You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »


Agenda

Attendees

Vipin Bharathan
dlt.nycvip@dlt.nyc
Kelly CooperIndependentkellycooper.2ds@gmail.com
Ajay JadhavAyanWorksajay@ayanworks.com
Gowri

Marvin Berstecheresatus AGm.berstecher@esatus.com
Nitin

Santanu Mukherjee

Sumit Kumar

Todd Gehrke

Kaliya Young

Meeting Minutes:

Introductions

Implementer Call: Projects, Groups, and SIG report out on Identity-related topics. Shared Identity paper.

Identity paper: Moving to GitHub. Identify specific changes other than 'this doesn't look good'. Need details. Repo is created. Maintainers needed. If not maintainer, please comment if you have a GitHub user ID. Otherwise, please send comments to maintainers. There are unresolved issues on the paper. We need to make a conscious effort to address areas, particularly, PII on the blockchain (deprecated) and tension between people with current or new solutions which may not be in production yet. One aspect to debate is ideas such as Aadgaar. The tension needs to be addressed in the paper, ie privacy is a basic right. Aadgaar has billions. We have many systems that handle identity. How do we progressively go toward a better system, in the blockchain world and elsewhere? 

Kayila: Need to separate out some concerns. One is it's widely accepted practice for local authorities to issue birth certificates, and that ends up being the basis for other documents states issue to citizens, such as identity cards and passports. India created such an identity system. Aadgaar and Singapore systems see everywhere a person uses that identity. 'Phone home' architectures cause issues; yes there's a role for governments to authenticate things such as births. Does that mean the 'state' should be an identity provider? No, in government or with companies (Google). People should be able to act without authoritative sources knowing. 

Vipin: Lack of large-scale identity providers opens up for Google, Facebook, etc. to step in as a commercial interest. Caused tremendous problems. SSI is the answer because when you present credentials, do not need to notify the issuer of that presentation. 

Nitin: India is complex, difficult to compare a western country to India. Aadgaar addresses a major use case the Supreme Court upheld is government benefits. There is a widescale PDS (public description system) for food; one of the biggest sufferings is people living below the poverty line. Once they move from villages to cities, they do not have those benefits. 

Vipin: No one is questioning the usefulness of Aadgaar.

Kayila: Spent seven weeks in India to understand Aadgaar. A good system for India's current stage of development, ten years ago when developed, good decisions. If the centralization model continues into the future, it doesn't necessarily align with what I understand to be the values of the world's largest democracy. Not about critiquing the past.

Nitin: Agree, needs to go toward decentralization. But Identity needs to be derived from Aadgaar. Then, can use a new focus to utilize. For a new model, it needs to come out of government control. Supreme Court is looking at usage and public benefit. The evolution of decentralization has been restricted and this is the model that has to change.

Vipin: Not roses in the U.S. either; companies like Google and FB have tremendous centralization of issuance architecture. OpenID Connect....

Kayila: A frame may be to talk about the centralized systems and to not frame it as 'there's an issue with centralized identity models, state-issued or commercial'. This is what's happening in the world today, either one isn't great. They're not good for people that there's a limited choice in who I trust to manage my identity.

Vipin: How do we get to where we want to get to?

Ajay: Whether Aadgaar tracks identities.. if a citizen presents it is tracked. 

Nitin: Doesn't track.. use case is not tracked. But still, there is a centralized audit.

Kayila: Each terminal that authentication happens has an identifier.

Nitin: Each location is tracked but not at the ID level. Earlier there were coordinates, no longer. Restricted tracking. A possibility you can correlate. 

Ajay: Uses - offline Aadgaar XML available for every citizen (on website). Can get 'my' data for my wallet. Self-attested. Aadgaar based authentication. Credential in my mobile is created offline with this XML tool. Once the credential is in my wallet, I can prove to a relaying party, this is my identity. 

Nitin: to Kayila - struggle, if we create anonymous identity, perhaps via Aadgaar. At a point of service, I can't present myself as me.

Kayila: No one talked about anonymous anything. Confusion. One of the SSIs proposed the capacity, if one chooses, to have derived subattributes (over 18, resident of district x) ZPK work in sovereign Hyperledger Indy ecosystem. If we want to have a conversation about the past, how can we get from where we are not to a cool future, States that currently, issue credentials shift to issuing verifiable credentials into people's wallets. Then people use that credential for whatever they want, in a decentralized world.

Vipin: Consider paper driver's license. Phone home is only when there is an issue such as pulled over by police, but not with a merchant. Different levels of access. How can we have something similar in a digital context?

Nitin: India has digital locker, DigiLocker

Kayila: It's not decentralized. 




Ajay and Vipin had a recent conversation on Consent.

  • No labels