decentralized-id.github.io/_posts/identosphere-dump/educational-resources/governance.md
2022-11-27 02:36:25 -05:00

31 KiB
Raw Blame History

published
false

Governance

Historical analogies: rural electrification, telecommunications, insurance

Examples for where such data coops would be useful:

  • Sharing of environmental monitoring data among farmers, e.g. in the California central valley
  • Shared backup infrastructure for individuals / families
  • Collective bargaining with data brokers etc

Different data unions may focus on different things, just like different credit unions might have different investment priorities

Links from chat

I signed up this week for social.coop!

My use case is I want to operate https://twitter.com/permanentcpu as a coop :)

“The earliest mutual organization established in the British North American colonies was created in 1735 in Charleston, SC” https://en.wikipedia.org/wiki/History_of_cooperatives_in_the_United_States#18th_century

“The Philadelphia Contributionship mutual insurance company, founded by Benjamin Franklin in 1752, is the oldest continuing mutual insurance company in the continental United States. “

Coop says more about the governance (democracy + open membership) than the business model, IMO

A cooperative is defined as an autonomous association of persons united voluntarily to meet their common economic, social, and cultural needs and aspirations through a jointly-owned and democratically-controlled enterprise.

Good book of case studies on “Platform Cooperatives” https://www.orbooks.com/catalog/ours-to-hack-and-to-own/

Working through this now: more of a playbook https://elements.disco.coop/

This is the exit to community co starting up in SF. https://www.understory.coop/

In 5 years, will the cloud service youre renting be the same price or functionality or still exist?

Run https://github.com/colab-coop/coopernetes

Then run https://github.com/solid/community-server

(Or next cloud + https://github.com/pdsinterop/solid-nextcloud

a simple mechanism to provide public information concerning an entity by advertising a public profile service in the DID document of a public DID. A good analogy for this public identity information would be a machine-readable and cryptographically-verifiable imprint.

Join the discussion: https://chat.hyperledger.org/channel/business-partner-agent

There was some discussion about the way to present such a profile, especially the way it is currently implemented as an endpoint in the did document pointing to a https ressource (json-ld document served using normal https).

One alternative, to create a DIDcomm-based protocol for public profile was discussed and would be a good alternative at the cost of every client having to be able to speak DIDcomm.

  • Trust Registry or Machine-Readable Governance? Indicio

    Machine-readable governance is composed of elements that help to establish trust and enable interoperability: trusted participants, schemas (templates for structuring information in a credential), and rules and flows for presenting credentials and verifying them. Machine-readable governance can be hierarchical. Once a governance system is published, other organizations can adopt and then amend or extend the provided system.

  • Battle of the Trust Frameworks with Tim Bouma & Darrell ODonnell Northern Block
  1. Levels of Assurance (LOA): an introduction to LOAs as they relate to Digital Identity and why theyre an important part of the recipe in achieving digital trust. Tim and Darrell give us some practical examples of LOAs.
  2. The Concept of Trust: how do we define trust at a high-level and how do we differentiate between technical and human trust? How can we build trust with credential issuers but also with credential holders?
  3. The World of Trust Frameworks: what are trust frameworks and what are different types of frameworks being deployed in both the public and private sectors? How are organizations trying to monetize trust frameworks? Whats going right, and whats going wrong with the way trust frameworks are being implemented?
  4. The Importance of Open Source for Trust Creation: why is open source important for achieving digital sovereignty? Is open source the only way to improve transparency, flexibility and accountability?

Following the September announcement of its first tools for managing risk in digital trust ecosystems, today the ToIP Foundation announced three more pairs of tools to assist in the task of generating digital governance and trust assurance schemes

Three stages have been identified as necessities to accomplish the development of this system before opening it further beyond the pan-African worldwide community. The three stages are defined by systems that allow for biometric/demographic registration (stage 1), interoperability and security hardening (stage 2), and biometric modality data analysis/organization/association (stage 3).

Governance in decentralized identity is more akin to “technical rules and instructions.” This is highly disfluent in part because it is so extensive and in part because it relies on a new vocab that uses familiar words in unfamiliar ways. All of this creates disfluency to such a degree that it is unpleasant to contemplate and that unpleasantness is transferred onto the product.

This wouldnt be a problem if we properly regarded technical governance as being in the realm of an instruction manual, which we know from UX research that most people dont read. However, standards bodies and organizations like ToIP are driving governance as the key to implementing decentralized identity. Except… adoption of an early stage technology drives governance, not the other way around. Putting the cart before the horse is blocking adoption.

When we talk about governance, we should be using the language of values and the key value proposition: that it is putting the individual in control of their identity. That is the essence of decentralized identity governance; everything else goes in the instruction manual (which wont be read, except by lawyers and engineers)

Internet governance, human rights, digital identity, Identity for All, Guardianship

The UDDI is a call to action to IIW, which we've said before, to adopt a set of universal principles which can be used now to bring  Identity for All  projects to fruition.

