8
_posts/identosphere-dump/open-standards/trust-frameworks.md
View File

@ -7,6 +7,9 @@
## Links
* [Digital Identity and Attributes Trust Framework](https://stateofidentity.libsyn.com/digital-identity-and-attributes-trust-framework) State of Identity
Do you trust technology and government to protect your data? On this week's State of Identity podcast, host, Cameron D'Ambrosi is joined by Gareth Narinesingh, Head of Digital Identity at HooYu to discuss the bridge between payments and identity wallets, the UK's next big push in adopting shared identity standards, and the foundation of decentralized identity verification across Web3 applications and the metaverse.
* [The Ukrainian War, PKI, and Censorship](https://www.windley.com/archives/2022/03/the_ukrainian_war_pki_and_censorship.shtml) Phil Windley
PKI has created a global trust framework for the web. But the war in Ukraine has shone a light on its weaknesses. Hierarchies are not good architectures for building robust, trustworthy, and stable digital systems.
@ -94,3 +97,8 @@ Its a great pleasure to share with you DINZ Reflections Report, a seminal pie
* [Pan-Canadian Trust Framework (PCTF) Overview](https://northernblock.io/pan-canadian-trust-framework/)
Right now, we are alpha testing the framework with different kinds of actors, both public and private, and with assessors. Through this process, were going to learn what may need to change, and what may not need to change. Were going to get real knowledge there. I will say that what were seeing already, is that DIACC and our priorities are really driven by members.
* [Trinsic Basics: What Is a Trust Registry?](https://trinsic.id/trinsic-basics-what-is-a-trust-registry/) Trinsic
Trust registries also need to be interoperable. The [Trust Over IP Foundation](https://www.trustoverip.org/) has a [specification](https://github.com/trustoverip/tswg-trust-registry-tf) for an interoperable trust registry, and ours is the first implementation of this spec. Because of this, Trinsics Trust Registry Service is architected so that one ecosystem could reference or incorporate a trust registry from a separate ecosystem if needed.

127
_posts/identosphere-dump/open-standards/verifiable-credentials.md
View File

@ -5,7 +5,100 @@ published: false
# Verifiable Credentials
* [DIF Grant #1: JWS Test Suite](https://blog.identity.foundation/dif-grant-1-jws-test-suite/)
* [Identifiers in Verifiable Credentials](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0023.html) Kerri Lemoie June 6
"When expressing statements about a specific thing, such as a person, product, or organization, it is often useful to use some kind of identifier so that others can express statements about the same thing. This specification defines the optional id property for such identifiers. The id property is intended to unambiguously refer to an object, such as a person, product, or organization. Using the id property allows for the expression of statements about specific things in the verifiable credential."
In the credentialSubject property it seems clear that the id can represent the subject that the claim is about but Im not clear on the uses for the optional id in the vc assertion. It would be helpful to learn about some examples or suggested uses.
For some context: in VC-EDU, were discussing Open Badges as VCs. Open Badges have historically mostly been verified via issuer hosted URLs.  One of the reasons to move away from hosted URLs is to remove the dependence on the issuer for verification. However, there may continue to be use cases for when an Open Badge should still be verified through its hosted url.
* [Selective Disclosure of lists](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0048.html) David Chadwick June 8
The user's VC has a property with a list of values (e.g. names of role holders). The user only wants to disclose n of m of this list to the verifier.
How can the verifier determine the difference between
i) a list with only n entries
ii) a list that has more than n entries but the user has withheld some of them.
Then we have the case where
iii) the list is genuinely empty because e.g. the role, has not been assigned to anyone yet, and
iv) the user does not want to tell the verifier any of the list values.
Re: Understanding @contexts and credentialSchemas Jun 10
This won't be a complete answer, but at the time of publication I believe that field was used in 2 ways.
1. with json schema, see this for example -
* [https://w3c-ccg.github.io/vc-json-schemas/](https://w3c-ccg.github.io/vc-json-schemas/)
2. with hyperledger indy zkp-cl signature vc's
In both cases, "credentialSchemas" was more about the VC data shape and type, whereas contexts and JSON-LD are best used only for semantics.
There are other tools like SHACL that can help do linked data shape constraints, perhaps someone might use them with credentialSchemas in the future.
but AFAIK, "credentialSchemas" is focused on the credential data shape. And "@context" is focused on the semantics and term definitions used in the credential.
OS
On Wed, Jun 9, 2021 at 5:15 PM Kerri Lemoie <klemoie@concentricsky.com>
wrote:
> Hello all,
>
> Im reviewing this: [https://www.w3.org/TR/vc-data-model/#data-schemas](https://www.w3.org/TR/vc-data-model/%23data-schemas)
>
> Could folks please explain to me the uses of credentialSchemas in
> comparison to @context files in JSON-LD? Is it that @context files name the
> attributes and credentialSchemas provide the information about how to
> validate the data/semantics?
* [Re: The dangers of using VCs as permission tokens (was: PROPOSALs for VC HTTP API call on 2021-06-22)](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0244.html) Manu Sporny
On 6/24/21 12:35 PM, Kyle Den Hartog wrote:
> Agreed, when it comes to the number of checks that occur it's much greater
> because of the delegation. With that in mind, looking at the semantics only
> of the system VCs in my opinion weren't optimally designed for permission
> tokens. This difference between the two requires that an implementation
> that wants to support both claims tokens and permissions tokens has to
> grapple with the different mental model that arise when trying to stuff
> these things together. This introduces additional complexity. Additionally
> it leads to weird statements that are being made where it's difficult to
> tell if the VC is behaving like a claims token or a permissions token.
Yes, exactly this. Exactly what Kyle states above is the reason why it's so complicated (and thus dangerous) to use VCs as permissions tokens.
This is one of the primary reasons that we separated out the Authorization Capabilities work from the Verifiable Credentials work. Things get really complicated when you start mixing authz/authn/claims/permissions into a Verifiable Credential. Just because you can do it doesn't mean you should.
Much of the complexity that gets created in such a system that mixes all those concepts together goes away when you clearly separate claims tokens from permissions tokens.
I suggest that folks take a look at Kyle's post to see how intractable the problem becomes when you don't do proper separation of concerns and depend on attributes to convey permissions:
* [https://kyledenhartog.com/example-authz-with-VCs/](https://kyledenhartog.com/example-authz-with-VCs/)* [DIF Grant #1: JWS Test Suite](https://blog.identity.foundation/dif-grant-1-jws-test-suite/)
DIF announces its first community microgrant, sponsored by Microsoft and rewarding the timely creation of a comprehensive test suite for detached-JWS signatures on Verifiable Credentials
@ -430,3 +523,35 @@ Thread: VCs need Threat Modeling
> It also seems to lack any sections about threat modelling and possible risks, making it hard to trust since risks are not directly and clearly addressed.
* [Torsten Lodderstedt Replying to @Erstejahre @pamelarosiedee and 3 others](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics)
> I agree. We [threat] model while we are designing the protocol, we also need to add it to the spec. Please note: we build on existing work. There is an extensive thread model for OAuth and countermeasures that we built on ([datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics). Feel free to contribute.
* [One subject, 2 VCs, 2 duplicate properties](https://lists.w3.org/Archives/Public/public-credentials/2021May/0075.html) Michael Herman (Trusted Digital Web) (Tuesday, 18 May)
*   Erin is the Subject of 2 Verifiable Credentials: VC1 and VC2
*   VC1 has 2 properties: "age" and "hairColor"
*   VC2 has the same 2 properties (by name): "age" and "hairColor"
Questions
1.  Assuming VC1 and VC2 apply/are valid at the same instant in time, can the value of the "age" property (or the "hairColor" property) be different in V1 compared to V2?
2.  What makes sense? ...what is realistic? ...how should VCs behave in this regard?
* [RE: Cryptographically Enforceable Issuer Policies (forked](https://lists.w3.org/Archives/Public/public-credentials/2021May/0108.html) Joosten, H.J.M. (Rieks) (Friday, 21 May)
Before answering your question, let me tell you this is still stuff we are coming to grips with - it is the subject of a masters thesis that Naveena Anaigoundanpudur Karthikeyan is working on with TNO. So what I write below are ideas that I still need to see verified.
* [...]
parties that issue credentials under such a policy must (be able to) determine
*   That he attributes that a KeySmith uses to generate decryption keys are sufficient for expressing its policy
*   That the process that the KeySmith uses to validate the attributes that parties provide as they request a decryption key, provides sufficient assurance that the (cryptograhpic) evaluation of the policy is also valid. And I think this is the trickiest part.
From: Steve Magennis
Subject: RE: One subject, 2 VCs, 2 duplicate properties
... forking the conversation r.e. Cryptographically Enforceable Issuer Policies @Joosten, H.J.M. (Rieks), how would it be  determined if a Verifier satisfies policy conditions? Really interesting idea.

49
_posts/identosphere-dump/organizations/DIF.md Normal file
View File

@ -0,0 +1,49 @@
# Decentralized Identity Foundation
* [Secure Data Storage](https://identity.foundation/working-groups/secure-data-storage.html)
* [DIF Steering Committee Election Results 2022](https://blog.identity.foundation/sc-election-2022-results/)
SC Election results: DIF welcomes new SC members Sam Curren, Daniel Buchner, Karyl Fowler, Rouven Heck, Markus Sabadello & Kaliya Young!
* [What Does Affinidi Do as a Member of the Decentralized Identity Foundation (DIF)?](https://academy.affinidi.com/what-does-affinidi-do-as-a-member-of-the-decentralized-identity-foundation-dif-d9d5146af14) Affinidi
In particular, Affinidi has been at the forefront in building many components such as the [Affinidi Wallet](https://academy.affinidi.com/what-is-affinidis-digital-wallet-1c2a52b4d13f), Schema Manager, [Consent Manager](https://build.affinidi.com/), and more that have enhanced the adoption of decentralised identity among communities and individuals.
* [Open call to kickoff the upcoming Wallet Security WG at DIF](https://lists.w3.org/Archives/Public/public-credentials/2021Feb/0114.html) March 1st
> Bastian, Paul writes:
> I will present motivation, goals and a first roadmap.
> Very short summary:
> - standardized wallet security is necessary for sensitive credentials like id-cards, payment credentials or more
> - create a specification and interface to communicate about wallet capabilities, security, regulation-conformance and other points of security-relevant interoperability
> - define mechanism to enable wallet security assertions, certification and ways to prove them
> - define specifications about wallet user authentication, ways how to ensure them and how to communicate them to issuers/verifiers
* [Calander Invite](https://forms.gle/t6wDnipR2md3WWKj7) • [Wallet Security WG Charter](https://docs.google.com/document/d/18H2hVjHZEBjbnzod8tLogJIEzySdecbk9d-QBJaqHP0/edit) • [Wallet Security Mailing list](https://lists.identity.foundation/g/wallet-security)
* [Setting Interoperability Targets Part 1 of 2](https://medium.com/decentralized-identity/setting-interoperability-targets-part-1-of-2-c6cbeaf82e98) Decentralized Identity Foundation
These will probably always differ and make a universal abstraction impossible; and thats not a bad thing! These requirements are always going to be specific to each regulatory context, and without them, innovation (and large-scale investment) are endangered by regulatory uncertainty.
* [Setting Interoperability Targets Part 1 of 2](https://medium.com/decentralized-identity/setting-interoperability-targets-part-1-of-2-c6cbeaf82e98) DIF
The Interoperability working group will be tracking them and providing guidance and documentation where possible. Importantly, though, there is a new DIF Working Group coming soon, the Wallet Security WG, which will dive deeper into these profiles and requirements, benefiting from a narrow scope and IPR protection, allowing them to speak more bluntly about the above-mentioned details.
* [Setting Interoperability Targets Part 2 of 2](https://medium.com/decentralized-identity/setting-interoperability-targets-part-2-of-2-671f8faa8ecb) DIF
Having shown in our last piece how interoperability “profiles” are designed, we now tackle some key technical problem areas ripe for this kind of profile-first interoperability work across stacks.
- [TBDs test results of JWS Test Suite](https://identity.foundation/JWS-Test-Suite/%23tbd)
- [Spruces test results of JWS Test Suite](https://identity.foundation/JWS-Test-Suite/%23spruce)
At TBD, we support open standards wherever appropriate, and all of our projects are open source.
* [Our Interoperability Work in the Decentralized Identity Foundation](https://developer.tbd.website/blog/our-interop-work-in-dif/) TBD
More details about the Conformance Test Suite that was developed by members of DIF and our interoperability test reports can be found here:
* [DIF Interoperability Survey](https://docs.google.com/forms/d/e/1FAIpQLSfbFh4DQeyI0msXsWvfpbrtYEfgQrGRD7tw4d2Rg0NEyhvcKQ/viewform)
We are keen to support more interoperability activity and hopefully testing this fall and winter. In order to do this we would like to gather feedback from the community as to where we are at so we can assess how to move forward.
Please Note: Information on this survey will be shared with the chairs of the DIF Interop Group
* [Drilling down: Co-development](https://medium.com/decentralized-identity/drilling-down-co-development-in-the-open-765a86ab153f) DIF
> - What “standardization” means to DIF and what DIF means to standardization.
- A newbie-friendly survey of how DIF relates to nearby organizations with overlapping or related foci.
- What “co-development” and “coöpetition” really mean, concretely

124
_posts/identosphere-dump/organizations/TOIP.md
View File

@ -22,3 +22,127 @@ The ToIP Concepts and Terminology Working group is proposing starting a - Mental
If you are interested Ping the ToIP Slack channel: #concepts-terminology-wg or email Judith@trustoverip.org
* [View From The Field, Riley Hughes](https://www.youtube.com/watch?v%3Dz3H40QAEJnw%26t%3D2s) Trust Over IP Foundation
Perspectives on the business problems being addressed by ToIP-aligned solutions. Primary research performed by Trinsic to get to the core issues getting in the way of scaling adoption of trust solutions. Riley presents his results and offers perspectives on how to overcome the various challenges.
* [TrustOverIP Model](https://trustoverip.org/wp-content/toip-model/)
* [ToIP Releases Additional Tools for Governance and Trust Assurance in Digital Trust Ecosystems](https://trustoverip.org/news/2021/11/12/toip-releases-additional-tools-for-governance-and-trust-assurance-in-digital-trust-ecosystems/)
Following the [September announcement of its first tools for managing risk in digital trust ecosystems](https://trustoverip.org/blog/2021/09/23/trust-over-ip-foundation-issues-its-first-tools-for-managing-risk-in-digital-trust-ecosystems/), today the ToIP Foundation announced three more pairs of tools to assist in the task of generating digital governance and trust assurance schemes
* [OPN-R (Open Public Notice - Rights) - starting Notice & Control Language - for people to use rights and govern identity (govinterop) with @ Kantara, ToiP and W3C Data Privacy Vocabulary using international vocab - from ISO/IEC 29100 Legal Framework Vocabulary](https://iiw.idcommons.net/22F/_OPN-R_-_Open_Public_Notice_-_Rights_-_starting_Notice_and_Control_Language) by Mark Lizar
The language consists of
- International standard vocabulary for security and privacy frameworks provides roles and actors to govern the transfer of personal data.
- The active state notice and consent receipt - is a format for generating consent records from notice/policy - which provides people with information to use rights. .
- W3C Data Privacy Control Vocabulary and ISO/IEC 29100, Legal Framework Vocabulary
This language can be used to auto generate receipts to process rights and negotiate terms ..  At Kantara we are working to use the standards to auto read the notices/polices to provide a conformance / trust assessment for people so they can see risk independently of the service provider
We discussed these projects and have some links
For more info
Goto Kantara ANCR WG [https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=140804260](https://kantarainitiative.org/confluence/pages/viewpage.action?pageId%3D140804260)
W3C DPV CG - [https://dpvcg.github.io/dpv/](https://dpvcg.github.io/dpv/)
ToiP -  ISWG - Notice & Consent Task force for a Privacy Controller Credential
* [https://wiki.trustoverip.org/pages/resumedraft.action?draftId=72226&draftShareId=8b665919-3b23-4a4d-be90-26947c7ae82c&](https://wiki.trustoverip.org/pages/resumedraft.action?draftId%3D72226%26draftShareId%3D8b665919-3b23-4a4d-be90-26947c7ae82c%26)
ToiP Privacy Risk -
Data Privacy Impact Assessments
- Breaking down -
-
Kantara - ANCR -
Showing off the work and topics
- Privacy as Expected - a gateway to online consent
- 2 Factor Consent (2FC)
* [ToIP Primer](https://trustoverip.org/wp-content/uploads/sites/98/2020/05/toip_050520_primer.pdf)
A history of procedural trust, leading to an overview of the TOIP stack.
* [ToIP Stack Diagram Preview](http://elanica.com/sandbox/)
Interactive
* [BCGov improves sustainability reporting with digital trust technology](https://trustoverip.org/blog/2022/08/29/toip-steering-committee-member-the-government-of-british-columbia-improves-sustainability-reporting-with-digital-trust-technology/) ToIP
Digital credentials can be checked in real time, expediting access to trustworthy information. These trusted, verifiable digital credentials are the core digital trust technologies being piloted and the trust ecosystem in which they operate are defined in ToIP architecture, governance, and related documents.
* [Trust Over IP 101 with John Jordan, André Kudra, Karl Kneis, Scott Perry & Paul Knowles](https://northernblock.io/toip-101/) Northern Block
> As were looking to move from the current internet era towards this new era of digital trust, I think it would be helpful if you were able to give an overview of how we got here. Perhaps we can take a step back, before the internet era, and discuss the paper credential era — I think that sets a good framework for where were going with these new digital trust models.
* [Trust over IP and Sovrin sign agreement to strengthen collaboration](https://trustoverip.org/news/2021/05/10/trust-over-ip-and-sovrin-sign-agreement-to-strengthen-collaboration/)
> The Sovrin Foundation (“Sovrin”) Board of Trustees and Trust over IP Foundation (“ToIP”) Steering Committee are pleased to announce that they have signed a Letter Agreement (dated March 18, 2021). This agreement signifies the commitment of both organizations to mutual cooperation and recognition for each others mandates. Sovrin and ToIP intend to work together toward advancing the infrastructure and governance required for digital trust and digital identity ecosystems.
* [TOIP HELPS SANTA WITH HIS TOUGHEST CHOICES](https://trustoverip.org/news/2021/12/15/toip-helps-santa-with-his-toughest-choices/) Trust over IP
> MEGA also joined the Good Elf Pass Initiative whose “interoperability blueprint” supports its crucial role as issuers of these credentials. The ground-breaking “Hypersleigh” blockchain standard will also support rapid delivery and high security for all Meaningful Gifts. #hypersleigh
* [The Trust Over IP Foundation Publishes New Introduction and Design Principles.](https://trustoverip.org/blog/2022/01/24/the-trust-over-ip-foundation-publishes-new-introduction-and-design-principles/)
1. [Introduction to ToIP V2.0](https://trustoverip.org/permalink/Introduction-to-ToIP-V2.0-2021-11-17.pdf)
This is the second-generation version of our original introductory white paper that would go more deeply into the origin and purpose of the ToIP stack and how it addresses the key challenges of decentralized digital trust infrastructure.
2. [Design Principles for the ToIP Stack V1.0](https://trustoverip.org/permalink/Design-Principles-for-the-ToIP-Stack-V1.0-2022-11-17.pdf)
This is an articulation of the key [design principles](https://principles.design/) we must follow in the design and
3. development of all aspects of the ToIP stack.
* [The ToIP Foundation Releases its First Official Governance Specifications](https://trustoverip.org/news/2022/02/01/the-toip-foundation-releases-its-first-official-governance-specifications/) Trust Over IP
* [THE VERIFIABLE LEI: DELIVERING ON THE PROMISE OF THE TOIP STACK](https://trustoverip.org/blog/2022/02/07/the-verifiable-lei-delivering-on-the-promise-of-the-toip-stack/) TOIP
It will give government organizations, companies, and other legal entities worldwide the capacity to use non-repudiable identification data pertaining to their legal status, ownership structure and authorized representatives in a growing multitude of digital business activities
* [A YEAR IN REVIEW: NEW BEGINNINGS AND SUCCESSES](https://trustoverip.org/blog/2021/10/07/a-year-in-review-new-beginnings-and-successes/)
> The TSWG provides guidance and specifications that support the ToIP 4-layer model from a technical standpoint.
* [LAYER 1 UTILITIES: AN UNDERGROUND NETWORK CONNECTING ALL SSI ECOSYSTEMS](https://trustoverip.org/blog/2022/03/04/layer-1-utilities-an-underground-network-connecting-all-ssi-ecosystems/) Trust over IP
> Please mind the gap between the DID and the DID Document! Just like the London Underground, Layer 1 Utilities are a collection of connected rails and overlapping networks, on top of which SSI ecosystems are developed. The ToIP Utility Foundry Working Group (UFWG) are mapping out how they overlap, intersect and differentiate from each other.
* [Key ToIP Take Aways from EIC](https://trustoverip.org/blog/2022/06/03/key-toip-takeaways-from-the-european-identity-conference/) TOIP
* [Achieving Trusted Digital Transactions Across the Globe: OIX and ToIP Align to make it Happen](https://trustoverip.org/news/2022/06/15/achieving-trusted-digital-transactions-across-the-globe-oix-and-toip-align-to-make-it-happen/) Trust over IP
With a combined worldwide membership of over 400 organisations and individuals, including some of the worlds largest stakeholders in a digital ID future, this is a crucial development in the journey towards full digital ID adoption and a digital future that will work for everyone involved.
* [Trust over IP Foundation Introduces a New Tool for Interoperable Digital Trust](https://trustoverip.org/blog/2020/10/19/trust-over-ip-foundation-introduces-a-new-tool-for-interoperable-digital-trust/)
* [Release of the Good Health Pass (GHP) Interoperability Blueprint](https://trustoverip.org/news/2021/08/12/release-of-the-good-health-pass-ghp-interoperability-blueprint/) TrustoverIP
> After a public review period during June with stakeholders in air travel, government, healthcare, hospitality, and other affected sectors, the Blueprint was finalized in mid-July for final approval and publication. “Publication of the V1.0.0 Blueprint is just the first step in seeing interoperable privacy preserving digital health passes adopted in order to support people being able to gather together again with lower personal and public health risk,” said Kaliya Young, chair of the Working Group and Ecosystems Director at CCI. “Our next task is collaborating with real world implementers to fill in any remaining gaps to get to an interoperable system and working with LFPH and other partners to deliver open source code that can be deployed.”
* [RADIO WITH PICTURES](https://trustoverip.org/blog/2022/03/02/radio-with-pictures/) Trust over IP
Exploring why human trust should be an essential design element in the next generation of digital solutions
* [Trust Over IP Foundation Issues its First Tools for Managing Risk in Digital Trust Ecosystems](https://trustoverip.org/blog/2021/09/23/trust-over-ip-foundation-issues-its-first-tools-for-managing-risk-in-digital-trust-ecosystems/)
as we move into decentralized identity management, where individuals manage credentials in their own digital wallets, we need new risk management tools designed for this paradigm
* [The Trust Over IP Stack: Achieving Global Interoperability with SSI](https://techzone.scot/trust-over-ip-stack/) Digital Scotland
* [In this video](https://www.youtube.com/watch?v%3DYzKfb-udavY), Drummond Reed, Chief Trust Officer at Evernym Inc and co-author of the book [Self-Sovereign Identity](https://www.evernym.com/ssi-book/) provides a deep discussion of SSI and the The Trust over IP Stack.
- Survey was a collaborative efforts by [University of Jyväskylä](http://jyu.fi), [Blockster.global](http://blockster.global) and [Trust over IP foundation](https://trustoverip.org/)
- More than 70 survey respondents
- SSI platform provider is ok but it should not be combined with network provider
- Risk: Slow technology adoption/ implementation / maturity
- Large VC issuance:
- Healthcare (COVID credentials)
- Revocation could be a challenge to be addressed
- Education sector
- Milestones to be achieved:
- Standardization
- Crypto payment
- Many solution would benefit from global payments but this will further add the challenge of large business adoption SSI + Crypto combination
- SDO:
- Not moving fast
- More academic and research in nature
* [On Forests, Emergence, and Expansive Trust: Why Trust Over IP is even more profound than we thought](https://trustoverip.org/blog/2021/11/21/on-forests-emergence-and-expansive-trust/) Daniel Hardman
I have been lucky enough to witness many of its milestones — the finalization of the VC and DID specifications, the launch of Sovrin and Hyperledger Indy, the advent of production deployments and serious interoperability, the invention of peer DIDs and KERI and BBS+ credentials, the implementation of the exciting communication technology now known as DIDComm…

