24 KiB
published |
---|
false |
Governance
- Data Unions, Banks, Coops, Fiduciaries etc – has their time come? by Johannes Ernst
Historical analogies: rural electrification, telecommunications, insurance
Examples for where such data coops would be useful:
- Sharing of environmental monitoring data among farmers, e.g. in the California central valley
- Shared backup infrastructure for individuals / families
- Collective bargaining with data brokers etc
Different data unions may focus on different things, just like different credit unions might have different investment priorities
Links from chat
I signed up this week for social.coop!
My use case is I want to operate https://twitter.com/permanentcpu as a coop :)
“The earliest mutual organization established in the British North American colonies was created in 1735 in Charleston, SC” https://en.wikipedia.org/wiki/History_of_cooperatives_in_the_United_States#18th_century
“The Philadelphia Contributionship mutual insurance company, founded by Benjamin Franklin in 1752, is the oldest continuing mutual insurance company in the continental United States. “
Coop says more about the governance (democracy + open membership) than the business model, IMO
A cooperative is defined as an autonomous association of persons united voluntarily to meet their common economic, social, and cultural needs and aspirations through a jointly-owned and democratically-controlled enterprise.
Good book of case studies on “Platform Cooperatives” https://www.orbooks.com/catalog/ours-to-hack-and-to-own/
Working through this now: more of a playbook https://elements.disco.coop/
This is the ‘exit to community’ co starting up in SF. https://www.understory.coop/
In 5 years, will the cloud service your’e renting be the same price or functionality or still exist?
Run https://github.com/colab-coop/coopernetes
Then run https://github.com/solid/community-server
(Or next cloud + https://github.com/pdsinterop/solid-nextcloud
-
SSI for Organizations: Who’s behind this DID? by Dominic Wörner, Christian Bormann, Michael Schäfer (video
-
Public profile - Machine-readable, cryptographially-verifiable imprint linked to a DID
a simple mechanism to provide public information concerning an entity by advertising a public profile service in the DID document of a public DID. A good analogy for this public identity information would be a machine-readable and cryptographically-verifiable imprint.
-
Trust Registry or Machine-Readable Governance? Indicio
Machine-readable governance is composed of elements that help to establish trust and enable interoperability: trusted participants, schemas (templates for structuring information in a credential), and rules and flows for presenting credentials and verifying them. Machine-readable governance can be hierarchical. Once a governance system is published, other organizations can adopt and then amend or extend the provided system.
Governance in decentralized identity is more akin to “technical rules and instructions.” This is highly disfluent in part because it is so extensive and in part because it relies on a new vocab that uses familiar words in unfamiliar ways. All of this creates disfluency to such a degree that it is unpleasant to contemplate and that unpleasantness is transferred onto the product.
This wouldn’t be a problem if we properly regarded technical governance as being in the realm of an instruction manual, which we know from UX research that most people don’t read. However, standards bodies and organizations like ToIP are driving governance as the key to implementing decentralized identity. Except… adoption of an early stage technology drives governance, not the other way around. Putting the cart before the horse is blocking adoption.
When we talk about governance, we should be using the language of values and the key value proposition: that it is putting the individual in control of their identity. That is the essence of decentralized identity governance; everything else goes in the instruction manual (which won’t be read, except by lawyers and engineers)
- Internet Governance - UDDI - Universal Declaration of Digital Identity by Jeff Aresty, Kristina Yasuda
Internet governance, human rights, digital identity, Identity for All, Guardianship
- Universal Declaration of Digital Identity 2020-08-20
The UDDI is a call to action to IIW, which we've said before, to adopt a set of universal principles which can be used now to bring Identity for All projects to fruition.
I want to frame the UDDI discussion in terms of what we did with Jean at the last IIW - our work on the UDDI is step toward the larger humanitarian vision of a Universal Declaration of Digital Rights, which is what he is working on.
We should present the Universal Declaration of Digital Identity as a way to say what the users of tomorrow's technology expect from the technology created by industry and from their governments when it comes to a new digital world, where SSI is at the root of trust.
As we have presented these affirmations at prior IIW and since then to others - we can post a document in the session to get agreement on the affirmations in the UDDI.
This is a Call to Action for IIW to support our role as a convenor in this important area of human rights in cyberspace.
Query of nature of governance and role of programmers.
Who “makes” the law?
Declaration of human rights is helpful baseline on structure. Useful to get to point with universal framework.
Notion of universal rules: Notion of universality
What is nature of lawmaking.
Why should lawyers, politicians have a monopoly on lawmaking in area that don’t understand. People are making laws in action. From norms.
GO to where the justice fields are green – stateless areas. There is paradigm of need. Aiming at public international framework.
Where develop these new approaches to governance.