I want to frame the UDDI discussion in terms of what we did with Jean at the last IIW -  our work on the UDDI is step toward the larger humanitarian vision of a Universal Declaration of Digital Rights, which is what he is working on.

We should present the Universal Declaration of Digital Identity as a way to say what the users of tomorrow's technology expect from the technology created by industry and from their governments when it comes to a new digital world, where SSI is at the root of trust.

As we have presented these affirmations at prior IIW and since then to others - we can post a document in the session to get agreement on the affirmations in the UDDI.

This is a Call to Action for IIW to support our role as a convenor in this important area of human rights in cyberspace.

Query of nature of governance and role of programmers.

Who “makes” the law?

Declaration of human rights is helpful baseline on structure. Useful to get to point with universal framework.

Notion of universal rules: Notion of universality

What is nature of lawmaking.

Why should lawyers, politicians have a monopoly on lawmaking in area that dont understand. People are making laws in action. From norms.

GO to where the justice fields are green stateless areas. There is paradigm of need. Aiming at public international framework.

Where develop these new approaches to governance.

Universal declaration of human rights: Challenge is not what do online, but how take existing rights and move them online. Problem is 2 million years experience on physical experience, 10k years of legal experience, but only 10 years of digital personhood.

What is nature of harm and protection.

Consider legal algorithm: Harm, rights, duty, breach, causation, damages, liability, insurance

What is personhood onlie that can be equivalent of protection offline.

What is centricity of perspective: digital, human, propostional transparency and data controls. Semantic notice and control for people. Reduce scope of wormhole of law.

Reverse the transparency requirements. Organizations

Need protocol at time of interaciton

Interesting notion of putting onius on organizations to be transparent

What is governance?

What is legislation?

What is rulemaking?

Notice and consent is inversaion of power relationship by using existing rights

Notice and consent is pathway to inversation of power AND an artifact of power. The choreography is fixed..

Parts of universal document to cover human rights:

  1. Legal document centered toward data

  2. Technical translation of document compliance with regulation but difficult without standard implementatiokn.

  3. Digital rights SDK incorporate to softarre architecture

Can test compliance and standardize data linked to representational entity.

Modules of Trust Frameworks

Disconnect of responsibility of programmers

Can link impact of action with responeiilituy.

Incorporat to educational pipeline.

Problem is not the data, it is the decision making process.

Need to start with harms that data can cause. Data processing is transformation of data. That is till point of decision of index harm.

Need to correlate tech with rights under taxonomy. Apply algorighms or indexes of harm.

When does a person become a person digitally? When data is exposed online or when they are first online? What is nature of that status?

Personhood Certain amount of data points infers a person.

California law is there opportunity to have trust framework law establish threshold for personhood.

In US reverse of EU, privacy is not default setting. Organizations tell you of risks before you engage. Consent by design. If backtrack. Trust framework is the culture itself. Want it extended digitally.

Technical versus non-technical issue: What is human readable and machine readable?

Semantic stack ISO 2100 has name for each person. Can map people to roles. Generic roles and stakeholders. What is missing is technical understanding of these. Purpose is not consistent across the stack. NO shared meaning across the stack.

Digital legal ontology extension to words. Might include in text to aid word search.

Revisit question on when do you become digital personhood.

We umnderstand physical person.

Legal person

What is digital personhood. Data online is it a body. Is it physically me? What if not property, what is digial body then look at rights framework. IF data is body, then rights frameworks If data is property then another set of rules.

Digital personhood as digital personhood.

Mary Rundle paper -on personhood.

Issue of nature of personhood. What is it, how defend it?

Need to know what it is before know how to defend it.

Data needs context to be valuable

Constitution protecting me, why not protect the data.

Query of nation states.

Nation states more human interst than corporations.

What is minimial set of data for a schema to be useful? Is this established in context.

Object identity and utility determine number of dat appoints.

Perhaps need digital eqjuialent of equity.

Query of what are standards of care?

Some say

I am my data

End remedy control within bounded space

Rights by design

Reliance on systems.

Expectation of derisking. Technical standards. Unversality.

Standards.

Working on enotary system.

Links from chat: http://emoglen.law.columbia.edu/LIS/archive/privacy-legis/ISTPA-FrameworkWhitePaper013101.pdf

Governance, Trust Registry, Ecosystem, Transitive Trust, Architecture

Presentation Deck: GHP Ecosystem Trust Architecture PDF

  • Proposed Trust Interoperability (Global) for the Good Health Pass (GHP) Ecosystem

  • Kaliya Young & Rebecca Distler - Working Group Co-Leads

  • Trust in the system - focus for todays discussion.

  • Principles - https://www.goodhealthpass.org/wp-content/uploads/2021/02/Good-Health-Pass-Collaborative-Principles-Paper.pdf

  • Blueprint Outline - https://www.goodhealthpass.org/wp-content/uploads/2021/03/GHPC-Interoperability-Blueprint-Outline-v2.pdf

  • Global Problems inhibiting world travel. Many emerging instances of GHP related ecosystems. GHP establishing an umbrella for all GHP-compliant ecosystems.

