Last Update 1:17 AM December 04, 2021 (UTC)

Organizations | Identosphere Blogcatcher

Brought to you by Identity Woman and Infominer.
Support this collaboration on Patreon!!

Friday, 03. December 2021

Oasis Open

Specification for Transfer of OpenC2 Messages via HTTPS v1.1 from OpenC2 TC approved as a Committee Specification

Using HTTP over TLS as a transfer mechanism for OpenC2 Messages. The post Specification for Transfer of OpenC2 Messages via HTTPS v1.1 from OpenC2 TC approved as a Committee Specification appeared first on OASIS Open.

HTTPS transfer specification is ready for testing and implementation

OASIS is pleased to announce that Specification for Transfer of OpenC2 Messages via HTTPS Version 1.1 from the OASIS Open Command and Control (OpenC2) TC [1] has been approved as an OASIS Committee Specification.

Open Command and Control (OpenC2) is a concise and extensible language to enable the command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. HTTP over TLS is a widely deployed transfer protocol that provides an authenticated, ordered, lossless delivery of uniquely-identified messages. This document specifies the use of HTTP over TLS as a transfer mechanism for OpenC2 Messages. A Testing conformance target is provided to support interoperability testing without security mechanisms.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Specification for Transfer of OpenC2 Messages via HTTPS Version 1.1
Committee Specification 01
30 November 2021

Editable source (Authoritative):
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/cs01/open-impl-https-v1.1-cs01.md
HTML:
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/cs01/open-impl-https-v1.1-cs01.html
PDF:
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/cs01/open-impl-https-v1.1-cs01.pdf

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/cs01/open-impl-https-v1.1-cs01.zip

Members of the OpenC2 TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] OASIS Open Command and Control (OpenC2) TC
https://www.oasis-open.org/committees/openc2/

[2] Public review and comment resolution timeline:
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/csd01/open-impl-https-v1.1-csd01-public-review-metadata.html
– Most recent comment resolution log:
https://docs.oasis-open.org/openc2/open-impl-https/v1.1/csd01/open-impl-https-v1.1-csd01-comment-resolution-log.txt

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3672

The post Specification for Transfer of OpenC2 Messages via HTTPS v1.1 from OpenC2 TC approved as a Committee Specification appeared first on OASIS Open.


DIF Blog

Communication Milestone Achievements!

As 2021 draws to a close, DIF would like to celebrate reaching over 5,000 Twitter Followers and 5,000 Newsletter Subscribers! 💪

As we speed towards the end of 2021, we have hit a couple of important communication milestones that we’d like to celebrate!

This week, we hit 5k followers on Twitter, driven in no small part by attention garnered by our ToIP & DIF Joint Statement of Support for the Decentralized Identifiers (DIDs) v1.0 specification becoming a W3C Standard. Currently, we stand at 5,011 followers and growing, and we are proud that our comms channels, namely our DIF blog, Twitter and YouTube channel, are a great way to keep on top of important announcements from DIF and our members. We have some exciting stuff cooked up for 2022, so watch this space! 🎉

For those who want a more in-depth look at the Decentralized Identity Community, we can heartily recommend our monthly DIF Newsletter, packed full of news and updates from the various groups at DIF about their progress and learnings, as well as news from our entire membership. Our audience also agrees, and this week we passed 5k subscribers, to a total of 5,065 by the time of going to press. Sign up driectly from our homepage here to get a monthly digest from the entire community, including exclusive job opportunities and invitations to industry events. If you have any tips that you’d like to include in the next newsletter, you can submit using the online form here.

Photo by Erwan HesryUnsplash

As always, while these channels are an excellent way to keep abreast of developments in the community, nothing can quite compare to becoming a DIF member and getting involved with our dedicated groups, working on technical challenges and meaningful specifications to harness the exciting potential of these technologies. Everyone is welcome to join DIF, where we have a variety of tiered membership levels, so check out which one is right for you and your organization. We look forward to welcoming you on a call in 2022!

Thursday, 02. December 2021

Digital Scotland

Shops.scot – Like Ebay Stores, but Scottish

Shops.scot is a new venture under development, that will launch in the new year. The post Shops.scot – Like Ebay Stores, but Scottish appeared first on DigitalScot.net.

Shops.scot is a new venture under development, that will launch in the new year.

As the title suggests, this will operate a ‘Multivendor Marketplace’ – A site where multiple sellers can each create their own e-store, and visitors can browse and buy from any of them.

This will accelerate our Digital Nation Action Plan, specifically the digital enablement and support of micro and small businesses. It’s still the case that many don’t even have a web site.

So this will provide them an ultra simple way of achieving that, with the key distinction from other options like EBay or Amazon obviously being that it’s entirely Scotland focused. This means a much more local, hands on technical support, and a concentrated market focus.

Key features will include:

A powerful set of digital marketing tools – As well as loading up your products, you’ll be able to send e-vouchers, email marketing etc. Cryptocurrency – Accept Bitcoin payments et al. This is another key technology field where SMEs know they should be doing more but it is simply beyond them.

In short it will leverage the SaaS (Software as a Service) model to make easily accessible the powerful e-commerce and digital marketing technologies that most small businesses would greatly benefit from but don’t have the resource or expertise to deploy themselves.

There is also great potential to team up with other Scottish innovators, such as Miconex. They offer a gift card system that could tie in with #1, with a particular focus on local towns, such as Perth.

Shops.scot will be able to provide the core e-commerce tools for selling their products, and organized into similarly local sections, like Shops.scot/Perth. This will provide a powerful combined solution to achieve key Scottish Government goals like boosting local commerce for local merchants.

The post Shops.scot – Like Ebay Stores, but Scottish appeared first on DigitalScot.net.


ResofWorld

Brazilians are desperately fighting against Bolsonaro’s digital tactics

Political institutions, including the opposition parties, are reaching for any weapons they can find against the president’s use of social media and messaging apps.
The story of how Brazil’s president, Jair Bolsonaro, weaponized the internet starts before he took office. Candidates in Brazil are allotted broadcasting airtime proportionally to the number of seats in...

Grab and GoTo IPOs have one little problem: angry gig workers

With Singapore and Indonesia's superapps finally in reach of U.S. listings, union trouble brews at home.
Late Monday morning in Jakarta, a group of five drivers was sitting on a piece of orange tarp laid out before a closed shop, taking a moment for coffee while...

SelfKey Foundation

SelfKey Telegram AMA – POI, LOCK, Living Avatar NFT, Metaverse

Here is a summary of all the questions and answers that were received for the Telegram AMA. Covering POI Platform, LOCK Token, Living Avatar NFT, Metaverse The post SelfKey Telegram AMA – POI, LOCK, Living Avatar NFT, Metaverse appeared first on SelfKey.

Here is a summary of all the questions and answers that were received for the Telegram AMA. Covering POI Platform, LOCK Token, Living Avatar NFT, Metaverse

The post SelfKey Telegram AMA – POI, LOCK, Living Avatar NFT, Metaverse appeared first on SelfKey.

Wednesday, 01. December 2021

Oasis Open

Invitation to comment on XACML v3.0 Dynamic Attribute Authority v1.0

A primary use case for the Dynamic Attribute Authority is role enablement, where the dynamic attribute in question is the subject role. The post Invitation to comment on XACML v3.0 Dynamic Attribute Authority v1.0 appeared first on OASIS Open.

First public review - ends Dec. 31st

OASIS and the OASIS eXtensible Access Control Markup Language (XACML) TC are pleased to announce that XACML v3.0 Dynamic Attribute Authority Version 1.0 is now available for public review and comment. This is the first public review of this draft specification.

This specification defines a new XACML system component, the Dynamic Attribute Authority, which augments the request context of an XACML authorization request with additional attributes and attribute values that are generated on demand according to a set of rules. The rules are expressed as XACML policies, use obligations to specify the additional attributes and values, and are processed in the normal manner of a Policy Decision Point. This means that a Dynamic Attribute Authority can be readily constructed from existing XACML system components.

A primary use case for the Dynamic Attribute Authority is role enablement, where the dynamic attribute in question is the subject role.

The documents and related files are available here:

XACML v3.0 Dynamic Attribute Authority Version 1.0
Committee Specification Draft 01
11 November 2021

Editable source (Authoritative):
https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/csd01/xacml-3.0-dyn-attr-v1.0-csd01.docx

HTML:
https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/csd01/xacml-3.0-dyn-attr-v1.0-csd01.html

PDF:
https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/csd01/xacml-3.0-dyn-attr-v1.0-csd01.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/csd01/xacml-3.0-dyn-attr-v1.0-csd01.zip

A public review metadata record documenting this public review is available at:
https://docs.oasis-open.org/xacml/xacml-3.0-dyn-attr/v1.0/csd01/xacml-3.0-dyn-attr-v1.0-csd01-public-review-metadata.html

How to Provide Feedback

OASIS and the XACML TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public review starts 02 December 2021 at 00:00 UTC and ends 31 December 2021 at 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=xacml).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/xacml-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the XACML TC can be found at the TC’s public home page:

https://www.oasis-open.org/committees/xacml/

Additional references

[1] https://www.oasis-open.org/policies-guidelines/ipr/

[2] https://www.oasis-open.org/committees/xacml/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr/#RF-on-Limited-Mode
RF on Limited Terms Mode

The post Invitation to comment on XACML v3.0 Dynamic Attribute Authority v1.0 appeared first on OASIS Open.


Specification for Transfer of OpenC2 Messages via MQTT v1.0 from OpenC2 TC approved as a Committee Specification

This specification describes the use of MQTT Version 5.0 as a transfer mechanism for OpenC2 messages. The post Specification for Transfer of OpenC2 Messages via MQTT v1.0 from OpenC2 TC approved as a Committee Specification appeared first on OASIS Open.

"Transfer via MQTT" is ready for testing and implementation

OASIS is pleased to announce that Specification for Transfer of OpenC2 Messages via MQTT Version 1.0 from the OASIS Open Command and Control (OpenC2) TC [1] has been approved as an OASIS Committee Specification.

Open Command and Control (OpenC2) is a concise and extensible language to enable the command and control of cyber defense components, subsystems and/or systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation. Message Queuing Telemetry Transport (MQTT) is a widely-used publish / subscribe (pub/sub) transfer protocol. This specification describes the use of MQTT Version 5.0 as a transfer mechanism for OpenC2 messages.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Specification for Transfer of OpenC2 Messages via MQTT Version 1.0
Committee Specification 01
19 November 2021

Editable source:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/cs01/transf-mqtt-v1.0-cs01.md (Authoritative)
HTML:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/cs01/transf-mqtt-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/cs01/transf-mqtt-v1.0-cs01.pdf

Details of non-material changes since the previous public review are redlined in:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/cs01/transf-mqtt-v1.0-cs01-DIFF.pdf

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/cs01/transf-mqtt-v1.0-cs01.zip

Members of the OpenC2 TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] OASIS Open Command and Control (OpenC2) TC
https://www.oasis-open.org/committees/openc2/

[2] Public review and comment resolution timeline:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/csd04/transf-mqtt-v1.0-csd04-public-review-metadata.html
– Most recent comment resolution log:
https://docs.oasis-open.org/openc2/transf-mqtt/v1.0/csd04/transf-mqtt-v1.0-csd04-comment-resolution-log.pdf

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3668

The post Specification for Transfer of OpenC2 Messages via MQTT v1.0 from OpenC2 TC approved as a Committee Specification appeared first on OASIS Open.


SelfKey Foundation

Living Avatar NFTs – The Identity Layer for the Metaverse

Living Avatar NFTs can form the identity layer that will be needed to make user interactions on the Metaverse credible. SelfKey’s contributions in this regard can hence prove pivotal in shaping the Metaverse future. The post Living Avatar NFTs – The Identity Layer for the Metaverse appeared first on SelfKey.

Living Avatar NFTs can form the identity layer that will be needed to make user interactions on the Metaverse credible. SelfKey’s contributions in this regard can hence prove pivotal in shaping the Metaverse future.

The post Living Avatar NFTs – The Identity Layer for the Metaverse appeared first on SelfKey.


ResofWorld

One man’s quest to put Mexico City’s iconic street food vendors onto Google Maps

What started as a crowdsourced project has become Google’s first attempt to bring the informal food economy onto the platform.
From behind a plexiglass window, Teresa Dorantes Hernández slices open a crusty Mexican bread roll called a bolillo, carefully lays down meat and stringy Oaxaca cheese on a sizzling flat...

The real reason China is pushing “digital sovereignty” in Africa

As the Chinese “tech stack” leads from undersea cables to smartphones and fintech apps, concerns grow for the digital future of ordinary Africans.
This June, Senegal’s president, Macky Sall, proudly commissioned the construction of the Diamniadio National Datacenter, about 30 kilometers outside the capital city, Dakar. Sall said the West African country would...

SelfKey Foundation

Living Avatar NFT: Preparation For a Metaverse Future! 🔮

SelfKey Weekly Newsletter Date – 26 November, 2021 Living Avatar NFTs and how it could be potentially influential in a Metaverse future. The post Living Avatar NFT: Preparation For a Metaverse Future! 🔮 appeared first on SelfKey.

SelfKey Weekly Newsletter

Date – 26 November, 2021

Living Avatar NFTs and how it could be potentially influential in a Metaverse future.

The post Living Avatar NFT: Preparation For a Metaverse Future! 🔮 appeared first on SelfKey.


Lissi

Lissi Anwendungsfälle: Bildung

Bild: Anwendungsfälle im Bildungsbereich mit dem Lissi Wallet In diesem Artikel möchten wir einen Überblick über die Anwendungsfälle im Bildungsbereich geben, an welchen wir im Rahmen von IDunion derzeit arbeiten. Der Artikel ist auch in Englisch verfügbar. Wir verbringen viel Zeit in der Schule oder in Universitäten, um einen guten Bildungsabschluss zu erlangen. Mit erfolgreichem Abschluss a
Bild: Anwendungsfälle im Bildungsbereich mit dem Lissi Wallet

In diesem Artikel möchten wir einen Überblick über die Anwendungsfälle im Bildungsbereich geben, an welchen wir im Rahmen von IDunion derzeit arbeiten. Der Artikel ist auch in Englisch verfügbar.

Wir verbringen viel Zeit in der Schule oder in Universitäten, um einen guten Bildungsabschluss zu erlangen. Mit erfolgreichem Abschluss an einer (Hoch)Schule wird ein Zertifikat als Nachweis der erbrachten Leistungen ausgestellt. Diese werden aktuell in Papierform ausgestellt und sind somit nicht medienbruchfrei bei Dritten vorzuweisen. Mit Lissi erhältst Du deine Bildungszertifikate direkt in Dein Wallet und kannst es nach Bedarf dritten Parteien, wie z.B. einem potenziellen Arbeitgeber oder einer Universität präsentieren. Wir gehen aber noch einen Schritt weiter und möchten zusammen mit unseren Partnern aus dem Bildungssektor alle Prozesse, welche vertrauensvolle Interaktionen voraussetzen, digitalisieren. Vorerst zählen dazu die folgenden drei Anwendungsgebiete:

Bild: Bildungsnachweise im Lissi Wallet Bildungsnachweise:

Es gibt eine Vielzahl an Nachweisen für erbrachte Leistungen im Bildungsbereich: Von Abschlusszeugnissen der Schule und Universität bis hin zu Schulungsbestätigungen vom Arbeitgeber oder einer Online-Plattform. Aktuell erhalten wir diese Zertifikate in Papierform oder als PDF, welche nur schwer durch Dritte überprüft werden können. Parteien, die die Zertifikate überprüfen möchten, haben oftmals keine Möglichkeit eine Fälschung von einem Original zu unterscheiden. Dies ist für alle beteiligten ein Problem. Wir arbeiten aktiv mit Anbietern von Bildungszertifikaten daran, diese Nachweise zu digitalisieren, sodass Du diese bequem in Deinem Lissi Wallet speichern kannst und Dritte diese einfach überprüfen können. Unser Ziel ist es, den kompletten Prozess für einen Studenten abzudecken und das fängt bereits im Gymnasium an. Mit dem Lissi Wallet kannst Du alle Zeugnisse vom Schulabschluss bis zum Master und alles dazwischen lebenslang und selbstbestimmt aufbewahren.

Ein Beitrag dazu hat unser IDunion Partner, die BWI GmbH veröffentlicht.

Bild: Bewerbungen bei Bildungseinrichtungen mit dem Lissi Wallet Bewerbung für Bildungseinrichtungen:

Bei einer Bewerbung an einer öffentlichen Einrichtung als Student:in sind oftmals einige Nachweise notwendig. Häufig zählen dazu der Personalausweis, bisherige Bildungszertifikate oder sonstige Dokumente abhängig vom Studiengang und den persönlichen Umständen. Da diese Dokumente im Großteil noch in Papierform vorgelegt werden müssen, ist dies viel Aufwand für Bewerber:innen sowie die Bildungseinrichtung. Mit Lissi möchten wir die digitale Übersendung der Dokumente ermöglichen, welche besonders wertvoll bzw. schutzbedürftig sind. Damit fällt für Bewerber:innen der Mehraufwand weg, z.B. Kopien beglaubigen zu lassen. Bildungseinrichtungen können die Bewerbungen dann schneller und effizienter bearbeiten, was für alle Beteiligten von Vorteil ist.

Campusmanagement:

Zusammen mit der Technischen Universität Berlin untersuchen wir, wie die Campus Management Infrastruktur mit SSI-Agenten erweitert werden kann. Diverse Leistungen, beispielsweise der Zugang zu den Campus Diensten werden zukünftig mit verifizierbaren Nachweisen angeboten. Lernende sowie Lehrende haben somit über das Wallet Zugang zu den verschiedenen Dienstleistungen der Hochschule. Hierzu zählen z.B. Anmeldungen für Kurse oder Veranstaltungen, der Erhalt von Bescheinigungen, der Zugang zu Räumlichkeiten oder die Beantragung von sonstigen Leistungen. Somit hat die Bildungseinrichtung einen direkten Kontakt zu jedem Lernenden und kann bequem Informationen anfragen und Leistungen zur Verfügung stellen.