Universal declaration of human rights: Challenge is not what do online, but how take existing rights and move them online. Problem is 2 million years experience on physical experience, 10k years of legal experience, but only 10 years of digital personhood.
What is nature of harm and protection.
Consider legal algorithm: Harm, rights, duty, breach, causation, damages, liability, insurance
What is personhood onlie that can be equivalent of protection offline.
What is centricity of perspective: digital, human, propostional transparency and data controls. Semantic notice and control for people. Reduce scope of wormhole of law.
Reverse the transparency requirements. Organizations
Need protocol at time of interaciton
Interesting notion of putting onius on organizations to be transparent
What is governance?
What is legislation?
What is rulemaking?
Notice and consent is inversaion of power relationship by using existing rights
Notice and consent is pathway to inversation of power AND an artifact of power. The choreography is fixed..
Parts of universal document to cover human rights:
-
Legal document centered toward data
-
Technical translation of document – compliance with regulation – but difficult without standard implementatiokn.
-
Digital rights SDK – incorporate to softarre architecture
Can test compliance and standardize – data linked to representational entity.
Modules of Trust Frameworks
Disconnect of responsibility of programmers
Can link impact of action with responeiilituy.
Incorporat to educational pipeline.
Problem is not the data, it is the decision making process.
Need to start with harms that data can cause. Data processing is transformation of data. That is till point of decision of index harm.
Need to correlate tech with rights under taxonomy. Apply algorighms or indexes of harm.
When does a person become a person digitally? When data is exposed online or when they are first online? What is nature of that status?
Personhood – Certain amount of data points infers a person.
California law – is there opportunity to have trust framework law establish threshold for personhood.
In US reverse of EU, privacy is not default setting. Organizations tell you of risks before you engage. Consent by design. If backtrack. Trust framework is the culture itself. Want it extended digitally.
Technical versus non-technical issue: What is human readable and machine readable?
Semantic stack – ISO 2100 – has name for each person. Can map people to roles. Generic roles and stakeholders. What is missing is technical understanding of these. Purpose is not consistent across the stack. NO shared meaning across the stack.
Digital legal ontology extension to words. Might include in text to aid word search.
Revisit question on when do you become digital personhood.
We umnderstand physical person.
Legal person
What is digital personhood. Data online – is it a body. Is it physically me? What if not property, what is digial body – then look at rights framework. IF data is body, then rights frameworks If data is property then another set of rules.
Digital personhood as digital personhood.
Mary Rundle paper -on personhood.
Issue of nature of personhood. What is it, how defend it?
Need to know what it is before know how to defend it.
Data needs context to be valuable
Constitution protecting me, why not protect the data.
Query of nation states.
Nation states more human interst than corporations.
What is minimial set of data for a schema to be useful? Is this established in context.
Object identity and utility determine number of dat appoints.
Perhaps need digital eqjuialent of equity.
Query of what are standards of care?
Some say
I am my data
End remedy – control within bounded space
Rights by design
Reliance on systems.
Expectation of derisking. Technical standards. Unversality.
Standards.
Working on enotary system.
Links from chat: http://emoglen.law.columbia.edu/LIS/archive/privacy-legis/ISTPA-FrameworkWhitePaper013101.pdf
-
2011-10-25 Marc Davis on Digital Rights presented to "The Elders"
-
At a Crossroads: Personhood and Digital Identity in the Information Society
-
Self-sovereign identity: Legal compliance and the involvement of governments SSI Ambassador
When it comes to identity management the involvement of the government can be a tricky topic. It needs to be involved to enable access to public services, adapt legislature and guarantee equal access for its citizens. However, it should not be able to control or monitor all aspects and activities of its citizens.
Self-sovereign identity is a promising technology to allow you to control your own data. However, to provide the true value of the technology, it is essential to establish governance framework for its operation.
- Trust Registries Webinar Continuum Loop
Questions started at about [46:30] – though some questions came earlier. We covered:
- “I don’t trust organizations and corporations” – where we point out the “decentralize the world” approach goes to far.
- Phoning home – (hint: no it doesn’t need to phone home)
- Where are Holders Authorized? (hint: Knowing if you can trust Bubba’s Wallet may be more important…)
- Canadian Digitial Identities are emerging – can startups leverage this?
- Explain the Role of Government in ecosystems.
- “Can a third party discover who I trust from a trust registry?”
- How will interoperability work between trust registries?
