2021-12-07 Aries Summit Session

Summary:

Credential UX part 2
- Auto-approval of presentation requests (e.g.: trusted verifier, trusted preset, etc ...)
- Revocation implications for Mobile
- Consequences of Machine Readable Governance on UX

Note: This call was recorded and the recording and chat transcript are at the bottom of the page.

Date

07 Dec 2021 (7AM-9AM Los Angeles)

	Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct.

Anti-Trust Policy:

Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.

Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

Dial-in link

https://us02web.zoom.us/my/telegramsam (updated!)

Attendees

Sam Curren <sam@indicio.tech>
Jason Leach (BC Gov) <jason.leach@fullboar.ca>
Stephen Curran (Cloud Compass Computing Inc.) <swcurran@cloudcompass.ca>

Welcome / Introductions

Focus

Credential UX part 2

Discussion Topics

Report on OCA:
- https://github.com/hyperledger/aries-mobile-agent-react-native/issues/164
Auto-approval of presentation requests (e.g.: trusted verifier, trusted preset, etc ...)
- auto-approval of presentations can be risky (check box to auto-approve that verifier in the future.)
  - presentation for login - some other user could login on a computer, and your phone auto approves.
- bulk-approval
  - one time bulk approval
  - present series of proofs with one user action to approve.
    - automate multiple presentations.
    - Aries RFC PRs:
      - Presentations (merged): PR, current RFC 454 (note: not part of AIP 2.0)
      - Issuing multiple credentials (not merged PR): https://github.com/hyperledger/aries-rfcs/pull/692
- policy-approval
  - guardianship
  - biometric unlock allows policy approvals.
  - context matters
    - Location, for example – e.g. for entry into a building – but likely still needs a manual trigger - e.g. biometric
  - How to get there: Do it manually first and then look for automation opportunities to make the policies crisp
  - Careful:
    - Have to watch for anti-patterns (e.g. a login with no human interaction).
    - Watching for the security vs. convenience trade-off.
    - Making sure that the SSI principles are followed – control is with the user.
    - A wallet is an agent – acts on behalf of the USER – fiduciary responsibility
- Actions:
  - Need bulk presentation request (Present Proof) (mostly done, see above)
  - Policy to recommend bulk actions
Consequences of Machine Readable Governance on UX
Revocation implications for Mobile

Action items

Call Recording

	File	Modified

Page tree