Patrick Herbke der Technischen Universität Berlin über das Lissi Wallet

Organisationen, welche Interesse der Zusammenarbeit an den genannten Anwendungsfällen haben oder neue Anwendungsfälle aus dem Bereich einbringen möchten, können uns gern via info@lissi.id kontaktieren.

Dein Lissi Team


Lissi use cases: Education

Picture: Use cases with the Lissi Wallet within the education sector. In this article we would like to provide you with an overview of the use cases within the educational sector we are currently working on within IDunion. The article is also available in German. We spend a lot of time in school or universities to get a decent education. Upon successful graduation from a school or university,
Picture: Use cases with the Lissi Wallet within the education sector.

In this article we would like to provide you with an overview of the use cases within the educational sector we are currently working on within IDunion. The article is also available in German.

We spend a lot of time in school or universities to get a decent education. Upon successful graduation from a school or university, a certificate is issued as proof of the achievements. However, these are currently still only issued in paper form and therefore cannot be easily presented to third parties. With Lissi, you receive your educational certificates directly in your wallet and can present them to third parties, such as a potential employer or university, as required. However, we are going one step further and, together with our partners from the education sector, would like to digitise all processes that require trusted interactions. For the time being, this includes the following three application areas:

Picture: Educational certificates with the Lissi Wallet Educational Credentials

There are a variety of proofs of educational achievements: from school and university certificates to training confirmations from employers or an online platform. Currently, we receive these certificates in paper form or as PDFs, which are difficult to verify by third parties. Parties who want to verify the certificates often have no way to distinguish a fake from an original. This is a problem for all parties involved. We are actively working with education certificate providers to digitise these credentials so that you can conveniently store them in your Lissi Wallet and present them to third parties. Our goal is to cover the complete journey for a student and that starts in high school. With the Lissi Wallet, you can store all your certificates from graduation to master’s degree and everything in between for life long usage.

Our IDunion partner, the BWI GmbH, has published an article on this topic.

Picture: Applications to educational institutions with the Lissi Wallet Applying to educational institutions:

When applying to a public institution as a student different documents are required. Oftentimes these include the identity card, previous educational certificates or other documents depending on the course of study and personal circumstances. Since most of these documents still have to be submitted in paper form, this is a lot of work for both the applicant and the educational institution. With Lissi, we make it possible to send documents that are particularly valuable or in need of protection in digital form. This eliminates additional work for applicants, e.g. the need to have certified copies. Educational institutions can then process applications faster and more efficiently, which is an advantage for everyone involved.

Campus management:

Together with the Technical University of Berlin, we are investigating how the campus management infrastructure can be expanded with SSI agents. Various services, such as access to campus services, will be offered with verifiable credentials in the future. Learners as well as teachers will thus have access to the various services of the university via the Lissi Wallet. These include, for example, registering for courses or events, obtaining certificates, accessing premises or applying for other services. Thus, the educational institution has direct contact with each learner and can conveniently request information and provide services.

Patrick Herbke of the Technical University of Berlin about the Lissi Wallet

Organizations which are interested in collaborating on the above use cases or would like to contribute new use cases from the field are welcome to contact us via info@lissi.id.

Your Lissi Team


ResofWorld

The myth of falling smartphone prices in India

A drastic increase in smartphone prices over the years has created an unexpected benefactor: tech-enabled resale houses.
Investors betting big on the Indian technology story often cite three fundamental reasons for their bullishness: a large young population, cheap mobile data, and falling smartphone prices. But have smartphones...

Tuesday, 30. November 2021

ResofWorld

Campaña remota: golpe maestro del candidato presidencial de Chile en EE.UU.

Cómo la campaña digital y remota de Franco Parisi fue su mayor activo.
La primera vuelta de las recientes elecciones presidenciales en Chile estuvo llena de sorpresas. El duopolio político que había dominado el país durante décadas se derrumbó. En su lugar quedaron...

Why Chile’s presidential election could be decided in… Alabama

Franco Parisi’s all-digital presidential campaign upended what it means to run for office in Chile.
The first round of Chile’s recent presidential election was full of surprises. The political duopoly that had dominated the country for decades collapsed, with two candidates of opposite political extremes...

Oasis Open

Invitation to comment on OSLC PROMCODE V1.0 before call for consent as OASIS Standard – ends January 29th

Designed to address the need for systematic sharing of project management information within and between organizations.  The post Invitation to comment on OSLC PROMCODE V1.0 before call for consent as OASIS Standard – ends January 29th appeared first on OASIS Open.

The specification, providing a common interface for exchanging project management data, enters the 60-day public review that precedes the call for consent as an OASIS Standard.

General information about this public review can be found in https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-v1.0-cs02-public-review-metadata.html.

OASIS and the OSLC PROMCODE TC [1] are pleased to announce that OSLC PROMCODE V1.0 CS02 is now available for public review and comment. 

Managing software delivery can be highly challenging due to the diversity of the development processes, methods, tools and platforms used by different organizations participating in a project. Manual work done in order to exchange proprietary management data is inefficient, error-prone and inflexible.

PROMCODE was designed to address the need for systematic sharing of project management information within and between organizations. 

The TC received 3 Statements of Use from IBM, Fujitsu, and NEC [3].

The specification and related files are available here:

OSLC PROMCODE Version 1.0
Committee Specification 02
10 November 2021

– Part 1: Specification

HTML (Authoritative):

https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-spec.html

PDF:

https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-spec.pdf

– Part 2: Vocabulary

HTML (Authoritative):

https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-vocab.html

PDF: 

https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-vocab.pdf

– Part 3: Constraints

HTML (Authoritative):

https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-shapes.html

PDF: 

https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-shapes.pdf

– Machine-readable vocabulary terms: 

https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-vocab.ttl

– Machine-readable constraints: 

https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-shapes.ttl

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:

https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-v1.0-cs02.zip

Public Review Period

The 60-day public review starts 01 December 2021 at 00:00 UTC and ends 29 January 2022 at 23:59 UTC.

This is an open invitation to comment. OASIS solicits feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility as explained in the instructions located via the button labeled “Send A Comment” at the top of the TC public home page, or directly at:

https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=oslc-promcode

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:

http://lists.oasis-open.org/archives/oslc-promcode-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review of “OSLC PROMCODE V1.0,” we call your attention to the OASIS IPR Policy [4] applicable especially [5] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification. 

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information

[1] OSLC PROMCODE TC

https://www.oasis-open.org/committees/oslc-promcode/

[2] Approval ballot: 

https://www.oasis-open.org/committees/ballot.php?id=3670

[3] Statements of Use: 

– IBM:

https://lists.oasis-open.org/archives/oslc-promcode-comment/202111/msg00004.html

– Fujitsu:

https://lists.oasis-open.org/archives/oslc-promcode-comment/202111/msg00003.html

– NEC:

https://lists.oasis-open.org/archives/oslc-promcode-comment/202111/msg00001.html

[4] http://www.oasis-open.org/policies-guidelines/ipr

[5] http://www.oasis-open.org/committees/oslc-promcode/ipr.php

Intellectual Property Rights (IPR) Policy

RF on Limited Terms Mode

The post Invitation to comment on OSLC PROMCODE V1.0 before call for consent as OASIS Standard – ends January 29th appeared first on OASIS Open.


We Are Open co-op

Good things happen slowly, bad things happen fast

Reflecting on a decade of the Open Badges ecosystem Today, a pre-recorded keynote panel conversation goes live to kick off the 2021 International Council of Badges & Credentials Symposium. My interlocuters were Kerri Lemoie and Phillip Long and we could have talked for hours! Image CC BY-ND Bryan Mathers As I was preparing for this panel discussion, I made notes which turned into th
Reflecting on a decade of the Open Badges ecosystem

Today, a pre-recorded keynote panel conversation goes live to kick off the 2021 International Council of Badges & Credentials Symposium. My interlocuters were Kerri Lemoie and Phillip Long and we could have talked for hours!

Image CC BY-ND Bryan Mathers

As I was preparing for this panel discussion, I made notes which turned into this post. Like any history written by someone who was part of the events, it is partial and personal. I will have missed out things both obvious and important.

You may also want to read this post published last week on the evolving badges and credentials ecosystem.

The development of standard can take a while to bear fruit

I can remember being excited about Bluetooth when I found out about it in 1998, but it wasn’t until 10 years later that people were using it everyday for useful things like exchanging files or connecting devices.

So I realised that it would probably take a decade for Open Badges to become mainstream. It’s nice when predictions turn out to be correct! We’re now in the situation where badges are popping up everywhere, with hundreds of millions of them issued in the last couple of years alone.

CC BY-SA Jeremy Kemp

I admit to being skeptical about the Gartner hype cycle (see diagram above) when I first discovered it. However, it’s actually described the development of Open Badges pretty well over the last 10 years!

“Communications tools don’t get socially interesting until they get technologically boring,” (Clay Shirky)

What follows isn’t just a nice story, it’s instructive in terms of how technologies develop, and indeed how important people are to the process. Technological development is not inevitable, nor is technology neutral. People make and shape it, making decisions along the way that can have far-reaching implications.

Technology Trigger (2011–13)

It’s worth remembering that badges are nothing new. Anyone who can remember pre-social media online interactions will remember badges in web forums. And, of course, badges in games have been around forever.

Some organisations were experimenting with digital badges before 2011, but these were siloed and easy to right-click and copy. The ‘technology trigger’, the innovation with Open Badges, was to invent and make available an open metadata standard.

This standard not only described the required and optional fields of information for the metadata, but also provided a way in which badges could be verified.

CC BY-ND Bryan Mathers

The initial work in this area was funded by the MacArthur Foundation, which funded a lot of the Mozilla Foundation’s work around online learning in the early days. The original white paper explored four different learner scenarios and was widely interpreted, especially given the zeitgeist, to be supportive of thinking about a landscape in which we wouldn’t need universities anymore.

This proved to be a distraction, as innovation is rarely either/or but rather and/and. There was pushback in some quarters of formal education, especially in Higher Ed where there was much talk of extrinsic and intrinsic motivation and that nebulous term: “quality”.

The v1.0 release of the Open Badges came in March 2013, with a lot of fanfare and was followed by the Chicago Summer of Learning that year where thousands of badges were issued to young people in the city of Chicago.

Personally, I attended around 50 events that year as part of the Mozilla Open Badges team, popularising and explaining the possibilities. One of my first was the 2012 ePIC conference which has been a galvanising force since that time in thinking about badges for recognition rather than just credentialing.

Peak of inflated expectations (2014) BadgeKit

Open Badges were on a roll and, to capitalise on this, the Badge Alliance was formed. Many of the Mozilla Open Badges team transferred over to the new organisation and work started in earnest on BadgeKit, a way that any organisation could set up and issue badges.

2014 was a great building year for the badges ecosystem and the Badge Alliance (BA) network, and 2015 has been an exciting year so far. Rooms are overflowing for badging-related presentations at conferences around the world, more compelling use cases are popping up all the time, and the level of understanding and conversation about badges is far higher than two years ago. While the Badge Alliance has played a pivotal role in this progress, much of the work has come from the community itself.
The BA was created to grow the community and seat the ownership and accountability of the badging work in the ecosystem that was using badges. We’ve accomplished that — the BA has grown, with hundreds of organizations pledging to work together to issue and understand Open Badges. The first year of the BA’s investigation, community-building, and outreach provided us with a better understanding of the state of badges in the world, and connected a vibrant community around collaborating to use a shared technology. The momentum behind Open Badges has never been stronger.
(Open Badges blog)

At the time, I was a co-chair of the Digital / Web Literacies Working Group at the Badge Alliance, but otherwise wasn’t directly involved in the day-to-day operations, having remained at the Mozilla Foundation to work on the Web Literacy Map.

It was pretty clear, though, that the hype around Open Badges — including talk about the ‘end of universities’ was greater than the technical ability for the badges ecosystem to develop. The technology needed to mature, and so Nate Otto took over from Erin Knight as Executive Director to steer it in that direction.

It’s hard to underestimate the impact that Erin and the team she built had on the online learning landscape at the time. The team, never more than around 10 people, galvanised a community of thousands of technologists and educators into action.

Trough of disillusionment (2015–16) IMS Global Learning Consortium

I left Mozilla in April 2015 for the world of consultancy, working with City & Guilds and other organisations on Open Badges and projects around digital literacies. The narrative that was came out was that the Badge Alliance was only ever meant to be a temporary steward for the Open Badges standard before it found a new home at IMS Global Learning Consortium.

Whatever the true story, there were severe headwinds as the MacArthur Foundation moved on to fund other initiatives. Nate was working at the Badge Alliance on top of his role on Badgr, and this was the time when the world was unreasonably excited about blockchain. In fact, it got to the stage where, when presenting on badges, I’d have slides ready for the inevitable blockchain questions. I tried to explain that not every badge is high-stakes, and other problems blockchain can raise.

After a flurry of excitement about the possibilities of badges, people were a little bit at a loss as to what to do with them. We were in the trough of disillusionment. There were plenty of academic institutions experimenting with badges for staff CPD but the assumption was that blockchain would fix credentialing. Initiatives such as MIT’s Blockcerts, which were compatible with the Open Badges specification, got a limited amount of traction.

Slope of enlightenment (2017–19)

Thankfully, along with City & Guilds, organisations started using badges in new and interesting ways. A perfect example of this is IBM and, in particular David Leaser. Having run a pilot in 2015 and introduced the first IBM badges in 2016 for “resume-worthy activities,” by 2019 he was an advocate for Open Badges not only for credentialing but for recognition. In mid-2020, IBM issued its three millionth badge showing how quickly these things can scale.

IBM badges

Badges started popping up on LinkedIn, within email signatures, as well as being shared on resumes and CVs. These were often from professional associations such as the SSSC, who not only issued them for CPD activities, but for activities such as implementing the recommendations of an important resport within the care sector.

There was a growing recognition that badges were useful tools for marketing, for talent acquisition, and for team formation. Inevitably, organisations came together to standardise on frameworks within badges were issued, for example the European MOOC Consortium who established the Common Microcredential framework.

Building on this, and given the cost of university tuition and talk of a growing ‘skills gap,’ there emerged what has become known as the Credential As You Go (CAYG) movement. CAYG focuses on incremental credentialing in an attempt rather than the all-or-nothing approaches of bachelor’s degrees and the like.

Open Badges not only began to be known by many different names but were also starting to be used in quite different situations.

Image from Reflecting on the Evolving Badges and Credentials Ecosystem Plateau of productivity (2020+)

The Covid-19 pandemic merely accelerated a process which was already underway. As we all worked and/or learned from home, there was a need for solutions which allow us to represent ourselves at a distance.

Whereas previously people would get in touch to discuss piloting badge programmes, the talk is now very much about adding them into to augment existing systems. For example, Multiverse is an organisation “building an outstanding alternative to university and corporate training via professional apprenticeships”. They are an IMS-certified badge issuing platform, but are no a general-purpose issuer. Rather, they use Open Badges to add superpowers to their programmes.

Multiverse

The next step, which is the move to Open Badges 3.0 and alignment with the W3C’s Verifiable Credentials standard, will be an interesting one. Decentralised identifiers will do away with the need to issue to email addresses, and issuers can specify for the first time what kind of thing they are issuing due to alignment with the Comprehensive Learner Record (CLR). For example, the CLR states whether something is an assignment, membership, a degree, or even a license.

Conclusion

The best way to predict the future, as the saying goes, is to invent it. So I’d like to thank all of the people who have, and are currently, working to make Open Badges into the force for change that it has become. I’ve already named some people by name, for example Kerri Lemoie and Nate Otto, but there are so many people who have been visible and active in the community over the decade, as well as those who have been quietly working away behind the scenes.

One of the reasons I got involved in Open Badges a decade ago was because I wanted a world where young people, including my own children, could choose whether to go to university. With development such as CAYG and providers such as Multiverse enabling professional apprenticeships, I feel that we’re getting there.

But more than that, I feel like Open Badges and the work around it is enabling a world where a much wider and more diverse set of skills are valued. And that’s got to be something worth celebrating! 🎉

Keep Badges Weird header

If you’d like to keep up-to-date with some of the latest developments around Open Badges, you may want to join the Keep Badges Weird community. You can also get in touch with WAO to discuss your plans here.

As part of the preparations for the ICoBC Symposium, I’ve also updated the list of badge issuing platforms on Badge Wiki, a knowledge base WAO co-created with the community. You’re very welcome to add and edit the wiki based on your own knowledge and experience!

Good things happen slowly, bad things happen fast was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.


CU Ledger

Liquid Avatar Technologies and Bonifii Make Verifiable Credentials Accessible for People and Financial Institutions in the Metaverse

DENVER, CO and TORONTO, November 30, 2021 / Liquid Avatar Technologies Inc. a global blockchain, digital identity, and fintech solutions company and Bonifii, the financial service industry's first transaction network for verifiable credentials, today announce that privacy-preserving financial transactions in the metaverse will soon be possible through the upcoming availability of the Bonifii crede

DENVER, CO and TORONTO, November 30, 2021 / Liquid Avatar Technologies Inc. a global blockchain, digital identity, and fintech solutions company and Bonifii, the financial service industry’s first transaction network for verifiable credentials, today announce that privacy-preserving financial transactions in the metaverse will soon be possible through the upcoming availability of the Bonifii credential in the Liquid Avatar Wallet. This collaboration means that the Bonifii credential can be used as a “know-your-customer” (KYC) credential for avatars in Aftermath Islands and other compatible metaverses.

