Wifi stuck on validating identity

slide 13 Anyone can make any claim about anything... We're building up modules, understanding different components that are available - different places that they might be useful. co-chair of W3C Credentials CG - also DIF Steering Committee. truly self-sovereign identifiers, I create them, no one can take them away from me. In other cases, private/permissioned blockchain, those enable different properties - for example Guardian models... some depend on properties of the blockchain itself... part of value is that each DID method and how you perform its operations... we say if you are a lawyer, doctor, nurse, accountant, etc. in doing that you quickly come up against lots of issues about identity ... while Amalga was meant to extract data about patients from electronic medical systems as well as from real time feeds ... that is story and the state of affairs as of 2016 ... I recorded every conversation because everyone spoke in acronyms and numbers ... other side were LDAP guys yelling at each other ... and every year they would carve out time for me to talk to them ...

Slides are here -- https://docs.google.com/presentation/d/1BX8r1Koxv JSQIX3Pt AOz Oawirw BYyze9Qly Ia Ab BRr M/edit Hi, I'm Kim, CTO of Learning Machine - work in educational credentials... It's a new type of URl that is globally unique, highly available, presistent, cryptographically verifiable, and doesn't require a centralized admin. In education use cases, we want the recipient of a credential to be identified using a DID. prove that you control it, no central admin can take it away from you. Each DID Method must specify a set of mechanisms - Create, Read, Update, Delete (aka revoke) One critical part - DIDs resolve to DID Documents - we have a Veres One identifier here - document it resolves to - contains authentication mechanisms, public key material, services... markus_sabadello is goign to talk about that next... depending on registry authentication, you can start using that now... There are different resolvers - which methods support they support is up to each resolver... we have a whole set of laws, each of which created self-regulating bodies ... to have a single view of everything about the patient ... Amalga had origins in system done at George Washington School of Medicine and Life Sciences ... I created for them an inference system to assemble IDs into a single individual ... I went to conference in Philadephia; sessions on X509 ... then I heard talk about directories and Pam stood up and said 'you're full of it' ... All these big companies dictated the reference architecture that the Burton Group would build ...

it all hinged on the DIDs, Verifiable Credentials and have a process to capture the information and the proof ... to claim differential rate; they would supply a pallet worth of documentation ... regulations require signatures of taking custody ...

We have a spec, we're tryign to wrap up ZKP and JWT support... Looking at clusters of information; does that org exists and is it an importer ...

had to figure out how to make a legal, compliant distributed ledger that improves the supply chain ... with distributed ledger we could identity products coming in, the provenance ... supply chain side, we could get supplier into the front end ... we added to transaction that crossed border, ID who owned, who is responsible, so then US Customs could ask questions on it ... we were able to take advantage of the distributed ledger to make these claims ...

This is saying we're using the BTCR method spec, run it through the universal resolver, produces a DID Document. identifier tells you which block, which transaction, to find the transaction in. Resolver knows, per method spec, how to get information, how to return this thing. so, DID Document has keys, authentication, services, signatures, timestamps. There doesn't seem to be cross-blockchain interop... including keys that are compatible with say a different blockchain w/ different proof formats, PGP keys in there, information that lets you allow you to leverage FIDO. There are things like sigma proofs, ZKPs, private keys in one curve equivalent to private keys in antoehr group... you don't want to use something on a blockchain that can't be rewritten... Slides -- https://docs.google.com/presentation/d/1TSMW5hckaaaybp V9OVe Nb WO1QE_Os MP3Pc3Gov Afvjw/edit Hi, working in CCG and DIF, and Sovrin... important, web page uses DID Resolver to find DID, then find public key, then verify that the signature on the authentication was signed correctly. I cannot speak on behalf of the gov't or other gov'ts but happy to bring my perspectives as a government guy ... In Canada, gov't can mean many things; different levels, peoples We are small, 4 million, but we operate across a great number of areas [reads slides] ... from and identity perspective, we operate at the base ... we leverage two things; the popularity of driving ... we created a drivers license and health care card combined ... no personal information other than the chip number ... authentication tech can become a party to all of the transactions that unfold; we don't think that should happen that way ... when we make our tech dependent upon others, they feel they are forced to adopt something; gets us on the wrong side ... every transaction can be spin through account recovery ... we would not know how our own unique approach would scale ... but if tied to benefits, then it's another story [slide 8] ... we are looking for an architecture that would operate more like real world ... often those are privately owned; have you run into arrangements with private infrastructure that will be more reliable? services different in other contexts, but any analogies used for critical infrastructure that could be used reliability for gov't you are unique in that you have an ecosystem adopt your services ... but you could not do this for Marines was a standing joke ... so the lede of my story was 'if you want to go to hell, talk about multiple forests' ...

that document can contain other key material from other places... Keep questions and comments coming throughout two days here... This is one example for u Port - web page - mobile app authentication... With a mobile app, private key corresponding to DID, I can provide response to QRCode - post it back to web page... I am with the gov't of BC; I don't view myself representing a vertical, but a government ... so a lot going on in our world for identity information We have a legacy system ... we invented a BC services card and a provincial identity management info program ... we don't own, control or have accountability over that ... not clear to us what happens when things are lost, account recovery process is difficult ... our small province cannot defend against the threat model ... You don't interact with gov't as much as other entities ... no one has mounted an argument about your traffic ticket ... Afganistan had 1200 operational aircraft that knows how to broadcast communications ...

