32 KiB
published |
---|
false |
Governance
- Data Unions, Banks, Coops, Fiduciaries etc – has their time come? by Johannes Ernst
Historical analogies: rural electrification, telecommunications, insurance
Examples for where such data coops would be useful:
- Sharing of environmental monitoring data among farmers, e.g. in the California central valley
- Shared backup infrastructure for individuals / families
- Collective bargaining with data brokers etc
Different data unions may focus on different things, just like different credit unions might have different investment priorities
Links from chat
I signed up this week for social.coop!
My use case is I want to operate https://twitter.com/permanentcpu as a coop :)
“The earliest mutual organization established in the British North American colonies was created in 1735 in Charleston, SC” https://en.wikipedia.org/wiki/History_of_cooperatives_in_the_United_States#18th_century
“The Philadelphia Contributionship mutual insurance company, founded by Benjamin Franklin in 1752, is the oldest continuing mutual insurance company in the continental United States. “
Coop says more about the governance (democracy + open membership) than the business model, IMO
A cooperative is defined as an autonomous association of persons united voluntarily to meet their common economic, social, and cultural needs and aspirations through a jointly-owned and democratically-controlled enterprise.
Good book of case studies on “Platform Cooperatives” https://www.orbooks.com/catalog/ours-to-hack-and-to-own/
Working through this now: more of a playbook https://elements.disco.coop/
This is the ‘exit to community’ co starting up in SF. https://www.understory.coop/
In 5 years, will the cloud service your’e renting be the same price or functionality or still exist?
Run https://github.com/colab-coop/coopernetes
Then run https://github.com/solid/community-server
(Or next cloud + https://github.com/pdsinterop/solid-nextcloud
-
SSI for Organizations: Who’s behind this DID? by Dominic Wörner, Christian Bormann, Michael Schäfer (video
-
Public profile - Machine-readable, cryptographially-verifiable imprint linked to a DID
a simple mechanism to provide public information concerning an entity by advertising a public profile service in the DID document of a public DID. A good analogy for this public identity information would be a machine-readable and cryptographically-verifiable imprint.
Join the discussion: https://chat.hyperledger.org/channel/business-partner-agent
There was some discussion about the way to present such a profile, especially the way it is currently implemented as an endpoint in the did document pointing to a https ressource (json-ld document served using normal https).
One alternative, to create a DIDcomm-based protocol for public profile was discussed and would be a good alternative at the cost of every client having to be able to speak DIDcomm.
- Trust Registry or Machine-Readable Governance? Indicio
Machine-readable governance is composed of elements that help to establish trust and enable interoperability: trusted participants, schemas (templates for structuring information in a credential), and rules and flows for presenting credentials and verifying them. Machine-readable governance can be hierarchical. Once a governance system is published, other organizations can adopt and then amend or extend the provided system.
- Battle of the Trust Frameworks with Tim Bouma & Darrell O’Donnell Northern Block
- Levels of Assurance (LOA): an introduction to LOAs as they relate to Digital Identity and why they’re an important part of the recipe in achieving digital trust. Tim and Darrell give us some practical examples of LOAs.
- The Concept of Trust: how do we define trust at a high-level and how do we differentiate between technical and human trust? How can we build trust with credential issuers but also with credential holders?
- The World of Trust Frameworks: what are trust frameworks and what are different types of frameworks being deployed in both the public and private sectors? How are organizations trying to monetize trust frameworks? What’s going right, and what’s going wrong with the way trust frameworks are being implemented?
- The Importance of Open Source for Trust Creation: why is open source important for achieving digital sovereignty? Is open source the only way to improve transparency, flexibility and accountability?
Following the September announcement of its first tools for managing risk in digital trust ecosystems, today the ToIP Foundation announced three more pairs of tools to assist in the task of generating digital governance and trust assurance schemes
- 3 Stages of a Pan-African Identity Framework for Establishing Self-Sovereign Identity With Blockchain Solomon Darnell, Joseph Sevilla
Three stages have been identified as necessities to accomplish the development of this system before opening it further beyond the pan-African worldwide community. The three stages are defined by systems that allow for biometric/demographic registration (stage 1), interoperability and security hardening (stage 2), and biometric modality data analysis/organization/association (stage 3).
Governance in decentralized identity is more akin to “technical rules and instructions.” This is highly disfluent in part because it is so extensive and in part because it relies on a new vocab that uses familiar words in unfamiliar ways. All of this creates disfluency to such a degree that it is unpleasant to contemplate and that unpleasantness is transferred onto the product.