The Bonifii credential is a decentralized digital identity enabling individuals to authenticate themselves in a way that maximizes privacy and security while providing an end-to-end onboarding experience. By working with Liquid Avatar Technologies and its wholly-owned subsidiary, Oasis Digital Studios (“Oasis”), Bonifii will make its verifiable credential available for players in the game Aftermath Islands and facilitate in-game financial transactions in the same, privacy-preserving way real-world customers use the Bonifii credential. This collaboration in the metaverse breaks new ground in the emerging digital experiences of Web 3.0.

Indicio, a global leader in decentralized identity software and trusted data ecosystems, will provide the integration. Both Bonifii and Liquid Avatar Technologies have worked closely with Indicio to develop a range of ground-breaking decentralized identity products and services, and both companies run nodes on the Indicio Network, a global blockchain-based network for identity.

“We’re extremely happy to have the Bonifii credential available for use in our digital wallet,” said David Lucatch, CEO-Liquid Avatar Technologies Inc. “I cannot overstate how much this will simplify financial services for consumers and institutions alike. Everything becomes easier for everyone-onboarding, verification, and fraud prevention. The ability to bring people who are currently underserved or excluded into services that can dramatically improve their lives – and to be able to do that in a robust, trustworthy way in both traditional online settings and the metaverse is an absolute game-changer. Everyone and their avatars are going to need verifiable digital identities to live in the metaverse and function in Web 3.0.“

“Decentralized, verifiable digital credentials make everyone’s life easier-but to us they are a breakthrough financial technology,” said John Ainsworth, CEO, and President of Bonifii. “With the Bonifii credential in the Liquid Avatar digital wallet, we are able to meet people where they are, and create a path for them to engage with and take advantage of services many of us take for granted. We also believe that we need to meet people where they are and will be digital – and that means being available in the metaverse and providing new financial services for new consumer and commercial experiences. This technology is the foundation of Web 3.0, it is essential for privacy and security in the next stage of digital life.“

“The metaverse and Web 3.0 are here, and we are building the infrastructure to manage how we’re going to live, work, and play in the intersection of the real and the digital,” said Heather Dahl, CEO of Indico. “Bonifii and Liquid Avatar get it, they’re on it and we’re excited to help them realize their vision.“

The Liquid Avatar Wallet mobile app is now available to everyone via Google Play and the App Store.

About Bonifii – https://bonifii.com

Denver-based Bonifii is the financial industry’s first verifiable exchange network designed to enable trusted digital transactions using open standards and best-of-breed security technologies. Bonifii empowers credit unions to change the way they interact with their members by enabling a seamless user experience in every financial transaction through a secure, private, trusted, and transparent resolution of the entities’ identity. To learn more about Bonifii, visit www.bonifii.com, email us at sales@memberpass.com, or follow the company on the Bonifii blog, LinkedIn, or Twitter.

About Indicio – https://indicio.tech/

Indicio provides development and hosting for Trusted Data Ecosystems. Enterprise, consumer, and mobile applications run on the Indicio Network and use its comprehensive ecosystem of software to issue, verify, and exchange verifiable digital credentials. The company develops, runs, and hosts multiple networks using the latest Hyperledger Indy network monitoring tools and resources. It led to the creation of Cardea, a complete architecture for verifiable and secure health records for Linux Foundation Public Health, and runs comprehensive instructor-led educational training workshops. These power a growing ecosystem that solves fundamental problems in online verification, identity, privacy, and zero-trust security.

About Liquid Avatar Technologies Inc. – www.liquidavatartechnologies.com

Liquid Avatar Technologies Inc. focuses on the verification, management, and monetization of Self Sovereign Identity, empowering users to control and benefit from the use of their online identity.

The Liquid Avatar Mobile App, available in the Apple App Store and Google Play is a verified Self Sovereign Identity platform that empowers users to create high-quality digital icons representing their online personas. These icons allow users to manage and control their digital identity and Verifiable Access and Identity Credentials, and to use Liquid Avatars to share public and permission-based private data when they want and with whom they want.

The Liquid Avatar Verifiable Credentials Ecosystem (LAVCE) has been developed to support all participants in a digital credential ecosystem, including the Holder, Issuer, and Verifier, using state-of-the-art blockchain and open standards technologies initially as a node on the Indicio Network. The Company is a voting and steering committee member of the Trust over IP Foundation, founding and steering committee member of Cardea, a Linux Foundation Public Health project, member of the Good Health Pass collaborative, DIACC, the Covid Credentials Initiative (“CCI”), The Linux Foundation and a founding member of the Lumedic Exchange.

The post Liquid Avatar Technologies and Bonifii Make Verifiable Credentials Accessible for People and Financial Institutions in the Metaverse appeared first on Bonifii.


OpenID

Cisco Joins the OpenID Foundation Board, Signaling the Importance of Shared Signals to a Future of Zero Trust

Cisco has joined the OpenID Foundation as a sustaining member, effective November 2021. As Gail Hodges, the Executive Director of the OpenID Foundation said, “Cisco has played a pivotal role in building networked systems that underpin the internet today. We are honored to have Cisco join the Board at this critical inflection point in identity […] The post Cisco Joins the OpenID Foundation Board,

Cisco has joined the OpenID Foundation as a sustaining member, effective November 2021. As Gail Hodges, the Executive Director of the OpenID Foundation said, “Cisco has played a pivotal role in building networked systems that underpin the internet today. We are honored to have Cisco join the Board at this critical inflection point in identity standards development. Nancy Cam-Winget and Cisco are long standing contributors to global standards, and we look forward to collaborating with them to meet this moment by both crafting the path and scaling an approach that will serve society.”

The OpenID Foundation is pleased to republish Nancy Cam-Winget’s blog post regarding changes in the security landscape, and the importance of OpenID Foundation standards, especially the new Shared Signals and Events standard, in helping Cisco and the wider internet community to meet this moment.

We encourage other members of the community to join the OpenID Foundation and the Shared Signals and Events working group to help realize the potential of this new standard.

Gail Hodges
OpenID Foundation Executive Director

 

An Open Security Ecosystem with Shared Signals is the Future of Zero Trust

Author: Nancy Cam-Winget
Publish Date: November 30, 2021

Zero Trust: as the name implies, is the strategy by which organizations trust nothing implicitly and verify everything continuously. This industry north star is driving different architectures, frameworks, and solutions to reduce an organization’s risk and improve their security posture.   Beyond the need to enforce strong authentication and authorization to establish trust of an endpoint, how can we verify continuously? Often, the zero-trust approach today uses strong authentication and tools that evaluate the security of the user and device at the point of access, but what happens when the security posture of the user and device change after its initial access request is granted?

With many vendors offering impressive security capabilities in cybersecurity, there is a wealth of information that can be shared. Unfortunately, this information is fragmented and lacks standardization and thus interoperability. Getting all these best-in-class vendors to talk to each other is an expensive and time-consuming task, leaving organizations with disparate signal silos and a serious lack of visibility and control across their environment.

This is the problem the OpenID Foundation’s Shared Signals and Events working group is poised to address. For the unfamiliar, the OpenID Foundation is a non-profit organization that promotes open, interoperable standards with OpenID at its core, most notably the standardization of a simple identity layer on top of Oauth 2.0: OpenID Connect. The Shared Signals and Events working group lives within the OpenID Foundation and is comprised of industry leaders and innovators working to promote more open communication between systems. Shared Signals and Events standards like CAEP and RISC have the goal of enabling federated systems with well-defined mechanisms for sharing security events, state changes and other signals. This communication in turn simplifies interoperability and allows organizations to get closer to the Zero Trust ideal of continuously evaluating and enforcing security.

In its first ratified standard, the Shared Signals and Events working group created an open standard through which multiple services can communicate by publishing or subscribing relevant event streams. The standard drastically simplifies communication between applications with security context.  For example, a cloud application might subscribe to events from an endpoint detection and response solution to quickly remove access from infected systems. Alternatively, an IAM solution might publish a change of user context used by a SIEM tool to start an investigation.  An example shown below demonstrates how a device or an application performs an HTTPS service request in step 1 can trigger an update to a change in state to a policy server in step 2.  Further, a policy service can determine whether that change in state needs to be broadcasted to other subscribers (step 3).  A subscriber to that event can process the information and determine if a remediation response (step 4) is needed.

By communicating across an open and interoperable standard, we can move to a world where risk is assessed and addressed in real time.
Risk assessment need not be done after static intervals of time but can move at the speed of contextual changes.

Therefore, we are excited to share that Cisco has joined the OpenID Foundation as a sustaining member, with the goal of contributing to the Shared Signals and Events ecosystem.

“Given Cisco’s pivotal role in building networked systems that underpin the internet today, we are honored to have Cisco join the Board at this critical inflection point in identity standards development,” said Gail Hodges, Executive Director of the OpenID Foundation. “Cisco is a long-standing contributor to global standards, and we look forward to collaborating to meet this moment by crafting the path and scaling an approach that will serve society.” 

As a first step in our contribution to the open Shared Signals and Events ecosystem, we’ve published an open-source technical reference setting up the initial communication foundations. We hope that providing this reference will make it easier for developers and vendors alike to adopt more seamless communication mechanisms, with the eventual goal of enabling more robust and dynamic implementations of Zero Trust. 

In the same way that we believed the WebAuthn standard would underly the passwordless authentication revolution, we believe Shared Signals and Events will enable a sea change in security – moving from opaque and siloed environments to those empowered by openly shared signals.

At Cisco, we see a path forward where we can simplify the administration and collection of risk signals around access while simultaneously removing security friction to make security easy for everyone. It’s a future with far fewer unnecessary, rote re-authentications or authorizations and far more precise reactions to increased risk.  While it won’t be tomorrow, we believe that the OpenID Foundation and groups like the Shared Signals Working Group are on the right track to enabling a more secure future. We are excited to share in the journey and contribute to this compelling new approach to security.

To learn more, please visit SharedSignals.guide The post Cisco Joins the OpenID Foundation Board, Signaling the Importance of Shared Signals to a Future of Zero Trust first appeared on OpenID.

ResofWorld

WazirX’s Nischal Shetty on India’s crypto panic: “Blockchain and crypto are commonly misunderstood”

Shetty, who sold WazirX to Binance in 2019, says the sector will generate almost 50,000 jobs in India by 2030
India’s cryptoverse is in a state of panic on recent news that the government is set to introduce laws to regulate the sector. Many speculate there will be a blanket...

China’s queer internet is being erased

LGBTQI groups found rare freedoms online, but this year, many were shut by censors. It feels like slowly being sanded down, said one member.
For Mei, logging into the WeChat account for his queer student society was habitual, like eating or sleeping. For six years, he helped run one of China’s most prominent groups....

Me2B Alliance

You can now make an online donation to the Me2B Alliance. We appeciate your support! Donate here >

You can now make an online donation to the Me2B Alliance. We appeciate your support! Donate here >

Monday, 29. November 2021

ResofWorld

With just 75 cents and a smartphone, you can now trade crypto in Indonesia

Crypto is booming on the archipelago. Its proponents aren’t who you’d think.
Ananda Badudu is 32 years old, dreamy-eyed and slightly built, someone who rose to fame as an activist and the creator of a gentle, melodic brand of folk-pop. His music...

DIF Blog

Internet Identity Workshop #33

Here we will overview a few of the topics covered at IIW33 in Oct 2021, and review of the strong and weak signals discernible in the collective discussion.
Virtual Event, 12-14 October 2021

What is the Internet Identity Workshop?

IIW is run as an “Open Space un-Conference”, designed to be a dynamic, participant-led 'marketplace of questions and topics', to foster conversation, networking and learning. Empowering everyone to speak, ask and present, this format takes partial inspiration from decentralized approaches to technology. Collectively, attendees set each day’s agendas, volunteering a mix of prepared presentations, open discussion, product demos and workshops. Hundreds of attendees, including a number of DIF members, put together a huge programme of content for the 33rd IIW, covering topics ranging from the technical minutiae of IAM and SSI to big-picture discussions about ethics and strategy, and participated in over 110 virtual sessions across the three days.

A book of proceedings, containing the notes from all of the sessions will be collated and published by IIW (back catalogue from previous IIWs here, and a wiki of notes from individual sessions here). Here we will overview a few of the topics discussed and sketch out some of the strong and weak signals discernible in the collective discussion. To that end, sessions are clustered thematically and not chronologically.

101 Sessions

A staple of IIW, 101 Sessions are conceived as entry-level primers, often given by the same IIW veterans year after year, on various aspects of the digital identity landscape. They are designed to give participants a solid base from which to engage fully with the rest of the programme. 101 Session topics this year included OAuth2 101, UMA 101, OpenID Connect 101, with DIF’s own Chris Kelly and Karyl Fowler (Transmute, DIF Steering Committee) presenting an SSI 101 session on Self-Sovereign & Decentralized Identity.

Governance & Ethics

Informing the whole framing of this technical revolution is a broader, more conceptual sea change. Ever-popular themes for discussion include the ethical underpinnings of decentralized identity, and the increasing awareness of potential pitfalls.

The contours and workflows of identity in the digital age are largely molded by government regulations around privacy, security, and their historic interest as one of the main issuers of identification documents. For this reason, analyses of policy tendencies and direction are in close dialogue with the design of products and infrastructure, which has long been a hallmark of this particular unconference.

Ethics & Equity

Identity veteran Adrian Gropper led an indefatigable series of sessions each focused on an interlocking important concern about how identity technologies change how we understand, exercise and protect fundamental human rights across a variety of systems with Human Rights Impact of Identity Protocols. Privacy, a pillar of the decentralized identity movement, got discussed in terms of the Kantara Report, at John Wunderlich’s Privacy Enhancing Mobile Credentials session.

User choice, data portability and consent also sparked lively discussions with Adrian Gropper and Alan Karp’s session on Policy Managers and John Phillips’ session on Designing for Consent. The ethics of making any of the above mandatory at DID Ethics & Mandatory Vaccine Passports with Timothy Holborn to corona section?

Governance of SSI systems

The oversight and governance of the decentralized identity community got plenty of attention, as Open-Source organizations like DIF and ToIP introduced themselves and spoke about the work they facilitate. This discussion continued on the topic of Interop(erability) and where the appropriate venue is to continue this valuable work (Kai Wagner, Andreas Freitag, Hakan Yildiz, Eugineu Rusu).

Decentralized Identity tech also offers exciting new possibilities itself for governance, democracy, humanitarian aid and education, as discussed by Drummond Reed, cheqd’s Alex Tweeddale & YOMA’s Nicky Hickman, imagining what the Future of Governance using these tools might look like.  YOMA’s work on an interim Governance Framework in Africa, which is ultimately built on ToIP’s Governance Metamodel Specification, was examined as one example.

The ongoing effort by the Blockchain Advocacy Coalition to get Verfiable Credentials (VCs) and trust frameworks recognized within Californian legislation was outlined by Kaliya Young and Ally Medina at Verifiable Credentials Policy Committee -  Come Help us Pass a Trust Framework in California, identifying challenges and a path forwards towards greater legal and institutional acceptance for VCs.

Covid, Health, Travel

Corona has been a driving force recently in the decentralized identity space, particularly with regard to health and vaccination records, as well as greatly affecting travel. How decentralized identity tech like smart contracts and DIDs can empower individuals and give them granular control over their health data was tackled in Elias Strehle’s session, entitled Controlling your medical data via DIDComm - discussion and feedback on our system architecture.

Building on this system architecture theme, and the challenge of how to deal with varying forms of data arriving from a variety of sources, was teased out at Semantic Interoperability with Layered Schemas and Semantic Pipelines with Burak Serdar, who invited us to test a live, interactive Layered schema playground that manipulates and edits the various layers as defined by metadata, and then rounding off by considering the implications of this for the storage of digital healthcare data.

Linux Foundation Public Health launched the Global COVID Certificate Network in June 2021 to enable interoperable and trustworthy verification of COVID certificates between jurisdictions, based on a global trust architecture. Lucy Yang and John Walker outlined the state of this initiative at Updates on the Global COVID Certificate Network, while they were also joined by Kaliyah Young for COVID Credentials: How to Meet the Market Where it is, to join community leaders of the COVID Credentials Initiative (CCI) reviewing the state of play and obstacles to adoption

VC-centric Technical sessions

Verifiable Credentials (VCs) were an inescapable topic at IIW33, both following up IIW32’s strong theme of roadmapping adoption of BBS+ signing systems for selective disclosure and more generally educating people about the 4 flavors of VCs and how they interact.

Vc tooling and education

Sometimes the best thing to do is lead by example, and Kyle Den Hartog presented his Working with JSON-LD - Best practices and improvements (DECK) along with proof of concept code (GitHub) to demonstrate how handling JSON-LD data can be done elegantly. As a strong theme at the last two IIWs was that LD-VCs have a steep learning curve and require a 90-degree turn in many approaches to credentialing and data exchange, this will surely be remembered as one of the most useful and educational sessions of the conference.

At An Extended LDP-BBS 2020 and ZKP-LD Playground, Dan Yamamoto & Kazue Sako dove even deeper into the operation of BBS+ protocols and zero-knowledge proofs. The tagteam recently forked Mattr’s BBS+ LD implementations and were presenting on strategies for handling the “multiple blank node” problem, a common stumbling block in signing over flattened graphs. Attendees were invited to a ZKP LD playground to test their approaches.

Updates from the OIDF/DIF collaboration:

Kristina Yasuda, Torsten Lodderstedt started us off by considering generally Open ID Connect for SSI, examining some potential benefits, and comparing the typical OIDC flow to a more SSI-led Self-Issued OpenID Connect Provider (SIOP) model. Kristina and Torsten returned, this time joined by Oliver Terbu and Tobias Looker, to give us an insight into the OIDF work towards a protocol suite for SSI at their session on VC Issuance using OpenID Connect, while considering the potential of the OpenID protocol and how it operates with existing frameworks luke FIDO 2 or Microsoft and Apple’s authentication methods.