29
_posts/identosphere-dump/organizations/credentials-community.md
View File

@ -1,29 +0,0 @@
# Credentials community group
* [https://www.w3.org/community/credentials/](https://www.w3.org/community/credentials/)
* [https://lists.w3.org/Archives/Public/public-credentials/](https://lists.w3.org/Archives/Public/public-credentials/)
* [IRC mailing list bridge](https://lists.w3.org/Archives/Public/public-credentials/2022Apr/0117.html) Charles E. Lehner (Saturday, 23 April)
Notifications of messages to this mailing list (public-credentials) are now sent to our IRC channel (#ccg).
* [re: How to contribute to new standards work? (was:Re: RDF Dataset Canonicalization - Formal Proof)](https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0172.html) Manu Sporny (Tuesday, 10 August)
* [The CCG Work Item process is outlined here](https://docs.google.com/document/d/1vj811aUbs8GwZUNo-LIFBHafsz4rZTSnRtPv7RQaqNc/):
* [Here's how you get started:](https://docs.google.com/document/d/1vj811aUbs8GwZUNo-LIFBHafsz4rZTSnRtPv7RQaqNc/edit%23heading%3Dh.f28tyzjvad8g)
This process is open to anyone -- no W3C Membership dues, fees, etc. required to participate.
* [Reminder: You can present to the CCG](https://lists.w3.org/Archives/Public/public-credentials/2022Mar/0151.html)
This is a friendly reminder that anyone in the community that is doing something interesting that you think the community should know about whether that work is done here in the CCG or elsewhere, can email the chairs with what you want to share and we can get you on the calendar. It's best if you email all 3 chairs.
* [Clarity about the group charter](https://lists.w3.org/Archives/Public/public-credentials/2022Jun/0044.html) Manu Sporny (Wednesday, 22 June)
there are statements like: "Buy our products! We're the best!" (with nothing else that we can learn from) that is frowned upon... but, in general, even if it is a feature in one of your products, chances are that we want to hear about it if it has relevance to how we might interoperate on that feature (or use it to meet a goal of the community).
* [2022-2026 Verifiable Data Standards Roadmap [DRAFT]](https://lists.w3.org/Archives/Public/public-credentials/2022Mar/0068.html)  Manu Sporny (Saturday, 12 March)
![https://www.notion.soimages/image1.png](https://www.notion.soimages/image1.png)

27
_posts/identosphere-dump/organizations/glief.md Normal file
View File

@ -0,0 +1,27 @@
# Glief
* [The Birth of the vLEI: A New Dawn in Digital ID for Legal Entities Everywhere](https://www.gleif.org/en/newsroom/blog/the-birth-of-the-vlei-a-new-dawn-in-digital-id-for-legal-entities-everywhere) GLEIF
For businesses the world over, confidence in digital authenticity is in short supply. Can you be sure that your banks website is not an elaborate phishing recreation? Did that e-invoice really come from your business partner? How can you tell? [...]
* [Self-sovereign digital identity, vLEI as identification standard for InfoCert DIZME network](https://www.digitalfuturemagazine.com/2021/01/27/self-sovereign-digital-identity-vlei-as-identification-standard-for-infocert-dizme-network/)
> VLEIs are cryptographically verifiable credentials compliant with W3C standards, containing LEIs. The program launched by GLEIF to promote vLEIs aims to create an ecosystem, a credential governance framework, and a technical support infrastructure.
>
> Through vLEIs, companies, government organizations, and other legal entities around the world will have the ability to identify themselves unambiguously, even outside of the financial markets, to conduct a growing number of activities digitally, such as:
- the approval of transactions and contracts,
- the acquisition of new customers,
- transactions within logistics chain and import/export networks,
- the submission of reports and prospectuses to regulatory bodies.
Also, vLEIs will allow for the extension of identity verification of legal entities to include individuals who fill roles of interest within those entities.
## GlEIF
* [Launching the Global Assured Identity Network (GAIN) with Elizabeth Garber](https://www.ubisecure.com/podcast/global-assured-identity-network-gain-elizabeth-garber/) UbiSecure
> fills us in on what the GAIN project is, explaining how its different from other trust networks and why GAIN is good for financial institutions. She also discusses the role of the Global Legal Entity Identifier Foundation (GLEIF) in the project, and whats next for GAIN.
* [#2 in the Financial Inclusion Interview Series What bridging the $81bn trade finance gap could mean for Africa with Barry Cooper from Centre for Financial Regulation and Inclusion (Cenfri)](https://www.gleif.org/en/newsroom/blog/number-2-in-the-financial-inclusion-interview-series-what-bridging-the-81bn-trade-finance-gap-could-mean-for-africa-with-barry-cooper-from-centre-for-financial-regulation-and-inclusion-cenfri)
> Following the launch of GLEIFs digital business identity initiative designed to bridge the trade finance gap in Africa, were catching up with our key partners to hear their thoughts on how the project will bring about greater financial inclusion for SMEs on the continent and beyond.
* [The Birth of the vLEI: A New Dawn in Digital ID for Legal Entities Everywhere](https://www.gleif.org/en/newsroom/blog/the-birth-of-the-vlei-a-new-dawn-in-digital-id-for-legal-entities-everywhere) GLIEF
> Using KERI, vLEIs can be created and utilized independently of any specific organization, with the highest levels of security, privacy, and ease of use. KERI also enables GLEIF and the vLEI trust ecosystem to operate under GLEIFs governance framework, unencumbered by the governance of external systems, including those of blockchains and distributed ledger consortia.
* [InfoCert adheres to the GLEIF International Foundation's program for promoting vLEI](https://translate.google.com/translate?sl=auto&tl=en&u=https://www.datamanager.it/2020/12/infocert-aderisce-al-programma-della-fondazione-internazionale-gleif-per-la-promozione-del-vlei/)
> The vLEI is a cryptographically verifiable credential according to W3C standards and containing the LEI ( Legal Entity Identifiers ), the identification code of legal entities made mandatory by Mifid II in order to operate on the financial markets: InfoCert, formerly LOU ( Local Operating Unit ) authorized by GLEIF will adopt vLEI as an identification standard within its DIZME ecosystem , the blockchain-based decentralized digital identity platform.
* [eBook: The vLEI: Introducing Digital I.D. for Legal Entities Everywhere](https://www.gleif.org/en/lei-solutions/gleifs-digital-strategy-for-the-lei/introducing-the-verifiable-lei-vlei/gleif-ebook-the-vlei-introducing-digital-i-d-for-legal-entities-everywhere)

10
_posts/identosphere-dump/organizations/kantara.md
View File

@ -2,6 +2,16 @@
* [OPN-R (Open Public Notice - Rights) - starting Notice & Control Language - for people to use rights and govern identity (govinterop) with @ Kantara, ToiP and W3C Data Privacy Vocabulary using international vocab - from ISO/IEC 29100 Legal Framework Vocabulary](https://iiw.idcommons.net/22F/_OPN-R_-_Open_Public_Notice_-_Rights_-_starting_Notice_and_Control_Language) by Mark Lizar
The language consists of
- International standard vocabulary for security and privacy frameworks provides roles and actors to govern the transfer of personal data.
- The active state notice and consent receipt - is a format for generating consent records from notice/policy - which provides people with information to use rights. .
- W3C Data Privacy Control Vocabulary and ISO/IEC 29100, Legal Framework Vocabulary
This language can be used to auto generate receipts to process rights and negotiate terms ..  At Kantara we are working to use the standards to auto read the notices/polices to provide a conformance / trust assessment for people so they can see risk independently of the service provider
* [EIC Speaker Spotlight: Kay Chopard on Driving Digital Trust](https://www.kuppingercole.com/blog/beskers/eic-speaker-spotlight-kay-chopard-driving-digital-trust)
The mission of Kantara is to grow and fulfill the market for trustworthy use of identity and personal data. And that's a very broad mission. But to do that, some of the things you see in our mission are words like trust, grow, fulfilling what the market needs.
* [Exostar Receives Kantara Initiatives Identity Assurance Trust Framework Certification](https://www.exostar.com/press/exostar-receives-kantara-initiatives-identity-assurance-trust-framework-certification-achieves-healthcare-and-life-science-community-milestones/) - Latest Recognition Further Demonstrates Company Protects Customers Identity and Personal Data by Complying with NIST 800-63 Standard

59
_posts/identosphere-dump/organizations/me2b.md Normal file
View File

@ -0,0 +1,59 @@
# Me2B
* [A Responsible Reporting Nightmare: Right-clicking is Not a Crime](https://me2ba.org/a-responsible-reporting-nightmare-right-clicking-is-not-a-crime/) Me2Ba
This is a story of a politician who cried “hacker” after a reporter informed a state agency that sensitive information was embedded in their websites HTML source code1. While we wish this was a joke or fictional story it, unfortunately, is not. If the state of Missouri does move forward with the prosecution this state action would sound the alarm for researchers and reporters resulting in a chilling effect on the practice of responsible reporting.
* [First Official Me2B Alliance Recommendation](https://me2ba.org/first-official-me2b-alliance-recommendation/)
> In a sense, this recommendation is a kind of abbreviation of the key things that our specifications test for. And youll be able to see that soon as the Me2B Safe Website Specification for Respectful Technology is currently in the membership review stage of the approval process.
* [Introducing the Me2B 101 Flash Guide Series](https://me2ba.org/introducing-the-me2b-101-flash-guide-series/) Me2B Alliance
When we started drafting the Respectful Tech Specification a couple of years ago, it was immediately obvious that we didnt have an adequate vocabulary to describe personal experiences in the digital world—never mind measure them.
* [Flash Guide #5: Online Me2B Deals: Currencies in the Digital World and the Price of “Free”](https://me2ba.org/flash-guide-5-online-me2b-deals-currencies-in-the-digital-world-and-the-price-of-free/)
The Me2B Deals or transactions that occur online typically involve three types of “currency”: money, attention or data. [...] What sets online data monetization apart from the other two currencies is that often, customers have no idea what they are paying with or that they are paying at all.
* [Flash Guide #6: Online Me2B Relationships](https://me2ba.org/flash-guide-6-online-me2b-relationships/)
our relationship with connected technology includes a set of “hidden affiliates” (third party integrations) that most of us are not aware of. This guide describes how these relationships conscious or not emerge as we interact with digital technologies.
* [Flash Guide #7: The Me2B Lifecycle: Overlaying Social Norms on the Digital World](https://me2ba.org/flash-guide-7-the-me2b-lifecycle-overlaying-social-norms-on-the-digital-world/)
This real life social context is currently missing in both existing privacy regulation and in industry standards models for ethical technology [...] Our model helps course-correct connected technology by pinpointing how the digital Me2B experience deviates from important social behavioral norms.
* [Flash Guide #8: Digital Me2B Commitments & Deals](https://me2ba.org/flash-guide-8-digital-me2b-commitments-deals/)
This guide provides examples of common Commitments and Deals, and shows how they map to the stages of a Me2B Lifecycle. It also reflects social norms for being anonymous, recognized, or known at each stage.
* [Flash Guide #9: The 10 Attributes of Respectful Me2B Commitments](https://me2ba.org/flash-guide-9-the-10-attributes-of-respectful-me2b-commitments/)
The Me2B Respectful Tech Specification measures technology behavior against 10 attributes that respectful Me2B Commitments should possess. These attributes represent how technology should treat us and our data at every step along the Me2B Relationship Lifecycle.
* [Flash Guide #10: Data Flow & the Invisible Parallel Dataverse](https://me2ba.org/flash-guide-10-data-flow-the-invisible-parallel-dataverse/)
Our personal data flows do not start light and increase with time and trust. Instead, a firehose of personal information is released and shared with a host of unseen third parties as soon as we open an app or website. Me2BAs Respectful Tech Specification V.1 is largely focused on testing for these invisible parallel dataverse data flows.
* [12 ways a human-centric approach to data can improve the world](https://me2ba.org/world-economic-forum-12-ways-a-human-centric-approach-to-data-can-improve-the-world/) Me2B Alliance
Twenty-five quintillion bytes of data are generated every day. Thats 25,000,000,000,000,000,000. In this era of data abundance, its easy to think of these bytes as a panacea informing policies and spurring activities to address the pandemic, climate change or gender inequality but without the right systems in place, we cannot realize the full potential of data to advance a sustainable, equit
* [Dangling Domain From SDK Installed in 150+ Apple Apps Putting Kids, Families and Crypto Traders at Risk](https://me2ba.org/dangling-domain-from-sdk-installed-in-150-apple-apps-putting-kids-families-and-crypto-traders-at-risk/)
TLDR: The Me2B Alliance believes apps including the AskingPoint SDK should be safe from malicious redirects or other exploits.
* [You can now make an online donation to the Me2B Alliance](https://me2ba.org/you-can-now-make-an-online-donation-to-the-me2b-alliance-we-appeciate-your-support-donate-here/)
* [Me2BA Executive Director Lisa LeVasseur featured on Masters of Privacy podcast](https://me2ba.org/me2ba-executive-director-lisa-levasseur-featured-on-masters-of-privacy-podcast/) Me2b
> describes Me2BAs approach to respectful technology behavior and discusses the Alliances work in standards development and independent testing.  The conversation touches on the broader issues of our evolving and personal relationships with technology products and services, and the potential for respectful behavior to provide a deeper and better level of engagement, to the benefit of individuals and businesses alike.
* [Gratitude: Internet Society Foundation Grant Award](https://me2ba.org/gratitude-internet-society-foundation-grant-award/) ([Press Release](https://me2ba.org/me2b-alliance-awarded-100k-grant-for-us-pre-k-12-benchmark-to-research-school-utility-apps-data-sharing/) Me2Ba
* [Lisa LeVasseur on the ethical behaviour of technology and the Me2B Alliance LTADI](https://www.ubisecure.com/podcast/lisa-levasseur-me2b-alliance/)
> the Me2B Alliance and how it aims to make technology better for humans, plus the businesses (B-s) which are shining a light on privacy issues and giving the Me-s more control.
>
> “We used to call ourselves something like the organic food label. But thats actually not right. Were more like independent automobile crash testing.”
* [Me2B Safe Specification v1.0](https://me2ba.org/safetechspec/) Me2B
> The current version focuses on mobile apps and websites and encompasses only a portion of the harms outlined in the complete [Me2B Digital Harms Dictionary](https://ooqc943yvdw4abzes1q1ezta-wpengine.netdna-ssl.com/wp-content/uploads/2021/10/me2ba-digital-harms-dictionary-v2.0-iii.pdf). As the safe specification evolves subsequent versions will grow to include more of the harms identified in the Me2B Digital Harms Dictionary.
* [Building a Safety Spec for the Digital World](https://me2ba.org/three-turns-of-the-wheel-building-a-safety-spec-for-the-digital-world-2/) Me2ba
> It was three years in the making, and this is how we got here.
* [The Me2B Alliance is now Internet Safety Labs](https://me2ba.org/introducing-internet-safety-labs/) Internet Safety Labs
> We are excited to announce the Me2B Alliance is now Internet Safety Labs. Weve changed our name but not our core mission.
* [Me2BA supports ending all surveillance advertising on children](https://me2ba.org/me2ba-supports-ending-all-surveillance-advertising-on-children/)
> We think that focusing on Facebooks surveillance advertising is a good step in the right direction. However, there are several other significant threats to kids out there. In particular, Googles YouTube [is used by 69% of kids in the United States today, who reportedly spend approximately 1.5 hours a day on the app](https://techcrunch.com/2020/06/04/kids-now-spend-nearly-as-much-time-watching-tiktok-as-youtube-in-u-s-u-k-and-spain/)

51
_posts/identosphere-dump/organizations/mydata.md
View File

@ -193,3 +193,54 @@ Last month, UNICEF published a [Manifesto on Good Data Governance for Children]
* [MyData Global Joins “Team Data Spaces” to Support the EUs Plan to Create “Data Spaces”](https://mydata.org/2021/06/23/mydata-global-joins-team-data-spaces-to-support-the-eus-plan-to-create-data-spaces/)
MyData Global announces to have joined forces with Team Data Spaces a coalition of leading European players with experience in standardising, creating and operationalising data sharing to facilitate the development of European data spaces which are at the heart of the EUs data strategy.
* [2022: LOOKING AT THE YEAR AHEAD](https://mydata.org/2022/01/11/2022-looking-at-the-year-ahead/) MyData
> As MyData Global saw in our [reflection on 2021](https://mydata.org/2021/12/17/2021-in-review-the-events-and-activities-shaping-the-personal-data-landscape/), the transformation towards a human-centric personal data economy is underway. This transformation is driven by two forces: first, the dominant unethical approaches to personal data are starting to show how unsustainable they really are.
* [2021 in review: The events and activities shaping the personal data Landscape](https://mydata.org/2021/12/17/2021-in-review-the-events-and-activities-shaping-the-personal-data-landscape/) MyData
2021 has been a productive year for MyData Global, and a significant one for the wider personal data world. The [Facebook Files](https://twitter.com/mydataorg/status/1446435772857524224?s%3D20) helped raise the issue of personal data and ethics to the general public, and the EUs Data Governance Act has helped put into practice many of the changes [MyData Global has been advocating for](https://mydata.org/2021/10/28/mydata-and-the-european-unions-latest-data-developments/).
* [Rulebook overcomes the lack of trust in data sharing](https://www.mydata.org/2022/08/30/rulebook-overcomes-the-lack-of-trust-in-data-sharing/) MyData
The data sharing market is taking off and there is enormous uncaptured value. Many organisations are looking for new trustworthy ways to create value from data collaboration. Individuals can also benefit tremendously if data can be more readily shared across service providers.
* [Training: Building smart cities services 2.0](https://oldwww.mydata.org/h3c/) MyData
You will learn about business models, compliance with complex regulatory regimes, standards, and governance mechanisms. You will be connected with EU funding opportunities, and you will learn how to build successful partnerships with companies and cities
* [What Metas Profit Drop Might Say About Consumer Sentiment on Data Privacy](https://anonyome.com/2022/09/what-metas-profit-drop-might-say-about-consumer-sentiment-on-data-privacy/) Anyonyome
* [Skills for creative futures? MyData starts the Cyanotypes project.](https://www.mydata.org/2022/09/21/mydata-starts-cyanotypes-project/) MyData
* [What to make of data sovereignty](https://www.mydata.org/2022/09/26/data-sovereignty/) MyData
Data sovereignty has gained much recent attention, whilst interpreted in varied ways. MyData Global describes in this blog post what to make of data sovereignty when taking a human-centric approach to personal data.
* [Does “data monetisation” lead towards more fairness, sustainability, and prosperity for all?](https://www.mydata.org/2022/07/13/data-monetisation/) MyData
> As this is a complex and often polarising issue, it must be discussed with patience, diligence, and determination. MyData Global has not yet reached a position on the topic. In this piece, we share our considerations and questions, and hope to inspire you to join this important deliberation.
* [Catalysing transformative change: new project to produce innovative services in smart cities](https://mydata.org/2021/09/02/catalysing-transformative-change-new-project-to-produce-innovative-services-in-smart-cities/) MyData
> “Cities around the world are racing ahead to be smarter by taking ethical approaches to personal data”, explains Teemu Ropponen, General Manager of MyData Global “MyData Global is a centre of excellence for personal data management expertise, with the H3C project we are bringing together city administrations, companies and individuals to find solutions that put people in control of their personal data”
* [MyData Global adopts an updated logo and visual identity](https://www.mydata.org/2022/05/17/new-logo/)
* [VIIVI LÄHTEENOJA APPOINTED AS MYDATA GLOBAL CHAIR](https://mydata.org/2022/01/07/viivi-lahteenoja-appointed-as-mydata-global-chair/)
> Previous Chair,  Antti “Jogi” Poikola commented: I am delighted to be succeeded by Viivi Lähteenoja as MyData Globals Chair. […] Viivis experience both in and out of the MyData community make her excellently qualified to open up new dialogues on how personal data can empower people and communities.
* [MYDATA GLOBAL IN MOTION KEY DEVELOPMENTS IN 2022](https://mydata.org/2022/03/09/mydata-developments-in-2022/)
> Collective sensemaking and channels for impact, Strengthening the MyData brand, Renovating the infrastructure of MyData Global, and Changes in the staff and leadership team.
* [EXEMPLARY PERSONAL DATA BUSINESSES: 33 ORGANISATIONS RECEIVE THE MYDATA OPERATOR 2022 AWARD](https://mydata.org/2022/03/16/mydata-operator-2022-awards/)
> personal data companies that have shown leadership by empowering individuals to control their personal data. As promoted by the European Commission, [putting people in the centre of digital transformations is needed for a safe and sustainable digital future](https://ec.europa.eu/commission/presscorner/detail/en/ip_21_6428). Further, [boosting data sharing and ensuring its trustworthiness](https://ec.europa.eu/commission/presscorner/detail/en/ip_21_6428) is critical to reaping the benefits of our digitised lives.
* [MyData Operator Status awarded to Mydex](https://medium.com/mydex/mydata-operator-status-awarded-to-mydex-2916d1c48c3d)
> As promoted by the European Commission, [putting people in the centre of digital transformations is needed for a safe and sustainable digital future](https://ec.europa.eu/commission/presscorner/detail/en/ip_21_6428). Further, [boosting data sharing and ensuring its trustworthiness](https://ec.europa.eu/commission/presscorner/detail/en/ip_21_6428) is critical to reaping the benefits of our digitised lives. Organisations awarded with the MyData Operator Award are vital enablers for such a vision, providing value for companies and individuals alike.
Centre Consortium presents Verite with Kim Hamilton
- [Avast demonstrates commitment to digital freedom with MyData membership](https://press.avast.com/avast-demonstrates-commitment-to-digital-freedom-with-mydata-membership)
* [PERSONAL DATA HOLDS THE KEY FOR SUSTAINABLE CITY LIFE](https://mydata.org/2021/09/13/personal-data-holds-the-key-for-sustainable-city-life-but-rewards-must-be-balanced-with-risks-to-digital-rights/) MyData
* [The Future of Work & Skills a human-centric skills data space](https://mydata.org/skillsdata) MyData
* [Whitepaper](https://drive.google.com/file/d/1QPbc1mwVUj7Tttb4MA9VMRT-bJgjqwqI/view)
> In order to improve the competitiveness of EUs workforce, the strategy identifies a need for high-quality data for qualifications, learning opportunities, jobs and skill sets of people.
* [The Future of Identity. A collection of interconnected research](https://borgbraincrypto.medium.com/the-future-of-identity-eee42109efd2)
* [Scaling the personal data economy, MyData 2020](https://www.youtube.com/watch?v=xNTuuOAZ1Uc)
> using Futures Thinking to envision how different business strategies, policies and actions implemented in the personal data ecosystem can pave the path towards the Desirable Future.
* [MYDATA, MY CLIMATE, AND MY CARBON](https://mydata.org/2021/11/03/mydata-my-climate-and-my-carbon/)
> With COP26 taking place this week, governments, companies, and individuals are discussing how we can all reduce our carbon emissions. The task is monumental, and technology has an important role to play both in reducing its own carbon footprint and in helping the wider world track and reduce their emissions.
* [Childrens right for privacy also in the digital world is guaranteed under the Convention on the Rights of the Child](https://www.mydata.org/2022/06/20/press-release-childrens-right-for-privacy-also-in-the-digital-world-is-guaranteed-under-the-convention-on-the-rights-of-the-child-and-this-includes-photos/) MyData
Last week, the Prime Minister of Finland, Sanna Marin, stated that she will not give consent to the media to take and publish photos of her child. This led to wide discussion and international headlines even though the right to privacy is guaranteed under the Convention on the Rights of the Child.