There are a couple of different issues here - DID authenticates DID DOcument, strongly make claim about DID Document... Using a DID Resolver to authenticate - you have DID, you have key material associated with that... not about proving we're over the age of XYZ, we just prove that we have control over a DID. We worked on a paper around Rebooting the Web of Trust... If you have public key information, you can know that anyone that has private key is authenticated. We tried to analyze this stuff - different scenarios / different flows - there are many, so DID Auth isn't just one thing... just because someone asks for a VC or other things, doens't mean I have to give it to them/comply... Where do you see DID and DID Auth fit into the larger picture... I want to prove my age, SSN, I thought DIDs were a means to an end... Scalability - at what scale are we talking about... @[email protected]: Interop from perspective of web developers - help browsers understand what APIs they should be understanding so developers can focus on clear stories so developers can focus on stuff that's not passwords or authn. delegation was lead by an assistant secretary general of NATO ... interoperations were walking over from one tent to another ... he explained passport, infocards, what has morphed into azure infrastructure ...

Authentication block points to public key - who has control of the DID? we need people that have experience with these systems. but at some point we need something like a DID DOcument... , I could provide DID and DID Auth, prove that's who I am... centralized authorities are not always excited about decentralized solutions. @[email protected]: Adoption - will end users understand value proposition of DIDs, what they get? Manu knows I worked on healthcare and life sciences systems and asked me talk about that in this space ... at Microsoft I worked five years for the Health solutions group ... those of us interested in healthcare invited us ... and field hospitals are meant to be the health services ... Secy General went on to talk about two Dutch marines and two American operating in squads ...

Hi, my name is Wendy Seltzer, W3C - glad to welcome you here. Thank you to Tony Nadalin and Microsoft for hosting us. We're looking forward to the next two days of discussion, brainstorming, and socializing around Strong Auth and Identity. covers location of emergency exists, bathrooms, and parking. Very briefly, introducing the day and goals of the workshop at a high level - logistics, getting conversation going, etc. We are thrilled to have everyone here - just a quick intro to W3C - our goal is to lead Web to its full potential...

to connect to the wifi - MSFT Guest and use the code on the board. We put workshops like this on to bring people together, lots of work is happening here and outside of W3C - if we can be a forum for conversation, great, if it happens elsewhere, great. We are not the exclusive endpoint of work, but one possible place to bring that work. we will also have dots for voting, mark areas of particular interest/concern. We will have breakout sessions where we are gathering in smaller groups...

Our goal is that specs should be implementatable RF wrt. We want to make sure this environment enables everyone to feel safe, respected and heard. We are working in difficult areas, standards work well for technical problem, good enough technical problem, and find a common resolution. This all depends on you and the broader community to make sure these things work effectively. We want to hear from everyone - you have cards, on those cards, you can write down questions/comments/concerns - we will use those to fill into Q/A and discussion that follows... feel free to toss out ideas, but don't worry that if you're not in a group that you're going to miss the opportunity to provide critical input. Also another part of getting together is social - Tony has found us space in a nearby on campus restaurant.

We operate under Royalty-Free patent policy - this workshop is not Recommendation track, contributions here ar enot yet contributions that are goverened by patent policy. We are a member consortium, we depend on members to participate - hope to keep that infrastructural work going - 475 members from all sorts of places. We operate workshops under a code of ethics and professional conduct - if anyone has an issue, find wseltzer or someone else in W3C Team. ~ minimum - interested and expecting to come tonight? let us know if you want something to be off the record.

In looking at the current spec, it still looks like JSON-LD is the language, it looks like you're going to wrap regular JSOn or other types of JWTs/CWTs - get a little concerned... as a Chair, we have been asking for feedback from others for the entire lifetime of WG... have to go through payer who was paying for this ... so I hope folks in this room can fix this problem not change the data ... with IDs you want to infer they are equal and do in a probabilistic fashion ... how you associate data, not change data brought in different people, US Customs, trade people, customs brokers, importers ... it comes back to relationship with community; efficiecny; ability to measure nodes ... Talk about the trends that will affect the measurements ... if you don't know nature of system you cannot deal with it as well ...

Tags: , ,