Verifiable Credentials versus Mobile Driver’s Licenses (mDL)

Andrew Hughes (Ping Identity) did a series of sessions on Mobile Driving License AND Verifiable Credentials laying out the basics of mDocs (mobile driver's license) as currently released, including the OIDC/web transport specification, and how the data model and protocols could co-exist and whether they should. Discussion here was predominantly about ISO 18013-5, a new ISO standard designed to primarily specify a driving license data models, protocols, and security models, which has led to renewed interest in digital forms of electronic ID (eID) credentials issued by and closely regulated by state identity authorities.

VC adoption vectors

No new technology can get off the ground without some consideration about how and where it gets adopted and implemented. Trinsic’s Ben Crockett kicked off with an overview of the global playing field, in his Global Verifiable Credential Adoption session. Newly-minted DIF members cheqd presented Payment rails, customisable commercial models and decentralised governance for SSI, which gave Fraser Edwards & Alex Tweeddale a chance to examine roadblocks, in particular the lack of commercial models, in the adoption path for SSI models and payment systems. They rounded this off with cheqd’s vision of being the one to bridge this divide.

The Universal Registrar and Friends

Longtime DIF insider Markus Sabadello introduced the IIW community to DanubeTech's new commercial offering GoDiddy.com (based squarely on two of DIF's oldest work items, the Universal Resolver (and Universal Registrar), following the classic "hosted service, open-source self-hosting option" formula; DanubeTech also gave additional technical sessions about these work items. The Universal Resolver Work Item was recently folded back into the main DIF Identifiers & Discovery Working Group, where work continues. Markus was joined by Azeem Ahamed and Cihan Saglam to discuss DID Registration Architectures more generally, discussing considerations for working with CRUD methods while remaining architecture-neutral

Other Technical Sessions

Sam Curran led a session on-boarding interested community members to the protocol work being organized within and on top of DIDComm. The session was named Fantastic DIDComm Protocols, and How to Write Them because the focus was on DIDComm protocols as a community-driven toolkit where sub-protocols and extensions are contributed organically by users, and users discuss design issues and implementation issues with one another in a forthcoming User Group, which provides an “outer circle” to the DIDComm Working Group (which will continue on after the completion of the v2 specification to manage the iteration of the DIDComm and the related protocols in an IPR-protected venue).

The DIDComm reference implementations Session with Alex Scherbakov and Vyacheslav Gudkov gave newcomers to the space a crash-course on DIDComm v2 and DID:Peer, while extolling the virtues of reference implementations for emerging specifications. They also illustrated how basing these implementations on established libraries is important to ensure interoperability with a live DIDComm demo.

DIDComm was one primary use-case but not the only possible use case discussed by Oliver Terbu and Alen Horvat in a session called “LibP2P as transport layer,” which explored the possibilities of the DIDComm mediator networks and other lightweight infrastructure crucial to SSI systems being spun up in a peer-to-peer way. The libp2p library, which came out of the IPFS stack for decentralized storage and has found a lot of adoption in blockchain for other peer-to-peer applications and communication transports, could end up being crucial as more infrastructure moves out of centralized clouds and into more organic distributed systems.

Picos (persistent compute objects) are DIDComm-enabled agents supporting SSI. Picos, DIDComm, and Decentralized SSI Agencies from Phil Windley explores the potential of these microservices, aligned with many of the design goals of decentralized identity, and how they could function as nodes for a scalable Internet of Things (IoT) model.

DID AuthN WG without DIDs

Surprisingly, one of the best-attended sessions at this IIW wasn’t about the DID/VC stack at all, but rather about the Ethereum stack so central to the work of Consensys, Affinidi, Ceramic, and many other DIF members. As part of a grant from the Ethereum Foundation and in collaboration with the Ethereum Name Service (a registrar for linking ethereum addresses to a DNS-like record system), Spruce has been been driving a design process for Sign-In With Ethereum informed by community calls to harmonize how relying parties within the Ethereum community request an “off-chain signature” to log into services and create sessions. Both chairs of DIF’s DID Authentication WG (which has not been holding regular meetings while focusing on the Authentication aspects of the DIF/OIDF specification work) have been participating, as have DIF members Ceramic; work is ongoing and an alpha release will be available soon.

User Journeys & Product Thinking

Strategies For Bridging to Next-Generation Identity Systems (from the bottom up) from David Schmudde outlined some potential solutions to e-commerce challenges using VCs, OAuth and OpenID Connect (OIDC). Conversations and topics arising at each IIW often make a reappearance at a later session, and Phil Wolff’s UX: continuing the mid-2021 IIW UX conversation, revisited a UX design session held at IIW32 in April of this year. A unified tech framework ideally needs to be complimented by a common visual language, as well as a standardized way of describing the tools and processes involved.

Devices & users

Considering end-users’ experiences and which devices they use to access new technology is also incredibly important. To this end, IIW co-founder Doc Searls, along with Joyce Searls and Johannes Ernst hosted User Stories for the VRM Intention Byway. The Intention Byway presents an alternative vision for how buyers and sellers in a decentralized marketplace can reach one another with their offerings. Bridging Digital and Physical to Make Identifiers Identify by Liam McCarty discussed both the technical challenges between varying device types, while underscoring the need for consumer, community and business interest in decentralized tech to attain widespread adoption and trust. IoT and Smart Homes add to the growing number of entities online that will need an ‘identity’, and digital assistants as mediator for ‘communal computing was outlined by Chris Butler at Is the smart home a dictatorship, co-op, or homesteading?

Organizational Bread-breaking

At Time is Running Out - Get to Market: revenue, costs and who pays for what, Kimberly Linson argues that without a convincing business case, adoption of new tech may be slow or even stall, and the financial cost of implementation needs to be borne by someone. Phil Wolff hosted VC Metaphors - Containers and ? to discuss how we can agree on a common language around this emerging technology and how it can be easily presented to policy-makers, customers and businesses alike. In a similar vein, Kaliyah Young used two separate sessions dedicated to Explainers Needed to host an open discussion about where the knowledge or vocabulary gaps are around decentralized identity tech, and how and where we should fill them. The huge number of ideas to come out of these sessions will provide a wealth of informational content for the sector, important for making it cohesive and accessible.

Karim Stekelenburg, James Ebert and Timo Glastra used Taking the adoption of SSI to the next level to discuss how this conversation also needs to extend to developers, who may not necessarily already be involved in the digital identity space. Ample documentation, open-source communities and extendable functionality of frameworks were just some of the resources name-checked to make the sector welcoming beyond the enthusiasts and dedicated groups seen at spaces like IIW. Illustrated use-cases, specifically one based on Aries and written in JavaScript was highlighted for using familiar, stable and well-documented APIs to improve accessibility.

Other User-Centric Data Orgs

Lisa LeVasseur, at Identification Minimization and other Respectful Tech Principles, explored how decentralized identity solutions can offer increased security, privacy and anonymity. The discussion centered around minimizing user data collection, under the umbrella idea of ‘respectful’ tech design principles, as outlined by the Me2B Alliance’s Attributes for Respectful Me2B Commitments. Lisa returned with Scott Mace to introduce attendees to the IEEE P7012 working group at Privacy Signal Standard Update (IEEE P7012), the standard for machine readable personal privacy terms. Again, Lisa shared a framework out of the Me2B Alliance to illustrate how P7012 can matter in the arc of a digital relationship, such as between an individual and a web site.

ToIP

Judith Fleenor presented an Introduction To Trust Over IP, introducing ToIP, and reviewing their first year as part of the digital identity community, focussing on not only the technical questions around decentralized identity, but also accountability on the legal, business and social impact layers. Neil Thomson gave an overview of one cluster of related work items at ToIP entitled VCs Meet Reality: Custom VC Evaluation with Privacy that went into the weeds on the nuances of progressive disclosure and privacy considerations of complex, real-world use-cases involving sensitive personal data requiring consent receipts and the like. This work was partly done in the context of the Brussels-funded ESSIF-LAB incubator project, which allowed European startups (many of them DIF members) to collaborate on privacy and regulatory compliance issues specific to the European context.

Next Steps

Many thanks and much praise to the dedicated team at IIW for running a virtual event of this scale, and providing a virtual venue for such vibrant exchanges and discussion. As always, the conversations at IIW are like games of jump-rope: you can jump in and out at any time with a little tact and coordination. Many of these conversations happen at DIF, or have touchpoints with DIF that give periodic updates at DIF meetings, and the upcoming DIF Face-to-Face in early 2022 will include major updates from many of these. In particular, DIF’s community of practice for Product Managers and UX professionals is actively seeking discussion topics and presentations to keep the momentum going between IIWs and DIF F2Fs, so do join the mailing list and reach out if you’d like to discuss product ideas, user stories, and UX quandaries. As always, the best way to keep up-to-date, gain insight and learn-while-doing is to get involved directly with the open-source decentralized identity community.


We Are Open co-op

Open and Creative Climate platform

Working on the digital vision for Julie’s Bicycle Julie’s Bicycle is a non-profit helping organisations in the arts and culture sector understand their carbon footprints. They’ve created a unique set of tools, the Creative Green Tools, as well as many high-impact programmes specifically to support the creative sector. Over the last months, our vision for the digital transformation and
Working on the digital vision for Julie’s Bicycle

Julie’s Bicycle is a non-profit helping organisations in the arts and culture sector understand their carbon footprints. They’ve created a unique set of tools, the Creative Green Tools, as well as many high-impact programmes specifically to support the creative sector.

Over the last months, our vision for the digital transformation and strategic direction for Julie’s Bicycle (JB) has solidified. We are pleased to note that not only have we assisted Julie’s Bicycle in hiring their first ever Product Lead, we’ve also established a pathway and guideposts designed to help JB achieve a digital vision that will put them squarely in the column of digital leader for the climate crisis.

External vision

It should come as no surprise that We Are Open is encouraging JB to become an open organisation (we do this all the time!). We are advising they move forward with an OpenSaaS model and pair it with a community strategy in which they fly the flag of openness together with environmentalism.

The external development piece of this strategy details the community-driven approach and processes that will help Julie’s Bicycle grow strategically and sustainably. Key to this development is embedding the open approach, which will help JB bring its existing audience and help them to leverage community in ways which would significantly augment opportunities for Julie’s Bicycle.

how the different pieces of the community interact. cc-by We Are Open Co-op

We’ve used JB’s theory of change to create three distinct design principles for the digital work JB has on the horizon. With creativity, sustainability and solidarity, JB will design its tools and resources together with and for the cultural community. The “Creative Climate Digital Platform” will connect and make visible all climate action taking place in the cultural sector for advocacy and communications. This will enable users to communicate climate action and campaign/advocate to their own creative communities.

We will create an intersection between climate activism and technology by engaging with and inside of the Open Source community, and we will use these associations to foster peer to peer knowledge exchange, collaborative problem-solving, an opportunity to use and improve tools and resources and leadership in the climate tech space.

cc-by We Are Open Co-op

The overarching objectives for the community are to:

Enable peer to peer knowledge sharing so that we are making all creative climate action visible, profiling emerging and established sector experts, encouraging collaborative problem-solving and leadership, supporting people to connect with each other and learn new and best practices, and co-create new knowledge with the sector directly. Make visible the global creative response to the climate challenge, enabling a coherent advocacy tool and a joined-up approach to creative climate action across the world. Internal Vision

As an open mindset is not something that can be delivered by an Openness team but should be embedded across the organisation, we’ve created an internally focused strategy to help JB integrate the necessary tools and processes. This way of working will open new doors for staff as well as for external collaborators and partnerships.

We started by looking at the systems they use (e.g. a ‘System Ecosystem’) and thinking about ways digital could augment and support collaboration inside the organisation. We are considering the overlap between internal work practices and external engagement and planning for the remix and reuse of documentation for the good of the external strategy. We’re also advising on software choices that can help JB staff manage the complexity of JB’s work, both now and in the future.

cc-by We Are Open Co-op

We know that our way of working is becoming more common, but there are peculiarities in the world of non-profit that have to be taken into account when doing digital transformations towards openness. Though still works in progress, we are establishing the groundwork to help JB staff learn about open principles and practices. We are preparing ourselves for a deeper engagement on these topics in 2022.

Next year

We are pleased that JB is eager to continue working with us and are thus beginning to write phase plans for 2022. On the tools side of things, we are still collaborating closely with our friends at Outlandish. Together we will be supporting JB as the organisation begins its journey through the double diamond and into the world of open source.

Wondering how We Are Open can help your organisation on the path to digital transformation? Get in touch!

Open and Creative Climate platform was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

Friday, 26. November 2021

MyData

MyData Netherlands meeting: MyData community looks outward and to the future

After two years of travel restrictions, the MyData community met in person for talks and discussions in plenary, workshops and in smaller groups. Despite last minute COVID-19 related restrictions, over 50 people attended in-person and over 150 watched and participated online.  Highlights include the keynote from Amsterdam’s chief technology officer, Ger Baron and the awarding... Read Mor

After two years of travel restrictions, the MyData community met in person for talks and discussions in plenary, workshops and in smaller groups. Despite last minute COVID-19 related restrictions, over 50 people attended in-person and over 150 watched and participated online.  Highlights include the keynote from Amsterdam’s chief technology officer, Ger Baron and the awarding...

Read More

The post MyData Netherlands meeting: MyData community looks outward and to the future appeared first on MyData.org.


Own Your Data Weekly Digest

MyData Weekly Digest for November 26th, 2021

Read in this week's digest about: 8 posts, 2 Tools
Read in this week's digest about: 8 posts, 2 Tools

Thursday, 25. November 2021

We Are Open co-op

Reflecting on the Evolving Badges and Credentials Ecosystem

Technical and philosophical differences around recognition Image CC BY We Are Open Co-op Recently, the WAO team took the opportunity to update the badge platforms page on Badge Wiki, a knowledgebase for the Open Badge community. As the ecosystem continues to evolve we’re seeing some early platforms fall by the wayside and new platforms emerge. This is to be expected after a decade of maturity
Technical and philosophical differences around recognition Image CC BY We Are Open Co-op

Recently, the WAO team took the opportunity to update the badge platforms page on Badge Wiki, a knowledgebase for the Open Badge community. As the ecosystem continues to evolve we’re seeing some early platforms fall by the wayside and new platforms emerge. This is to be expected after a decade of maturity.

The image at the top of this post is a simple visual explanation of how the ecosystem is changing as we move towards version 3.0 of the Open Badges standard. It builds on work by Don Presant, which itself builds upon work by our members.

Let’s define terms Verifiable Credentials — “an open standard for digital credentials. They can represent information found in physical credentials, such as a passport or license, as well as new things that have no physical equivalent, such as ownership of a bank account.” In other words, Verifiable Credentials can be used for pretty much anything from something showing you turned up to an event, through to your passport or driving license. Open Badges — a “standard [which] describes a method for packaging information about accomplishments, embedding it into portable image files as a digital badge, and establishing an infrastructure for badge validation.” In other words, a visual, provable way to represent a skill, relationship, or identity. Digital Badges — “a validated indicator of accomplishment, skill, quality or interest that can be earned in various learning environments.” In other words, a visual image which represents something on a platform. It may or may not be based on a standard which makes sense outside of that platform. Microcredentials — “a qualification [focused on] a specified professional or career discipline and typically comprises one or more sources of accelerated educational experiences.” In other words, an ‘umbrella’ term used mainly in Higher Education to refer to new forms of recognition of learning. Open Recognition — the use of Open Badges and other technologies “to build an open and learning society, based on the recognition of the talents, skills and aspirations of individuals, communities and territories.” In other words, using badges in ways that are different to using them only as ‘credentials’. What’s the technical difference?

Open Badges and Digital Badges are both visual. Without some kind of image to represent them, they do not exist. Verifiable Credentials, on the other hand, may use images, but do not have to. This changes how they can be used, and how they are likely to be used. Organisations may choose to validate skills in a way akin to a database rather than an eportfolio.

Another difference is with the underlying metadata standard. Version 3.0 of the Open Badges standard aligns with the Verifiable Credentials standard, with both providing a way to validate authenticity. The great thing about the move to Verifiable Credentials is that decentralised identifers can be used (as well as email addresses) to identify recipients. This is much more sustainable in the long term, and foreshadows developments that we’ll see around digital identify before 2030.

What about Microcredentials and Open Recognition?

Universities and colleges deal in ‘credentials’ so the word ‘microcredential’ is attempt by post-compulsory formal education to make sense of the new world of recognition and credentialing.

A ‘microcredential’ is simply a friendly term for something which is technically identical to an Open Badge, Blockcert (Open Badge on the blockchain), digital certificate, or any other form of representing achievement. A microcredential is not a separate technical standard.

Likewise, Open Recognition is not a separate technical standard but rather a philosophical position about the nature of recognition in society. It continues the aim for ‘lifelong learning’ that was embedded in the original Mozilla Open Badges whitepaper, and is somewhat at odds with the idea of a ‘credential’.

Instead of credentials being bestowed upon individuals by institutions, Open Recognition seeks to “create the conditions for individuals to be in control of their own recognition, to establish their identity and agency, whether formally (within institutions) or informally (across communities).”

Some in the Open Recognition community are concerned about the move to align Open Badges v3.0 with the Verifiable Credentials standard. For example, in the Keep Badges Weird community (a project WAO is working on with Participate), Serge Ravet comments:

Do VCs provide a significantly better answer to the “currency” of a claim than Open Badges? I remain to be convinced. IMO, Open Badges are good enough, and as the old saying goes: if it’s ain’t broken don’t fix it!