259
_posts/identosphere-dump/organizations/organization.md
View File

@ -34,8 +34,8 @@ GLEIF has launched a CA Stakeholder Group to facilitate communication between GL
* [The DEI rollback](https://werd.io/2021/the-dei-rollback) Ben Werdmüller
> The solution, for now, is to call it out, and for those of us with privilege to pledge never to work for (or start) an organization with these policies. Diversity and inclusion is more important than ever. And leaders who care about the culture of their companies should once again take note of the Basecamp team: this time as a lesson in what not to do.
* [Passing the Torch at the OpenID Foundation](https://self-issued.info/?p%3D2170) Mike Jones
> Today marks an important milestone in the life of the OpenID Foundation and the worldwide digital identity community. Following [Don Thibeaus decade of exemplary service to the OpenID Foundation as its Executive Director](https://openid.net/2021/02/19/resolution-thanking-don-thibeau-for-his-service/), today we [welcomed Gail Hodges as our new Executive Director](https://openid.net/2021/04/28/welcoming-gail-hodges-as-our-new-executive-director/).
* [BedRock Consortium has a home page](https://bedrockconsortium.org/)
> The Bedrock Consortium is a Linux Foundation project that supports the operation of the Bedrock Business Utility, an independent self-governed and self-sustainable public identity utility.
@ -66,22 +66,6 @@ Minimal Demo: [https://adriang.xyz/](https://adriang.xyz/) Use Card Number 4242
* [https://www.youtube.com/watch?v=lYb9bUyIPEw](https://www.youtube.com/watch?v%3DlYb9bUyIPEw)
- Survey was a collaborative efforts by [University of Jyväskylä](http://jyu.fi), [Blockster.global](http://blockster.global) and [Trust over IP foundation](https://trustoverip.org/)
- More than 70 survey respondents
- SSI platform provider is ok but it should not be combined with network provider
- Risk: Slow technology adoption/ implementation / maturity
- Large VC issuance:
- Healthcare (COVID credentials)
- Revocation could be a challenge to be addressed
- Education sector
- Milestones to be achieved:
- Standardization
- Crypto payment
- Many solution would benefit from global payments but this will further add the challenge of large business adoption SSI + Crypto combination
- SDO:
- Not moving fast
- More academic and research in nature
* [John Jordan AMA - ToIP, BC Gov, Spinal Cord Injuries](https://iiw.idcommons.net/13C/_John_Jordan_AMA_-_ToIP,_BC_Gov,_Spinal_Cord_Injuries) by John Jordan
John shared about his journey and ongoing rehab,  and then moved on to whats up with BCGov these days and looking ahead with the same.
@ -128,19 +112,15 @@ David Luchuk, Program Manager for Trust over IP, addressed the importance of ens
* [Sovrin and Trust over IP Signed Mutual Agreement to Strengthen Their SSI Collaboration](https://blog.sovrin.org/sovrin-and-trust-over-ip-signed-mutual-agreement-to-strengthen-their-ssi-collaboration-55d7775efdc2)
“By signing this Letter Agreement, Sovrin and ToIP are excited to take a step further to support the need and importance of our separate but interrelated mandates to benefit people and organizations across all social and economic sectors through secure digital identity ecosystems based on verifiable credentials and SSI,” said Chris Raczkowski, Chairman of Board of Trustees, Sovrin Foundation.
* [Trust Over IP 101 with John Jordan, André Kudra, Karl Kneis, Scott Perry & Paul Knowles](https://northernblock.io/toip-101/) Northern Block
As were looking to move from the current internet era towards this new era of digital trust, I think it would be helpful if you were able to give an overview of how we got here. Perhaps we can take a step back, before the internet era, and discuss the paper credential era — I think that sets a good framework for where were going with these new digital trust models.
* [Building an SSI Ecosystem: Digital Staff Passports at the NHS](https://www.windley.com/archives/2021/05/building_an_ssi_ecosystem_digital_staff_passports_at_the_nhs.shtml) Windley
How does a functioning credential ecosystem get started? This post goes deep on Manny Nijjars work to create a program for using digital staff passports in the sprawling UK NHS bureaucracy.
* [IdRamp Joins Linux Foundation Public Health Cardea Project Steering Committee](https://idramp.com/idramp-joins-linux-foundation-public-health-cardea-project-steering-committee/)
The Cardea and GCCN projects are both excellent examples of breakthrough innovations that can take shape when companies and projects come together to solve real-world problems, using open source tools available to everyone
* [Hedera Hashgraph Joins World Wide Web Consortium (W3C)](https://hedera.com/blog/hedera-hashgraph-joins-world-wide-web-consortium-w3c-new-did-method-published-by-w3c-credentials-community-group)
We welcome Hedera as a contributing member to the W3C DID Working Group and congratulate their team for reaching this milestone of a published implementation of the latest W3C DID Identifiers v1.0 draft,” said Ivan Herman
* [AfroLeadership NGO to join the Board of aNewGovernance AISBL](https://www.anewgovernance.org/2021/07/02/2391/) NewGovernance
As the Data Strategy and the Data Spaces are being put in place in Europe, as the
@ -169,68 +149,38 @@ Editorial: Kaliya thinks this is a terrible idea. It is based on the premise tha
NO this isnt going to work it is going to create lockin to particular wallets for particular credentials. All because some bad entrepreneurs who are no longer leading their companies sold SAFTS to greedy investors. There is a mess under here that should be exposed further now that they are trying to push this model again. Lets just say I cant wait for the investigative reporter to dig into the Sovrin meltdown from last year further to see what is really there. It could have all been left alone and I wouldnt be talking about it - but they decided to push the model again.
* [Me2BA Executive Director Lisa LeVasseur featured on Masters of Privacy podcast](https://me2ba.org/me2ba-executive-director-lisa-levasseur-featured-on-masters-of-privacy-podcast/) Me2b
describes Me2BAs approach to respectful technology behavior and discusses the Alliances work in standards development and independent testing.  The conversation touches on the broader issues of our evolving and personal relationships with technology products and services, and the potential for respectful behavior to provide a deeper and better level of engagement, to the benefit of individuals and businesses alike.
* [Trust over IP and Sovrin sign agreement to strengthen collaboration](https://trustoverip.org/news/2021/05/10/trust-over-ip-and-sovrin-sign-agreement-to-strengthen-collaboration/)
> The Sovrin Foundation (“Sovrin”) Board of Trustees and Trust over IP Foundation (“ToIP”) Steering Committee are pleased to announce that they have signed a Letter Agreement (dated March 18, 2021). This agreement signifies the commitment of both organizations to mutual cooperation and recognition for each others mandates. Sovrin and ToIP intend to work together toward advancing the infrastructure and governance required for digital trust and digital identity ecosystems.
* [Spherity partners IDunion Trusted Identity Ecosystem](https://medium.com/spherity/spherity-joins-idunion-trusted-identity-ecosystem-e89d093be35a)
Spherity announces that it has become a partner of the
[IDunion](https://idunion.org/)
 project. The project is funded within the innovation framework “Showcase secure digital identities” of the German government (Federal Ministry for Economic Affairs and Energy). Spherity is entrusted on the application of cloud identity technology in the healthcare industry.
* [A YEAR IN REVIEW: NEW BEGINNINGS AND SUCCESSES](https://trustoverip.org/blog/2021/10/07/a-year-in-review-new-beginnings-and-successes/)
The TSWG provides guidance and specifications that support the ToIP 4-layer model from a technical standpoint.
* [Launching the Global Assured Identity Network (GAIN) with Elizabeth Garber](https://www.ubisecure.com/podcast/global-assured-identity-network-gain-elizabeth-garber/) UbiSecure
fills us in on what the GAIN project is, explaining how its different from other trust networks and why GAIN is good for financial institutions. She also discusses the role of the Global Legal Entity Identifier Foundation (GLEIF) in the project, and whats next for GAIN.
* [#2 in the Financial Inclusion Interview Series What bridging the $81bn trade finance gap could mean for Africa with Barry Cooper from Centre for Financial Regulation and Inclusion (Cenfri)](https://www.gleif.org/en/newsroom/blog/number-2-in-the-financial-inclusion-interview-series-what-bridging-the-81bn-trade-finance-gap-could-mean-for-africa-with-barry-cooper-from-centre-for-financial-regulation-and-inclusion-cenfri)
Following the launch of GLEIFs digital business identity initiative designed to bridge the trade finance gap in Africa, were catching up with our key partners to hear their thoughts on how the project will bring about greater financial inclusion for SMEs on the continent and beyond.
* [MYDATA, MY CLIMATE, AND MY CARBON](https://mydata.org/2021/11/03/mydata-my-climate-and-my-carbon/)
With COP26 taking place this week, governments, companies, and individuals are discussing how we can all reduce our carbon emissions. The task is monumental, and technology has an important role to play both in reducing its own carbon footprint and in helping the wider world track and reduce their emissions.
* [Non-binary Thinking will Accelerate Digital Sovereignty (with Rouven Heck)](https://northernblock.io/non-binary-thinking-will-accelerate-digital-sovereignty-with-rouven-heck/) NorthernBlock
Now, if we take two communities within the SSI space the Decentralized Identity Foundation (DIF) and the Trust over IP Foundation (ToIP). I will sometimes hear people talking positively about one and negatively about the other. But why is this happening? Dont we all have the same underlying values? Arent we all looking to better our lives through digital sovereignty?
I think the answer to this is clear and we need to get away from thinking in a binary manner about anything in our space. And if you really look at the overlap between both these communities: they are quite large.
* [Gratitude: Internet Society Foundation Grant Award](https://me2ba.org/gratitude-internet-society-foundation-grant-award/) ([Press Release](https://me2ba.org/me2b-alliance-awarded-100k-grant-for-us-pre-k-12-benchmark-to-research-school-utility-apps-data-sharing/) Me2Ba
* [ISSE 2021 - EEMA opening Plenary](https://vimeo.com/648039700) Is it all change for identity?
* [Communication Milestone Achievements!](https://blog.identity.foundation/milestones/) DIF
This week, we hit 5k followers on [Twitter](https://twitter.com/DecentralizedID), driven in no small part by attention garnered by our [ToIP & DIF Joint Statement of Support for the Decentralized Identifiers (DIDs) v1.0 specification becoming a W3C Standard](https://blog.identity.foundation/w3cdidspec/)
* [Good things happen slowly, bad things happen fast](https://blog.weareopen.coop/good-things-happen-slowly-bad-things-happen-fast-2fd894cbd4df) We Are Open Co-op
- Important Talk
Some organisations were experimenting with digital badges before 2011, but these were siloed and easy to right-click and copy. The technology trigger, the innovation with Open Badges, was to invent and make available an open metadata standard.
* [You can now make an online donation to the Me2B Alliance](https://me2ba.org/you-can-now-make-an-online-donation-to-the-me2b-alliance-we-appeciate-your-support-donate-here/)
* [We appeciate your support! Donate here >](https://me2ba.org/donate/)
* [Internet Identity Workshop #33](https://blog.identity.foundation/internet-identity-workshop-33/) DIF
Hundreds of attendees, including a number of DIF members, put together a huge programme of content for the 33rd IIW, covering topics ranging from the technical minutiae of IAM and SSI to big-picture discussions about ethics and strategy, and participated in over 110 virtual sessions across the three days.
* [Me2BA supports ending all surveillance advertising on children](https://me2ba.org/me2ba-supports-ending-all-surveillance-advertising-on-children/)
We think that focusing on Facebooks surveillance advertising is a good step in the right direction. However, there are several other significant threats to kids out there. In particular, Googles YouTube [is used by 69% of kids in the United States today, who reportedly spend approximately 1.5 hours a day on the app](https://techcrunch.com/2020/06/04/kids-now-spend-nearly-as-much-time-watching-tiktok-as-youtube-in-u-s-u-k-and-spain/)
* [New steward for #GoodID: Berkman Klein Center for Internet and Society at Harvard University](https://omidyarnetwork.medium.com/new-steward-for-goodid-berkman-klein-center-for-internet-and-society-at-harvard-university-a221cdb12949) Omidyar Network
The Center recently launched the [Institute for Rebooting Social Media](https://cyber.harvard.edu/programs/institute-rebooting-social-media) [...] In connection with this Institute and the [Berkman Klein Research Sprints](https://cyber.harvard.edu/story/2020-10/research-sprint-participants-explore-digital-transformation-time-crisis-focus), and through the Centers ongoing work with the over 100 international [Network of Internet and Society Research Centers](http://networkofcenters.net/), the Center will support conversations about digital identity issues that will reach diverse and interdisciplinary communities of research and practice.
* [TOIP HELPS SANTA WITH HIS TOUGHEST CHOICES](https://trustoverip.org/news/2021/12/15/toip-helps-santa-with-his-toughest-choices/) Trust over IP
MEGA also joined the Good Elf Pass Initiative whose “interoperability blueprint” supports its crucial role as issuers of these credentials. The ground-breaking “Hypersleigh” blockchain standard will also support rapid delivery and high security for all Meaningful Gifts. #hypersleigh
@ -242,13 +192,6 @@ Check out these [photos from IIW 1 in 2005](https://www.flickr.com/photos/tags/i
* [src](https://www.flickr.com/photos/chrisheuer/57584208/in/photolist-5YzQy-613Xi-5YztD-613UK-5YBEi-669qJ-6153X-63sGm-65uyW-63sKa-63sHi-63sJv-6682a-669uE-5YzVT-68VoW-6685y-668ju-68VjB-669om-65uHm-65UDr-668pr-6689z-68Vd9-65Urf-68V8M-6693d-68V51-668vo-68Vhj-6696s-669jG-669eG-668z5-65Uvh-668ZD-668K2-668Vm-668rU-669ah-668Mb-668QJ-65uDA-668FE-65uFG-65UGT-65Uza-65uC8-65uAq/)
* [The Trust Over IP Stack: Achieving Global Interoperability with SSI](https://techzone.scot/trust-over-ip-stack/) Digital Scotland
* [In this video](https://www.youtube.com/watch?v%3DYzKfb-udavY), Drummond Reed, Chief Trust Officer at Evernym Inc and co-author of the book [Self-Sovereign Identity](https://www.evernym.com/ssi-book/) provides a deep discussion of SSI and the The Trust over IP Stack.
* [On Forests, Emergence, and Expansive Trust: Why Trust Over IP is even more profound than we thought](https://trustoverip.org/blog/2021/11/21/on-forests-emergence-and-expansive-trust/) Daniel Hardman
I have been lucky enough to witness many of its milestones — the finalization of the VC and DID specifications, the launch of Sovrin and Hyperledger Indy, the advent of production deployments and serious interoperability, the invention of peer DIDs and KERI and BBS+ credentials, the implementation of the exciting communication technology now known as DIDComm…
* [The Digital Identity Card](https://blog.ti8m.com/en/SSI.html) TI8M
Currently, over 40 applications have been implemented in the IDunion project. These are used in a wide variety of sectors, such as public administration, the financial sector, IoT and industry, the healthcare sector, mobility sector and e-commerce. The technology has now exited the research phase and will appear in the first productive applications in 2021.
@ -262,51 +205,13 @@ The founding media partners all agreed, however, that having more first-party da
The Super Skills app combines a custodial wallet (Torus) and Ceramic VC/storage tooling to give children private, exportable, future-proof achievement records a self-sovereign educational credentialing system in miniature.
* [Announcing the 2022 OpenID Foundation Individual Community Board Member Election](https://openid.net/2021/12/30/announcing-the-2022-openid-foundation-individual-community-board-member-election/)
Board participation requires a substantial investment of time and energy. It is a volunteer effort that should not be undertaken lightly. Should you be elected, expect to be called upon to serve both on the board and on its committees. You should have your employers agreement to attend two or more in-person board meetings a year, which are typically collocated with important identity conferences around the world.
* [WTF are Stealth Badges?: The case of the O.G. Badger](https://blog.weareopen.coop/wtf-are-stealth-badges-41130a75a1a9) We are Open Coop
This information means that this particular badge, which is manually issued, can be given out in fair and equitable ways. It also means that someone else who engaged with the Open Badges community before 2017 could lay claim to it.
Stealth badges at scale require an automated system that issues badges depending on particular criteria. This is why they are very common in games-based environments. For example, I unlock some most weeks playing new and existing games on my PlayStation and Google Stadia.
* [The Trust Over IP Foundation Publishes New Introduction and Design Principles.](https://trustoverip.org/blog/2022/01/24/the-trust-over-ip-foundation-publishes-new-introduction-and-design-principles/)
1. [Introduction to ToIP V2.0](https://trustoverip.org/permalink/Introduction-to-ToIP-V2.0-2021-11-17.pdf)
This is the second-generation version of our original introductory white paper that would go more deeply into the origin and purpose of the ToIP stack and how it addresses the key challenges of decentralized digital trust infrastructure.
2. [Design Principles for the ToIP Stack V1.0](https://trustoverip.org/permalink/Design-Principles-for-the-ToIP-Stack-V1.0-2022-11-17.pdf)
This is an articulation of the key [design principles](https://principles.design/) we must follow in the design and
3. development of all aspects of the ToIP stack.
* [VIIVI LÄHTEENOJA APPOINTED AS MYDATA GLOBAL CHAIR](https://mydata.org/2022/01/07/viivi-lahteenoja-appointed-as-mydata-global-chair/)
Previous Chair,  Antti “Jogi” Poikola commented: I am delighted to be succeeded by Viivi Lähteenoja as MyData Globals Chair. […] Viivis experience both in and out of the MyData community make her excellently qualified to open up new dialogues on how personal data can empower people and communities.
* [The ToIP Foundation Releases its First Official Governance Specifications](https://trustoverip.org/news/2022/02/01/the-toip-foundation-releases-its-first-official-governance-specifications/) Trust Over IP
* [THE VERIFIABLE LEI: DELIVERING ON THE PROMISE OF THE TOIP STACK](https://trustoverip.org/blog/2022/02/07/the-verifiable-lei-delivering-on-the-promise-of-the-toip-stack/) TOIP
It will give government organizations, companies, and other legal entities worldwide the capacity to use non-repudiable identification data pertaining to their legal status, ownership structure and authorized representatives in a growing multitude of digital business activities
* [The Birth of the vLEI: A New Dawn in Digital ID for Legal Entities Everywhere](https://www.gleif.org/en/newsroom/blog/the-birth-of-the-vlei-a-new-dawn-in-digital-id-for-legal-entities-everywhere) GLIEF
Using KERI, vLEIs can be created and utilized independently of any specific organization, with the highest levels of security, privacy, and ease of use. KERI also enables GLEIF and the vLEI trust ecosystem to operate under GLEIFs governance framework, unencumbered by the governance of external systems, including those of blockchains and distributed ledger consortia.
* [Emergent community building](https://blog.weareopen.coop/emergent-community-building-a35f9431d8a) WeAreOpenCoop
Last week, we ran the first Keep Badges Weird community call
* [](http://validatedid.com/post-en/the-time-for-the-eidas-bridge)Theres an outstanding question, for us, around how this community explores and thinks about the theoretical underpinnings of a Community of Practice (CoP), but one thing is for sure, Keep Badges Weird is a CoP.
* [Introducing the Global Assured Identity Network (GAIN) Proof of Concept Community Group](https://openid.net/2022/03/02/introducing-the-global-assured-identity-network-gain-proof-of-concept-community-group/)
The OpenID Foundation is pleased to announce the launch of the Global Assured Identity Network (GAIN) Proof of Concept Community Group, which aims to test the technical hypotheses underlying the [“GAIN Digital Trust”](https://gainforum.org/GAINWhitePaper.pdf) white paper.
* [LAYER 1 UTILITIES: AN UNDERGROUND NETWORK CONNECTING ALL SSI ECOSYSTEMS](https://trustoverip.org/blog/2022/03/04/layer-1-utilities-an-underground-network-connecting-all-ssi-ecosystems/) Trust over IP
Please mind the gap between the DID and the DID Document! Just like the London Underground, Layer 1 Utilities are a collection of connected rails and overlapping networks, on top of which SSI ecosystems are developed. The ToIP Utility Foundry Working Group (UFWG) are mapping out how they overlap, intersect and differentiate from each other.
* [MYDATA GLOBAL IN MOTION KEY DEVELOPMENTS IN 2022](https://mydata.org/2022/03/09/mydata-developments-in-2022/)
Collective sensemaking and channels for impact, Strengthening the MyData brand, Renovating the infrastructure of MyData Global, and Changes in the staff and leadership team.
* [Audience Ikigai](https://blog.weareopen.coop/audience-ikigai-be0cebe4cea) [reason for being] We are Open CoOp
@ -339,16 +244,9 @@ Were not convinced that “constraint” is the right theoretical approach fo
- [Jolocom focused on the Rust KERI implementation](https://github.com/decentralized-identity/keriox/), which we donated to DIF last fall
> An example of the KERI DID registrar/resolver integrated in our library can be found here. This is also included in the Jolocom SmartWallet via the SDK integration. (KERI is currently being worked on in the Decentralized Identity Foundations Identifiers and Discovery Working Group,)
* [2021 OpenID Foundation Board Update](https://openid.net/2021/02/09/2021-openid-foundation-board-update/)
> Nat Sakimura and John Bradley were re-elected to new two-year terms as community member representatives. Nat and Johns well-known technical expertise and global thought leadership ensures continuity across working groups and as the Foundation transitions to new leadership in 2021.
* [Compliance & Inclusive Finance Working Group (CIFWG)](https://medium.com/@sovrinid/promoting-banking-for-all-announcing-the-compliance-inclusive-finance-working-group-cifwg-340633ef3e6c) Sovrin
> Since 2019, Sovrin has hosted the Compliance and Payments Task Force (CPTF), an open group of traditional bank and non-bank financial institutions, regulators, policymakers, technologists, ethicists, and legal experts. The CPTF has developed and promoted the Rulebook, an innovative best practices framework that extends traditional banking compliance and payments guidance to emerging fintech and VASP processes.
* [Lisa LeVasseur on the ethical behaviour of technology and the Me2B Alliance LTADI](https://www.ubisecure.com/podcast/lisa-levasseur-me2b-alliance/)
> the Me2B Alliance and how it aims to make technology better for humans, plus the businesses (B-s) which are shining a light on privacy issues and giving the Me-s more control.
>
> “We used to call ourselves something like the organic food label. But thats actually not right. Were more like independent automobile crash testing.”
* [ID2020 Welcomes BLOK Solutions to the Alliance](https://medium.com/id2020/id2020-welcomes-blok-solutions-to-the-alliance-1c53e952930c)
> Their most recent solution, BLOK Pass, offers individuals a self-sovereign record of their COVID-19 test results and other risk factors. The technology was developed under the companys biotech arm, BLOK BioScience.
@ -357,25 +255,12 @@ Were not convinced that “constraint” is the right theoretical approach fo
* [Member interview with Jacoba Sieders](https://womeninidentity.org/2020/10/20/www-womeninidentity-org-interview-jacoba-sieders/) Women in Identity
> Jacoba Sieders is an independent, digital identity expert [and advisory board member of the EU ESSIF Lab]. She has held executive positions leading IAM and KYC functions for more than 20 years at major banks in the Netherlands and then in Luxembourg at the European Investment Bank. She also lived and worked in New Delhi, India for ING Group.
## GlEIF
* [InfoCert adheres to the GLEIF International Foundation's program for promoting vLEI](https://translate.google.com/translate?sl=auto&tl=en&u=https://www.datamanager.it/2020/12/infocert-aderisce-al-programma-della-fondazione-internazionale-gleif-per-la-promozione-del-vlei/)
> The vLEI is a cryptographically verifiable credential according to W3C standards and containing the LEI ( Legal Entity Identifiers ), the identification code of legal entities made mandatory by Mifid II in order to operate on the financial markets: InfoCert, formerly LOU ( Local Operating Unit ) authorized by GLEIF will adopt vLEI as an identification standard within its DIZME ecosystem , the blockchain-based decentralized digital identity platform.
* [PSA Today: Kaliya & Seth talk LEIs](https://anchor.fm/psatoday/episodes/PSA-Today-34-Kaliya--Seth-talk-LEIs-Legal-Entity-Identifiers-with-Simon-Wood--CEO-of-Ubisecure-eqia74)
with Simon Wood, CEO of Ubisecure (#1 issuer of Legal Entity Identifiers)
> the evolution of LEIs since the financial crisis of 2008, the difference between high assurance and low assurance, and the relationship between rights and ownership as it relates to identity management of entities.
* [Self-sovereign digital identity, vLEI as identification standard for InfoCert DIZME network](https://www.digitalfuturemagazine.com/2021/01/27/self-sovereign-digital-identity-vlei-as-identification-standard-for-infocert-dizme-network/)
VLEIs are cryptographically verifiable credentials compliant with W3C standards, containing LEIs. The program launched by GLEIF to promote vLEIs aims to create an ecosystem, a credential governance framework, and a technical support infrastructure.