- LAYER 1 UTILITIES: AN UNDERGROUND NETWORK CONNECTING ALL SSI ECOSYSTEMS Trust Over IP 2022-03-04
- Understand: A general framework for choosing which Layer 1 Utility and did method to utilise
- Compare: A comparison chart of all Layer 1 Utilities and identity overlay networks
- Comply: A guidance document for data protection and GDPR compliance
- Innovate: DeFi compliance on top of Layer 1 Utilities (Shyft, Notabene, Centre), payments for Verifiable Credentials (cheqd, Kilt, Velocity), overlay networks (did:ion, did:tz, did:orb), KERI and self-certifying identifiers, self-executable governance (to name a few!) are all Layer 1 Utility innovations on the horizon. Let us know what you’d like to see going forward and how we can build guidance and documentation around it!
- The Age of Optionality—and its costs Doc Searls 2022-04-02
We plan to relieve some of that oblivity by having Shoshana lead the final salon in our Beyond the Web series at Indiana University’s Ostrom Workshop. To prepare for that, Joyce and I spoke with Shoshana for more than an hour and a half last night, and are excited about her optimism toward restoring the public commons and invigorating democracy in our still-new digital age.
I conclude: there is no consensus whatsoever :-) That may be because there such a large range of setups under that term today.
Have you noticed that pretty much all senior technologists that dismiss Web3 — usually in highly emotional terms – completely ignore that pretty much all the genuinely interesting innovations in the Web3 world are governance innovations?
- FaceDAO: Self-sovereign Identity and the Blockchain CoinMarketCap
By having SSI in place for users, FaceDAO promises users total security of their data. For FaceDAO, self-sovereign identity on the blockchain implies an identity user’s own. It’s theirs. Only they can hold it on their accounts and only they can decide who gets to see it and what they get to see.
- Crossfunctionality Juan Caballero, Centre
Real progress is made by rich, cross-disciplinary teams and heterogeneous coalitions coming together to attack hard problems from every angle at once.
Self-Administration of human authority, possessed equally by all living Individuals who choose civil participation as a method of Governance derived "of, by, for" people, begins and ends with the structural accuracy of words, and their functional practices.
- Decentralized Ecosystem Governance: Better, More Effective, and More Robust than Trust Registries Indicio
Decentralized Ecosystem Governance makes verifying data an easy-to-play game of red light/green light. And, importantly, it decentralizes governance to the appropriate authorities.
- Trust Registries Tweetstorm Continuum Loop
We want to start a conversation on Trust Registries and get people thinking about how Trust Registries will help answer the hard questions an ecosystem needs to create a whole experience [tweetstorm]
- DAOs are not corporations: where decentralization in autonomous organizations matters Vitalik Buterin 2022-09-20
Because DAOs do not have a sovereign above them, and are often explicitly in the business of providing services (like currency and arbitration) that are typically reserved for sovereigns, it is precisely the design of sovereigns (political science), and not the design of corporate governance, that DAOs have more to learn from.
- [Podcast] Are Trust Registries Vital to the Success of Decentralized Identity? Northern Block, with Darrell O’Donnell
- What are the differences between Verifiable Data Registries and Trust Registries?
- How can Trust Registries help establish the Authenticity of Data?
- Does placing too much Governance at the Verifiable Data Registry layer cause scaling issues?
- Why DNS can become an elegant Root of Trust solution to validate the authenticity of Credential Issuers.
- Who in the Trust Triangle benefits the most from Trust Registries
- Solving Governance in SSI Ecosystems with Trust Registries. Trust over IP Foundation
Learn the what and the why behind trust registries. In addition to discussing how trust registries solve governance in verifiable credential ecosystems, Tomislav demos the very first implementation of ToIP’s trust registry specification.
- Trust Assurance in SSI / Verifiable Credential Ecosystems by Scott Perry
The meeting started with a presentation of an updated representation of a trust assurance model being promoted by the Trust over IP Foundation’s Governance Stack Working Group.
Given the audience of 8-10 people, we polled the reasons for attending a topic on Trust Assurance and discussed a few gnarly challenges in the space:
- An owner of a background check company conveyed challenges with complying with a myriad of governance authority frameworks audited by a myriad of qualified/unqualified auditors looking at a myriad of evidence to render a judgement
- The addition of privacy controls (notice and consent) to augment existing marketplace controls due to the specific need in SSI networks: https://kantarainitiative.org/confluence/display/WA/Privacy+as+Expected%3A+UI+Signalling+a+Consent+Gateway+For+Human+Consent
- A discussion of the China Civil Code: https://www.dlapiper.com/en/uk/insights/publications/2020/06/new-chinese-civil-code-introduces-greater-protection-of-privacy-rights-and-personal-information/
- A need for a civilian clearance credential.
- Is the verifiable credential trust triangle incomplete? by Riley Hughes
VC marketplace project at DIF is talking about a reputation system for issuers, using VCs
We need to agree on:
- Machine-readable document (governance framework)
- URI for a governance framework that we need to agree on