Philippe Petitqueux goes further, wondering whether a move from human-based trust to machine-based ‘trust’ is worthwhile:

Badges are a medium to make visible a lot of things, including aspirations, passions, talents, commitments, resources, skills, recognitions…if you want to use verification functions for certifications, why don’t you use the VC without putting badges in it, or use a blockchain. An Open Badge should live, not gather dust in a drawer.
And if a badge is fake, it’s up to the humans to say so, the humans in the community of practice or professional who can spot a crook. That’s what endorsements are for. It’s amazing that in open badge projects, especially American ones, I don’t see any use of endorsements. Why is that? But I don’t know every project and I could be wrong.

Philippe’s comparison of the system he knows best (in France/Europe) compared to the “American ones” is telling. Different countries and cultures have varying expectations when it comes to education, skills development, and the recognition of learning.

Summary

So far, Open Badges up to v2.1 of the standard has accommodated a wide variety of use cases. The move to v3.0 is a decisive move towards the ‘credentials’ end of the spectrum, perhaps to the detriment of those seeking to focus on ‘recognition’.

It remains to be seen whether Verifiable Credentials can eventually help represent the entire spectrum of use cases which has enabled the Open Badges community to flourish. The challenge here is partly technical, but it’s also philosophical: what does it mean to represent yourself online?

Why not join the discussion in the Keep Badges Weird community and share your thoughts?

Badge texture image CC BY-ND Bryan Mathers

Reflecting on the Evolving Badges and Credentials Ecosystem was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.


Trust over IP

Let’s Go – Together!

Our societies and economies are not made of independent adults alone, and yet it's all too often an implicit assumption in digital interactions. The post Let’s Go – Together! appeared first on Trust Over IP.

GHP Guardianship Blog
John Phillips and Jo Spencer

Does international travel only ever involve independent adults?

The COVID-19 pandemic has accelerated the need for trusted sharing of verifiable data and the use of digitally-enhanced credentials. Check-in apps may or may not be a temporary requirement whilst we get on top of the pandemic, but the need to present a combination of tickets, visas, identity “documents” and vaccination certificates has always been a challenge for travel and other scenarios. The more you have to show, and the more complex the rules that need to be applied, the more complicated it becomes for all involved. The need to “open-up” safely and support domestic and international travel, as vaccinations roll out widely, gives us the opportunity and need to consider how best to build trusted travel information sharing solutions based on global standards, open software and governed participants and rules.

One of the realizations and perspectives resulting from nearly 2 years of work on guardianship (for minors or adults who need care) is that our societies and economies are not made of independent adults alone, and yet that is all too often an implicit assumption in the way we design and build solutions using digital interactions. Having come to this realisation, we now see this challenge everywhere that digital solutions and interactions are proposed. We need to consider how best to provide support for dependent minors and adults and their guardians in travel, as we should for all affordances in human life.

The Good Health Pass Interoperability Blueprint is an international effort of more than 120 people from many organizations and countries. A few months ago, we (Jo Spencer and John Phillips) were asked by chairs working on the Blueprint to write an addendum for guardianship to consider how travel for accompanied and unaccompanied minors and adult dependents might best be enabled with digital health and travel passes.

After several months of work, incorporating the team from the Sovrin Guardianship Working Group and others, with valuable insights from several airlines and people working with International Air Transport Association (IATA), the Guardianship addendum is ready for formal publication. 

You can download the Addendum PDF directly or find it on our Tools & Specifications page.

The GHP Blueprint provides a comprehensive framework for the processes of registration, credential construction and travel planning catered to the use of digital and physical verifiable credentials. However the first release doesn’t cater for supported travel and the resulting process and credential implications.

Travel by accompanied and unaccompanied dependents is all too often not considered by designers – it’s not part of the ‘normal’ flow. A minor consequence of this is poor journey experiences and inconvenience for the carers and their dependents, the major consequence is that it exposes vulnerable people to exploitation and travel companies to risk and liability.

The addendum looks to add value into the GHP Blueprint in the consideration of supported travel. It uses the approach and “mental model” developed within the Sovrin Guardianship Working Group and articulated in the ESSIF-Lab Framework Mental Models

The expectation expressed in the addendum is that as travel restrictions are eased, we will see a large up-tick in family travel and hence addressing the need for parents holding digital and digitally-enabled credentials was worth addressing. During the development of the addendum it became obvious that existing processes and practices followed by airlines and others are often informal and most written considerations are aimed at the specific case of travelling minors (rather than travelling dependent adults). The use of digital credentials would need to be able to add levels of trust into the process of registration-departure-travel-arrival and provide practical enhancement and efficiencies, without creating a burden. Current transit processes are generally not focused on providing proof of guardianship statuses, even for unaccompanied travel scenarios.

Applying the developed models of guardianship, using the flexibility of Verifiable Credentials and the trusted mechanisms of sharing VCs, can provide the ability to add guardianship credentials into the travel process (or not) without breaking the existing approach and complicating the technical details defined in the Blueprint. 

In future releases of the Blueprint, we’ll look to incorporate considerations of supported travel and guardianship throughout the Blueprint. For now, the addendum provides an overview of the implications and insights into how accompanied and unaccompanied travel scenarios can be enhanced, efficient and trusted.

Thanks to those involved. Key GHP contributors to meetings and content include Jo Spencer, John Phillips, Judith Fleenor, Karine Boulet Gaudreault, Kaliya (IdentityWoman) Young, Rieks Joosten, Sankarshan Mukhopadhyay, Sterre den Breeijen, Tim Janssen, Victor Syntez, and Xiang Wang.

The post Let’s Go – Together! appeared first on Trust Over IP.

Wednesday, 24. November 2021

ResofWorld

Why Russia is using Facebook to launch disinformation campaigns in Sudan

The government has taken no action, and with elections approaching, Russia stands to directly influence the country’s political direction for its own benefit.
Although only about one-third of Sudan’s population has access to the internet, social media plays a key role in the political life of the country. Facebook pages and Twitter hashtags...

Nykaa’s blockbuster IPO created India’s richest self-made female billionaire — and a role model for women in tech

Falguni Nayar is an outlier in India's startup scene, where less than 4% of unicorn founders are female.
In early November, Falguni Nayar became India’s richest self-made female billionaire after her company Nykaa, the country’s largest online cosmetics retailer, went public. The initial public offering was oversubscribed more...

Tuesday, 23. November 2021

GLEIF

The Internet of Trade

Currently available technology enables global trade to become fully digital. To support this, technical standards must be created, and rules and legislation must be harmonized internationally. Public administrations are to invest in digitalization to the same extent as those trading and also the numerous service providers around trade. The outcome will be promising, but one success factor is clos

Currently available technology enables global trade to become fully digital. To support this, technical standards must be created, and rules and legislation must be harmonized internationally. Public administrations are to invest in digitalization to the same extent as those trading and also the numerous service providers around trade. The outcome will be promising, but one success factor is close collaboration between the various players.

The volume of globally produced goods and services has approximately doubled in the past 30 years and trade has more than tripled. Many areas of production and trade have been digitized, but in the absence of a universal approach to digital networking, siloed systems have been implemented, creating countless ‘digital islands’. Data is still transferred between the participants’ computer systems on printed documents or as unstructured PDFs. This burden is caused by the lack of interoperability and needs to be overcome, if the potential of digitalization is to be fully leveraged, and to change processes to become safer, more reliable, more sustainable and less expensive. Addressing this challenge would also support preventing criminal or dubious business practices, such as trade-based money laundering, fraud or sustainability claims which are difficult to verify. It will also serve to make trade finance a great deal more accessible to SMEs and so help to close the so-called ‘trade finance gap’ and would also spur sustainable economic growth.

Over the same period of time, the past 30 years, information and communications technology has developed very dynamically. While home computers were expensive in the early 1990s and mobile phones were luxury goods, smartphones are now the global standard. Almost all of the performance parameters of these handheld computers exceed those of the supercomputers of the 1990s at drastically reduced energy consumption. The miniaturization and integration of circuits now allows networked sensors and actuators to be connected to machines and everyday objects, which are also becoming increasingly available everywhere. This is the so-called Internet of Things (IoT). Machines ‘talk’ to each other and also interact via smartphones, wearables or voice commands with humans. Ubiquitous computing has become a reality. Data processing can now happen everywhere, at all times and for all purposes!

Again, over the same period, internet and mobile networks have developed just as rapidly. While the focus at the start of digital mobile communications was still on voice transmission, this is now a marginal quantitative event, accounting for less than 1% of the data volume generated in the networks. Data transfers predominate, connectivity speeds and data amounts per month are being sold, the call minute has become obsolete as a billing unit. High quality mobile networks have been commissioned on a global scale. Satellite constellations are being put in the sky and will complement mobile networks to entirely close existing connectivity gaps. Every point on the earth’s surface will be networked with high bandwidth and low latencies. Production facilities in Germany, copper mines in Zambia, container ships in the middle of the Pacific and aircrafts flying over China or Brazil will as a result become participants in a continuous data exchange.

This data exchange, running everywhere, at any time and for any purpose can be called ubiquitous networking. Through combining ubiquitous computing and ubiquitous networking, endpoints for human interaction with processes modelled in software become available everywhere. Also machine to machine interactions, more precisely between the software processes running on them, become available everywhere and at any time.

Decentralized business networks, DLT, IoT, AI

The administration of foreign trade takes place within a multitude of systems, most of which are operated in the data centers of trade participants and their service providers. Paper or paper substitutes with poorly structured data are still used in most instances to transfer data between systems. A PDF file is an example of a paper substitute. Although this file is generated and transmitted digitally, it often only replaces the slow mail delivery and does not readily support programmed end-to-end processes. Also the providers of Enterprise Resource Planning (ERP) systems have insufficiently addressed this challenge so far. Although datasets can be exchanged between the ERP systems of sellers and buyers, this scenario seems to lack technical standards or “neutral ground”. Often data transmissions entail a legal background, for which time stamps are desired along with a legally binding signature. The development of distributed business networks, featuring a certain degree of decentralization and being located between ERP systems may close this gap.

In the future, decentralized business networks will serve as orchestration means for most complex business processes between stakeholders and service providers. Business interactions related to financial services, logistics services, insurance, customs clearance, inspection certification, certifying origin and other required services can be undertaken within these distributed systems. Required data will be entered into and retrieved from these networks. This will obsolete re-keying of data and data quality will increase as a consequence. For most service providers in the supply chains, decentralized networks may become the primary point of sale.

Generally, the networks are underpinned by a distributed ledger, which restricts system entries to consensus based append only mode, on the basis of predetermined, programmed rules. This creates ‘technical trust’ and will allow the automation of cross-organizational business processes on an unprecedented scale. Smart contracts determine the agreed rules and defined procedures for business processes in code and will be programmed across company boundaries.

A number of technical standards and protocols already exist for exchanging data between different networks, the participants’ back-office systems and the environment’s IoT data sources and sinks. Others are in the design stage and are being developed. The end-to-end use of ISO standards and compliance with United Nations Economic Commission for Europe (UNECE) recommendations is becoming a prominent quality feature of trading systems. Certification of the standard conformity of these systems may become a service. Extensive data permeability between the networks is the goal, and zero configuration scenarios may become a possibility through standardization. Efficient access to data facilitates the use of artificial intelligence alongside prescriptive and predictive analytics. Use cases could be around fraud deterrence, meeting regulatory obligations without effort, and enabling promising big data based applications. Paper as a means of data sharing will be considered old fashioned and eventually become obsolete. Or even suspicious. But how will the wet ink signatures look like in this new world? How will a data transfer or a data based transaction become legally valid?

Digital identities

Digital identities for organizations, people, objects and software processes will be means to grant access rights to numerous systems and networks and to the transactions managed on them. Directory services, which today assign role based access privileges in software systems, and regulate access to organizations' resources and services, will gradually be replaced by external services for digital identities, and so migrate into the decentralized space between the companies. Roles and privileges will in this way be exposed in a programmable and verifiable way to the outer world, into a fabric of digitally rendered services.

In simple terms, a digital identity consists of one identifier (or many) and several verifiable credentials attached to it. Both components have been extensively standardized by the W3C. As the Legal Entity Identifier (LEI) is a company’s globally unique identifier it will serve well as root of an organization’s identity. The verifiable Legal Identifier will allow to amend the LEI by verifiable credentials, some of which can grant an organization’s employee access to transactions in third-party systems. The verifiable credentials granting access or certifying facts are digitally signed by those granting or certifying, and hence programmatically verifiable by the stakeholders of the respective transactions by means of software processes This can therefore take place automatically, reliably and audited.

An example from the field of digital identities illustrates this: To process a letter of credit, a bank will need to access several business networks in which the purchase order, commercial invoice, bill of lading and certificate of origin are all digitally recorded. The access rights to the respective transactions in these third-party systems will be transferred into the bank’s digital identity as a set of verifiable credentials as soon as the buyer specifies in a B2B-network or letter of credit network that the bank has been commissioned to issue the letter of credit pertaining to the transaction. The bank may then delegate the access right to these datasets to its employees involved in the process, by transferring a corresponding verifiable credential into their personal digital identity. This will allow the bank’s employees or even the bank’s software autonomous processes to act on their behalf.

The transaction conducted by means of a digital identity relies on an X.509 certificate, which is part of a chain of trust that ends at the trust root. The authorization and authenticity of the transaction carried out by these means is cryptographically guaranteed and is likely to be covered in Germany by the eIDAS implementing act and the legal directives issued for this purpose. Equivalent regulations in non-European legal areas would be necessary and should be asserted, produced and enacted.

Creating network effects

Similar questions about ‘statutory congruence’ arise when using electronic records for trade documentation. Little progress can be made if the use of electronic records for bills of lading and consignment bills is legally admissible in the exporting country, while the importing country enforces a fallback to expensive and slow paper processes for legal reasons. The legal basis for doing business in globally strung networks should be standardized. In 2017 the United Nations Commission on International Trade Law (UNCITRAL) presented a proposal for national laws to be adapted, the ML-ETR, i.e to cater for globally harmonized legislation on the transfer of property titles securitized in negotiable trade instruments.

The vision of an internet of trade also requires considerable joint efforts on a technical level to become a reality. Technical standards ensure interoperability and should be jointly developed and also deflated where several existing standards compete for the same purpose. A technical commercial language of uniform vocabulary, semantics and syntax is desirable as it would significantly ease, cheapen and accelerate the interlinking of the multitude of systems and networks. An example is the core business vocabulary in the EPCIS standard from GS1.

Trading parties and their service providers, such as banks, insurers, logistic service providers and inspectors are facing major changes. These will impact internal IT and process landscapes, qualifications of employees involved in trading processes and products offered. Public administrations and customs authorities should play a leading role in this process and ideally set a global course. Peppol is a European example for this.

The ICC has taken up the role as a global convenor of the numerous standardization bodies working towards these goal. The ICC Digital Trade Standards Initiative has started operations in mid 2020.

The changes will be so sweeping that even large organizations and enterprises will not be able to make a difference on their own. To create a network of networks and realize the full potential of network effects, all parties must cooperate in a coopetion effort. COVID-19, besides being a regrettable misery for many, has worked as an unprecedented accelerator for global digitalization efforts.

Conclusion
World trade will become almost entirely digitalized and networked in the course of the next decade. Siloed systems and paper-based documentation are becoming increasingly sidelined and will soon be deemed in arrears. From the convergence of different technologies, a nervous system of the world economy is emerging and is about to be woven with ever increasing density.

The ability to participate digitally in commercial trade is becoming critical and requires companies to embrace new processes and skills. Public administrations should seize the opportunitiy and rapidly progress their digitalization efforts and promote technical standards. Global cooperation among the large variety of stakeholders around trade is required.

This article was originally posted on International Chamber of Commerce Germany (ICC Germany Magazine) in German. It has been translated and amended for the GLEIF blog.


Oasis Open

Common Security Advisory Framework v2.0 from CSAF TC approved as a Committee Specification

CSAF is a language to exchange Security Advisories formulated in JSON The post Common Security Advisory Framework v2.0 from CSAF TC approved as a Committee Specification appeared first on OASIS Open.

CSAF v2.0 is ready for testing and implementation

OASIS is pleased to announce that Common Security Advisory Framework Version 2.0 from the OASIS Common Security Advisory Framework (CSAF) TC [1] has been approved as an OASIS Committee Specification.

The Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories formulated in JSON. CSAF v2.0 is the definitive reference for the language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Common Security Advisory Framework Version 2.0
Committee Specification 01
12 November 2021

Editable source (Authoritative):
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.md
HTML:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.html
PDF:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.pdf
JSON schemas:
Aggregator: https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/schemas/aggregator_json_schema.json
CSAF: https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/schemas/csaf_json_schema.json
Provider: https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/schemas/provider_json_schema.json

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.zip

Members of the CSAF TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] OASIS Common Security Advisory Framework (CSAF) TC
https://www.oasis-open.org/committees/csaf/

[2] Public review timeline:
Details of the public reviews are listed in:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01-public-review-metadata.html
Comment resolution log for most recent public review:
https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01-comment-resolution-log.md

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3666

The post Common Security Advisory Framework v2.0 from CSAF TC approved as a Committee Specification appeared first on OASIS Open.


AS4 Interoperability Profile for Four-Corner Networks v1.0 from BDXR TC approved as a Committee Specification

New profile of AS4 for exchanging business documents through intermediary gateway services. The post AS4 Interoperability Profile for Four-Corner Networks v1.0 from BDXR TC approved as a Committee Specification appeared first on OASIS Open.

AS4 Profile is ready for testing and implementation

OASIS is pleased to announce that AS4 Interoperability Profile for Four-Corner Networks Version 1.0 from the OASIS Business Document Exchange (BDXR) TC [1] has been approved as an OASIS Committee Specification.