Through vLEIs, companies, government organizations, and other legal entities around the world will have the ability to identify themselves unambiguously, even outside of the financial markets, to conduct a growing number of activities digitally, such as:
- the approval of transactions and contracts,
- the acquisition of new customers,
- transactions within logistics chain and import/export networks,
- the submission of reports and prospectuses to regulatory bodies.
Also, vLEIs will allow for the extension of identity verification of legal entities to include individuals who fill roles of interest within those entities.
### Turing Institute Report on Trustworthy Digital Identity
* [Turing harnesses global expertise with International Advisory Board for Trustworthy Digital Identity](https://www.turing.ac.uk/news/turing-harnesses-global-expertise-international-advisory-board-trustworthy-digital-identity)
@ -383,8 +268,9 @@ Also, vLEIs will allow for the extension of identity verification of legal entit
- [Alan Turing Institute: Trustworthy Digital Infrastructure for Identity Systems](https://www.turing.ac.uk/sites/default/files/2020-12/alan_turing_digital_identities_2020.pdf) (Report)
- [Digital Identity: Ensuring that systems are trustworthy](https://www.turing.ac.uk/blog/digital-identity-ensuring-systems-are-trustworthy)
- [Trustworthy digital identity](https://www.turing.ac.uk/research/interest-groups/trustworthy-digital-identity)
* [OpenID Foundation is Hiring a new Executive Director](https://openid.net/2020/11/17/openid-foundation-executive-director-job-description/)
> The OpenID Foundation is seeking an Executive Director with the experience, skills, strategic vision, and commitment to advancing the Foundations open standards initiatives. This is a unique opportunity to lead a well-respected, member-driven, vendor-neutral, international standardization organization.
- [Finding the Bell Curve of Meaning](https://medium.com/decentralized-identity/finding-the-bell-curve-of-meaning-61a1d22b7bdd) - A process for supporting the emergence of shared language in broad collaborative communities
* [Linux Foundation Announces DizmeID Foundation to Develop and Enable a Self-Sovereign Identity Credential Network](https://linuxfoundation.org/en/press-release/linux-foundation-announces-dizmeid-foundation-to-develop-and-enable-a-self-sovereign-identity-credential-network/)
@ -416,15 +302,8 @@ How do you determine if your new company is addressing the underlying issues tha
## IIW
* [IIW32 - A wave of DIF donations and debuts](https://blog.identity.foundation/dif-monthly-18-may-2021/%23iiw32a-wave-of-dif-donations-and-debuts) DIF Newsletter
* [EXEMPLARY PERSONAL DATA BUSINESSES: 33 ORGANISATIONS RECEIVE THE MYDATA OPERATOR 2022 AWARD](https://mydata.org/2022/03/16/mydata-operator-2022-awards/)
personal data companies that have shown leadership by empowering individuals to control their personal data. As promoted by the European Commission, [putting people in the centre of digital transformations is needed for a safe and sustainable digital future](https://ec.europa.eu/commission/presscorner/detail/en/ip_21_6428). Further, [boosting data sharing and ensuring its trustworthiness](https://ec.europa.eu/commission/presscorner/detail/en/ip_21_6428) is critical to reaping the benefits of our digitised lives.
* [MyData Operator Status awarded to Mydex](https://medium.com/mydex/mydata-operator-status-awarded-to-mydex-2916d1c48c3d)
As promoted by the European Commission, [putting people in the centre of digital transformations is needed for a safe and sustainable digital future](https://ec.europa.eu/commission/presscorner/detail/en/ip_21_6428). Further, [boosting data sharing and ensuring its trustworthiness](https://ec.europa.eu/commission/presscorner/detail/en/ip_21_6428) is critical to reaping the benefits of our digitised lives. Organisations awarded with the MyData Operator Award are vital enablers for such a vision, providing value for companies and individuals alike.
Centre Consortium presents Verite with Kim Hamilton
* [Verite: A Technical Deep Dive with Kim Hamilton, Director of Identity & Standards](https://www.centre.io/blog/verite-a-technical-deep-dive-with-kim-hamilton-director-of-identity-standards) Centre
@ -446,13 +325,6 @@ Join here [https://discord.com/invite/F4Qw7h6Sr9](https://discord.com/invite/F4Q
Founded by Coinbase and Circle in 2018, the mission is to provide the governance and standards for the future digital financial ecosystem.
We began by launching US Dollar Coin (USDC), a fiat-backed stablecoin and now the second largest stablecoin on the market. The standards we laid out for USDC provide a layer of trust and transparency so that users can operate with security and confidence as we enter a new world of digital payments.
* [2022 OpenID Foundation Kim Cameron Award Recipients Announced](https://openid.net/2022/04/29/2022-openid-foundation-kim-cameron-award-recipients-announced/)
This was the first IIW without Kim Cameron. This was a very fitting announcement.
The OpenID Foundation is pleased to announce the first cohort of awardees for inaugural launch of the Kim Cameron Award Program. We first must thank the many well-qualified applicants who presented compelling interest in user-centric identity.
* [Digital Technologies Forum now includes the Lissi demo](https://lissi-id.medium.com/lissi-demonstration-im-forum-digitale-technologien-82d5f0c07a5d) <- in german
Digital Technologies Forum is a networking platform and exhibition space for selected research projects and innovations in the field of digital technologies from Germany. The forum offers outstanding research projects a platform for more visibility and promotes exchange and knowledge transfer at national and international level.
@ -466,13 +338,7 @@ Link your web accounts, verify your academic credentials and interact with DeSci
Silvia is a WID member since 2018 and started her career as an Identity engineer. Her topic will be the misbehavior of your digital twin and what you can do if your digital twin misbehaves.
Originating from a virtual model reflecting a physical object, the term “digital twin” also has its application in the cyber security industry. Social media giants and the advertisement industry have a huge interest in modeling your behavior, feelings, and thoughts to tailor advertising to you.
* [Me2B Safe Specification v1.0](https://me2ba.org/safetechspec/) Me2B
The current version focuses on mobile apps and websites and encompasses only a portion of the harms outlined in the complete [Me2B Digital Harms Dictionary](https://ooqc943yvdw4abzes1q1ezta-wpengine.netdna-ssl.com/wp-content/uploads/2021/10/me2ba-digital-harms-dictionary-v2.0-iii.pdf). As the safe specification evolves subsequent versions will grow to include more of the harms identified in the Me2B Digital Harms Dictionary.
* [Building a Safety Spec for the Digital World](https://me2ba.org/three-turns-of-the-wheel-building-a-safety-spec-for-the-digital-world-2/) Me2ba
It was three years in the making, and this is how we got here.
* [A WebAuthn Apache module?](https://hanszandbelt.wordpress.com/2022/05/05/a-webauthn-apache-module/) Hans Zandbelt
@ -483,23 +349,6 @@ any sensible WebAuthn/FIDO2 Apache module would rely on an externally running
In making the code widely accessible, Ontology is accelerating the adoption of decentralized identity (DID) in the blockchain sphere As the project that has focused on the Decentralized Identity (DID) field for over 4 years…
* [ISO/IEC 18013-5 vs Self-Sovereign Identity: A proposal for an mDL Verifiable Credential](https://www.procivis.ch/post/iso-iec-18013-5-vs-self-sovereign-identity-a-proposal-for-an-mdl-verifiable-credential) Procivis
in the context of government identity programs we see it as useful to compare them on the following parameters background, credential data model & trust anchor and transmission protocols.
* [MyData Global adopts an updated logo and visual identity](https://www.mydata.org/2022/05/17/new-logo/)
* [Aotearoas digital identity journey that leaves no-one behind](https://digitalidentity.nz/2022/05/18/aotearoas-digital-identity-journey-that-leaves-no-one-behind/) DigitalID NZ
IEUDI, together with DINZs Te Kāhui Te Tiriti O DINZ and Digital Identity Services Trust Framework (DISTF) [work groups](https://digitalidentity.nz/working-groups/), detail the scope of DINZs mahi this year and into 2023 in pursuit of its mission to create a digital identity ecosystem that enhances privacy, trust and improves access for all people in New Zealand. [...]
The DISTF WG met last week also, to discuss the [Select Committees report](https://www.legislation.govt.nz/bill/government/2021/0078/latest/whole.html) following the [submissions](https://www.parliament.nz/en/pb/bills-and-laws/bills-proposed-laws/document/BILL_116015/tab/submissionsandadvice), containing its recommended changes to [the Bill](https://www.legislation.govt.nz/bill/government/2021/0078/latest/whole.html) prior to its Second Reading.
* [Block Joins W3C](https://twitter.com/brockm/status/1526723285102120960) [@brockm](https://twitter.com/brockm)
Today, we became a member of the [@W3C](https://twitter.com/w3c), as part of our commitment to building open standards for an open web. We are committed to advancing and adopting decentralized and privacy-preserving standards for self-sovereign digital identity that benefits all. Not centralized platforms.
* [Ledger Joins Project Verite: a Decentralized Identity Coalition for Crypto Finance](https://www.ledger.com/ledger-joins-project-verite-a-decentralized-identity-coalition-for-crypto-finance) Ledger 2/22
We strongly believe that open standards are a key enabler for the development and scaling of new digital identity services around the globe. In this context, we are glad to be part of the Verite Distributed ID standards.” Mung Ki Woo, VP Trust Services, Ledger
@ -510,24 +359,7 @@ We strongly believe that open standards are a key enabler for the development an
Currently available in TypeScript and [published through NPM](https://www.npmjs.com/package/verite), the Verite library seeks to make it easier to implement VCs in a variety of forms. The library is early and an additional goal of the library is to collect community feedback.
* [The Me2B Alliance is now Internet Safety Labs](https://me2ba.org/introducing-internet-safety-labs/) Internet Safety Labs
We are excited to announce the Me2B Alliance is now Internet Safety Labs. Weve changed our name but not our core mission.
* [How GAIN Happens, Slowly Then All at Once](https://openid.net/2022/06/03/how-gain-happens-slowly-then-all-at-once/) OpenID
GAIN is marked by a cross sector, crowd sourced, open, global due diligence. GAINs self organized participants are actively seeking evidence that disconfirms the GAIN hypothesis.
* [Key ToIP Take Aways from EIC](https://trustoverip.org/blog/2022/06/03/key-toip-takeaways-from-the-european-identity-conference/) TOIP
* [OpenID for Verifiable Credentials](http://openid.net/wordpress-content/uploads/2022/05/OIDF-Whitepaper_OpenID-for-Verifiable-Credentials_FINAL_2022-05-12.pdf) [...]
The goal of this whitepaper is to inform and educate the readers about the work on the OpenID for Verifiable Credentials (OpenID4VC) specifications family. It addresses use-cases referred to as Self-Sovereign Identity, Decentralized Identity, or User-Centric Identity.
* [Achieving Trusted Digital Transactions Across the Globe: OIX and ToIP Align to make it Happen](https://trustoverip.org/news/2022/06/15/achieving-trusted-digital-transactions-across-the-globe-oix-and-toip-align-to-make-it-happen/) Trust over IP
With a combined worldwide membership of over 400 organisations and individuals, including some of the worlds largest stakeholders in a digital ID future, this is a crucial development in the journey towards full digital ID adoption and a digital future that will work for everyone involved.
* [Digital Scotland: Blueprint for a 21st Century Scottish Digital Nation](https://digitalscot.net/library/digital-nation/)
@ -542,36 +374,17 @@ The Implementation Guide V1 provides a set of baseline recommendations to the CC
By recognising the pivotal importance of verified attributes and the potential role of personal data stores in enabling the sharing of these attributes, it is opening the door to actually solving the problem of identity. At last.
* [W3C to become a public-interest non-profit organization](https://www.w3.org/2022/06/pressrelease-w3c-le.html.en) W3.org
As W3C was created to address the needs of the early web, our evolution to a public-interest non-profit is not just to continue our community effort, but to mature and grow to meet the needs of the web of the future.
Thanks for your Votes!
Kaliya was elected to the [DIF steering committee](https://blog.identity.foundation/sc-election-2022-results/) Decentralized Identity Foundation
The six elected candidates are Sam Curren (Indicio Tech), Daniel Buchner (Block), Karyl Fowler (Transmute), Rouven Heck (Consensys Mesh, Executive Director at DIF), Markus Sabadello (DanubeTech) & Kaliya Young (Identity Woman). Sam, Karyl, Markus and Rouven have been re-elected for another two year term as SC members. You can read more about the SC candidates' background and vision for DIF here.
- [Avast demonstrates commitment to digital freedom with MyData membership](https://press.avast.com/avast-demonstrates-commitment-to-digital-freedom-with-mydata-membership)
* [RootsID SSI Report - E1](https://www.youtube.com/watch?v%3DspbZp8X1eH0)
covers our work with DIF, Trust over IP, and attending Consensus 2022.
* [Kim Cameron Award Winner Reflects on EIC](https://openid.net/2022/07/05/rachelle-sellung-2022-kim-cameron-award/) Rachelle Sellung
In a matter of a few days, I heard many inspiring presentations, had many interesting conversations, and met many wonderful people in this field at the Conference. It has already led to multiple conversations of working together regarding future stakeholder research that will hopefully be useful and support the identity community.
* [Quick wins to improve your Open Source communitys Architecture of Participation](https://blog.weareopen.coop/quick-wins-to-improve-your-open-source-communitys-architecture-of-participation-9d0e6c8d60fe) WeAreOpenCoop
Sociocracy is a system of governance that seeks to create psychologically safe environments and productive organizations. It draws on the use of consent, rather than majority voting, in discussion and decision-making by people who have a shared goal or work process.
* [Trinsic Basics: What Is a Trust Registry?](https://trinsic.id/trinsic-basics-what-is-a-trust-registry/) Trinsic
Trust registries also need to be interoperable. The [Trust Over IP Foundation](https://www.trustoverip.org/) has a [specification](https://github.com/trustoverip/tswg-trust-registry-tf) for an interoperable trust registry, and ours is the first implementation of this spec. Because of this, Trinsics Trust Registry Service is architected so that one ecosystem could reference or incorporate a trust registry from a separate ecosystem if needed.
* [Harrison new Co-Chair of the CCG and CEO of Spokeo explaining SSI](https://twitter.com/TheCEODad/status/1545907309435428864) Harrison Tang @TheCEODad
Self-sovereign identity, or SSI, is basically an identity owned by you - the user. In self-sovereign identity, you control and manage the access to your information
* [Public-private partnerships in health: The journey ahead for open source](https://www.lfph.io/2022/07/29/public-private-partnerships-in-health-the-journey-ahead-for-open-source/) Linux Foundation Public Health
@ -585,13 +398,8 @@ a trust infrastructure that preserves the structural, definitional, and contextu
* [Credivera Joins Microsoft Partner Network as Verifiable Credentials Provider](https://www.newswire.ca/news-releases/credivera-joins-microsoft-partner-network-as-verifiable-credentials-provider-857742185.html)
* [Keep Badges Weird: helping people understand the badges landscape](https://blog.weareopen.coop/keep-badges-weird-helping-people-understand-the-badges-landscape-79cc8cf7281) Doug Belshaw, We Are Open Co-op
Open Recognition is the awareness and appreciation of talents, skills and aspirations in ways that go beyond credentialing. This includes recognising the rights of individuals, communities, and territories to apply their own labels and definitions. Their frameworks may be emergent and/or implicit.” ([What is Open Recognition, anyway?](https://blog.weareopen.coop/what-is-open-recognition-anyway-9f38ec1f8629)
* [OpenID Foundation Publishes “Open Banking and Open Data: Ready to Cross Borders?”](https://openid.net/2022/07/29/whitepaper-open-banking-and-open-data/) OpenID
* [OpenID Foundation Publishes “The Global Open Health Movement: Empowering People and Saving Lives by Unlocking Data” Whitepaper](https://openid.net/2022/07/22/the-global-open-health-movement-empowering-people-and-saving-lives-by-unlocking-data-whitepaper/) OpenID
* [Ceramic Launches Community Forum](https://blog.ceramic.network/ceramic-launches-community-forum/)
Were excited to share that we launched the [Ceramic Community Forum](https://forum.ceramic.network/)! The forum is the place to ask technical questions and receive support from your fellow community members and Ceramics core team
@ -611,30 +419,6 @@ The aim of this public-private cooperation is to strengthen Finlands leading
* [Avast Joins Trust over IP as a Steering Member](https://trustoverip.org/news/2022/08/30/avast-joins-the-toip-foundation-as-a-steering-member/) TOIP
“It is finally time we had digital wallets with digital credentials that work exactly the same way our real-world wallets do,” said Mr. Reed. “We can take and use them anywhere to privately prove just what another party needs to know in the context of a particular transaction. We dont have to go through any third-party gatekeeper to do this. Thats the way it should work in the digital world too.”
* [Towards a Better Digital Identity Trust Framework in Aotearoa](https://digitalidentity.nz/2022/09/21/towards-a-better-digital-identity-trust-framework-in-aotearoa/) Digital Identity NZ
Its a great pleasure to share with you DINZ Reflections Report, a seminal piece of work that DINZs Digital Identity Trust Framework working group has developed over several months.
* [The Birth of the vLEI: A New Dawn in Digital ID for Legal Entities Everywhere](https://www.gleif.org/en/newsroom/blog/the-birth-of-the-vlei-a-new-dawn-in-digital-id-for-legal-entities-everywhere) GLEIF
For businesses the world over, confidence in digital authenticity is in short supply. Can you be sure that your banks website is not an elaborate phishing recreation? Did that e-invoice really come from your business partner? How can you tell? [...]
* [eBook: The vLEI: Introducing Digital I.D. for Legal Entities Everywhere](https://www.gleif.org/en/lei-solutions/gleifs-digital-strategy-for-the-lei/introducing-the-verifiable-lei-vlei/gleif-ebook-the-vlei-introducing-digital-i-d-for-legal-entities-everywhere)
* [How to Unf*ck Your Organisation: Organisational strategy and architecture for n00bs](https://blog.weareopen.coop/how-to-unf-ck-your-organisation-b73851dbeba5) WeAreOpenCoop
Weve put together an [email-based course](https://learnwith.weareopen.coop/courses/org-strategy/) to help forward-thinking people in senior roles who might need a bit of help and orientation. Weve broken things down into actionable steps based on the resources found at our Learn with WAO site, giving you enough direction and inspiration to get started transforming your organisation for the better!
* [Steps to Success when building a Community of Practice: Convening systems for maturity and development](https://blog.weareopen.coop/steps-to-success-when-building-a-community-of-practice-15bd7ed9ac5c) Doug Belshaw, WeAreOpenCoop
This post outlines different types of work that needs to take place when planning, sustaining, and developing a Community of Practice. It is informed by work that [WAO](https://weareopen.coop/) have carried out with [Participate](https://participate.com/) around the [Keep Badges Weird](https://badges.community/) community over the last 10 months.
* [2022 Executive Council nominations now open](https://digitalidentity.nz/2022/10/06/executive-council-nominations-now-open/) Digital Identity NZ
In December 2019, members elected the first Digital Identity NZ Executive Council. The Council is the governing group for the association; providing guidance and direction as we navigate the developing world of digital identity in Aotearoa. Each Council member is elected for a two-year term, with elections held annually and results notified at the Annual Meeting in December. So, as we approach the end of the year it is time for us to call for nominations for the Council seats coming up for re-election.
* [How to get a vLEI Credential](https://www.ubisecure.com/legal-entity-identifier-lei/how-to-get-a-vlei-credential/) Simon Wood, UbiSecure
The first step in issuance is for a representative to enter a contractual agreement with a QVI to provide the issuance service. The individual from the legal entity that undertakes this contractual signup is known as the Designated Authorised Representative (DAR) [...]
@ -642,16 +426,25 @@ The first step in issuance is for a representative to enter a contractual agreem
As per the LE-vLEI description the above is simplified. The full OOR-vLEIs issuance process is detailed in the [Ecosystem Governance Framework vLEI Credential Governance Framework Legal Entity Official Organizational Role](https://www.gleif.org/vlei/introducing-the-vlei-ecosystem-governance-framework/2022-02-07_legal-entity-vlei-credential-gf-draft-publication_v0.9-draft.pdf)
## W3C
## WeAreOpen
## W3C
* [does the CCG have any thoughts about possible changes to W3C itself?](https://lists.w3.org/Archives/Public/public-credentials/2022Apr/0067.html)  Daniel Hardman (Saturday, 9 April)
* [Keep Badges Weird: helping people understand the badges landscape](https://blog.weareopen.coop/keep-badges-weird-helping-people-understand-the-badges-landscape-79cc8cf7281) Doug Belshaw, We Are Open Co-op
This major organizational overhaul to the W3C is also happening at a time of unprecedented activity and change for the internet. Will the web support crypto and Web3 industry proposals? How will the web support advertising? What should be the baseline web browser security standards?
Open Recognition is the awareness and appreciation of talents, skills and aspirations in ways that go beyond credentialing. This includes recognising the rights of individuals, communities, and territories to apply their own labels and definitions. Their frameworks may be emergent and/or implicit.” ([What is Open Recognition, anyway?](https://blog.weareopen.coop/what-is-open-recognition-anyway-9f38ec1f8629)
* [Quick wins to improve your Open Source communitys Architecture of Participation](https://blog.weareopen.coop/quick-wins-to-improve-your-open-source-communitys-architecture-of-participation-9d0e6c8d60fe) WeAreOpenCoop
* [Announcement: W3C to become a public-interest non-profit organization](https://lists.w3.org/Archives/Public/public-credentials/2022Jun/0063.html)  Kimberly Wilson Linson (Tuesday, 28 June)
Sociocracy is a system of governance that seeks to create psychologically safe environments and productive organizations. It draws on the use of consent, rather than majority voting, in discussion and decision-making by people who have a shared goal or work process.
* [Emergent community building](https://blog.weareopen.coop/emergent-community-building-a35f9431d8a) WeAreOpenCoop
> Last week, we ran the first Keep Badges Weird community call
* [W3C to become a public-interest non-profit organization](https://www.w3.org/2022/06/pressrelease-w3c-le.html.en)
"We designed the W3C legal entity in a way that keeps our core unchanged," said Dr. Jeff Jaffe, W3C CEO. "Our values-driven work remains anchored in the royalty-free W3C Patent Policy, and the W3C Process Document where we enshrined dedication to security, privacy, internationalization and web accessibility. W3C and its Members will continue to play a fundamental role in making the web work for billions of people."
* [How to Unf*ck Your Organisation: Organisational strategy and architecture for n00bs](https://blog.weareopen.coop/how-to-unf-ck-your-organisation-b73851dbeba5) WeAreOpenCoop
> Weve put together an [email-based course](https://learnwith.weareopen.coop/courses/org-strategy/) to help forward-thinking people in senior roles who might need a bit of help and orientation. Weve broken things down into actionable steps based on the resources found at our Learn with WAO site, giving you enough direction and inspiration to get started transforming your organisation for the better!
* [Steps to Success when building a Community of Practice: Convening systems for maturity and development](https://blog.weareopen.coop/steps-to-success-when-building-a-community-of-practice-15bd7ed9ac5c) Doug Belshaw, WeAreOpenCoop
> This post outlines different types of work that needs to take place when planning, sustaining, and developing a Community of Practice. It is informed by work that [WAO](https://weareopen.coop/) have carried out with [Participate](https://participate.com/) around the [Keep Badges Weird]-(https://badges.community/) community over the last 10 months.
* [Good things happen slowly, bad things happen fast](https://blog.weareopen.coop/good-things-happen-slowly-bad-things-happen-fast-2fd894cbd4df) We Are Open Co-op
> Some organisations were experimenting with digital badges before 2011, but these were siloed and easy to right-click and copy. The technology trigger, the innovation with Open Badges, was to invent and make available an open metadata standard.
* [WTF are Stealth Badges?: The case of the O.G. Badger](https://blog.weareopen.coop/wtf-are-stealth-badges-41130a75a1a9) We are Open Coop
> This information means that this particular badge, which is manually issued, can be given out in fair and equitable ways. It also means that someone else who engaged with the Open Badges community before 2017 could lay claim to it.
>
> Stealth badges at scale require an automated system that issues badges depending on particular criteria. This is why they are very common in games-based environments. For example, I unlock some most weeks playing new and existing games on my PlayStation and Google Stadia.