This wouldn’t be a problem if we properly regarded technical governance as being in the realm of an instruction manual, which we know from UX research that most people don’t read. However, standards bodies and organizations like ToIP are driving governance as the key to implementing decentralized identity. Except… adoption of an early stage technology drives governance, not the other way around. Putting the cart before the horse is blocking adoption.
When we talk about governance, we should be using the language of values and the key value proposition: that it is putting the individual in control of their identity. That is the essence of decentralized identity governance; everything else goes in the instruction manual (which won’t be read, except by lawyers and engineers)
- Internet Governance - UDDI - Universal Declaration of Digital Identity by Jeff Aresty, Kristina Yasuda
Internet governance, human rights, digital identity, Identity for All, Guardianship
The UDDI is a call to action to IIW, which we've said before, to adopt a set of universal principles which can be used now to bring Identity for All projects to fruition.
I want to frame the UDDI discussion in terms of what we did with Jean at the last IIW - our work on the UDDI is step toward the larger humanitarian vision of a Universal Declaration of Digital Rights, which is what he is working on.
We should present the Universal Declaration of Digital Identity as a way to say what the users of tomorrow's technology expect from the technology created by industry and from their governments when it comes to a new digital world, where SSI is at the root of trust.
As we have presented these affirmations at prior IIW and since then to others - we can post a document in the session to get agreement on the affirmations in the UDDI.
This is a Call to Action for IIW to support our role as a convenor in this important area of human rights in cyberspace.
Query of nature of governance and role of programmers.
Who “makes” the law?
Declaration of human rights is helpful baseline on structure. Useful to get to point with universal framework.
Notion of universal rules: Notion of universality
What is nature of lawmaking.
Why should lawyers, politicians have a monopoly on lawmaking in area that don’t understand. People are making laws in action. From norms.
GO to where the justice fields are green – stateless areas. There is paradigm of need. Aiming at public international framework.
Where develop these new approaches to governance.
Universal declaration of human rights: Challenge is not what do online, but how take existing rights and move them online. Problem is 2 million years experience on physical experience, 10k years of legal experience, but only 10 years of digital personhood.
What is nature of harm and protection.
Consider legal algorithm: Harm, rights, duty, breach, causation, damages, liability, insurance
What is personhood onlie that can be equivalent of protection offline.
What is centricity of perspective: digital, human, propostional transparency and data controls. Semantic notice and control for people. Reduce scope of wormhole of law.
Reverse the transparency requirements. Organizations
Need protocol at time of interaciton
Interesting notion of putting onius on organizations to be transparent
What is governance?
What is legislation?
What is rulemaking?
Notice and consent is inversaion of power relationship by using existing rights
Notice and consent is pathway to inversation of power AND an artifact of power. The choreography is fixed..
Parts of universal document to cover human rights:
-
Legal document centered toward data
-
Technical translation of document – compliance with regulation – but difficult without standard implementatiokn.
-
Digital rights SDK – incorporate to softarre architecture
Can test compliance and standardize – data linked to representational entity.
Modules of Trust Frameworks
Disconnect of responsibility of programmers
Can link impact of action with responeiilituy.
Incorporat to educational pipeline.
Problem is not the data, it is the decision making process.
Need to start with harms that data can cause. Data processing is transformation of data. That is till point of decision of index harm.
Need to correlate tech with rights under taxonomy. Apply algorighms or indexes of harm.
When does a person become a person digitally? When data is exposed online or when they are first online? What is nature of that status?
Personhood – Certain amount of data points infers a person.
California law – is there opportunity to have trust framework law establish threshold for personhood.
In US reverse of EU, privacy is not default setting. Organizations tell you of risks before you engage. Consent by design. If backtrack. Trust framework is the culture itself. Want it extended digitally.
Technical versus non-technical issue: What is human readable and machine readable?
Semantic stack – ISO 2100 – has name for each person. Can map people to roles. Generic roles and stakeholders. What is missing is technical understanding of these. Purpose is not consistent across the stack. NO shared meaning across the stack.
Digital legal ontology extension to words. Might include in text to aid word search.
Revisit question on when do you become digital personhood.
We umnderstand physical person.
Legal person
What is digital personhood. Data online – is it a body. Is it physically me? What if not property, what is digial body – then look at rights framework. IF data is body, then rights frameworks If data is property then another set of rules.
Digital personhood as digital personhood.
Mary Rundle paper -on personhood.
Issue of nature of personhood. What is it, how defend it?
Need to know what it is before know how to defend it.
Data needs context to be valuable
Constitution protecting me, why not protect the data.
Query of nation states.
Nation states more human interst than corporations.