This specification defines an interoperability profile of the AS4 Profile of ebMS 3.0 for use in four-corner networks. In a 4-corner network, entities are exchanging business documents through intermediary gateway services (sometimes called Access Points).

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

AS4 Interoperability Profile for Four-Corner Networks Version 1.0
Committee Specification 01
12 November 2021

Editable source (Authoritative):
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/cs01/bdx-as4-v1.0-cs01.docx
HTML:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/cs01/bdx-as4-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/cs01/bdx-as4-v1.0-cs01.pdf

Distribution ZIP file
For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/cs01/bdx-as4-v1.0-cs01.zip

Members of the BDXR TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] OASIS Business Document Exchange (BDXR) TC
https://www.oasis-open.org/committees/bdxr/

[2] Public review timeline:
Details of the public reviews are listed in:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/csd02/bdx-as4-v1.0-csd02-public-review-metadata.html
Comment resolution log for most recent public review:
https://docs.oasis-open.org/bdxr/bdx-as4/v1.0/csd02/bdx-as4-v1.0-csd02-comment-resolution-log.txt

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3665

The post AS4 Interoperability Profile for Four-Corner Networks v1.0 from BDXR TC approved as a Committee Specification appeared first on OASIS Open.


Me2B Alliance

Me2B Alliance Awarded $100K Grant for US Pre-K-12 Benchmark to Research School Utility Apps’ Data Sharing

SAN DIEGO, Nov. 23, 2021 (GLOBE NEWSWIRE) -- Me2B Alliance, a non-profit standards and advocacy organization focused on safe and respectful technology, today announced that it has been awarded a $100,000 grant by the Internet Society Foundation. The foundation funds initiatives that strengthen the Internet in function and reach so that it can effectively serve all people. The Me2B Alliance will
Me2B Alliance Awarded $100K Grant for US Pre-K-12 Benchmark to Research School Utility Apps’ Data Sharing Internet Society Foundation grant strengthens Me2B Alliance’s efforts to uncover how mandated technology is treating sensitive student data

November 23, 2021 09:00 ET | Source: Me2B Alliance

SAN DIEGO, Nov. 23, 2021 (GLOBE NEWSWIRE) — Me2B Alliance, a non-profit standards and advocacy organization focused on safe and respectful technology, today announced that it has been awarded a $100,000 grant by the Internet Society Foundation. The foundation funds initiatives that strengthen the Internet in function and reach so that it can effectively serve all people.

The Me2B Alliance will utilize the grant to complete its “U.S. EdTech Industry Benchmark: Data Sharing in Primary & Secondary School Mobile Utility Apps.” The research aims to raise awareness about harmful data sharing practices by uncovering how sensitive student information is being treated by school utility apps in grades pre-k through 12.

The Me2B Alliance strives to bring everyday people (Me-s) into its Safe and Respectful Tech Specification development process so that the voice of Me-s drives the definition of safe and respectful technology. Me2BA’s mission is to create a safe and just digital world through standards development and independent testing of technology. The Internet Society Foundation grant will help validate Me2BA’s work toward ensuring that the Internet is safe, and the products produced for use on the Internet such as apps and websites, are trustworthy and respectful.

Children in grades pre-k through 12 are among the most vulnerable Internet users. They are often obligated to use web-connected tools, including school utility apps, for day-to-day communication. Without proper standards in place, these children are susceptible to privacy risks.

The risks to children and parents are real. Earlier this year the Me2B Alliance Product Testing team audited and analyzed a random sample of mobile applications used by 38 U.S. schools in 14 states. The analysis found that the majority (60%) of school apps were sending student data to a variety of third parties without the knowledge of the students, parents or even the school. 58% of the third parties receiving data were high risk advertising and analytics entities.

The Me2B Alliance’s “U.S. EdTech Industry Benchmark: Data Sharing in Primary & Secondary School Mobile Utility Apps” will build on those previous findings by expanding its scope to include schools across the nation. The expected outcome is to reaffirm that school utility apps are, in fact, abusing the privacy of students and parents across the U.S. by rampantly sharing personal information with multiple third-party vendors.

The research will identify current common practices by school utility apps relating to several factors, including:

How much data sharing with third parties is occurring Who student data is being shared with What kind of data is being shared If privacy policies are accurately reflecting the observed behavior

In selecting the Me2B Alliance’s application for funding, the Internet Society Foundation acknowledges that Me2BA’s work is in line with the Foundation’s efforts to ensure that the Internet is open, globally connected, secure, and trustworthy.

“We are proud to have been selected to receive the ISOC Foundation grant through this competitive process,” said Lisa LeVasseur, executive director at Me2B Alliance. “The support validates our ongoing commitment to producing meaningful research and establishing best practices for safe and respectful technology to protect not just children and parents, but every person who interacts with Internet-connected tech.”

The Me2B Alliance invites experts, business leaders and individuals interested in advancing standards in safe and ethical data and mobile and Internet practices to visit its website to learn more about Me2B Alliance membership, current Me2BA research, its educational tools, and its advocacy work.

About the Me2B Alliance
The Me2B Alliance is a nonprofit standards developing organization and industry watchdog, working to ensure that all internet technology is safe and respectful. We are driven to prevent the full spectrum of digital harms by creating the first safety standard for the internet, advocating for consumer rights, and developing educational content and tools to shine a spotlight on the risks associated with using internet-connected technology. Our mission is to create a safe and just digital world through standards development and independent testing of technology to give individuals more say in how technology treats people.

About The Internet Society Foundation:
The Internet Society Foundation was established in 2019 to support the positive difference the Internet can make to people everywhere. Guided by our vision of an Internet for Everyone, the Foundation champions ideas and enables communities to unlock the Internet’s potential to tackle the world’s evolving challenges. Focusing in five programme areas, the Foundation awards grants to Internet Society Chapters as well as non-profit organizations and individuals dedicated to providing meaningful access to an open, globally-connected, secure and trustworthy Internet for everyone.

PR Contact:
Mike Smith
Montner Tech PR
msmith@montner.com


Gratitude: Internet Society Foundation Grant Award

As we move into the time of year when we highlight the celebration and sharing of gratitude, Me2B Alliance would like to express our gratitude to the Internet Society Foundation. The Internet Society Foundation recently granted the Me2B Alliance $100,000 to complete its “U.S. EdTech Industry Benchmark: Data Sharing in Primary & Secondary School Mobile Utility Apps.” The benchmark will buil

As we move into the time of year when we highlight the celebration and sharing of gratitude, Me2B Alliance would like to express our gratitude to the Internet Society Foundation. The Internet Society Foundation recently granted the Me2B Alliance $100,000 to complete its “U.S. EdTech Industry Benchmark: Data Sharing in Primary & Secondary School Mobile Utility Apps.” The benchmark will build on previous findings about harmful data sharing practices by uncovering how sensitive student information is being treated by school utility apps in grades pre-k through 12 in schools across the nation.  

The Internet Society Foundation funds initiatives that strengthen the Internet in function and reach so that it can effectively serve all people. They work to ensure that the Internet is open, globally connected, secure and trustworthy. A perfect match to our work and we are proud to have been selected to receive the funding. The award validates our ongoing commitment to producing meaningful research and establishing best practices for safe and respectful technology to protect not just children and parents, but every person who interacts with Internet-connected tech. 

All of us at Me2BA would like to thank not only the Internet Society Foundation for their investment in our work, but also each member, follower, and future member for joining us as we work to ensure that all internet technology is safe and respectful. Much gratitude to you all.  

Read the complete News Release here

Monday, 22. November 2021

Me2B Alliance

What is Respectful Use of Location Information? New Me2BA Research Published

As we’ve been performing independent product audits over the past year and a half, we received some push-back on our passing criteria related to the automatic translation of IP address to geographic location. Vendors felt that automatically calculating the user’s geographical location was, in fact, a benefit. However, in our specification, that behavior will receive a failing score. At an impasse,

As we’ve been performing independent product audits over the past year and a half, we received some push-back on our passing criteria related to the automatic translation of IP address to geographic location. Vendors felt that automatically calculating the user’s geographical location was, in fact, a benefit. However, in our specification, that behavior will receive a failing score. At an impasse, we decided to conduct some validation testing with Me-s.  

Through qualitative and quantitative research, we did, in fact, confirm that our passing criteria reflects Me-s’ sensitivities around automatic location calculation.  

Read more about it in our latest Spotlight Report, “Spotlight Report #3: Consumer Sensitivity to Location Tracking by Websites and Mobile Apps”. This research quantifies and qualifies public opinion of location tracking in a variety of different contexts within web and mobile technology. Key findings include: 

72% of people for websites and 68% of people for mobile apps do not consider location tracking to be acceptable before an account is created.  55% of people consider it “creepy” when websites know their location when they first open the site.  Location sensitivity is context and control sensitive, so that people are more comfortable with location tracking when it is necessary (ex. directions, deliveries, weather, traffic) and when they are asked for permission.  81% of people for websites and 68% of people for mobile apps used at least one negative term to describe location tracking including creepy, bad, annoying, scary, and confusing. 

See this press release for more highlights of the report. 

Constant validation of our standard with Me-s is crucial to producing a safety specification that reflects the sensibilities of everyday people.    

“Research is the foundation of our efforts to create standards for safe and ethical technology. We think location tracking on app open is wrong, but as a standards organization that is the voice and advocate of people across the internet, we don’t trust our opinions alone. We can only be sure by conducting research on how people — Me-s in our parlance — really feel. In this case, the research clearly shows we are right. The extensive findings in this survey validate that our scoring standards are solidly based on how people really feel about location tracking.”

Lisa LeVasseur, Executive Director, Me2BA

This research is one of several validation studies to confirm and quantify the public’s desire for a safer, more respectful digital world. Stay tuned and become a part of the movement as we continue to conduct research that allows us to set standards to ensure human dignity in connected technology. 


Hyperledger Aries

Hyperledger Foundation Community Training: Accelerate your decentralized identity skills with two free Hyperledger Indy and Hyperledger Aries workshops

Hyperledger Indy and Hyperledger Aries are two of the popular open source repositories that can help propel development of decentralised identity products and services. Aries is a toolbox of several... The post Hyperledger Foundation Community Training: Accelerate your decentralized identity skills with two free Hyperledger Indy and Hyperledger Aries workshops appeared first on Hyperledger Found

Hyperledger Indy and Hyperledger Aries are two of the popular open source repositories that can help propel development of decentralised identity products and services. Aries is a toolbox of several blockchain-agnostic repositories that allow for trusted online peer-to-peer interactions based on decentralized identities and verifiable credentials. The project grew out of work that was happening in Indy to create technologies for managing decentralized identity. Aries was moved to graduated status by the TSC in February 2021. Indy graduated in 2019 and provides a specific blockchain purpose-built for identity. 

Seeing the growth in interest for these two projects, Hyperledger Foundation has partnered with member company Indicio and its team of deeply experienced developers and architects to develop this free, multi-course curriculum to help developers and architects gain a deeper understanding of decentralized identity, with a deep dive into Aries and Indy. Registration and preparation information can be found on this Workshops page

These two four-hour, beginning level hands-on workshops provide opportunities to install and run the Indy and Aries components just like you would if you were making a real Indy-based network or Aries-based application. They introduce the necessary Git repos as well as how to use the Indy Command Line Interface (Indy CLI), run the Aries toolbox and create and issue a verifiable credential. They also introduce some current projects using Aries and Indy to help you accelerate your understanding of decentralized identity and build the skills necessary to successfully make changes to the underlying code with hands-on guidance to develop your own projects.

About the courses

Build Your Identity Solution Using Hyperledger Aries
Thursday, January 20, 2022
8 AM to noon Pacific

Register for free

The first in the Hyperledger Foundation Community Workshop series, Intro to Decentralized Identity is a four hour online course to introduce the core concepts and principles of decentralized identity. As you progress, you’ll learn how to use a Hyperledger Indy-based network, be introduced to the Indy CLI, and install and run the Aries toolbox to create, issue, and verify a verifiable credential.

Topics also include:

Decentralized identity concepts and principles The verifiable credential data model Decentralized identity ecosystem Introduction to network tools indyscan and SelfServe Intro to Indy CLI and how to use the CLI to access a network What Aries is Install and run Aries Toolbox Create connections and issue a credential How to verify credential

Hyperledger Indy Technical Deep Dive
February 3, 2022
8:00 AM to noon Pacific

Register for free

The second in the series is a four-hour course that advances your skills related to Hyperledger Indy node code and the Indy SDK. It also covers the commonly used cryptography libraries contained in Hyperledger Ursa, the Plenum ledger and how to interact with and change the repositories and code.

Topics also include:

Install and build with Indy SDK Introduction to libindy, indycli etc Indy VDR (replacement for Indy-SDK) Making changes to Indy node code Build and IndyTest the changes locally How to get involved in the community further with chats, helplines, and meetings

Both courses do have several must-have prerequisites, including the installation of docker, installation of Indy-CLI, installation of rust, and the download of important repositories. This can be done independently, or you will have the opportunity to connect with instructors during pre-course office hours on a dedicated helpline. 

These new courses are the first community workshops offered by the Hyperledger Foundation for free in an effort to expand the use, contributions, and maintainer community of Hyperledger Indy and Aries. Recordings of the courses will be made available at the conclusion of the instructor-led events.

Registration for the free course is limited to 100. Registration links and further information about the prerequisites and course materials can be found at https://wiki.hyperledger.org/display/events/Workshops.

The post Hyperledger Foundation Community Training: Accelerate your decentralized identity skills with two free Hyperledger Indy and Hyperledger Aries workshops appeared first on Hyperledger Foundation.

Sunday, 21. November 2021

Trust over IP

On Forests, Emergence, and Expansive Trust

Perhaps our perfectly reasonable focus on the details of credential implementation is distracting us from a profound generalization that our name, “Trust Over IP,” has suggested all along. The post On Forests, Emergence, and Expansive Trust appeared first on Trust Over IP.
Why Trust Over IP is even more profound than we thought

by Daniel Hardman (LinkedIn link), Principal Ecosystem Engineer, SICPA

I became involved with the self-sovereign identity movement in 2016, and I have been lucky enough to witness many of its milestones — the finalization of the VC and DID specifications, the launch of Sovrin and Hyperledger Indy, the advent of production deployments and serious interoperability, the invention of peer DIDs and KERI and BBS+ credentials, the implementation of the exciting communication technology now known as DIDComm…

In this list of exciting events, I’ve long felt that the launch of the Trust Over IP Foundation deserved special mention. I coauthored two of the first public papers about the Trust Over IP Stack. For me, the vision represented a first and best effort to articulate and focus the principles that undergird all our decentralized and self-sovereign ambitions.

Yet despite this enthusiasm, I’ve recently realized that I’ve been underestimating our potential impact. Surprising but true.

In January of 2021, I joined SICPA to work on the problem of digital cash — not cryptocurrency, but bits-and-bytes versions of a euro, a dollar, a rupee, a real. Of course I took with me all my love for decentralized identity, DIDs, credentials, governance, and peer-oriented protocols.

As I learned this new problem domain, I saw a need for undergirding trust infrastructure; digital cash and its ownership needs verification, much like verifiable credentials do. That meant I needed primitives analogous to identity’s verifiable data registries. I also saw the need for identifiers and connections, and atop them, rich protocols — similar to the credential-oriented ones I’d appreciated in identity, but now having a monetary focus. For example, we obviously needed a protocol for buying and selling, another for negotiating a price, another for putting a value in escrow… And of course the big vision for cash was a trustworthy ecosystem, quite similar to the ones I’d been advocating in identity.

The more I pondered, the strong the parallels and resonances became. Permeating this new stack of value was the same need for governance, the same need for privacy and oversight, and the same opportunity to reset power imbalances by emphasizing peers and decentralization.

I looked at the Trust Over IP stack diagram with fresh eyes. And I saw that, like the funny English expression, “Can’t see the forest for the trees,”  perhaps our perfectly reasonable focus on the details of credential implementation was distracting us from a profound generalization that the name of our foundation, “Trust Over IP,” had suggested all along:

We are about trust over underlying tech primitives — not just about identity or credentials.

It is true that credentials are a profound innovation — one that we’ll need in a digital cash stack, for sure. And it’s also true that identity is a key enabler of trust. But money taught me that these key components are necessary, not sufficient. With money, I also want verifiable mechanisms like escrow and insurance. That’s true even (perhaps especially) when I’m transacting with a faceless stranger.

I also pondered what perspective I might have acquired if my job shift had been to the problem of fake news, or education, or supply chain integrity, or healthcare, or academic and scientific research. And I realized that the same realizations would likely have surfaced from any of those perspectives. Each of these fields aspires to a dynamic and ecosystem. Each needs an expansive catalog of composable workflows that produce and consume trust. Such workflows depend on secure connectivity, which in turn derives from data formats, cryptographic algorithms, public commitments, and so forth. They all need governance, from the top of the stack to the bottom. And in all cases, trust is an emergent property of combining these patterns carefully. 

That led me to imagine a revised version of the Trust Over IP stack:

This isn’t actually much of a departure from our original formulation; it just focuses more on the principles that characterize a layer, rather than on the specific mechanisms we might assume. And I hope it lets us see the forest for the trees.

I don’t know that my diagram is all that profound or unique to me. Other smart people in the space have begun saying similar things, and perhaps we’ll find a different way to explain that works even better. But I do think that experience and time are having a beneficial effect on all of us. The Tech Stack Working Group of Trust Over IP Foundation recently began debating a revision to our framing of this stack, and I am thrilled to hear many profound generalizations emerging from the discussions. The world desperately needs trust over IP, and I think we’re well on our way to delivering it.

The post On Forests, Emergence, and Expansive Trust appeared first on Trust Over IP.