50
_posts/identosphere-dump/public_sector/README.md
View File

@ -44,3 +44,53 @@
- Ontario
- LatAm
- LACCHAIN
## California
* [Our Input to the California Privacy Protection Agency (CPPA) Pre-Rulemaking Stakeholder Sessions](https://me2ba.org/our-input-to-the-california-privacy-protection-agency-cppa-pre-rulemaking-stakeholder-sessions/) Me2BA
California is a major center of new privacy law and regulation, creating opportunities for internet safety advocates to help design policies that will ripple out well beyond the states borders. Their Privacy Rights Act (CPRA), passed by ballot proposition in 2020, created the California Privacy Protection Agency (CPPA), which seems to be getting closer to initiating its first formal rulemaking process.
* [Data Broker Registry](https://oag.ca.gov/data-brokers) State of California Department of Justice
[California law requires a data broker](http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200AB1202), as defined in California Civil Code § 1798.99.80, to register with the Attorney General on its internet website that is accessible to the public, on or before January 31 following each year in which a business meets the [definition of a data broker](https://iapp.org/news/a/california-data-broker-registrations-who-made-the-list-on-jan-31/).
* [Crypto Regulatory Affairs: Governor of California Signs Blockchain Executive Order](https://www.elliptic.co/blog/crypto-regulatory-affairs-governor-of-california-signs-blockchain-executive-order) Elliptic
On May 4th, California Governor Gavin Newsom signed into effect a [“Blockchain Executive Order”](https://www.gov.ca.gov/2022/05/04/governor-newsom-signs-blockchain-executive-order-to-spur-responsible-web3-innovation-grow-jobs-and-protect-consumers/)
“[to] assess how to deploy blockchain technology for state and public institutions, and build research and workforce development pathways to prepare Californians for success in this industry”.
* [Our Input to the California Privacy Protection Agency (CPPA) Pre-Rulemaking Stakeholder Sessions](https://me2ba.org/our-input-to-the-california-privacy-protection-agency-cppa-pre-rulemaking-stakeholder-sessions/) Me2Ba
We have monitored and involved ourselves in this new agency since its inception, and Lisa LeVasseur (our Executive Director) and Noreen Whysel (Director of Validation Research) shared their expertise on product audits and dark patterns, respectively, in a recent pre-rulemaking CPPA Stakeholder Session (May 5-6).
* [Soulbound Tokens, Trust Networks, and California's Big Test](https://wrenchinthegears.com/2022/05/28/soulbound-tokens-trust-networks-and-californias-big-test/) Wrenchinthegears
California [SB1190](https://sd18.senate.ca.gov/news/342022-hertzberg-announces-new-blockchain-legislation-creating-%25E2%2580%259Ccalifornia-trust-framework%25E2%2580%259D) that would establish a “Trust Framework” at the state level. This bill was introduced to the state senate in early March by Robert Hertzberg, close friend of Los Angeles billionaire investor Nicholas Berggruen
The Verifiable Credentials Policy Committee, (that Kaliya Chairs) in California had a big win this week
* [California Moves Forward to Allow Vital Records to be Issued on Blockchain](https://www.coindesk.com/policy/2022/09/29/california-moves-forward-to-allow-vital-records-to-be-issued-on-blockchain/) Coindesk
* [approved another on Wednesday](https://www.gov.ca.gov/2022/09/28/governor-newsom-issues-legislative-update-9-28-22/) that instructs county records offices to [allow for the use of blockchain technology](https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id%3D202120220SB786) and verifiable credentials. The technology would be established in the distribution of birth, death and marriage records, allowing PDFs to be sent immediately rather than using a typical 10-day postal delivery.
* [California Legalizes Blockchain-based Vital Records](https://mobileidworld.com/california-legalizes-blockchain-based-vital-records-410031/) MobileDataWorld
As [an abstract of the bill](https://trackbill.com/bill/california-senate-bill-786-county-birth-death-and-marriage-records-blockchain/2043852/) explains, while existing law requires such records “to contain certain information and to be printed on chemically sensitized security paper, as specified,” the new legislation enables a county recorder to, upon request, issue a birth, death, or marriage record “by means of verifiable credential, as defined, using blockchain technology, defined as a decentralized data system, in which the data stored is mathematically verifiable, that uses distributed ledgers or databases to store specialized data in the permanent order of transactions recorded.”
* [VCs Policy Committeee (California) Participate in passing legislation to create a California Trust Framework!](https://iiw.idcommons.net/21B/_(California)_Verifiable_Credentials_Policy_Committeee_-_Come_learn_about_how_participate_in_passing_legislation_to_crete_a_California_Trust_Framework!) by Kaliya Young, Ally Medina [Slides](https://docs.google.com/presentation/d/1VyxmWan3qbxynxhKvw1CHhWZINiPRF9gjeqSCSDh1MY/edit?usp%3Dsharing)
> discussed how the Blockchain Advocacy Coalitions sponsorship of [AB 2004](https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id%3D201920200AB2004) pushed verifiable credentials into mainstream political discourse and how companies can help us shape public policy and government pilot programs of Verifiable Credential technology.
>
> We are planning on working with legislators to introduce a bill that creates a California Trust Framework and lays the groundwork for use of the technology in the public and private sector.
* [Me2BA provides human-centered recommendations to the California Privacy Protection Agency](https://me2ba.org/me2ba-provides-human-centered-recommendations-to-the-california-privacy-protection-agency/)
The California Privacy Rights Act of 2020 (“CPRA”) established the California Privacy Protection Agency (“CPPA”). The CPPAhas full administrative power and authority to implement the CCPA and CPRA, which basically means that the CPPA will be in charge of updating regulations and adopting new regulations, while enforcement of these regulations will be done by both the CPPA and the Attorney General
* [California Digital Vaccine Record based on VCs](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0191.html) Heather Vescent June 18
May be of interest: [https://www.latimes.com/california/story/2021-06-18/california-unveils-system-to-provide-digital-covid-19-vaccine-records](https://www.latimes.com/california/story/2021-06-18/california-unveils-system-to-provide-digital-covid-19-vaccine-records)
SMART Health Card Framework: [https://vci.org/about#smart-health](https://vci.org/about%23smart-health)
To achieve this purpose, the founding members of VCI™ have collaborated to develop (1) the SMART Health Cards Framework Implementation Guide based on the World Wide Web Consortium (W3C) Verifiable Credential and Health Level 7 (HL7) SMART on FHIR standards, and (2) the SMART Health Cards: Vaccination & Testing Implementation Guide.
If you are in California, you can get your vaccine record here: [https://myvaccinerecord.cdph.ca.gov/](https://myvaccinerecord.cdph.ca.gov/)

0
_posts/identosphere-dump/public_sector/africa.md Normal file
View File

57
_posts/identosphere-dump/public_sector/canada.md
View File

@ -3,6 +3,13 @@ published: false
---
# Canadian Identity
* [Agency to hear public comment at hearing on August 24 and 25 as part of rulemaking process](https://cppa.ca.gov/regulations/) CPPA CA
A hearing on the [proposed regulations](https://cppa.ca.gov/regulations/consumer_privacy_act.html) will occur on August 24 and 25, 2022 at 9:00 am Pacific Time. Media and members of the public are encouraged to RSVP via the link above.
Persons who wish to submit written comments on the proposed regulations must submit them by August 23, 2022
* [BC Digital Trust](https://digital.gov.bc.ca/digital-trust/) BCGov
Nice resources page from BCGov
@ -50,3 +57,53 @@ Canada boasts world-leading exemplar case studies for the role of Self Sovereign
> “The Treasury Board Secretariat of Canada (TBS) and Shared Services Canada (SSC) are seeking a standardized method to issue and rapidly verify portable digital credentials across many different contexts, thereby reducing human judgement error, increasing efficiency and ensuring digital credential veracity using cryptography.”
* [/canada-ca/ucvdcc/](https://github.com/canada-ca/ucvdcc/)
* [Google Doc](https://docs.google.com/presentation/d/1rC4Lhh0ixaig4OP3cbv2q7SkL_rFrLe489PUEUIDjDQ/edit#slide=id.p).
* [Engaging with the Ontario Digital Identity Program.](https://trustoverip.org/blog/2021/10/25/engaging-with-the-ontario-digital-identity-program/) TrustOverIP
- A summary of findings from government-led public consultations on digital identity
- An overview of Ontarios Digital ID technology roadmap, and discussions about the technology stacks and infrastructure
- Ontarios proposed conceptual model for digital identity, and the principles that inform it
* [Ontario Releases Technology and Standards for Digital Identity](https://news.ontario.ca/en/release/1000787/ontario-releases-technology-and-standards-for-digital-identity) Ontario Newsroom
“Our [Ontario Onwards: Action Plan](https://www.ontario.ca/page/ontario-onwards) first announced our governments goal to make Ontario the most advanced digital jurisdiction in the world all in the service of the people of this province,” said Peter Bethlenfalvy, Minister of Finance. “The release of Ontarios Digital ID later this year will be an exciting step towards transforming and modernizing government services in an increasingly digital world.”
* [Ontarians are getting digital ID this fall: All you need to know](https://www.itworldcanada.com/article/ontarians-are-getting-digital-id-this-fall-all-you-need-to-know/458633) itWorldCanada
tech standards that the provincial government says it is currently considering include the [Verifiable Credentials Data Model 1.0](https://www.w3.org/TR/vc-data-model/) for data modeling, [Decentralized Identifiers (DIDs) v1.0](https://www.w3.org/TR/did-core/) for key management, [JSON-LD 1.1](https://www.w3.org/TR/json-ld11/) for data formatting, [OpenID Connect](https://openid.net/connect/) as identity standard, [BBS+ Signatures 2020](https://w3c-ccg.github.io/ldp-bbs2020/) and [Ed25519 Signature 2020](https://w3c-ccg.github.io/lds-ed25519-2020/) for signature format, [Self-Issued OpenID Provider v2](https://openid.net/specs/openid-connect-self-issued-v2-1_0.html) and more for interoperability.
* [The Future of Digital Identity in Canada: Self-Sovereign Identity (SSI) and Verified.Me](https://securekey.com/the-future-of-digital-identity-in-canada-self-sovereign-identity-ssi-and-verified-me/) SecureKey
> Verified.Me ensures that only authorized attributes are shared with explicit user consent. The service bridges together multiple participants within a common ecosystem to verify the identities of users securely and privately across the participating organizations with others within the group.
* [Decentralized, Self-Sovereign, Consortium: The Future of Digital Identity in Canada](https://www.frontiersin.org/articles/10.3389/fbloc.2021.624258/)
> This article introduces how SecureKey Technologies Inc. (SecureKey) worked with various network participants and innovation partners alongside government, corporate, and consumer-focused collaborators, in a consortium approach to create a mutually beneficial network of self-sovereign identity (SSI) principles with blockchain in Canada.
* [Trust Frameworks? Standards Matter](https://medium.com/@trbouma/trust-frameworks-standards-matter-47c946992f44) Tim Bouma
> He points at the NIST documents about it [Developing Trust Frameworks to Support Identity Federations](https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8149.pdf) published in 2018. He also points at the Canadian governments definition of standards.
>
> “a document that provides a set of agreed-upon rules, guidelines or characteristics for activities or their results. Standards establish accepted practices, technical requirements, and terminologies for diverse fields.”  He goes on to highlight a lot of the work being done in Canada and where it all sits relative to being a standard - “In closing, there are lots of trust frameworks being developed today. But to be truly trusted, a trust framework needs to either apply existing standards or become a standard itself.”
* [Privacy in Ontario?](https://www.webistemology.com/a-mydata-ontario-privacy-submission/) Webistemology John Wunderlich
> MyData Canada recently submitted a report to the Government of Ontario in response to its consultation for strengthening privacy protections in Ontario.
* [Canada: Enabling Self-Sovereign Identity](https://trbouma.medium.com/canada-enabling-self-sovereign-identity-efcfda2aa044) Tim Bouma
Older article not covered here, yet
The adoption of the [self-sovereign identity model](http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html) within the Canadian public sector is still being realized in 2020. It is too early to tell how it will change the technological infrastructure or the institutional infrastructure of Canadian public services.
* [Old Policy, New Tech: Reconciling Permissioned Blockchain Systems with Transatlantic Privacy Frameworks](https://events.asucollegeoflaw.com/gets/wp-content/uploads/sites/10/2022/05/Remy-Hellstern-REVIEWED.pdf) By Remy Hellstern and Victoria Lemieux
This paper will explore the global conversation and consensus around data privacy regulation, with specific attention to the European Union and Canada. It will work to understand how blockchain-based firms situate themselves amid this regulation in relation to the storage of personally identifiable information by looking at relevant policy decisions, legal cases, and commentary from regulatory bodies and commissions.
* [Indicio and Liquid Avatar Technologies Launch Canadas First Privacy-Preserving Decentralized Technology for Sharing Health Data](https://indicio.tech/indicio-and-liquid-avatar-technologies-launch-canadas-first-privacy-preserving-decentralized-technology-for-sharing-health-data/) Indicio
“Liquid Avatar Technologies shares Indicios vision—the world needs technology that works for people by delivering real privacy and security,” said Heather Dahl, CEO of Indicio. “When we launched the Indicio Network, we saw the need for a space for innovative companies to collaborate on changing how we manage identity, enable verification, and create trust. Our partnership with Liquid Avatar Technologies, one of many, shows what can happen when innovators solve pressing problems with ground-breaking technology.”
* [Self-Sovereign Identity as a Service: Architecture in Practice](https://arxiv.org/pdf/2205.08314.pdf) Yepeng Ding, Hiroyuki Sato, University of Tokyo
We propose a practical architecture by elaborating the service concept, SSI, and DLT to implement SSIaaS platforms and SSI services. Besides, we present an architecture for constructing and customizing SSI services with a set of architectural patterns and provide corresponding evaluations. Furthermore, we demonstrate the feasibility of our proposed architecture in practice with Selfid, an SSIaaS platform based on our proposed architecture.
Ontario (a province in Canada) just had an election last week and Darrell thinks: [Digital ID Can Increase Voter Participation](https://www.continuumloop.com/digital-id-can-increase-voter-participation/)
Im not an expert on the election process, and this is just my opinion. Ive been lazy in past elections, and Id be lying if I said Ive voted in every one. As a citizen, I believe ease and accessibility have a lot to do with it.
* [Decentralized Identity & Government](https://www.youtube.com/watch?v%3Dl8pHUdjKfes) Evernym
The key differences between federated and decentralized identity systems - An analysis of a few notable government-led projects, such as Aadhaar (India), Verify (UK), eIDAS (EU), and the Ontario Digital Identity Program (Canada) - What decentralization means for portability, scalability, flexibility, and privacy - How governments and commercial organizations can enhance existing federated identity systems with verifiable credentials
* [Participate in Alberta's First Verifiable Digital Credentials Pilot](https://pilot.atbventures.com/) ATB Ventures and Govt Alberta
As a part of the pilot, you will add your MyAlberta Digital ID as a verifiable credential to your mobile digital wallet (on your smartphone) and use this digital credential to open an ATB Pay As You Go Account - Digital Credential account with ATB Financial.

57
_posts/identosphere-dump/public_sector/europe.md
View File

@ -356,3 +356,60 @@ After a tough competition among overall excellent proposals, eSSIF-LAB selected
* [5 reasons why professionals and enthusiasts of Self-Sovereign Information Sharing should look into EBSI](https://ec.europa.eu/newsroom/cef/newsletter-archives/40411)
The web is increasingly more distributed, and with it, a new pattern of information sharing is emerging: Self Sovereign Information sharing, where citizens stay in control of their information by choosing what and when to disclose it, and to whom EBSI enables self-sovereign Citizen-to-Government (C2G) and C2B (Citizen-to-Business) privacy-preserving information sharing.
* [Self-Sovereign Identity Working Group](https://europeanblockchainassociation.org/eba-working-group-self-sovereign-identity-eussi/) European Blockchain Association in collaboration with the European Commission
Right now, many enterprises and organisations are building their own SSI solutions by implementing the existing standards and protocols. Since all these parties do similar work and have to face similar problems, it is critical for the community to share these learnings and experiences openly.
* [A critical fork in the data road?](https://medium.com/mydex/a-critical-fork-in-the-data-road-1eb29c5a42a8) MyData
Is the EU discussion about data portability missing a key point?
In its discussion of data portability the EU rightly recognises the economic importance of this issue, stressing that “market imbalances arising from the concentration of data restricts competition, increases market entry barriers and diminishes wider data access and use.”
it is likely that many dApp developers now need an identity solution that preserves privacy but ensures compliance which is exactly the solution that we are building at SelfKey.
EU [DATA GOVERNANCE ACT MEETS TOIP FRAMEWORK](https://trustoverip.org/blog/2022/01/13/data-governance-act-meets-toip-framework/) TOIP
The DGA defines an “intermediary” that facilitates processing and sharing of data for individuals and organizations to “…increase trust in data intermediation services and foster data altruism across the EU”. In the [MyData](https://mydata.org/declaration/) framework for user-controlled data sharing, intermediaries are called [MyData Operators](https://mydata.org/mydata-operators/) and there is a certification program in place.
* [How the Digital Markets Act (DMA) will shape the future of digital identity in Europe](https://www.idnow.io/blog/digital-markets-act-dma-future-digital-identity/) IDNow
On March 24th, 2022, [the European Parliament and Council reached an agreement on the final version of the Digital Markets Act (DMA)](https://eur-lex.europa.eu/legal-content/de/TXT/?qid%3D1608116887159%26uri%3DCOM%253A2020%253A842%253AFIN). According to the European Commission, the DMA regulation is expected to be reviewed and enacted by October 2022.
* [Overview of Member States' eID strategies](https://ec.europa.eu/cefdigital/wiki/display/EIDCOMMUNITY/National%2BStrategies)
> The report focusses on the approaches towards eID outlined in national strategy documents, together with other supporting documentation and web resources, with the aim of offering a thorough understanding of the eID state of play across Europe.
* [Understanding the MiCA and Pilot Regime crypto regulation](https://medium.com/adaneu/relax-take-it-easy-understanding-the-mica-and-pilot-regime-crypto-regulation-db21e537ec58)
> The European Commissions proposal for the regulation of crypto-assets markets is based on two draft texts :
> - MiCA (Markets in Crypto-Assets Regulation) whose scope covers cryptocurrencies, utility tokens and stablecoins ;
> - the Pilot Regime Regulation for DLT Market Infrastructures (PRR) project.
> With these two texts, the Commissions goal is to regulate crypto-asset players and not the assets as such.
* [EU Data Governance Act officially released](https://ec.europa.eu/digital-single-market/en/news/data-governance-act)
>foster the availability of data for use by increasing trust in data intermediaries and by strengthening data-sharing mechanisms across the EU
One of MyDex CICs founders, [Alan Mitchell shares a feeling of Vindication](https://medium.com/mydex/vindicated-cb897fb4e94b) in a post celebrating the companies early articulation of key principles and how the EUs proposed new Data Governance Act aligns with that.
> These providers will have to comply with a number of requirements, in particular the requirement to remain neutral as regards the data exchanged. They cannot use such data for other purposes. In the case of providers of data sharing services offering services for natural persons, the additional criterion of assuming fiduciary duties towards the individuals using them will also have to be met.
* [Data Exchange Board to Improve the EU Data Governance Act](https://mydata.org/2020/12/09/why-we-need-a-data-exchange-board-to-improve-the-eu-data-governance-act/)
* [Trust in the digital space](https://lissi-id.medium.com/trust-in-the-digital-space-7762471351cf) Lissi ID
Would we rather have a high level of security or self-sovereignty? Unfortunately, the two aspects are at different ends of the spectrum. If we only allow pre-verified and approved parties to retrieve identity data, as currently envisaged by the [eIDAS regulation](https://lissi-id.medium.com/eidas-and-the-european-digital-identity-wallet-context-status-quo-and-why-it-will-change-the-2a7527f863b3), this severely restricts usage
* [How Can Europe Lead Innovation And Win Web3? Ledgers 4 Recommendations For EU Policymakers](https://acrobat.adobe.com/link/review?uri%3Durn:aaid:scds:US:fa00c64a-5f6d-38c6-baf7-0bcfa06e6a28%23pageNum%3D25)
1. Invest in a public/private partnership to co-develop a self-sovereign identity solution for Europe.
* [Is the EU Digital Identity Wallet an implementation of Self-Sovereign Identity?](https://www.innopay.com/en/publications/eu-digital-identity-wallet-implementation-self-sovereign-identity) Innopay
The intention of the European Commission is to allow or even force acceptance in a wide range of sectors in the public and private domain and thereby ensure that identities are as wisely usable as possible (interoperability). The principle of consent will also be met, as it is already fulfilled with current eID solutions notified under eIDAS and other EU regulations, such as GDPR and PSD2. One of the explicit requirements of the proposal is selective disclosure, in line with GDPRs rules on data minimalisation.
- [Avasts views on the proposed amendments to the eIDAS 2.0 regulation](https://blog.avast.com/eidas-2.0-amendments-analysis)
* [UK Draft Digital Identity Framework Published](https://www.research-live.com/article/news/uk-draft-digital-identity-framework-published/id/5087382) Research Live
Updates to the framework include new guidance on creating a consistent approach on user experience, rules on how to manage digital identity accounts, clearer definitions for the frameworks role and details on how organisations will be certified.
* [Can a Verifiable Credential-based SSI Implementation meet GDPR Compliance?](https://academy.affinidi.com/can-a-verifiable-credential-based-ssi-implementation-meet-gdpr-compliance-5039d0149ea4)
Lets examine how SSI meets each of the articles from #13 to #22.
* [SSI](https://academy.affinidi.com/can-a-verifiable-credential-based-ssi-implementation-meet-gdpr-compliance-5039d0149ea4) is a digital movement that aims to enable individuals or organizations to have sole ownership of their identity, and to have control over how their data is shared and used.