What is minimial set of data for a schema to be useful? Is this established in context.
Object identity and utility determine number of dat appoints.
Perhaps need digital eqjuialent of equity.
Query of what are standards of care?
Some say
I am my data
End remedy – control within bounded space
Rights by design
Reliance on systems.
Expectation of derisking. Technical standards. Unversality.
Standards.
Working on enotary system.
Links from chat: http://emoglen.law.columbia.edu/LIS/archive/privacy-legis/ISTPA-FrameworkWhitePaper013101.pdf
-
2011-10-25 Marc Davis on Digital Rights presented to "The Elders"
-
ISO/IEC 29100:2011 - Information technology — Security techniques — Privacy framework
-
At a Crossroads: Personhood and Digital Identity in the Information Society
-
Good Health Pass Ecosystem Trust Architecture: DIDs and X.509 Trust Registries with Ecosystem Governance Frameworks by Drummond Reed, Scott Perry, Darrell O’Donnell
Governance, Trust Registry, Ecosystem, Transitive Trust, Architecture
Presentation Deck: GHP Ecosystem Trust Architecture PDF
-
Proposed Trust Interoperability (Global) for the Good Health Pass (GHP) Ecosystem
-
Kaliya Young & Rebecca Distler - Working Group Co-Leads
-
Trust in the system - focus for today’s discussion.
-
Principles - https://www.goodhealthpass.org/wp-content/uploads/2021/02/Good-Health-Pass-Collaborative-Principles-Paper.pdf
-
Blueprint Outline - https://www.goodhealthpass.org/wp-content/uploads/2021/03/GHPC-Interoperability-Blueprint-Outline-v2.pdf
-
Global Problems inhibiting world travel. Many emerging instances of GHP related ecosystems. GHP establishing an umbrella for all GHP-compliant ecosystems.
-
Relying on the ToIP Trust stack as an architectural blueprint
-
Ecosystem Governance Framework is at the top of a governance and technical stack.
-
Some specific Ecosystems need to accommodate x.509 certificate and VC constructs.
-
ToIP Stack diagram is undergoing new changes - some new terminology being discussed at IIW.
-
Governance and Trust Framework terms are being used as synonyms but we conveyed that Governance Frameworks are over arching of subject Trust Frameworks.
-
GHP wll be a General Ecosystem Governance Framework. Overseeing Specific EGFs..
-
It is likely to have a GHP compliance but only on the lightweight tenets of interoperability.
-
We are introducing a trust registry infrastructure that works with all GHP-compliant ecosystems.
-
Issuers within an ecosystem will be included in a trust registry.
-
Each Ecosystem must publish its governance framework and make its trust registry available
-
All issuers need to be recognized by a governance framework and included in a trust registry
-
The second principle is that each specific EGF will identify its trust registry with a DID and specify its trust registry service endpoint(s) in its associated DID document
-
The third principle is that each VC issued under a specific EGF will identify its issuer with either:
-
a DID
-
a URI (for X.509 certificates)
-
The final principle is that each VC issued under a specific EGF will identify its type with a type URI. That field will be using common semantics.
-
With this architecture, all we need is a simple trust registry protocol to answer the question:
-
Is this issuer
-
authorized to issue this VC type
-
under this specific EGF?
-
GOOD - is a pass
-
BETTER - may be purpose-limited (“trivial” example -
Links from chat:
- Bart Suichies to Everyone : the eidas demo is here: https://essif.adaptivespace.io/
-
https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/deliverables not sure if this an open repo
-
https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary
- Drummond Reed to Everyone : See the anti-coercion section of the original ToIP RFC: https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0289-toip-stack/README.md
- Sterre den Breeijen to Everyone : https://blockchain.tno.nl/blog/verify-the-verifier-anti-coercion-by-design/ Blog on anti-coercion by my colleague Oskar van Deventer
- Bart Suichies to Everyone : @judith: https://gitlab.grnet.gr/essif-lab/infrastructure/fraunhofer/train_project_summary
- Darrell O'Donnell to Everyone : TRAIN - https://essif-lab.eu/essif-train-by-fraunhofer-gesellschaft/
- Drummond Reed to Everyone : Bart, I am totally on board with the human-readable element for GHP. Happy to chat more with you about that. There is a lot of focus on that in the Consistent User Experience drafting group
When it comes to identity management the involvement of the government can be a tricky topic. It needs to be involved to enable access to public services, adapt legislature and guarantee equal access for its citizens. However, it should not be able to control or monitor all aspects and activities of its citizens.