Friday, 19. November 2021

Elastos Foundation

Elastos Bi-Weekly Update – 19 November 2021

...

Own Your Data Weekly Digest

MyData Weekly Digest for November 19th, 2021

Read in this week's digest about: 22 posts, 1 Tool
Read in this week's digest about: 22 posts, 1 Tool

Thursday, 18. November 2021

OpenID

The OpenID Foundation Welcomes Member’s Comments on Strategic Approach in 2022

Dear Members, The OpenID Foundation warmly welcomes comments from the membership on our strategic approach in 2022. Our standards development work in categories like OpenID Connect is mature while other working groups are just beginning. The adoption of OIDF standards and certification programs are enjoying the global market momentum, and implementations by millions of applications […] The post T

Dear Members,

The OpenID Foundation warmly welcomes comments from the membership on our strategic approach in 2022.

Our standards development work in categories like OpenID Connect is mature while other working groups are just beginning. The adoption of OIDF standards and certification programs are enjoying the global market momentum, and implementations by millions of applications are enabling billions of transactions. This is a result of years of painstaking efforts of our members across working groups.  OpenID Foundation has entered into a period of dramatic change in the Identity ecosystem.

There is more need than ever for the OpenID Foundation to advocate for an open standards approach to building an up to date identity infrastructure, ecosystems, and initiatives that have a positive impact throughout the global community. We are well positioned to meet this moment.

We welcome your comments to Director@oidf.org between now and Monday, December 20, 2021 on what we should “continue doing, stop doing, and start doing”. We’ll use your feedback to calibrate views across the membership via an OpenID Foundation Strategy and Budget Task Force. This Task Force will use member input to craft the 2022 strategy and budget.

I’ll report back to you after the Board approval in February. Many thanks in advance for your participation.

 

Gail Hodges
Executive Director
OpenID Foundation

The post The OpenID Foundation Welcomes Member’s Comments on Strategic Approach in 2022 first appeared on OpenID.

Ceramic Network

FungyProof: Bringing transparency & credibility to NFTs

How FungyProof uses Ceramic for NFT grading and enriching.

There are 23,748,232 NFTs on the OpenSea marketplace, each with a different level of quality and technical construction. Some are secure, made for longevity, and technically sound. Many are not – subjecting buyers to hacks, rug pulls, broken images, and missing metadata.

FungyProof surfaces this information for users so they can make more informed decisions and improve the quality of their existing NFTs. Check out the Fungyproof app to discover information about your own NFTs!

Not all NFTs are created equal

When purchasing NFTs, most users simply look at the associated digital asset (art, song, ticket, etc.) or the creator before pulling the trigger. But an NFT is much more than a single boilerplate Smart Contract. NFTs actually consist of custom logic for token trait randomness (e.g. Chainlink VRF) and Smart Contract properties, linked metadata, linked assets such as images, animations, audio files, 3D files, and more. The manner in which Smart Contract logic is written and external assets are linked varies with each NFT. Combined, these properties make up the NFT’s “Mint Conditions.”

Want to learn more about how an NFT is constructed? Read this NFT Primer.

Token grading can inform NFT buyers

Most users are flying blind when purchasing or selling visual media NFTs today, often using subjective measures or social signal to influence buying behavior. With Fungyproof's grading algorithm, users can start to make more informed, data-driven decisions for more intelligent purchasing. Grading a token consists of running the token’s “Mint Conditions'' through the FungyProof grading algorithm. This algorithm is a weighted, score-based system, which assigns a grade based on the technical implementation of a token as well as a few other factors such as energy usage (gas efficiency) and asset retrieval latency. For a full list of the 30+ data points checked, take a look at the grading rubric.

Cases protect and enrich your NFT assets

FungyProof Cases enrich existing NFTs, digitally binding to the asset to protect it and help it stand out from the rest. The first set of cases will enrich your NFT by backing it up to decentralized storage solutions (IPFS + Filecoin). This immortalizes the NFT’s Mint Conditions and improves asset and metadata storage, thus improving your NFTs grade. Future cases will enable other enrichments such as carbon offsets, Arweave permaweb storage, attaching encrypted data, earning achievements, and more.

Cases are a new token standard developed by the Fungyproof team, known as a Non-Fungible Enrichment (NFE) that enables NFTs to own other NFTs. With cases, you can associate new data to your token without having to wrap or otherwise affect it. Once an NFE is bound to a token, any data associated with the NFE, such as the token backup, is then tied to the NFT provably and immutably.

The team's first set of cases include the standard FungyProof Case and the limited Neon Cases, which support ERC721s and many non-standard NFTs (CryptoPunks, CryptoKitties, etc.). Over time, more cases will launch with new functionality, rarities, and support for more chains. Cases are currently only available on FungyProof, but in the future the team plans to offer the option to "unbind" Cases, allowing users to remove and trade them on marketplaces.

Making data accessible through an open registry

The registry is a public service that allows anyone to view all of the information about an encased NFT. This information includes a token’s Mint Conditions, bound enrichments, provenance, and more. The registry is accessible through the FungyProof app, API, or on-chain through an NTF’s case via the enrichmentURI contract property.

The registry is designed for a few use cases:

Buyers purchasing an NFT who want to browse the registry for NFT grades to select one that has been selectively upgraded Sellers who want to ensure their NFTs are high quality and technically sound for the long-term and protect their reputation Marketplaces that want to add information for their users Using Ceramic to Append Metadata

The glue between the FungyProof Case and the NFT registry is the Ceramic metadata. When binding a Case to an NFT, FungyProof needed a mutable metadata storage solution. Changes that occur to the NFT's data -- such as grading, new enrichments, and transfers – need to be appended to the metadata creating a historical audit trail.

Using Ceramic, FungyProof has created one of the first implementations for dynamically appending metadata to an NFT over time. When you bind a case to an NFT, a metadata file is also generated and stored with it. As the NFT and its value changes, or new enrichment types are available, the Ceramic stream can be updated. This opens the door to unlimited possibilities for enrichable NFTs.

What's next for Fungyproof?

FungyProof is just getting started. Future plans include new types of enrichments, browser extensions, marketplace and wallet integrations, economic incentives for community contributions, and more. Check out the product roadmap to see the full list of planned updates. Plus, head over to app.fungyproof.com to grade and enrich your token!

You can also follow us on Twitter or join the conversation in Discord.

Website | Twitter | Discord | GitHub | Documentation | Blog | IDX Identity


OpenID

FDX’s Financial-Grade API Security Specification v3.4 Supports the FAPI 1.0 Advanced and CIBA Standards

The OpenID Foundation is delighted see the Financial Data Exchange’s recent announcement that  FDX’s Financial-Grade API Security Specification v3.4 (companion to FDX API v5) supports the FAPI 1.0 Advanced and CIBA standards: “Alignment with Globally Interoperable Standards – The FDX API Security Specification v3.4 now references, supports and recommends utilization of the OpenID Foundat

The OpenID Foundation is delighted see the Financial Data Exchange’s recent announcement that  FDX’s Financial-Grade API Security Specification v3.4 (companion to FDX API v5) supports the FAPI 1.0 Advanced and CIBA standards:

“Alignment with Globally Interoperable Standards – The FDX API Security Specification v3.4 now references, supports and recommends utilization of the OpenID Foundation’s Financial-grade API (FAPI) security standard for securing traffic to APIs and for the authentication of end users (FAPI 1.0 Advanced & CIBA protocols)… FDX alignment with these recognized global standards will further interoperability and adoption of the FDX API.”

The Financial Data Exchange (FDX) is a non-profit industry-led initiative in the US and Canada to facilitate the development of open banking in these jurisdictions, “by unifying the financial services ecosystem around a common standard for the secure and convenient access of permissioned consumer and business financial data.” FDX is following in the footsteps of other leading markets like the United Kingdom, Australia, and Brazil that also use the Financial Grade API to enable open banking on their way to open finance.

The FDX community will benefit from enabling these mature standards to enable the consumer-directed sharing of financial and other sensitive data, while leaving the option open for international interoperability. The OpenID Foundation looks forward to continued collaboration with FDX and their members to facilitate the implementation of OpenID standards in North America. The OpenID Foundation warmly welcomes FDX and its members to participate in the FAPI Working Group to ensure the standard continues to meet the needs of the US and Canadian markets, as well as the global community.

The post FDX’s Financial-Grade API Security Specification v3.4 Supports the FAPI 1.0 Advanced and CIBA Standards first appeared on OpenID.

MyData

Event: Data Space Launchpad

Date and time  10 December 2021 from 9.30 to 11 AM CET (register below to receive the participation link)  About Join MyData Global and 1001 Lakes to find out more about data space-related funding opportunities, discuss the data space initiatives, make connections and get access to the library of data space resources that will help... Read More The post Event: Data Space Launchpad

Date and time  10 December 2021 from 9.30 to 11 AM CET (register below to receive the participation link)  About Join MyData Global and 1001 Lakes to find out more about data space-related funding opportunities, discuss the data space initiatives, make connections and get access to the library of data space resources that will help...

Read More

The post Event: Data Space Launchpad appeared first on MyData.org.

Wednesday, 17. November 2021

Digital Identity NZ

Honouring Te Tiriti in our work

All the latest news from the Digital Identity New Zealand community The post Honouring Te Tiriti in our work appeared first on Digital Identity New Zealand.

E ngā mana, e ngā reo, e ngā hau whā, tēnā koutou katoa. Kei ngā ringa raupā o Tāmaki Makaurau, mokori anō kia mihia koutou i te āhua o tō koutou noho haumaru i te kainga. Tēnā rawa atu koutou.

Over the past two years, the DINZ Executive Council has been on a journey to strengthen our cultural capabilities and deepen our understanding of our responsibilities to Te Tiriti o Waitangi. We understand that our responsibility to guide conversations and decisions relating to digital identity means that we must acknowledge and understand Māori perspectives of identity. We also seek to engage with the Māori communities we serve to ensure that we are working in partnership and that mana whenua have the agency to inform our future.

Our DINZ Executive Council engaged in professional learning to support us to develop our Tiriti o Waitangi Statement of Intent and Action Plan. We were fortunate that one of our DINZ Executive Council members (Janelle Riki-Waaka, CORE Education), is an experienced Tiriti Education consultant and so we began our journey to understand more deeply the historical context of Aotearoa and unpack each of the articles of Te Tiriti o Waitangi in order to articulate our understanding of tiriti-honouring practice.

We have now created our first draft of DINZ’s Te Tiriti o Waitangi Statement of Intent and Action Plan and we seek to gather your thoughts, perspectives and recommendations. This is an aspirational plan that will continue to develop and shift as our own understanding continues to deepen.

You will find a copy of the draft statement for your viewing here.

We serve the digital identity community and so your input is valuable to us to guide our actions and intent. We ask that you read our draft action plan and provide feedback on this mahi. If you have any questions, suggestions or reflections, please email info@digitalidentity.nz before November 30th. Please also join us at 10am that day for a korero by registering at this link so we may consider it in advance of formally publishing these statements in December.

DINZ news and updates:

Our Working Group to prepare DINZ’s submission to the Select Committee regarding the Digital Identity Services Trust Framework Bill is up and running for members and is expected to remain active beyond the submission date of December 2nd 2021, as the legislation progresses and operationalisation of the Trust Framework Rules follows its enactment.

The Ministry of Health New Zealand has announced MATTR‘s role in the provision of technologies to support the rollout of both COVID-19 domestic vaccination passes and international vaccination certificates.

Kudos and congratulations to DINZ member APLYiD for securing Series A funding and expansion into the UK.

Early registrations are open for next year’s not-to-miss Digital Trust Aotearoa Hui Taumata/summit, 19 May, Wellington.

Several DINZ members made us aware of their news these past few weeks. Please share your news stories with us at info@digitalidentity.nz so that we can amplify them for you.

Ngā mihi nui,

Colin Wallis
Executive Director

The post Honouring Te Tiriti in our work appeared first on Digital Identity New Zealand.


Me2B Alliance

New Spotlight Report highlights disapproval of location tracking. Learn more >

New Spotlight Report highlights disapproval of location tracking. Learn more >

Oasis Open

OSLC PROMCODE v1.0 from the OSLC PROMCODE TC approved as a Committee Specification

PROMCODE (PROject Management of COntracted DElivery) is based on the OSLC Core v3.0 specification. The post OSLC PROMCODE v1.0 from the OSLC PROMCODE TC approved as a Committee Specification appeared first on OASIS Open.

OSLC PROMCODE is ready for testing and implementation

OASIS and the OASIS OSLC Lifecycle Integration for Project Management of Contracted Delivery (OSLC PROMCODE) TC [1] are pleased to announce that OSLC PROMCODE Version 1.0 has been approved as OASIS Committee Specification 02. It includes corrections for some embedded links, but no text changes from Committee Specification 01 (CS01).

Global software delivery is commonplace today. With ever increasing pressure on the delivery of software projects for faster delivery, lower cost, and improved quality, it is becoming common for software delivery to be performed with collaboration of multiple organizations. The PROMCODE specification is intended to provide a common interface to exchange project management data across organizational boundaries for management of contracted software delivery.

This three-part specification defines the overall approach to PROMCODE (PROject Management of COntracted DElivery) based on the Open Services for Lifecycle Collaboration (OSLC) Core v3.0 specification [4], which was recently published as an OASIS Standard.

The documents and related files are available here:

OSLC PROMCODE Version 1.0
Committee Specification 02
10 November 2021

OSLC PROMCODE Version 1.0. Part 1: Specification
HTML:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-spec.html (Authoritative)
PDF:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-spec.pdf

OSLC PROMCODE Version 1.0. Part 2: Vocabulary
HTML:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-vocab.html (Authoritative)
PDF:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-vocab.pdf

OSLC PROMCODE Version 1.0. Part 3: Constraints
HTML:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-shapes.html (Authoritative)
PDF:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-shapes.pdf

Machine-readable files
Vocabulary terms: https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-vocab.ttl
Constraints: https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-shapes.ttl

Details of non-material changes since CS01:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-v1.0-cs02-change-log.txt

For your convenience, OASIS provides a complete package of the specification documents and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/cs02/promcode-v1.0-cs02.zip

Members of the OSLC PROMCODE TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] OASIS OSLC Lifecycle Integration for Project Management of Contracted Delivery (OSLC PROMCODE) TC
https://www.oasis-open.org/committees/oslc-promcode/

[2] Public review information:
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/csd01/promcode-v1.0-csd01-public-review-metadata.html
https://docs.oasis-open.org/oslc-promcode/promcode/v1.0/csd01/promcode-v1.0-csd01-comment-resolution-log.txt
https://lists.oasis-open.org/archives/oslc-promcode/202107/msg00006.html

[3] Approval ballot:
https://www.oasis-open.org/apps/org/workgroup/oslc-promcode/ballot.php?id=3663

[4] OSLC Core v3.0:
https://docs.oasis-open-projects.org/oslc-op/core/v3.0/oslc-core.html

The post OSLC PROMCODE v1.0 from the OSLC PROMCODE TC approved as a Committee Specification appeared first on OASIS Open.


Business Document Naming and Design Rules (BDNDR) v1.1 from UBL TC approved as a Committee Specification

BDNDR prescribes a set of naming and design rules used to create complete CCTS models of interoperable business documents. The post Business Document Naming and Design Rules (BDNDR) v1.1 from UBL TC approved as a Committee Specification appeared first on OASIS Open.

BDNDR v1.1 is ready for testing and implementation

OASIS is pleased to announce that Business Document Naming and Design Rules (BDNDR) Version 1.1 from the OASIS Universal Business Language (UBL) TC [1] has been approved as an OASIS Committee Specification.

Overview

An important and powerful method to design interoperable business documents is to construct logical semantic models using concepts described in the UN/CEFACT Core Components Technical Specification (CCTS) Version 2.01. From these semantic models one can create physical syntax models with which to express the content constraints of actual business documents to be interchanged.

The OASIS Business Document Naming and Design Rules (BDNDR) Version 1.1 Committee Specification prescribes a set of naming and design rules used to create complete CCTS models of interoperable business documents. It also includes the rules needed to create validation artefacts corresponding to them. For XML syntax, the rules govern creating W3C Schema (XSD) and OASIS Context/value Association (CVA) validation artefacts. For JSON syntax, the rules govern creating JSON Schema validation artefacts.

BDNDR Version 1.1 changes no rules for XML syntax from BDNDR Version 1.0 and only adds the new rules prescribed for JSON syntax.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Business Document Naming and Design Rules (BDNDR) Version 1.1
Committee Specification 01
08 November 2021

Editable source (Authoritative):
https://docs.oasis-open.org/ubl/Business-Document-NDR/v1.1/cs01/Business-Document-NDR-v1.1-cs01.xml
HTML:
https://docs.oasis-open.org/ubl/Business-Document-NDR/v1.1/cs01/Business-Document-NDR-v1.1-cs01.html
PDF:
https://docs.oasis-open.org/ubl/Business-Document-NDR/v1.1/cs01/Business-Document-NDR-v1.1-cs01.pdf

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:
https://docs.oasis-open.org/ubl/Business-Document-NDR/v1.1/cs01/Business-Document-NDR-v1.1-cs01.zip

Members of the UBL TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] OASIS Universal Business Language (UBL) TC
https://www.oasis-open.org/committees/ubl/

[2] Public reviews:
– Please see the “Timeline Summary” in the public review metadata document at:
https://docs.oasis-open.org/ubl/Business-Document-NDR/v1.1/csd04/Business-Document-NDR-v1.1-csd04-public-review-metadata.html

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3662

The post Business Document Naming and Design Rules (BDNDR) v1.1 from UBL TC approved as a Committee Specification appeared first on OASIS Open.