17
_posts/identosphere-dump/public_sector/india.md Normal file
View File

@ -0,0 +1,17 @@
# Indian Data Legislation
* [Revisiting the non-personal data governance framework](https://www.orfonline.org/expert-speak/data-development-revisiting-non-personal-data-governance-framework/)
> In July 2020, an expert committee established by the Ministry of Electronics and Information Technology (MEITY) released a report on the Non-Personal Data (NPD) governance framework for India. The document is well-intentioned in that it recognises the public value of data, and the need to democratise its use.
* [Potential Impacts of Draft India Personal Data Protection Bill (PDPB)](https://www2.deloitte.com/in/en/pages/risk/articles/privacy-data.html) (Deloitte)
- [Practising data stewardship in India, early questions](https://www.adalovelaceinstitute.org/blog/practising-data-stewardship-in-india/) - could data stewardship help to rebalance power towards individuals and communities? ALI
* [Pramod Varma's message as India touches the 1 BN COVID Vaccination Certificates Milestone](https://www.youtube.com/watch?v%3DPFo7YlxUaJk) eGovernments Foundation
On the occasion of the [#100CroreVaccinationCertificates](https://twitter.com/hashtag/100CroreVaccinationCertificates) milestone, [@pramodkvarma](https://twitter.com/pramodkvarma) CTO, [@eksteporg](https://twitter.com/eksteporg) shares the journey of #DigitalPublicGood - DIVOC (Digital Infrastructure for Vaccination Open Credentialing) for vaccination credentialing
* [Identity in the 21st Century India: Where are we?](https://www.crubn.com/_files/ugd/3e90e2_82e2de11e1194f1c93ed68c411d78564.pdf?index%3Dtrue) Crubn
This whitepaper is an attempt to understand identity from a governance perspective and the various methods of identification used. In particular, it'll analyse India's digital identity infrastructure its motivations, the benefits it has yielded, and the dangers that might adversely impact it.
* [India-stack and self-sovereign identity | EUBS 2022](https://www.youtube.com/watch?v%3Dof-iuDZpWuA)
a panel discussion with Akhilesh Srivastava (IT Advisor at Government of Uttarakhand), Mallikarjun Karra (Director of Research And Partnerships at Timechain Labs), Prof. Sandeep Shukla (Computer Science & Engineering at Indian Institute of Technology Kanpur), Swapnil Pawar (Founder of Newrl) and Ishan Roy (Head of Blockchain at Tamil Nadu E-Governance Agency)

38
_posts/identosphere-dump/public_sector/new-zealand.md Normal file
View File

@ -0,0 +1,38 @@
# Digital Identity New Zealand
* [DINZ held the first Aotearoa Digital Identity Hui Taumata](https://digitalidentity.nz/2020/12/07/aotearoa-digital-identity-hui-taumata-2/)
> Bianca Lopes and David Birch shared with us their International perspectives and insights, including a whirlwind Identity world tour hosted by Bianca and her team at Talle.
* [The Trust Economy in a Future New Zealand](https://digitalidentity.nz/2021/06/16/the-trust-economy-in-a-future-new-zealand/)
> My interest was first piqued when I came across three videos on YouTube from [Rachel Botsman](https://www.youtube.com/watch?v%3D-vbPXbm8eTw), [Jordan Perterson](https://www.youtube.com/watch?v%3DpFXdsD-8SKk) and [Philipp Kristian Diekhöner.](https://www.youtube.com/watch?v%3DXNog-xrc_YA)
>
> Trust has always been at the centre of society overall and commerce in particular.  Theres a reason why during the first industrial revolution banks always built the most impressive, secure looking buildings in town so you trusted them to deposit you money there!
* [Towards a Better Digital Identity Trust Framework in Aotearoa](https://digitalidentity.nz/2022/09/21/towards-a-better-digital-identity-trust-framework-in-aotearoa/) Digital Identity NZ
> Its a great pleasure to share with you DINZ Reflections Report, a seminal piece of work that DINZs Digital Identity Trust Framework working group has developed over several months.
* [Aotearoas digital identity journey that leaves no-one behind](https://digitalidentity.nz/2022/05/18/aotearoas-digital-identity-journey-that-leaves-no-one-behind/) DigitalID NZ
> IEUDI, together with DINZs Te Kāhui Te Tiriti O DINZ and Digital Identity Services Trust Framework (DISTF) [work groups](https://digitalidentity.nz/working-groups/), detail the scope of DINZs mahi this year and into 2023 in pursuit of its mission to create a digital identity ecosystem that enhances privacy, trust and improves access for all people in New Zealand. [...]
>
> The DISTF WG met last week also, to discuss the [Select Committees report](https://www.legislation.govt.nz/bill/government/2021/0078/latest/whole.html) following the [submissions](https://www.parliament.nz/en/pb/bills-and-laws/bills-proposed-laws/document/BILL_116015/tab/submissionsandadvice), containing its recommended changes to [the Bill](https://www.legislation.govt.nz/bill/government/2021/0078/latest/whole.html) prior to its Second Reading.
* [2022 Executive Council nominations now open](https://digitalidentity.nz/2022/10/06/executive-council-nominations-now-open/) Digital Identity NZ
> In December 2019, members elected the first Digital Identity NZ Executive Council. The Council is the governing group for the association; providing guidance and direction as we navigate the developing world of digital identity in Aotearoa. Each Council member is elected for a two-year term, with elections held annually and results notified at the Annual Meeting in December. So, as we approach the end of the year it is time for us to call for nominations for the Council seats coming up for re-election.
* [New Zealand](https://digitalidentity.nz/2020/11/18/get-involved-with-dinz-this-november/) is working with Maori leaders on Identity
> Next week were celebrating our first Aotearoa Digital Identity Hui Taumata.  Were particularly excited to be bringing you a Kapa Kōrero session with Kaye-Maree Dunne, Jane-Renee Retimana, Belinda Allen and Ben Tairea.  The quartet will be exploring perspectives from Te Ao Māori, and the relevance of Te Tiriti in our collective work on digital identity.
>
> Digital Identity New Zealand is having its [Annual Meeting](https://digitalidentity.nz/event/digital-identity-nz-annual-meeting/) Dec 10th
* [A key place for Identity in the Digital Strategy for Aotearoa](https://digitalidentity.nz/2021/10/05/a-key-place-for-identity-in-the-digital-strategy-for-aotearoa/) < - Colin Wallis will now head Digital Identity.nz
> Our government is embarking on a journey to create [A Digital Strategy for Aotearoa](https://www.cio.com/article/3628718/national-strategy-digital-twin-and-skills-shortages-on-nz-tech-minister-s-mind.html) that seeks to respond to the social, economic, education and cultural opportunities from digital technology, along with the risks that these technologies can bring.
* [The Trust Economy in a Future New Zealand](https://digitalidentity.nz/2021/06/16/the-trust-economy-in-a-future-new-zealand/)
> Now with the 4th industrial (digital) revolution the old vertical, siloed trust models are breaking down and we are moving to a more horizontal, distributed environment.* [INCLUSIVE AND ETHICAL USES OF DIGITAL IDENTITY](https://digitalidentity.nz/inclusive-and-ethical-uses-of-digital-identity/) DINZ
> In April 2022, DINZ launched a broad-scope members [Working Group](https://digitalidentity.nz/inclusive-and-ethical-uses-of-digital-identity/) in response to the increasing challenges for some groups in society to participate fully in [Aotearoas digital transformation](https://www.digital.govt.nz/digital-government/strategy/towards-a-digital-strategy-for-aotearoa/developing-a-digital-strategy-for-aotearoa/), with the aim of providing baseline supporting guidance to inform policy and service design.
* [DINZs annual Consumer Research](https://digitalidentity.nz/wp-content/uploads/sites/25/2020/07/DINZ-Scrolling-Infographic-July-2020-FINAL.pdf) Digital Identity NZ
l Scrolling Infographic! It looks fun and has some good info in it.
>
> Do the best you can until you know better. Then when you know better, do better. These wise words from Maya Angelou encapsulate the key findings from our 2020 trust and identity research.
* [Leading the digital trust conversation](https://digitalidentity.nz/2022/07/15/leading-the-digital-trust-conversation/) DI NewZealand
> the Digital Identity Services Trust Framework Act has the potential to provide a game-changing regulatory foundation for the identification and authentication components of services delivered through the digital channel.  Those services that choose to be independently audited for compliance against the Frameworks security and privacy oriented rules and standards to become accredited, would then be able to differentiate those digital service brands through displaying an accreditation mark.
* [Summary of Public Engagement of the Digital Strategy for Aotearoa discussion document](https://www.digital.govt.nz/dmsdocument/229~towards-a-digital-strategy-for-aotearoa-summary-of-public-engagement/html) New Zealand Govt.
> The discussion document stated that a Digital Strategy for Aotearoa (the Strategy) would need to respond to the social, economic, education and cultural opportunities from digital technology, along with the risks that these technologies could bring.
* [Postcard from the UK](https://digitalidentity.nz/2022/06/20/postcard-from-the-uk/) DIGITAL IDENTITY NEW ZEALAND
It is on this last point that I do see a slight gap between the UK and Aotearoa. In the UK and in Europe more generally there seems to be more awareness of, and a sense of urgency around, the vulnerability of mobile smartphones, given the expectation that they will be the device of choice for most people to download digital identity related wallet apps.

200
_posts/identosphere-dump/public_sector/policy.md
View File

@ -5,23 +5,10 @@ published: false
* [GDPR: Everything you need to know](https://authenteq.com/general-data-protection-regulation-gdpr-and-all-thats-behind-it/) - is a great post by authentic explaining it at a high level that we thought would be helpful to those trying to orient.
This is a [round-up from Ally Medina](https://blockadvocacy.medium.com/cas-2020-blockchain-legislative-roundup-89cdd3bad25c) (who was at IIW). She worked on getting AB 2004 passed in California that permitted Verifiable Credentials to be used for Covid-19 test results. It covers other California developments too.
Hearings in Wyoming this week. [Go to this page](https://www.wyoleg.gov/Committees/2020/S19) and click on the *11/2/2020 meeting details*. The section of interest is the *9:30 am* (Wyoming time) discussion on Disclosure of private cryptographic keys.
* [IPR - what is it? why does it matter?](https://identitywoman.net/ipr%25e2%2580%258a-%25e2%2580%258awhat-is-it-why-does-it-matter/)
> There is a lot of diversity in the category of future patent problems. Someone who was contributing without declaring that they hold a patent related to the work can claim they had a patent later (years after the specification is finished) and seek payment from everyone using/implementing the standard, claiming licensing rights or even lost revenue on ideas they legally own.
* [What Are the Six Key Areas of the FATF Consultation?](https://www.elliptic.co/blog/six-key-areas-of-the-fatf-consultation) Elliptic
> On March 19th, Paris-based Financial Action Task Force (FATF), the global standard-setting body for anti-money laundering and counter-terrorism finance (AML/CFT), released its [Draft Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers](https://www.fatf-gafi.org/media/fatf/documents/recommendations/March%25202021%2520-%2520VA%2520Guidance%2520update%2520-%2520Sixth%2520draft%2520-%2520Public%2520consultation.pdf). Or, in compliance acronym speak the FATF's draft guidance for its RBA to VAs and VASPs.
* [Privacy in Ontario?](https://www.webistemology.com/a-mydata-ontario-privacy-submission/) Webistemology John Wunderlich
> MyData Canada recently submitted a report to the Government of Ontario in response to its consultation for strengthening privacy protections in Ontario.
* [A US National Privacy Law Looks More Likely Than Ever](https://anonyome.com/2021/04/a-us-national-privacy-law-looks-more-likely-than-ever/)
> from the plethora of federal privacy bills put forward, there are three standouts:
- [Consumer Online Privacy Rights Act](https://www.cantwell.senate.gov/imo/media/doc/COPRA%2520Bill%2520Text.pdf) (COPRA) (Democrats) Sponsored in November 2019 by Democratic Senator Maria Cantwell of Washington, this bill is [considered by some](https://www.darkreading.com/endpoint/what-a-federal-data-privacy-law-would-mean-for-consumers/a/d-id/1340433) to be “GDPR-esque” and more consumer than business friendly.
- Setting an American Framework to Ensure Data Access, Transparency and Accountable Ability Act ([SAFE DATA Act](https://www.commerce.senate.gov/services/files/BD190421-F67C-4E37-A25E-5D522B1053C7)) (GOP) Combining three previous bills, the SAFE DATA Act is [considered by some](https://www.darkreading.com/endpoint/what-a-federal-data-privacy-law-would-mean-for-consumers/a/d-id/1340433) as more “business friendly”.
- [Information Transparency and Personal Data Control Act](https://delbene.house.gov/news/documentsingle.aspx?DocumentID%3D2740)  Re-introduced by Congresswoman Suzan DelBene (WA-01) for the fourth time (the latest on March 10, 2021), [this bill](https://delbene.house.gov/news/documentsingle.aspx?DocumentID%3D2740) “… protects personal information including data relating to financial, health, genetic, biometric, geolocation, sexual orientation, citizenship and immigration status, Social Security Numbers, and religious beliefs. It also keeps information about children under 13 years of age safe. ”Beyond this it requires businesses to write their privacy policies in simple language.“
* [Self-sovereign identity in the context of data protection and privacy](https://yourstory.com/2020/11/self-sovereign-identity-context-data-protection-privacy/amp) YourStory
this article deconstructs the self-sovereign identity model and examines how it stacks up against The Personal Data Protection Bill, 2019.
@ -32,84 +19,19 @@ Each government moves at its own pace for as many reasons as there are countries
* [ICOs Child Protection Rules Take Effect Sept. 2, 2021. Are You Ready?](https://identitypraxis.com/2021/09/01/icos-child-protection-rules-take-effect-sept-2-2021-are-you-ready/) Identity Praxis
The UK [Information Commissions (ICO) Childrens Code](https://ico.org.uk/for-organisations/guide-to-data-protection/ico-codes-of-practice/age-appropriate-design-a-code-of-practice-for-online-services/), officially known as the“Age Appropriate Design Code: a code of practice for online services,” after a year grace period, goes into effect Thursday, Sept. 2, 2021.
* [The Infrastructure Bill and What it Holds for Crypto](https://selfkey.org/the-infrastructure-bill-and-what-it-holds-for-crypto/) SelfKey Foundation
In this article, well try to summarize the key points surrounding the infrastructure bill and the effect it has on crypto.
* [...]
it is likely that many dApp developers now need an identity solution that preserves privacy but ensures compliance which is exactly the solution that we are building at SelfKey.
EU [DATA GOVERNANCE ACT MEETS TOIP FRAMEWORK](https://trustoverip.org/blog/2022/01/13/data-governance-act-meets-toip-framework/) TOIP
The DGA defines an “intermediary” that facilitates processing and sharing of data for individuals and organizations to “…increase trust in data intermediation services and foster data altruism across the EU”. In the [MyData](https://mydata.org/declaration/) framework for user-controlled data sharing, intermediaries are called [MyData Operators](https://mydata.org/mydata-operators/) and there is a certification program in place.
* [Executive Order on Ensuring Responsible Development of Digital Assets](https://www.whitehouse.gov/briefing-room/presidential-actions/2022/03/09/executive-order-on-ensuring-responsible-development-of-digital-assets/) White House - President Biden
We must promote access to safe and affordable financial services.  Many Americans are underbanked and the costs of cross-border money transfers and payments are high.  The United States has a strong interest in promoting responsible innovation that expands equitable access to financial services, particularly for those Americans underserved by the traditional banking system, including by making investments and domestic and cross-border funds transfers and payments cheaper, faster, and safer, and by promoting greater and more cost-efficient access to financial products and services.  The United States also has an interest in ensuring that the benefits of financial innovation are enjoyed equitably by all Americans and that any disparate impacts of financial innovation are mitigated.
* [How the Digital Markets Act (DMA) will shape the future of digital identity in Europe](https://www.idnow.io/blog/digital-markets-act-dma-future-digital-identity/) IDNow
On March 24th, 2022, [the European Parliament and Council reached an agreement on the final version of the Digital Markets Act (DMA)](https://eur-lex.europa.eu/legal-content/de/TXT/?qid%3D1608116887159%26uri%3DCOM%253A2020%253A842%253AFIN). According to the European Commission, the DMA regulation is expected to be reviewed and enacted by October 2022.
Canada
* [Digital Identity and Attributes Trust Framework](https://stateofidentity.libsyn.com/digital-identity-and-attributes-trust-framework) State of Identity
Do you trust technology and government to protect your data? On this week's State of Identity podcast, host, Cameron D'Ambrosi is joined by Gareth Narinesingh, Head of Digital Identity at HooYu to discuss the bridge between payments and identity wallets, the UK's next big push in adopting shared identity standards, and the foundation of decentralized identity verification across Web3 applications and the metaverse.
* [UK Draft Digital Identity Framework Published](https://www.research-live.com/article/news/uk-draft-digital-identity-framework-published/id/5087382) Research Live
Updates to the framework include new guidance on creating a consistent approach on user experience, rules on how to manage digital identity accounts, clearer definitions for the frameworks role and details on how organisations will be certified.
* [Can a Verifiable Credential-based SSI Implementation meet GDPR Compliance?](https://academy.affinidi.com/can-a-verifiable-credential-based-ssi-implementation-meet-gdpr-compliance-5039d0149ea4)
Lets examine how SSI meets each of the articles from #13 to #22.
* [SSI](https://academy.affinidi.com/can-a-verifiable-credential-based-ssi-implementation-meet-gdpr-compliance-5039d0149ea4) is a digital movement that aims to enable individuals or organizations to have sole ownership of their identity, and to have control over how their data is shared and used.
* [The Policymakers Guide to Respectful Technology in Legislation](https://me2ba.org/the-policymakers-guide-to-respectful-technology-in-legislation/)
What most people want but dont have the terms to describe is respectful digital relationships. In the same way there is an unspoken code for respectful behavior in physical-realm relationships, this same type of behavior is just as essential when engaging with an online service or website.
* [Overview of Member States' eID strategies](https://ec.europa.eu/cefdigital/wiki/display/EIDCOMMUNITY/National%2BStrategies)
> The report focusses on the approaches towards eID outlined in national strategy documents, together with other supporting documentation and web resources, with the aim of offering a thorough understanding of the eID state of play across Europe.
* [Understanding the MiCA and Pilot Regime crypto regulation](https://medium.com/adaneu/relax-take-it-easy-understanding-the-mica-and-pilot-regime-crypto-regulation-db21e537ec58)
> The European Commissions proposal for the regulation of crypto-assets markets is based on two draft texts :
> - MiCA (Markets in Crypto-Assets Regulation) whose scope covers cryptocurrencies, utility tokens and stablecoins ;
> - the Pilot Regime Regulation for DLT Market Infrastructures (PRR) project.
> With these two texts, the Commissions goal is to regulate crypto-asset players and not the assets as such.
* [EU Data Governance Act officially released](https://ec.europa.eu/digital-single-market/en/news/data-governance-act)
>foster the availability of data for use by increasing trust in data intermediaries and by strengthening data-sharing mechanisms across the EU
One of MyDex CICs founders, [Alan Mitchell shares a feeling of Vindication](https://medium.com/mydex/vindicated-cb897fb4e94b) in a post celebrating the companies early articulation of key principles and how the EUs proposed new Data Governance Act aligns with that.
> These providers will have to comply with a number of requirements, in particular the requirement to remain neutral as regards the data exchanged. They cannot use such data for other purposes. In the case of providers of data sharing services offering services for natural persons, the additional criterion of assuming fiduciary duties towards the individuals using them will also have to be met.
* [In a digital age, how can we reconnect values, principles and rules?](https://identitywoman.net/in-a-digital-age-how-can-we-reconnect-values-principles-and-rules/) Kaliya Young and Tony Fish
> “what do we think is the north star for data and identity and on what principle they are built?”  How do these principles help us agree on risks, and will our existing rules help or hinder us?
* [Data Broker Registry](https://oag.ca.gov/data-brokers) State of California Department of Justice
[California law requires a data broker](http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200AB1202), as defined in California Civil Code § 1798.99.80, to register with the Attorney General on its internet website that is accessible to the public, on or before January 31 following each year in which a business meets the [definition of a data broker](https://iapp.org/news/a/california-data-broker-registrations-who-made-the-list-on-jan-31/).
* [Foster Introduces Bipartisan Digital Identity Legislation](https://foster.house.gov/media/press-releases/foster-introduces-bipartisan-digital-identity-legislation) that would:
- Establish a task force made up of key federal agencies and state representatives.
- Direct NIST to create a new framework of standards to guide agencies in implementing identity systems.
- Establish a grant program within the DHS to support states in upgrading.
* [Data Exchange Board to Improve the EU Data Governance Act](https://mydata.org/2020/12/09/why-we-need-a-data-exchange-board-to-improve-the-eu-data-governance-act/)
* [Utah State Legislature Passes Facial Recognition Bill](https://findbiometrics.com/utah-state-legislature-passes-facial-recognition-bill-030504/)
The Utah bill, on the other hand, allows public agencies to use facial recognition as long as certain guidelines are followed. Most notably, law enforcement officers must submit a written request before performing a facial recognition search, and must be able to provide a valid reason for doing so.
* [FATF and Global Crytpto Regulatory News](https://www.elliptic.co/blog/fatf-concludes-its-annual-plenary-session)
The Financial Action Task Force (FATF) [held](https://www.fatf-gafi.org/publications/fatfgeneral/documents/outcomes-fatf-plenary-february-2021.html) its winter Plenary session on 22nd, 24th, and 25th February and welcomed over 205 delegates to its third virtual conference since the start of the pandemic.
### Indian Data Legislation
* [Revisiting the non-personal data governance framework](https://www.orfonline.org/expert-speak/data-development-revisiting-non-personal-data-governance-framework/)
> In July 2020, an expert committee established by the Ministry of Electronics and Information Technology (MEITY) released a report on the Non-Personal Data (NPD) governance framework for India. The document is well-intentioned in that it recognises the public value of data, and the need to democratise its use.
* [Potential Impacts of Draft India Personal Data Protection Bill (PDPB)](https://www2.deloitte.com/in/en/pages/risk/articles/privacy-data.html) (Deloitte)
* [USPTO: CIO Jamie Holcombe](https://www.federalblockchainnews.com/podcast/episode/78ad1b6f/uspto-cio-jamie-holcombe)
> CIO Jamie Holcombe says identity verification with blockchain might be in the future for USPTO and talks about navigating changes in policy & law when considering a distributed ledger to store patents & trademarks. Among the interesting questions: do we start with patent #1 (applicant: George Washington)?
@ -130,98 +52,23 @@ The Financial Action Task Force (FATF) [held](https://www.fatf-gafi.org/publicat
* [End-To-End Encryption is Too Important to Be Proprietary](https://doctorow.medium.com/end-to-end-encryption-is-too-important-to-be-proprietary-afdf5e97822) Cory Doctorow
End-to-end messaging encryption is a domain where mistakes matter. The current draft of the DMA imposes a tight deadline for interoperability to begin (on the reasonable assumption that Big Tech monopolists will drag their feet otherwise) and this is not a job you want to rush.
* [Crypto Regulatory Affairs: Governor of California Signs Blockchain Executive Order](https://www.elliptic.co/blog/crypto-regulatory-affairs-governor-of-california-signs-blockchain-executive-order) Elliptic
On May 4th, California Governor Gavin Newsom signed into effect a [“Blockchain Executive Order”](https://www.gov.ca.gov/2022/05/04/governor-newsom-signs-blockchain-executive-order-to-spur-responsible-web3-innovation-grow-jobs-and-protect-consumers/)
“[to] assess how to deploy blockchain technology for state and public institutions, and build research and workforce development pathways to prepare Californians for success in this industry”.
* [We Applaud the Confirmation of New FTC Commissioner, Alvaro Bedoya](https://me2ba.org/we-applaud-the-confirmation-of-new-ftc-commissioner-alvaro-bedoya/) Me2Ba
Bedoyas research has shined a light on digital surveillance and its impact on people of color, immigrants, and the working class. He founded the [Center on Privacy & Technology](https://www.law.georgetown.edu/privacy-technology-center/) at Georgetown Law to focus on the importance of consumer privacy rights.
* [Response to FinCEN RFI](https://www.centre.io/blog/centres-response-to-fincen-rfi) Centre
In this letter, we focus on two questions relevant to identifying Bank Secrecy Act (“BSA”) regulations and  guidance that may be outdated, redundant, or do not promote a risk-based AML/CFT regulatory regime  for financial institutions.
* [Trust in the digital space](https://lissi-id.medium.com/trust-in-the-digital-space-7762471351cf) Lissi ID
Would we rather have a high level of security or self-sovereignty? Unfortunately, the two aspects are at different ends of the spectrum. If we only allow pre-verified and approved parties to retrieve identity data, as currently envisaged by the [eIDAS regulation](https://lissi-id.medium.com/eidas-and-the-european-digital-identity-wallet-context-status-quo-and-why-it-will-change-the-2a7527f863b3), this severely restricts usage
* [Canada: Enabling Self-Sovereign Identity](https://trbouma.medium.com/canada-enabling-self-sovereign-identity-efcfda2aa044) Tim Bouma
Older article not covered here, yet
The adoption of the [self-sovereign identity model](http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html) within the Canadian public sector is still being realized in 2020. It is too early to tell how it will change the technological infrastructure or the institutional infrastructure of Canadian public services.
* [Old Policy, New Tech: Reconciling Permissioned Blockchain Systems with Transatlantic Privacy Frameworks](https://events.asucollegeoflaw.com/gets/wp-content/uploads/sites/10/2022/05/Remy-Hellstern-REVIEWED.pdf) By Remy Hellstern and Victoria Lemieux
This paper will explore the global conversation and consensus around data privacy regulation, with specific attention to the European Union and Canada. It will work to understand how blockchain-based firms situate themselves amid this regulation in relation to the storage of personally identifiable information by looking at relevant policy decisions, legal cases, and commentary from regulatory bodies and commissions.
California
* [Our Input to the California Privacy Protection Agency (CPPA) Pre-Rulemaking Stakeholder Sessions](https://me2ba.org/our-input-to-the-california-privacy-protection-agency-cppa-pre-rulemaking-stakeholder-sessions/) Me2BA
California is a major center of new privacy law and regulation, creating opportunities for internet safety advocates to help design policies that will ripple out well beyond the states borders. Their Privacy Rights Act (CPRA), passed by ballot proposition in 2020, created the California Privacy Protection Agency (CPPA), which seems to be getting closer to initiating its first formal rulemaking process.
* [How Can Europe Lead Innovation And Win Web3? Ledgers 4 Recommendations For EU Policymakers](https://acrobat.adobe.com/link/review?uri%3Durn:aaid:scds:US:fa00c64a-5f6d-38c6-baf7-0bcfa06e6a28%23pageNum%3D25)
4. Invest in a public/private partnership to co-develop a self-sovereign identity solution for Europe.
* [FTC announces Ed Tech prohibited from common data collection and monetization](https://me2ba.org/ftc-prohibits-data-collection-and-monetization-edtech/) Me2BA
Specifically, the FTC will be more closely monitoring all companies covered by the Childrens Online Privacy Protection Act of 1998 (COPPA), with particular attention to ed tech, to ensure that children have access to educational tools without being subject to surveillance capitalism.
In this letter, we focus on two questions relevant to identifying Bank Secrecy Act (“BSA”) regulations and  guidance that may be outdated, redundant, or do not promote a risk-based AML/CFT regulatory regime
* [Centres Response to Australian Treasury](https://www.centre.io/blog/centres-response-to-australian-treasury) Centre
In this letter, we focus on a couple of issues that would be beneficial in expanding the Australian regulatory frameworks to include crypto assets. Furthermore, our comments pertain specifically to fiat-backed stablecoins, which are backed on a 1:1 basis by reserve assets, such as bank deposits and short-term government bonds.
* [Our Input to the California Privacy Protection Agency (CPPA) Pre-Rulemaking Stakeholder Sessions](https://me2ba.org/our-input-to-the-california-privacy-protection-agency-cppa-pre-rulemaking-stakeholder-sessions/) Me2Ba
We have monitored and involved ourselves in this new agency since its inception, and Lisa LeVasseur (our Executive Director) and Noreen Whysel (Director of Validation Research) shared their expertise on product audits and dark patterns, respectively, in a recent pre-rulemaking CPPA Stakeholder Session (May 5-6).
* [Childrens right for privacy also in the digital world is guaranteed under the Convention on the Rights of the Child](https://www.mydata.org/2022/06/20/press-release-childrens-right-for-privacy-also-in-the-digital-world-is-guaranteed-under-the-convention-on-the-rights-of-the-child-and-this-includes-photos/) MyData
Last week, the Prime Minister of Finland, Sanna Marin, stated that she will not give consent to the media to take and publish photos of her child. This led to wide discussion and international headlines even though the right to privacy is guaranteed under the Convention on the Rights of the Child.
* [Postcard from the UK](https://digitalidentity.nz/2022/06/20/postcard-from-the-uk/) DIGITAL IDENTITY NEW ZEALAND
It is on this last point that I do see a slight gap between the UK and Aotearoa. In the UK and in Europe more generally there seems to be more awareness of, and a sense of urgency around, the vulnerability of mobile smartphones, given the expectation that they will be the device of choice for most people to download digital identity related wallet apps.
American Data Privacy and Protection Act
* [New Bipartisan Federal Data Privacy Bill in the US, But Will It Pass?](https://anonyome.com/2022/06/new-bipartisan-federal-data-privacy-bill-in-the-us-but-will-it-pass/) Anonyme
- The Federal Trade Commission would have to maintain a public registry of data brokers and present a way for users to opt out of targeted advertisements and other data sharing practices.
- Consumers could access, correct and delete their own data and companies would have to tell third parties to change user data where users request it.
* [What is the American Data Privacy and Protection Act?](https://identityreview.com/what-adppa-american-data-privacy-protection-act/) IdentityReview
If a business has had an annual revenue less than “$41 million, did not collect or process the data of more than 100,000 individuals, and did not derive more than 50% of revenue from transferring personal information” in the last three years, they are not considered a covered entity in this bill.
- [Avasts views on the proposed amendments to the eIDAS 2.0 regulation](https://blog.avast.com/eidas-2.0-amendments-analysis)
* [Agency to hear public comment at hearing on August 24 and 25 as part of rulemaking process](https://cppa.ca.gov/regulations/) CPPA CA
A hearing on the [proposed regulations](https://cppa.ca.gov/regulations/consumer_privacy_act.html) will occur on August 24 and 25, 2022 at 9:00 am Pacific Time. Media and members of the public are encouraged to RSVP via the link above.
Persons who wish to submit written comments on the proposed regulations must submit them by August 23, 2022
* [Soulbound Tokens, Trust Networks, and California's Big Test](https://wrenchinthegears.com/2022/05/28/soulbound-tokens-trust-networks-and-californias-big-test/) Wrenchinthegears
California [SB1190](https://sd18.senate.ca.gov/news/342022-hertzberg-announces-new-blockchain-legislation-creating-%25E2%2580%259Ccalifornia-trust-framework%25E2%2580%259D) that would establish a “Trust Framework” at the state level. This bill was introduced to the state senate in early March by Robert Hertzberg, close friend of Los Angeles billionaire investor Nicholas Berggruen
* [2022 GDF Report CRYPTOASSETS AND SANCTIONS COMPLIANCE A PRIMER](https://www.gdf.io/wp-content/uploads/2022/07/Cryptoassets-and-Sanctions-Compliance-Report-Final-1.pdf?mc_cid%3D5d688e0647%26mc_eid%3Dbebf526fc7) GDF
There is a common misconception that cryptoassets provide a ready-made avenue for sanctions evasion because they sit outside the regulatory and legal perimeter. In fact, sanctions authorities in many jurisdictions have ensured that relevant legal and regulatory requirements apply comprehensively to activity conducted in cryptoassets.
* [FTC weighs new rules to protect Americans personal data](https://www.theguardian.com/us-news/2022/aug/11/ftc-new-rules-personal-data-secuirty) Guardian
The FTC is issuing an advanced notice of proposed rule-making to address commercial surveillance, the “business of collecting, analyzing, and profiting from information about people”. [...] The public can offer input on the FTC notice and the commission will hold a virtual public forum on 8 September.
* [Is the EU Digital Identity Wallet an implementation of Self-Sovereign Identity?](https://www.innopay.com/en/publications/eu-digital-identity-wallet-implementation-self-sovereign-identity) Innopay
The intention of the European Commission is to allow or even force acceptance in a wide range of sectors in the public and private domain and thereby ensure that identities are as wisely usable as possible (interoperability). The principle of consent will also be met, as it is already fulfilled with current eID solutions notified under eIDAS and other EU regulations, such as GDPR and PSD2. One of the explicit requirements of the proposal is selective disclosure, in line with GDPRs rules on data minimalisation.
* [Beijing will regulate digital humans in the metaverse and beyond](https://restofworld.org/2022/beijing-digital-humans-metaverse/) Rest of World
The plan also signals that Beijing will take a more active role in handling the personal data generated by these platforms. Some of the directives outlined in the plan require any user-facing aspect of the digital human industry to be subject to rules that protect information about and generated by platform users, while also treating user data as a resource to be traded on the countrys new data exchanges.
@ -235,11 +82,6 @@ Hey Tech Twitter, [@TruvityHQ](https://twitter.com/TruvityHQ) (where I work) is
Kaliya met the CEO this week at the Open Source Summit Dublin and was impressed.
The Verifiable Credentials Policy Committee, (that Kaliya Chairs) in California had a big win this week
* [California Moves Forward to Allow Vital Records to be Issued on Blockchain](https://www.coindesk.com/policy/2022/09/29/california-moves-forward-to-allow-vital-records-to-be-issued-on-blockchain/) Coindesk
* [approved another on Wednesday](https://www.gov.ca.gov/2022/09/28/governor-newsom-issues-legislative-update-9-28-22/) that instructs county records offices to [allow for the use of blockchain technology](https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id%3D202120220SB786) and verifiable credentials. The technology would be established in the distribution of birth, death and marriage records, allowing PDFs to be sent immediately rather than using a typical 10-day postal delivery.
## Policy
@ -247,27 +89,25 @@ The Verifiable Credentials Policy Committee, (that Kaliya Chairs) in Califor
We believe it is vital that certification bodies work with DCMS and UKAS in a spirit of partnership bringing together the cumulative value of dozens of great minds! To this end, we have  been encouraged by the proactive approach of DCMS in creating forums where the 5 certification bodies can discuss ideas and feedback on the program in action.
* [2 Signs the US is Getting Tougher on Data Privacy Regulation](https://anonyome.com/2022/09/2-signs-the-us-is-getting-tougher-on-data-privacy-regulation/) Anonyme
I know almost everyone can probably find something that they wished were different in the bill. On the other hand, I do think we have a band-aid for the American people who are just fed up with the lack of privacy online
* [Blueprint for an AI Bill of Rights - MAKING AUTOMATED SYSTEMS WORK FOR THE AMERICAN PEOPLE](https://www.whitehouse.gov/ostp/ai-bill-of-rights/) Whitehouse.Gov
Responding to the experiences of the American public, and informed by insights from researchers, technologists, advocates, journalists, and policymakers, this framework is accompanied by From Principles to Practice—a handbook for anyone seeking to incorporate these protections into policy and practice
* [California Legalizes Blockchain-based Vital Records](https://mobileidworld.com/california-legalizes-blockchain-based-vital-records-410031/) MobileDataWorld
As [an abstract of the bill](https://trackbill.com/bill/california-senate-bill-786-county-birth-death-and-marriage-records-blockchain/2043852/) explains, while existing law requires such records “to contain certain information and to be printed on chemically sensitized security paper, as specified,” the new legislation enables a county recorder to, upon request, issue a birth, death, or marriage record “by means of verifiable credential, as defined, using blockchain technology, defined as a decentralized data system, in which the data stored is mathematically verifiable, that uses distributed ledgers or databases to store specialized data in the permanent order of transactions recorded.”
* [A critical fork in the data road?](https://medium.com/mydex/a-critical-fork-in-the-data-road-1eb29c5a42a8) MyData
Is the EU discussion about data portability missing a key point?
In its discussion of data portability the EU rightly recognises the economic importance of this issue, stressing that “market imbalances arising from the concentration of data restricts competition, increases market entry barriers and diminishes wider data access and use.”
## Verifiable Credentials
* [Verifiable Credentials: Mapping to a Generic Policy Terminology](https://trbouma.medium.com/verifiable-credentials-mapping-to-a-generic-policy-terminology-bce84a039bb)
> Why is this useful? When writing policy, you need a succinct model which is clear enough for subsequent interpretation. To do this, you need conceptual buckets to drop things into. Yes, this model is likely to change, but its my best and latest crack at it to synthesize the complex world of digital credentials with an abstraction that might be useful to help us align existing solutions while adopting exciting new capabilities.
* [VCs Policy Committeee (California) Participate in passing legislation to create a California Trust Framework!](https://iiw.idcommons.net/21B/_(California)_Verifiable_Credentials_Policy_Committeee_-_Come_learn_about_how_participate_in_passing_legislation_to_crete_a_California_Trust_Framework!) by Kaliya Young, Ally Medina [Slides](https://docs.google.com/presentation/d/1VyxmWan3qbxynxhKvw1CHhWZINiPRF9gjeqSCSDh1MY/edit?usp%3Dsharing)
> discussed how the Blockchain Advocacy Coalitions sponsorship of [AB 2004](https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id%3D201920200AB2004) pushed verifiable credentials into mainstream political discourse and how companies can help us shape public policy and government pilot programs of Verifiable Credential technology.
>
> We are planning on working with legislators to introduce a bill that creates a California Trust Framework and lays the groundwork for use of the technology in the public and private sector.
* [Zero Trust Architecture in the White House Executive Order on Cybersecurity](https://lists.w3.org/Archives/Public/public-credentials/2021May/0062.html) Adrian Gropper (Friday, 14 May)
Please read Section 3 in the EO
* […]
It may be time for us to explain Zero-Trust Architecture relationship to
VCs and DIDs. My not-so-hidden agenda includes priority for considering
authorization and delegation in our protocol work but our diverse community of security experts will surely make this a much broader discussion.
* [Executive Order on Improving the Nations Cybersecurity](https://comms.wiley.law/e/knewjcfglctwt7w/a7406307-5755-44fa-a5c5-22dd04d9e9a7)
Sec. 3.  Modernizing Federal Government Cybersecurity.
(a)  To keep pace with todays dynamic and increasingly sophisticated cyber threat environment, the Federal Govern>ment must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Governments visibility into threats, while protecting privacy and civil liberties.  The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.