Self-sovereign identity is a promising technology to allow you to control your own data. However, to provide the true value of the technology, it is essential to establish governance framework for its operation.
- Trust Registries Webinar Continuum Loop
Questions started at about [46:30] – though some questions came earlier. We covered:
- “I don’t trust organizations and corporations” – where we point out the “decentralize the world” approach goes to far.
- Phoning home – (hint: no it doesn’t need to phone home)
- Where are Holders Authorized? (hint: Knowing if you can trust Bubba’s Wallet may be more important…)
- Canadian Digitial Identities are emerging – can startups leverage this?
- Explain the Role of Government in ecosystems.
- “Can a third party discover who I trust from a trust registry?”
- How will interoperability work between trust registries?
- Understand: A general framework for choosing which Layer 1 Utility and did method to utilise
- Compare: A comparison chart of all Layer 1 Utilities and identity overlay networks
- Comply: A guidance document for data protection and GDPR compliance
- Innovate: DeFi compliance on top of Layer 1 Utilities (Shyft, Notabene, Centre), payments for Verifiable Credentials (cheqd, Kilt, Velocity), overlay networks (did:ion, did:tz, did:orb), KERI and self-certifying identifiers, self-executable governance (to name a few!) are all Layer 1 Utility innovations on the horizon. Let us know what you’d like to see going forward and how we can build guidance and documentation around it!
- The Age of Optionality—and its costs Doc Searls
We plan to relieve some of that oblivity by having Shoshana lead the final salon in our Beyond the Web series at Indiana University’s Ostrom Workshop. To prepare for that, Joyce and I spoke with Shoshana for more than an hour and a half last night, and are excited about her optimism toward restoring the public commons and invigorating democracy in our still-new digital age.
I conclude: there is no consensus whatsoever :-) That may be because there such a large range of setups under that term today.
Have you noticed that pretty much all senior technologists that dismiss Web3 — usually in highly emotional terms – completely ignore that pretty much all the genuinely interesting innovations in the Web3 world are governance innovations?
- Game Governance Domains: a NFT Support Nightmare Habitat Chronicles
“I was working on an online trading-card game in the early days that had player-to-player card trades enabled through our servers. The vast majority of our customer support emails dealt with requests to reverse a trade because of some kind of trade scams. When I saw Hearthstone’s dust system, I realized it was genius; they probably cut their support costs by around 90% with that move alone.”
- FaceDAO: Self-sovereign Identity and the Blockchain CoinMarketCap
By having SSI in place for users, FaceDAO promises users total security of their data. For FaceDAO, self-sovereign identity on the blockchain implies an identity user’s own. It’s theirs. Only they can hold it on their accounts and only they can decide who gets to see it and what they get to see.
- Crossfunctionality Juan Caballero, Centre
Real progress is made by rich, cross-disciplinary teams and heterogeneous coalitions coming together to attack hard problems from every angle at once.
Self-Administration of human authority, possessed equally by all living Individuals who choose civil participation as a method of Governance derived "of, by, for" people, begins and ends with the structural accuracy of words, and their functional practices.
- Decentralized Ecosystem Governance: Better, More Effective, and More Robust than Trust Registries Indicio
Decentralized Ecosystem Governance makes verifying data an easy-to-play game of red light/green light. And, importantly, it decentralizes governance to the appropriate authorities.
- Trust Registries Tweetstorm Continuum Loop
We want to start a conversation on Trust Registries and get people thinking about how Trust Registries will help answer the hard questions an ecosystem needs to create a whole experience [tweetstorm]
- DAOs are not corporations: where decentralization in autonomous organizations matters Vitalik Buterin
Because DAOs do not have a sovereign above them, and are often explicitly in the business of providing services (like currency and arbitration) that are typically reserved for sovereigns, it is precisely the design of sovereigns (political science), and not the design of corporate governance, that DAOs have more to learn from.
- [Podcast] Are Trust Registries Vital to the Success of Decentralized Identity? Northern Block, with Darrell O’Donnell
- What are the differences between Verifiable Data Registries and Trust Registries?
- How can Trust Registries help establish the Authenticity of Data?
- Does placing too much Governance at the Verifiable Data Registry layer cause scaling issues?
- Why DNS can become an elegant Root of Trust solution to validate the authenticity of Credential Issuers.
- Who in the Trust Triangle benefits the most from Trust Registries
- Solving Governance in SSI Ecosystems with Trust Registries. Trust over IP Foundation
Learn the what and the why behind trust registries. In addition to discussing how trust registries solve governance in verifiable credential ecosystems, Tomislav demos the very first implementation of ToIP’s trust registry specification.