  • Relying on the ToIP Trust stack as an architectural blueprint

  • Ecosystem Governance Framework is at the top of a governance and technical stack.

  • Some specific Ecosystems need to accommodate x.509 certificate and VC constructs.

  • ToIP Stack diagram is undergoing new changes - some new terminology being discussed at IIW.

  • Governance and Trust Framework terms are being used as synonyms but we conveyed that Governance Frameworks are over arching of subject Trust Frameworks.

  • GHP wll be a General Ecosystem Governance Framework. Overseeing Specific EGFs..

  • It is likely to have a GHP compliance but only on the lightweight tenets of interoperability.

  • We are introducing a trust registry infrastructure that works with all GHP-compliant ecosystems.

  • Issuers within an ecosystem will be included in a trust registry.

  • Each Ecosystem must publish its governance framework and make its trust registry available

  • All issuers need to be recognized by a governance framework and included in a trust registry

  • The second principle is that each specific EGF will identify its trust registry with a DID and specify its trust registry service endpoint(s) in its associated DID document

  • The third principle is that each VC issued under a specific EGF will identify its issuer with either:

  • a DID

  • a URI (for X.509 certificates)

  • The final principle is that each VC issued under a specific EGF will identify its type with a type URI. That field will be using common semantics.

  • With this architecture, all we need is a simple trust registry protocol to answer the question:

  • Is this issuer

  • authorized to issue this VC type

  • under this specific EGF?

  • GOOD - is a pass

  • BETTER - may be purpose-limited (“trivial” example -

Links from chat:

When it comes to identity management the involvement of the government can be a tricky topic. It needs to be involved to enable access to public services, adapt legislature and guarantee equal access for its citizens. However, it should not be able to control or monitor all aspects and activities of its citizens.

Self-sovereign identity is a promising technology to allow you to control your own data. However, to provide the true value of the technology, it is essential to establish governance framework for its operation.

Questions started at about [46:30]  – though some questions came earlier. We covered:

  • “I dont trust organizations and corporations” where we point out the “decentralize the world” approach goes to far.
  • Phoning home (hint: no it doesnt need to phone home)
  • Where are Holders Authorized? (hint: Knowing if you can trust Bubbas Wallet may be more important…)
  • Canadian Digitial Identities are emerging can startups leverage this?
  • Explain the Role of Government in ecosystems.
  • “Can a third party discover who I trust from a trust registry?”
  • How will interoperability work between trust registries?

We plan to relieve some of that oblivity by having Shoshana lead the final salon in our Beyond the Web series at Indiana Universitys Ostrom Workshop. To prepare for that, Joyce and I spoke with Shoshana for more than an hour and a half last night, and are excited about her optimism toward restoring the public commons and invigorating democracy in our still-new digital age.

I conclude: there is no consensus whatsoever :-) That may be because there such a large range of setups under that term today.

Have you noticed that pretty much all senior technologists that dismiss Web3 — usually in highly emotional terms completely ignore that pretty much all the genuinely interesting innovations in the Web3 world are governance innovations?

“I was working on an online trading-card game in the early days that had player-to-player card trades enabled through our servers. The vast majority of our customer support emails dealt with requests to reverse a trade because of some kind of trade scams. When I saw Hearthstones dust system, I realized it was genius; they probably cut their support costs by around 90% with that move alone.”

By having SSI in place for users, FaceDAO promises users total security of their data. For FaceDAO, self-sovereign identity on the blockchain implies an identity users own. Its theirs. Only they can hold it on their accounts and only they can decide who gets to see it and what they get to see.

Real progress is made by rich, cross-disciplinary teams and heterogeneous coalitions coming together to attack hard problems from every angle at once.

Self-Administration of human authority, possessed equally by all living Individuals who choose civil participation as a method of Governance derived "of, by, for" people, begins and ends with the structural accuracy of words, and their functional practices.

Decentralized Ecosystem Governance makes verifying data an easy-to-play game of red light/green light. And, importantly, it decentralizes governance to the appropriate authorities.

We want to start a conversation on Trust Registries and get people thinking about how Trust Registries will help answer the hard questions an ecosystem needs to create a whole experience [tweetstorm]

Because DAOs do not have a sovereign above them, and are often explicitly in the business of providing services (like currency and arbitration) that are typically reserved for sovereigns, it is precisely the design of sovereigns (political science), and not the design of corporate governance, that DAOs have more to learn from.

  • What are the differences between Verifiable Data Registries and Trust Registries?
  • How can Trust Registries help establish the Authenticity of Data?
  • Does placing too much Governance at the Verifiable Data Registry layer cause scaling issues?
  • Why DNS can become an elegant Root of Trust solution to validate the authenticity of Credential Issuers.
  • Who in the Trust Triangle benefits the most from Trust Registries

Learn the what and the why behind trust registries.  In addition to discussing how trust registries solve governance in verifiable credential ecosystems, Tomislav demos the very first implementation of ToIPs trust registry specification.