60
_posts/identosphere-dump/public_sector/public-sector.md
View File

@ -14,16 +14,7 @@ published: false
* [OECD Global Blockchain Policy Forum](https://oecd-events.org/blockchainforum/)
> The Global Blockchain Policy Forum is the leading international event focused on the policy implications of this technology and its applications, led by the OECDs Blockchain Policy Centre. Following the second edition of the Forum in 2019, which was attended by more than 1 600 people
* [New Zealand](https://digitalidentity.nz/2020/11/18/get-involved-with-dinz-this-november/) is working with Maori leaders on Identity
> Next week were celebrating our first Aotearoa Digital Identity Hui Taumata.  Were particularly excited to be bringing you a Kapa Kōrero session with Kaye-Maree Dunne, Jane-Renee Retimana, Belinda Allen and Ben Tairea.  The quartet will be exploring perspectives from Te Ao Māori, and the relevance of Te Tiriti in our collective work on digital identity.
Digital Identity New Zealand is having its [Annual Meeting](https://digitalidentity.nz/event/digital-identity-nz-annual-meeting/) Dec 10th
common bar of acceptance
### Digital Identity New Zealand
* [DINZ held the first Aotearoa Digital Identity Hui Taumata](https://digitalidentity.nz/2020/12/07/aotearoa-digital-identity-hui-taumata-2/)
> Bianca Lopes and David Birch shared with us their International perspectives and insights, including a whirlwind Identity world tour hosted by Bianca and her team at Talle.
* [Institutions and Governance in the digital realm of Africa](https://omidyarnetwork.medium.com/institutions-matter-60c819d32e2a)
@ -48,9 +39,6 @@ The Government will only act as a validator, giving the tools and a secure legal
The Government of Catalonia has presented IdentiCAT, the new decentralized and self-sovereign digital identity model, which aims to become the first public digital identity at a European level and it will be self-managed by the citizen with the absolute legal guarantee and validity to operate with the public administration and the private sector.
* [Me2BA provides human-centered recommendations to the California Privacy Protection Agency](https://me2ba.org/me2ba-provides-human-centered-recommendations-to-the-california-privacy-protection-agency/)
The California Privacy Rights Act of 2020 (“CPRA”) established the California Privacy Protection Agency (“CPPA”). The CPPAhas full administrative power and authority to implement the CCPA and CPRA, which basically means that the CPPA will be in charge of updating regulations and adopting new regulations, while enforcement of these regulations will be done by both the CPPA and the Attorney General
* [Hello World. Its Walt.id](https://walt.id/resources/blog/categories/company/hello-world-its-walt-id)
It is our goal to make SSI simple and accessible: to enable every developer and organisation to build identity and trust into the web and their applications. Ultimately, this will transform every digital interaction into an effortless and worry-free experience.
@ -94,9 +82,6 @@ This is the fifth and final blog in our series about the UK Governments propo
We are delighted to announce that our first E-Government pilot program with the Sovereign Yidindji Government has been successfully completed on Jan 7, 2022.
* [Decentralized Identity & Government](https://www.youtube.com/watch?v%3Dl8pHUdjKfes) Evernym
The key differences between federated and decentralized identity systems - An analysis of a few notable government-led projects, such as Aadhaar (India), Verify (UK), eIDAS (EU), and the Ontario Digital Identity Program (Canada) - What decentralization means for portability, scalability, flexibility, and privacy - How governments and commercial organizations can enhance existing federated identity systems with verifiable credentials
* [SURF: Technical exploration Ledger-based Self Sovereign Identity](https://identity--economy-de.translate.goog/surf-technical-exploration-ledger-based-self-sovereign-identity) Identity Economy DE
As a general concept, the privacy-friendly nature of SSI, end-user control over disclosure of personal information, and the SSI trust model aligned well with the public values typically found in R&D. The platform we used (based Hyperledger Indy) allowed us to successfully run all use cases. The platform delivers on SSI's promises of privacy, scalability, and security.
@ -240,11 +225,7 @@ The LEIs legacy is proudly rooted in financial services and regulation. Its f
* [Recognizing Digital Identity as a National Issue](https://www.pingidentity.com/en/company/blog/posts/2021/digital-identity-national-issue.html)
> we dove into creating a centralized and holistic approach to protecting and regulating identity in the United States and the specifics of why digital identity and cybersecurity are national issues that the private sectors simply cannot tackle on their own. Here are some of the key takeaways.
* [The Trust Economy in a Future New Zealand](https://digitalidentity.nz/2021/06/16/the-trust-economy-in-a-future-new-zealand/)
My interest was first piqued when I came across three videos on YouTube from [Rachel Botsman](https://www.youtube.com/watch?v%3D-vbPXbm8eTw), [Jordan Perterson](https://www.youtube.com/watch?v%3DpFXdsD-8SKk) and [Philipp Kristian Diekhöner.](https://www.youtube.com/watch?v%3DXNog-xrc_YA)
Trust has always been at the centre of society overall and commerce in particular.  Theres a reason why during the first industrial revolution banks always built the most impressive, secure looking buildings in town so you trusted them to deposit you money there!
* [A Collaborative Approach to Meeting the Challenges in President Bidens Executive Order on Improving US Cybersecurity](https://www.oasis-open.org/2021/06/14/a-collaborative-approach-to-meeting-the-challenges-in-president-bidens-executive-order-on-improving-us-cybersecurity/)
@ -257,16 +238,15 @@ One key aspect outlined in Section 4 of the Executive Order (EO) is securing the
* [RaonSecure builds a blockchain-based digital wallet service with a public institution](https://medium.com/raonsecure/raonsecure-builds-a-blockchain-based-digital-wallet-service-with-a-public-institution-9fe2c8028f6c)
Selection of RaonSecure as the final operator of the blockchain-based digital wallet project that is part of the 2021 Blockchain Pilot Project program promoted by the Korean government
* [The Trust Economy in a Future New Zealand](https://digitalidentity.nz/2021/06/16/the-trust-economy-in-a-future-new-zealand/)
> Now with the 4th industrial (digital) revolution the old vertical, siloed trust models are breaking down and we are moving to a more horizontal, distributed environment.
* [A Collaborative Approach to Meeting the Challenges in President Bidens Executive Order on Improving US Cybersecurity](https://www.oasis-open.org/2021/06/14/a-collaborative-approach-to-meeting-the-challenges-in-president-bidens-executive-order-on-improving-us-cybersecurity/)
> One key aspect outlined in Section 4 of the Executive Order (EO) is securing the software supply chain. At issue here is the reality that the U.S. federal government—like nearly any other organization on the planet that uses computer technology in any form—relies on not just one but numerous types of software to process data and run operational equipment.
* [South Koreas brilliant decentralized approach to citizen identity management](https://techwireasia.com/2021/06/koreas-decentralized-identity-approach-to-identity-management/) TechWire Asia
> Adopting blockchain technology is seen as a necessity by the Korean government and multiple institutions are backing its continuous research and development, including the Ministry of Science and Technology (ICT), The Korea Internet Security Agency (KISA), Defense Acquisition Program Administration (DAPA), National IT Industry Promotion Agency (NIPA), and Korea Post among others.
* [Apple iPhones Can Soon Hold Your ID. Privacy Experts Are On Edge](https://www.npr.org/2021/06/12/1005624457/apple-iphones-can-soon-hold-your-id-privacy-experts-are-on-edge?mc_cid%3De63363caf1%26mc_eid%3D12e697f479)
> Elizabeth Renieris, a fellow at Stanford University who studies digital identification systems, said the feature may be easy-to-use and save time. Those conveniences, however, come at a cost: Turning every instance in which we show our ID into a business opportunity.-
* [The Future of Digital Identity in Canada: Self-Sovereign Identity (SSI) and Verified.Me](https://securekey.com/the-future-of-digital-identity-in-canada-self-sovereign-identity-ssi-and-verified-me/) SecureKey
> Verified.Me ensures that only authorized attributes are shared with explicit user consent. The service bridges together multiple participants within a common ecosystem to verify the identities of users securely and privately across the participating organizations with others within the group.
* [Three Key Takeaways from the FATFs Latest 12-Month Review on Virtual assets](https://www.elliptic.co/blog/3-key-takeaways-from-the-fatfs-latest-12-month-review-on-virtual-assets) Elliptic
Financial Action Task Force (FATF), the global standard-setter for anti-money laundering and countering the financing of terrorism (AML/CFT), released its second 12-month review on virtual assets (You can read our summary of its first report from July 2020 report here).
@ -348,11 +328,6 @@ Following the launch of GLEIFs digital business identity initiative designed
In 2021, 22 projects were selected to become part of our incubator programme to help tap into the potential of the EBSI infrastructure. Each project's private and public sector partners was given early access to the pre-production environment of EBSI, and was invited to develop their own pilot project to address a specific business or government use case involving the exchange of verifiable credentials.
With the help with the EBSI team, Early Adopters can identify how to connect their systems, be part of a community and collaborate with other Early Adopters. This will help us improve EBSI's services and ensure it meets the needs of Europe's businesses and public administrations, within and across borders.
* [Engaging with the Ontario Digital Identity Program.](https://trustoverip.org/blog/2021/10/25/engaging-with-the-ontario-digital-identity-program/) TrustOverIP
- A summary of findings from government-led public consultations on digital identity
- An overview of Ontarios Digital ID technology roadmap, and discussions about the technology stacks and infrastructure
- Ontarios proposed conceptual model for digital identity, and the principles that inform it
* [Control over data still a long way off according to research into Self-Sovereign Identity](https://ibestuur-nl.translate.goog/podium/controle-over-data-nog-ver-weg-volgens-onderzoek-naar-self-sovereign-identity?_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Dnl%26_x_tr_pto%3Dnui) iBestuur
@ -372,17 +347,13 @@ On September 15, 2021, I moderated a panel with representatives from the United
* [IDunion: Germanys Bold SSI Strategy with Hakan Yildiz](https://northernblock.io/idunion-germany-bold-ssi-strategy/)
What use cases should a National Digital Identity program prioritize in collaboration with the private sector? As use cases become verticals of their own, what are then some of the horizontal considerations that need to be applied to enable all of the use cases to function within their relative ecosystems?
* [Ontario Releases Technology and Standards for Digital Identity](https://news.ontario.ca/en/release/1000787/ontario-releases-technology-and-standards-for-digital-identity) Ontario Newsroom
“Our [Ontario Onwards: Action Plan](https://www.ontario.ca/page/ontario-onwards) first announced our governments goal to make Ontario the most advanced digital jurisdiction in the world all in the service of the people of this province,” said Peter Bethlenfalvy, Minister of Finance. “The release of Ontarios Digital ID later this year will be an exciting step towards transforming and modernizing government services in an increasingly digital world.”
* [Early Adopters Programme | Imagining what EBSI can do for European citizens](https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/Early%2520Adopters%2520Programme%23become-ebsi-compliant)
An incubator to help Early Adopters and their partners imagine, build and launch their EBSI pilot project(s)
* [A key place for Identity in the Digital Strategy for Aotearoa](https://digitalidentity.nz/2021/10/05/a-key-place-for-identity-in-the-digital-strategy-for-aotearoa/) < - Colin Wallis will now head Digital Identity.nz
Our government is embarking on a journey to create [A Digital Strategy for Aotearoa](https://www.cio.com/article/3628718/national-strategy-digital-twin-and-skills-shortages-on-nz-tech-minister-s-mind.html) that seeks to respond to the social, economic, education and cultural opportunities from digital technology, along with the risks that these technologies can bring.
* [Excelsior Pass Plus to be recognized out of state, internationally](https://www.wgrz.com/article/news/local/excelsior-pass-plus-to-be-recognized-out-of-state-internationally/71-434f8c6f-cbac-4d61-a732-ac0e0769efa3) WGRZ
@ -478,9 +449,6 @@ On December 14th, Joao Rodrigues, Head of sector (Digital) Building Blocks at @E
In 2021 the European Commission [announced the European digital identity wallet](https://ec.europa.eu/commission/presscorner/detail/en/IP_21_2663). This article explains the basic concepts, highlights the significance of this development and provides an overview of the status quo.
* [Ontarians are getting digital ID this fall: All you need to know](https://www.itworldcanada.com/article/ontarians-are-getting-digital-id-this-fall-all-you-need-to-know/458633) itWorldCanada
tech standards that the provincial government says it is currently considering include the [Verifiable Credentials Data Model 1.0](https://www.w3.org/TR/vc-data-model/) for data modeling, [Decentralized Identifiers (DIDs) v1.0](https://www.w3.org/TR/did-core/) for key management, [JSON-LD 1.1](https://www.w3.org/TR/json-ld11/) for data formatting, [OpenID Connect](https://openid.net/connect/) as identity standard, [BBS+ Signatures 2020](https://w3c-ccg.github.io/ldp-bbs2020/) and [Ed25519 Signature 2020](https://w3c-ccg.github.io/lds-ed25519-2020/) for signature format, [Self-Issued OpenID Provider v2](https://openid.net/specs/openid-connect-self-issued-v2-1_0.html) and more for interoperability.
## Organization
@ -506,22 +474,6 @@ The concept of digital identification is already well established, and using a s
We at Validated ID have been betting on EBSI since the beginning. We started working to become conformant wallet providers since the very first version of [Wallet Conformance Tests (WCT)](https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/EBSI%2Bwallets) was published. The process of preparing our solution to become conformant has allowed us to appreciate how remarkable EBSI's work has been.
## New Zealand
* [INCLUSIVE AND ETHICAL USES OF DIGITAL IDENTITY](https://digitalidentity.nz/inclusive-and-ethical-uses-of-digital-identity/) DINZ
In April 2022, DINZ launched a broad-scope members [Working Group](https://digitalidentity.nz/inclusive-and-ethical-uses-of-digital-identity/) in response to the increasing challenges for some groups in society to participate fully in [Aotearoas digital transformation](https://www.digital.govt.nz/digital-government/strategy/towards-a-digital-strategy-for-aotearoa/developing-a-digital-strategy-for-aotearoa/), with the aim of providing baseline supporting guidance to inform policy and service design.
* [DINZs annual Consumer Research](https://digitalidentity.nz/wp-content/uploads/sites/25/2020/07/DINZ-Scrolling-Infographic-July-2020-FINAL.pdf) Digital Identity NZ
Scrolling Infographic! It looks fun and has some good info in it.
Do the best you can until you know better. Then when you know better, do better. These wise words from Maya Angelou encapsulate the key findings from our 2020 trust and identity research.
* [Summary of Public Engagement of the Digital Strategy for Aotearoa discussion document](https://www.digital.govt.nz/dmsdocument/229~towards-a-digital-strategy-for-aotearoa-summary-of-public-engagement/html) New Zealand Govt.
The discussion document stated that a Digital Strategy for Aotearoa (the Strategy) would need to respond to the social, economic, education and cultural opportunities from digital technology, along with the risks that these technologies could bring.
* [Principal Authority new article on Wyoming law defining Digital Identity](https://lists.w3.org/Archives/Public/public-credentials/2021Sep/0083.html) Christopher Allen (Thursday, 16 September)
What we've found as a good framework is the concept of "Principal Authority" which comes from the Laws of Agency, which allows us to leverage fiduciary style Laws of Custom to define requirements for practices when digital identity is delegated to others (whether for authorization or for use of data).
@ -611,10 +563,6 @@ The preliminary [draft of the federal law](https://www.bj.admin.ch/dam/bj/de/dat
- Data economy
- Decentralized data storage
* [Leading the digital trust conversation](https://digitalidentity.nz/2022/07/15/leading-the-digital-trust-conversation/) DI NewZealand
the Digital Identity Services Trust Framework Act has the potential to provide a game-changing regulatory foundation for the identification and authentication components of services delivered through the digital channel.  Those services that choose to be independently audited for compliance against the Frameworks security and privacy oriented rules and standards to become accredited, would then be able to differentiate those digital service brands through displaying an accreditation mark.
* [Lacchain ID Framework](https://publications.iadb.org/publications/english/document/LACChain-ID-Framework-A-Set-of-Recommendations-for-Blockchain-Based-Interoperable-Privacy-Preserving-Regulatory-Compliant-Secure-and-Standardized-Digital-Identifiers-Credentials-and-Wallets.pdf)
A Set of Recommendations for Blockchain-Based Interoperable, Privacy-Preserving, Regulatory Compliant, Secure and Standardized Digital Identifiers, Credentials, and Wallets.

57
_posts/identosphere-dump/public_sector/usa.md Normal file
View File

@ -0,0 +1,57 @@
# United States
* [A US National Privacy Law Looks More Likely Than Ever](https://anonyome.com/2021/04/a-us-national-privacy-law-looks-more-likely-than-ever/)
> from the plethora of federal privacy bills put forward, there are three standouts:
- [Consumer Online Privacy Rights Act](https://www.cantwell.senate.gov/imo/media/doc/COPRA%2520Bill%2520Text.pdf) (COPRA) (Democrats) Sponsored in November 2019 by Democratic Senator Maria Cantwell of Washington, this bill is [considered by some](https://www.darkreading.com/endpoint/what-a-federal-data-privacy-law-would-mean-for-consumers/a/d-id/1340433) to be “GDPR-esque” and more consumer than business friendly.
- Setting an American Framework to Ensure Data Access, Transparency and Accountable Ability Act ([SAFE DATA Act](https://www.commerce.senate.gov/services/files/BD190421-F67C-4E37-A25E-5D522B1053C7)) (GOP) Combining three previous bills, the SAFE DATA Act is [considered by some](https://www.darkreading.com/endpoint/what-a-federal-data-privacy-law-would-mean-for-consumers/a/d-id/1340433) as more “business friendly”.
- [Information Transparency and Personal Data Control Act](https://delbene.house.gov/news/documentsingle.aspx?DocumentID%3D2740)  Re-introduced by Congresswoman Suzan DelBene (WA-01) for the fourth time (the latest on March 10, 2021), [this bill](https://delbene.house.gov/news/documentsingle.aspx?DocumentID%3D2740) “… protects personal information including data relating to financial, health, genetic, biometric, geolocation, sexual orientation, citizenship and immigration status, Social Security Numbers, and religious beliefs. It also keeps information about children under 13 years of age safe. ”Beyond this it requires businesses to write their privacy policies in simple language.“
* [New Bipartisan Federal Data Privacy Bill in the US, But Will It Pass?](https://anonyome.com/2022/06/new-bipartisan-federal-data-privacy-bill-in-the-us-but-will-it-pass/) Anonyme
- The Federal Trade Commission would have to maintain a public registry of data brokers and present a way for users to opt out of targeted advertisements and other data sharing practices.
- Consumers could access, correct and delete their own data and companies would have to tell third parties to change user data where users request it.
* [What is the American Data Privacy and Protection Act?](https://identityreview.com/what-adppa-american-data-privacy-protection-act/) IdentityReview
If a business has had an annual revenue less than “$41 million, did not collect or process the data of more than 100,000 individuals, and did not derive more than 50% of revenue from transferring personal information” in the last three years, they are not considered a covered entity in this bill.
* [FTC weighs new rules to protect Americans personal data](https://www.theguardian.com/us-news/2022/aug/11/ftc-new-rules-personal-data-secuirty) Guardian
The FTC is issuing an advanced notice of proposed rule-making to address commercial surveillance, the “business of collecting, analyzing, and profiting from information about people”. [...] The public can offer input on the FTC notice and the commission will hold a virtual public forum on 8 September.
* [2 Signs the US is Getting Tougher on Data Privacy Regulation](https://anonyome.com/2022/09/2-signs-the-us-is-getting-tougher-on-data-privacy-regulation/) Anonyme
I know almost everyone can probably find something that they wished were different in the bill. On the other hand, I do think we have a band-aid for the American people who are just fed up with the lack of privacy online
* [Executive Order on Ensuring Responsible Development of Digital Assets](https://www.whitehouse.gov/briefing-room/presidential-actions/2022/03/09/executive-order-on-ensuring-responsible-development-of-digital-assets/) White House - President Biden
We must promote access to safe and affordable financial services.  Many Americans are underbanked and the costs of cross-border money transfers and payments are high.  The United States has a strong interest in promoting responsible innovation that expands equitable access to financial services, particularly for those Americans underserved by the traditional banking system, including by making investments and domestic and cross-border funds transfers and payments cheaper, faster, and safer, and by promoting greater and more cost-efficient access to financial products and services.  The United States also has an interest in ensuring that the benefits of financial innovation are enjoyed equitably by all Americans and that any disparate impacts of financial innovation are mitigated.
* [Blueprint for an AI Bill of Rights - MAKING AUTOMATED SYSTEMS WORK FOR THE AMERICAN PEOPLE](https://www.whitehouse.gov/ostp/ai-bill-of-rights/) Whitehouse.Gov
Responding to the experiences of the American public, and informed by insights from researchers, technologists, advocates, journalists, and policymakers, this framework is accompanied by From Principles to Practice—a handbook for anyone seeking to incorporate these protections into policy and practice
* [Utah State Legislature Passes Facial Recognition Bill](https://findbiometrics.com/utah-state-legislature-passes-facial-recognition-bill-030504/)
The Utah bill, on the other hand, allows public agencies to use facial recognition as long as certain guidelines are followed. Most notably, law enforcement officers must submit a written request before performing a facial recognition search, and must be able to provide a valid reason for doing so.
 for financial institutions.
* [FTC announces Ed Tech prohibited from common data collection and monetization](https://me2ba.org/ftc-prohibits-data-collection-and-monetization-edtech/) Me2BA
Specifically, the FTC will be more closely monitoring all companies covered by the Childrens Online Privacy Protection Act of 1998 (COPPA), with particular attention to ed tech, to ensure that children have access to educational tools without being subject to surveillance capitalism.
* [GDPR: Everything you need to know](https://authenteq.com/general-data-protection-regulation-gdpr-and-all-thats-behind-it/) - is a great post by authentic explaining it at a high level that we thought would be helpful to those trying to orient.
This is a [round-up from Ally Medina](https://blockadvocacy.medium.com/cas-2020-blockchain-legislative-roundup-89cdd3bad25c) (who was at IIW). She worked on getting AB 2004 passed in California that permitted Verifiable Credentials to be used for Covid-19 test results. It covers other California developments too.
Hearings in Wyoming this week. [Go to this page](https://www.wyoleg.gov/Committees/2020/S19) and click on the *11/2/2020 meeting details*. The section of interest is the *9:30 am* (Wyoming time) discussion on Disclosure of private cryptographic keys.
* [The Infrastructure Bill and What it Holds for Crypto](https://selfkey.org/the-infrastructure-bill-and-what-it-holds-for-crypto/) SelfKey Foundation
In this article, well try to summarize the key points surrounding the infrastructure bill and the effect it has on crypto.
* [...]
* [Foster Introduces Bipartisan Digital Identity Legislation](https://foster.house.gov/media/press-releases/foster-introduces-bipartisan-digital-identity-legislation) that would:
- Establish a task force made up of key federal agencies and state representatives.
- Direct NIST to create a new framework of standards to guide agencies in implementing identity systems.
- Establish a grant program within the DHS to support states in upgrading.

7
_posts/identosphere-dump/real-world/compliance-kyc.md
View File

@ -19,9 +19,9 @@ Ubisecure brought innovation to the LEI market by automating LEI issuance. Revol
- [DIDComm for KYC](https://www.youtube.com/watch?v%3DPWrZxRbCG88)
* [Roadmap to Institutional Adoption of DeFi](https://www.youtube.com/watch?v%3DbkOQHcVVGoE) RSK - Coinfirm
The most recent FATF updated draft guidance from March 2021 introduces significant changes to the legal definition of DeFi platforms, expanding the types of entities that fall under FATF's umbrella. In this guidance, FATF defines most operators of decentralized finance platforms as “Virtual Asset Service Providers” that have AML/CFT obligations.
* [zkKYC A solution concept for KYC without knowing your customer, leveraging self-sovereign identity and zero-knowledge proofs](https://bafybeie5ixj4dkim3lgivkw56us6aakh6bc3dhlsx5zzohrkzgo3ywqqha.ipfs.dweb.link/zkKYC-v1.0.pdf)
The proposed solution concept, zkKYC, removes the need for the customer toshare any personal information with a regulated business for the purpose of KYC, and yet providesthe transparency to allow for a customer to be identified if and when that is ruled necessary by adesignated governing entity (e.g. regulator, law enforcement).
@ -32,9 +32,6 @@ if you look at the the cost structure of the financial industry a lot of cost Is
The way many businesses have traditionally implemented KYC is by taking a manual, fragmented approach essentially implementing various different KYC processes using different tools, methods and resources, including human compliance teams.
* [DeFi regulation must not kill the values behind decentralization](https://cointelegraph.com/news/defi-regulation-must-not-kill-the-values-behind-decentralization) Cointelegraph
Financial Action Task Force (FATF) recently [proposed](https://www.fatf-gafi.org/publications/fatfrecommendations/documents/public-consultation-guidance-vasp.html) guidelines making it clear that “The owner/operator(s) of the DApp likely fall under the definition of a VASP [virtual asset service provider] [...] even if other parties play a role in the service or portions of the process are automated.
* [Forensic Investigative Report: Sanctioned Blockchain Addresses](https://www.coinfirm.com/blog/sanctioned-blockchain-addresses/) Coinfirm
* [Forensic Investigative Report: Terrorism Financing Blockchain Addresses](https://www.coinfirm.com/blog/terrorism-financing-blockchain-addresses/) Coinfirm

48
_posts/identosphere-dump/real-world/covid-coronavirus.md
View File

@ -2,6 +2,51 @@
published: false
---
* [Fake CDC vax cards now being sold to anti-vaxxers](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0077.html)  Moses Ma (Thursday, 8 April)
Just wanted to share this with those working on C19 vax certs:
From: [https://www.infosecurity-magazine.com/news/scammers-sell-fake-covid19/](https://www.infosecurity-magazine.com/news/scammers-sell-fake-covid19/)
The security firm DomainTools claims to have seen authentic-looking CDC cards selling for as little as $20 each on domains like covid-19vaccinationcards[.]com, which features a Lets Encrypt TLS certificate. “Though selling a printed card is not necessarily illegal, the pricing, logo and cardstock of these vaccination records demonstrate a level of intent to pass as legitimate cards from the CDC,” explained DomainTools senior security researcher, Chad Anderson.
and
From: [https://www.tomsguide.com/news/fake-covid-vaccination-cards](https://www.tomsguide.com/news/fake-covid-vaccination-cards)
Israeli security firm Check Point reports that fake American and Russian vaccination certificates are being sold online for between $100 and $200. Fake COVID-19 negative test results cost as little as $25, while (likely fake) COVID-19 vaccine sells for about $500 per vial.
* [Vaccination Certificate Test Suite](https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0081.html)  Manu Sporny (Thursday, 8 April)
As some of you know, a few of the members in the W3C Credentials Community Group have been working on a Vaccination Certificate Vocabulary[1]. The World Health Organization has recently published a Release Candidate data model dictionary for Smart Vaccination Cards[2]. The CCG has also been working on a Verifiable Credentials HTTP API[3].
The WHO guidance covers 28 types of vaccines that we (as a global society)
depend on, including Measles, Smallpox, Polio, Yellow Fever, COVID-19, and
others. We (Digital Bazaar) thought it might be interesting to see if we could
create an interoperability test suite for the WHO Smart Vaccination Card work using the tools listed above.
...
- A test suite containing 1,624 tests covering the
28 vaccine types in the WHO vocabulary.
- 7 independent vendor implementations issuing and
verifying each others WHO Smart Vaccination Cards.
- 1,623 passing tests demonstrating true
interoperability!
You can view the latest Vaccination Certificate test suite report here:
* [https://w3id.org/vaccination/interop-reports](https://w3id.org/vaccination/interop-reports)
* [The value of verifiable credentials in the evolving digital identity landscape](https://verified.me/blog/the-value-of-verifiable-credentials-in-the-evolving-digital-identity-landscape/) Verified Me
> In my recent podcast with [Brad Carr](https://www.iif.com/Staff-and-Authors/uid/46/BradCarr) of the [Institute of International Finance](https://www.iif.com/Publications/ID/4304/FRT-Episode-87-Digital-Identity-with-SecureKey-CEO-Greg-Wolfond), we discussed how digital identity and verified credentials can support a digital-first world, something thats extremely relevant amid the current pandemic.
* [Mapping FHIR JSON resource to W3C Vaccination vocabulary : A semantic data pipeline](https://iiw.idcommons.net/index.php?title%3D12H/_Mapping_FHIR_JSON_resource_to_W3C_Vaccination_vocabulary_:_A_semantic_data_pipeline%26action%3Dedit%26redlink%3D1) by John Walker
@ -308,9 +353,6 @@ What I observed is NOT a user-friendly experience for either the customer or the
The advantage of a paper and ID card presentation ritual is that it is difficult to hack. So if we are going to improve the presentation with a single credential as above, privacy and security MUST be protected.
* [Pramod Varma's message as India touches the 1 BN COVID Vaccination Certificates Milestone](https://www.youtube.com/watch?v%3DPFo7YlxUaJk) eGovernments Foundation
On the occasion of the [#100CroreVaccinationCertificates](https://twitter.com/hashtag/100CroreVaccinationCertificates) milestone, [@pramodkvarma](https://twitter.com/pramodkvarma) CTO, [@eksteporg](https://twitter.com/eksteporg) shares the journey of #DigitalPublicGood - DIVOC (Digital Infrastructure for Vaccination Open Credentialing) for vaccination credentialing
* [COVID & Travel Resources for Phocuswright](https://identitywoman.net/covid-travel-resources-for-phocuswright/) IdentityWoman.net
As more and more governments adopt [major COVID certificate standards](https://www.lfph.io/2021/10/12/global-covid-certificate-landscape/) to reopen borders, the travel industry is working hard to catch up on their technology to meet the evolving travel requirements. However, there is still no shortage of complaints from travelers about their cumbersome international travel experiences.

5
_posts/identosphere-dump/real-world/humanitarian.md
View File

@ -198,3 +198,8 @@ Could we establish an alternative market economy, one that is structured around
* [Disrupting the Gospel of Tech Solutionism to Build Tech Justice](https://ssir.org/articles/entry/disrupting_the_gospel_of_tech_solutionism_to_build_tech_justice%23)
What does it mean to include new voices unless we create a context in which those voices are welcome and heard? To create those conditions, leaders in civil society and the private and public sectors must challenge institutional power and center the discussion on core social justice issues such as racism and structural inequality.
* [UPCOMING COMMUNITY CALL & NEW RESEARCH: BIOMETRICS IN THE HUMANITARIAN SECTOR](https://www.theengineroom.org/upcoming-community-call-new-research-biometrics-in-the-humanitarian-sector/) the Engine Room
In 2018 we worked with Oxfam to publish a [landmark report](https://www.theengineroom.org/wp-content/uploads/2018/03/Engine-Room-Oxfam-Biometrics-Review.pdf) on the use of biometric data fingerprints, iris scans, voiceprints and so on in the humanitarian sector. Our report looked at how these types of data were being collected and used, and raised critical questions around potential risks and harms.
> [...]\
> If youre a humanitarian practitioner or just interested in biometrics and responsible data, please join our upcoming Community Call, where well be introducing the project and hearing from practitioners on the theme. [Register for the call](https://us02web.zoom.us/meeting/register/tZEtf-mhrT4iH9JtwHCe-5UG25QeQZnhRigd)

14
_posts/identosphere-dump/web3-and-decentralized-identity/defi.md
View File

@ -27,3 +27,17 @@ Decentralized Identity & DeFi are Disconnected ← trueDecentralized Identity is
- Health Data Passes
- Employment Information
- Credit, Income, KYC
* [Decentralized Finance & Self-sovereign Identity: A tale of decentralization, a new paradigm of trust](https://gataca.io/insights/decentralized-finance-self-sovereign-identity-a-tale-of-decentralization-a-new-paradigm-of-trust)
* [Circle and Industry Leaders Have Built the First Decentralized Identity Proof-of-Concept for Crypto Finance using Verite Credentials](https://www.circle.com/en/pressroom/circle-and-industry-leaders-have-built-the-first-decentralized-identity-proof-of-concept-for-crypto-finance-using-verite-credentials) Circle
> Circle joined other crypto and blockchain companies in February 2022 to introduce Verite as a open-source framework for decentralized identity credential issuance, custody and verification. Verite is designed to help make it safer, easier and more efficient to do business across the transformative worlds of DeFi and Web3 commerce.
* [Roadmap to Institutional Adoption of DeFi](https://www.youtube.com/watch?v%3DbkOQHcVVGoE) RSK - Coinfirm
> The most recent FATF updated draft guidance from March 2021 introduces significant changes to the legal definition of DeFi platforms, expanding the types of entities that fall under FATF's umbrella. In this guidance, FATF defines most operators of decentralized finance platforms as “Virtual Asset Service Providers” that have AML/CFT obligations.
* [DeFi regulation must not kill the values behind decentralization](https://cointelegraph.com/news/defi-regulation-must-not-kill-the-values-behind-decentralization) Cointelegraph
> Financial Action Task Force (FATF) recently [proposed](https://www.fatf-gafi.org/publications/fatfrecommendations/documents/public-consultation-guidance-vasp.html) guidelines making it clear that “The owner/operator(s) of the DApp likely fall under the definition of a VASP [virtual asset service provider] [...] even if other parties play a role in the service or portions of the process are automated.
* [InsideTheSimulation.eth @InsideTheSim Jul 28](https://twitter.com/InsideTheSim/status/1552636154423410689)
Proposal: its not Web3 — its DeWeb (a la DeFi) as we undo all the mistakes around centralized ownership of the web 2 era. Opinions?
* [[…](https://twitter.com/InsideTheSim/status/1552636357373214722)] Bonus points — “de-web” sounds like “untangling a clusterfuck” which is exactly what it is.
* [[...](https://twitter.com/InsideTheSim/status/1552637214391156739)] DeWeb is: - Self-sovereign identity with portable accounts and easy sign-on (such as sign-in with Ethereum). - Custody of your own data and the ability to revoke access to it by 3rd parties. - Permission-less commerce rails. - Permission-less domains (ENS) - more?

7
_posts/identosphere-dump/web3-and-decentralized-identity/web3.md
View File

@ -769,13 +769,6 @@ If you want to explain Web3 in the simplest language, I think it is a decentrali
Experts globally agree on one key point about decentralized identity: it will be essential to the evolving metaverse and Web3 world. Well all be using personal keys, blockchains and decentralized applications to limit the amount of personal information we expose to data brokers, data breaches and dodgy business practices.
* [InsideTheSimulation.eth @InsideTheSim Jul 28](https://twitter.com/InsideTheSim/status/1552636154423410689)
Proposal: its not Web3 — its DeWeb (a la DeFi) as we undo all the mistakes around centralized ownership of the web 2 era. Opinions?
* [[…](https://twitter.com/InsideTheSim/status/1552636357373214722)] Bonus points — “de-web” sounds like “untangling a clusterfuck” which is exactly what it is.
* [[...](https://twitter.com/InsideTheSim/status/1552637214391156739)] DeWeb is: - Self-sovereign identity with portable accounts and easy sign-on (such as sign-in with Ethereum). - Custody of your own data and the ability to revoke access to it by 3rd parties. - Permission-less commerce rails. - Permission-less domains (ENS) - more?
* [Mail3](https://mail3.me/) Web3 natives deserve a better mail