MyData

22 companies and organisations receive the MyData Operator 2021 Award

The MyData Operator Award recognises personal data companies that have shown leadership by empowering individuals to control their personal data. As highlighted by the ongoing Facebook Files scandal, transparency and accountability in personal data are increasingly acknowledged as critical for safety online.  To show their commitment to ethical personal data management, participating organisa

The MyData Operator Award recognises personal data companies that have shown leadership by empowering individuals to control their personal data. As highlighted by the ongoing Facebook Files scandal, transparency and accountability in personal data are increasingly acknowledged as critical for safety online.  To show their commitment to ethical personal data management, participating organisations are required...

Read More

The post 22 companies and organisations receive the MyData Operator 2021 Award appeared first on MyData.org.


Digital ID for Canadians

Request for Comment and IPR Review: PCTF Verified Person and Privacy Candidates for Final Recommendations V1.1

Notice of Intent: DIACC is collaborating to develop and publish the Verified Person and Privacy components of the Pan-Canadian Trust Framework (PCTF) to set a…

Notice of Intent: DIACC is collaborating to develop and publish the Verified Person and Privacy components of the Pan-Canadian Trust Framework (PCTF) to set a baseline of public and private sector interoperability of identity services and solutions. During this public review period, DIACC is looking for community feedback to ensure that the conformance criteria in each component is clear and auditable.

Document Status: These review documents have been developed by members of the DIACC’s Trust Framework Expert Committee (TFEC) Verified Person and Privacy Design Teams who operate under the DIACC controlling policies and consist of representatives from both the private and public sectors. These documents have been approved by the TFEC as candidates for Final Recommendation V1.1.

Summary:

The intent of the PCTF Verified Person component is to define a set of processes used to establish that a natural person is real, unique, and identifiable. This is a key ingredient in ensuring a digital representation of a person is properly created, used exclusively by that same person, and can be relied on to receive valued services and to carry out transactions with trust and confidence.

The PCTF Privacy component is concerned with the handling of personal data for digital identity purposes. The objective of this component is to ensure the ongoing integrity of the privacy processes, policies, and controls of organizations in a Digital Identity Ecosystem by means of standardized conformance criteria used for assessment and certification against the PCTF.

To learn more about the Pan-Canadian vision and benefits-for-all value proposition please review the Pan-Canadian Trust Framework Overview.

Invitation:

All interested parties are invited to comment.

Period:

Opens: November 16, 2021 at 23:59 PST | Closes: December 17, 2021 at 23:59 PST

When reviewing these components Conformance Criteria, please consider the following and note that responses to this question are non-binding and serve to improve the PCTF.

Would you consider the Conformance Criteria as auditable or not? That is, could you objectively evaluate if an organization was compliant with that criteria and what evidence would be used to justify that?

Review Documents: PCTF Verified Person

Conformance Profile Candidate for Final Recommendation V1.1 DIACC Comment Submission Spreadsheet 

Supporting Documents: PCTF Verified Person

Component Overview Final Recommendation V1.0 PCTF Editor’s Guide PCTF Alpha Testing Disposition of Comments

Review Documents: PCTF Privacy

Component Overview Candidate for Final Recommendation V1.1 Conformance Profile Candidate for Final Recommendation V1.1 DIACC Comment Submission Spreadsheet

Supporting Documents: PCTF Privacy

PCTF Editor’s Guide PCTF Alpha Testing Disposition of Comments

Intellectual Property Rights:

Comments must be received within the 30-day comment period noted above. All comments are subject to the DIACC contributor agreement; by submitting a comment you agree to be bound by the terms and conditions therein. DIACC Members are also subject to the Intellectual Property Rights Policy. Any notice of an intent not to license under either the Contributor Agreement and/or the Intellectual Property Rights Policy with respect to the review documents or any comments must be made at the Contributor’s and/or Member’s earliest opportunity, and in any event, within the 30-day comment period. IPR claims may be sent to review@diacc.ca. Please include “IPR Claim” as the subject.

Process:

All comments are subject to the DIACC contributor agreement. Submit comments using the provided DIACC Comment Submission Spreadsheet. Reference the draft and corresponding line number for each comment submitted. Email completed DIACC Comment Submission Spreadsheet to review@diacc.ca. Questions may be sent to review@diacc.ca.

Value to Canadians:

The PCTF Verified Person and Privacy Components will provide value to all Canadians, businesses, and governments by setting a baseline of business, legal, and technical interoperability. The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy, and convenience. The PCTF is one such resource and guides digital identity ecosystem interoperability by putting policy, standards, and technology into practice aligning with defined levels of assurance. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating Canada’s Identity Ecosystem.

Context:

The purpose of this review is to ensure transparency in the development and diversity of a truly Pan-Canadian, and international, input. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process.

DIACC expects to modify and improve these candidates for Final Recommendation based upon public comments. Comments made during the review will be considered for incorporation into the next iteration and DIACC will prepare a Disposition of Comments to provide transparency with regard to how each comment was handled.


Digital Identity NZ

Digital identity is critical in the new world since covid

NZ cybercrime continues to grow with CERT reporting a 14% increase in scams and fraud in the last quarter. The post Digital identity is critical in the new world since covid appeared first on Digital Identity New Zealand.

New Zealand cybercrime continues to grow with the government cyber incident tracking agency, CERT, reporting a 14 percent increase in scams and fraud in the last quarter.

Fraud awareness this week is important for raising awareness of the potential risks Kiwis are facing with increased online activity.

This just shows how critical digital identity trust is in a world that is rapidly becoming more digital, Digital Identity New Zealand executive director Colin Wallis says.

Secure digital identities are an important foundation for the digital economy and with so much business, communication and purchases happening online it is more important than ever to be able to trust in peoples digital identity, he says.

“Having a secure, privacy-aware and trustworthy digital identity system will be important for enabling the economy. This is why Digital Identity NZ members are collaborating to provide feedback via the submission process on the government’s proposed digital identity framework.

“We are also hosting a large conference in May next year on digital trust, bringing together experts in digital identity, privacy and security, which are all needed to create trust.”

Digital Identity NZ is a not-for-profit member association in the NZ Tech Alliance. Wallis says it is working to create a country where people can express their identity using validated and trusted digital processes.

Identity fraud has increased a staggering 86 per cent in the last financial year, while investment fraud has risen by 37 per cent over the same period.

A total of 79 percent of New Zealanders are concerned about the protection of their identity and use of personal data by organisations, according to survey commissioned by Digital Identity New Zealand (DINZ).

Walls says there is public concern and some frustration about how their personal data is shared online. Change in behaviour is occurring with 73 percent of Kiwis claiming to have made a change to their online behaviour because of privacy concern.

Their recent survey found 85 percent of respondents said there was a lack of transparency, as well as concern in having to share data with so many organisations.

Additionally, only one in 20 New Zealanders have a fully satisfied experience with registering new accounts. Nine out of 10 New Zealanders find the idea of being more in control of their digital identity appealing.

For further information contact Colin Wallis on 021 961955 or NZTech’s media specialist Make Lemonade NZ editor-in-chief Kip Brook on 0275 030 188

The post Digital identity is critical in the new world since covid appeared first on Digital Identity New Zealand.

Tuesday, 16. November 2021

Me2B Alliance

Most People Feel Negatively About Location Tracking in Websites and Apps According to New Research from Me2B Alliance

SAN DIEGO, Nov. 16, 2021 (GLOBE NEWSWIRE) — Me2B Alliance, a non-profit standards and advocacy organization focused on safe and respectful technology, today published a Spotlight Report which illustrates the significance of permission, relevance, and control when it comes to location tracking in websites and mobile apps. According to Me2BA’s research, 55% of people say it is “creepy” when websites
Most People Feel Negatively About Location Tracking in Websites and Apps According to New Research from Me2B Alliance Spotlight Report highlights disapproval of location tracking without consent across various age groups, genders, and economic backgrounds

November 16, 2021 09:00 ET | Source: Me2B Alliance

What you need to know:

Most people do not consider it acceptable for websites (72%) and mobile apps (68%) to be aware of your physical location before an account is created 55% of survey participants say it’s “creepy” when websites know their location when they first open them Overall, participants are more comfortable sharing their location information if the mobile app or website asks for permission, or if location information is relevant to the task at hand
(examples: Maps, ordering delivery, checking weather and traffic that understandably require a specific location) Depending on the scenario, respondents preferred that websites or mobile apps not remember their location, or only track their location when they are actively using the website or app

SAN DIEGO, Nov. 16, 2021 (GLOBE NEWSWIRE) — Me2B Alliance, a non-profit standards and advocacy organization focused on safe and respectful technology, today published a Spotlight Report which illustrates the significance of permission, relevance, and control when it comes to location tracking in websites and mobile apps. According to Me2BA’s research, 55% of people say it is “creepy” when websites know their location when they are first opened. In total, 81% of respondents used at least one negative term, including creepy, bad, annoying, scary, and confusing, to describe location tracking in websites. 68% used those same negative terms to describe location tracking in mobile apps.

The Spotlight Report, “Consumer Sensitivity to Location Tracking by Websites and Mobile Apps”, was developed to validate the Location Commitment scoring criteria in the Me2B Alliance Safe & Respectful Technology Specification. The specification, produced by the Me2B Alliance’s Respectful Tech Spec Working Group, is designed to provide a standard for measuring safe and ethical behavior in connected technology. The core of the research was an online survey of 363 gender-balanced participants, aged 18 to 60+ and from various economic backgrounds, representing every state in the United States except Alaska and Montana.

Quantitative and qualitative studies were conducted to achieve a better understanding of consumers’ perception and tolerance for location tracking by digital technologies, such as websites and apps. The research explores participants’ understanding of what a location request is, how consumers feel about location tracking, and under what circumstances is location tracking acceptable.

Key takeaways from the Spotlight Report:

People tend to have negative feelings toward a website or app that “knows your physical location when you first open it” People are more tolerant of location sharing if they have an account with a website or app When asked open-ended questions about whether location tracking is acceptable, people repeatedly highlighted a desire to give consent before sharing their location. The most common terms used in those open-ended responses were “ask” and “ask permission.” Context serves an important purpose. People tend to be willing to provide location information for convenience’s sake if respectful practices are in place. Consent must be given and there must be a legitimate and understandable need for location information. i.e., GPS maps, delivery, checking weather of traffic in a specific location

“Research is the foundation of our efforts to create standards for safe and ethical technology,” said Lisa LeVasseur, executive director of Me2B Alliance. “We think location tracking on app open is wrong, but as a standards organization that is the voice and advocate of people across the internet, we don’t trust our opinions alone. We can only be sure by conducting research on how people —Me-s in our parlance — really feel. In this case, the research clearly shows we are right. The extensive findings in this survey validate that our scoring standards are solidly based on how people really feel about location tracking.”

The full Spotlight Report, “Consumer Sensitivity to Location Tracking by Websites and Mobile Apps” is available to view free of charge. Organizations interested in advancing standards in ethical data and mobile and internet practices can visit the website to learn more about Me2B Alliance membership.

About the Me2B Alliance
The Me2B Alliance is a nonprofit ensuring that internet technology is safe and respectful to humans. We’re a new type of standards development organization defining the standard for safe and respectful technology. We work to prevent the full spectrum of digital harms through independent testing, education, research, policy work and advocacy. To learn more about those digital harms, download our free Digital Harms Dictionary.

PR Contact:
Mike Smith
Montner Tech PR
msmith@montner.com


Nyheder fra WAYF

Kom til WAYF-erfamøde på Zoom!

Torsdag den 16. december 2021 kl. 9.30-12.30 og evt. fortsat fra kl. 13 holder WAYF sit 13. erfamøde. Zoom har vist sig at være en effektiv platform for erfamøderne og er også den her gang stedet hvor vi ses. Link til møderum offentliggøres her på sitet forud for mødet. Language Danish Read more about Kom til WAYF-erfamøde på Zoom!

Torsdag den 16. december 2021 kl. 9.30-12.30 og evt. fortsat fra kl. 13 holder WAYF sit 13. erfamøde. Zoom har vist sig at være en effektiv platform for erfamøderne og er også den her gang stedet hvor vi ses. Link til møderum offentliggøres her på sitet forud for mødet.

Language Danish Read more about Kom til WAYF-erfamøde på Zoom!

Me2B Alliance

Spotlight Report #3: Me2B Alliance Validation Research: Consumer Sensitivity to Location Tracking by Websites and Mobile Apps

DOWNLOAD PDF Me2B Alliance Validation Research: Consumer Sensitivity to Location Tracking by Websites and Mobile Apps

Prepared by Noreen Whysel, Head of Validation Research
Research Performed By:  Noreen Whysel
Edited By: Karina Alexanyan
Charts & Graphs By: Julia Little

November 5, 2021

Table of Contents Abstract Introduction Research Design Methodology Quantitative Research – Location Awareness Acceptance Survey Qualitative Research – Focus Groups and Interviews Participants Data Analysis Results Sentiment Analysis Sentiment by Gender Sentiment by Age Devices How Having an Account Affects Tolerance of Location Awareness “Is Location Awareness OK?” Account vs No Account Maybe” it’s OK – Analysis Location Tolerance Scenarios When Location Information May Be Necessary When Location Awareness is Not Necessary Comparing Across All Scenarios Open-Ended Survey Comments Qualitative Analysis – Focus Groups and Interviews Insights Conclusions

Appendix A: Definitions
Appendix B: Survey Questionnaire
Appendix C: Screening Survey
Appendix D: Participant Snapshots
Appendix E: Interview Participant Consent Form
Appendix F: Cluster Analysis
Appendix G: Open Ended Responses from scenarios 3-6

1. Abstract

“I don’t want my location to tracked, but I give my location out constantly.”

“Location consent is intrusive – often the locations shouldn’t be relevant.”

“If I don’t feel comfortable, I should have the right to deny it’s access.”

“I might be Googling something real quick at work, and I’m like, “why do they need to know my work location?””

“So they’re obviously just tracking me…. it’s unnecessary and I never asked for it.”

These quotes represent sentiments from our research that illustrate the significance of permission, relevance, and control for respectful technology behavior.

This research was conducted to validate the Location Commitment scoring criteria in the Me2B Alliance Respectful Technology Specification1. The objective of the study was to understand if the requirements and passing criteria of select location tests in the Me2BA Respectful Technology Specification are appropriate. Toward that end, we conducted quantitative and qualitative studies of consumers’ perception and tolerance for location awareness2 by digital technologies. The studies explored participants’ understanding of what a location request is, how consumers feel about such awareness, and what are the specific parameters and scenarios that make location awareness acceptable.

The core of the research was an online survey of 363 people, in which we looked at respondent’s sentiments towards websites or mobile apps that are location aware, explored how having an account affected respondent’s feelings about location awareness, and examined how different scenarios and contexts might affect respondent’s choice of what location information was acceptable, when, and for how long.  We also reviewed other interviews and focus groups studies conducted by the Me2B Alliance, in which participants discussed the kinds of information they share with digital technologies. Two primary research questions guided our work:

1) How do people feel when a website or mobile app automatically knows their location?

2) Under what conditions is it acceptable for a website or mobile app to know one’s location?

Key findings from our research include:

3) Participant sentiment is more negative than positive towards a website or app that “knows your physical location when you first open it”.  The terms used to describe websites and apps that are immediately location-aware were more often negative than positive. 65% of respondents had an overall negative sentiment towards a website that knew their location upon first open; 52% of respondents had an overall negative sentiment towards a mobile app that knew their location upon first open. In addition, four of the top five terms used were negative (Creepy, Scary, Annoying and Bad), with “Convenient” being the only positive. 30% of respondents indicated that it was “Convenient” for a mobile app to know location information upon first open; this may reflect the element of agency involved in selecting and installing apps creating more tolerance around location awareness in apps versus websites.

About 70% of respondents indicated it was unacceptable for either a website or an app to know their location before the creation of an account – a “Me2B Marriage”.
Respondents were more tolerant of location sharing if they had an account than if they did not. If they did have an account, respondents were more comfortable with mobile apps knowing their physical location (45% Yes vs 35% No) than websites (34% Yes vs 45% No). However, 45% of respondents still felt it was unacceptable for websites to know their location even with an account. For both websites and mobile apps, “Maybe” responses jumped from 4% (website) and 5% (mobile app) to 20% (both) when respondents have an account, which suggests that having an account increases tolerance for location awareness.  These findings validate the importance of the Me2B Marriage state as meaningful context for how people experience their Me2B relationships. The specific context in which location information is requested – including the website/app’s need for location information – makes a difference in how accepting or tolerant people are towards sharing that information.  Participants were more comfortable sharing their “home address” or “exact location” for scenarios where location awareness was relevant.  Depending on the scenario, respondents preferred that websites or mobile apps know or remember their location either not at all (“never”), or “only when I am using the site”.
Terms used to describe when location awareness is acceptable highlighted agency and permission, as well as issues of trust and safety, and the importance of specific contexts. The two largest term clusters were “Ask” and “Ask Permission,” while other leading clusters were around related terms such as: Allow, Access, Consent, Reason or Good Reason, as well as: Security, Trust, Privacy, Safe and Safety. Popular, context specific terms included: Delivery, Ordering, Weather, Directions and Map.  For those who selected “Maybe” when asked if it is acceptable to share location information, key reasons were the ability to give permission, and whether location information was required for use. 

Our research confirms that location awareness is something people are sensitive to, and that people prefer to have control over the location data being shared. Website and mobile app consumers are aware in most cases that technologies may track their location.  The specific context in which this information is requested, and, in particular, the relevance of the location information to the task, affects how accepting people are of sharing their location information – and to what degree, and for what length of time.  People are more negatively inclined towards a website or mobile app that automatically knows their location – but, again, context matters. Convenience is a primary factor, while such sites are also seen as “Creepy, Scary, Annoying and Bad.” Key variables that make location awareness acceptable are asking permission and having a valid reason for needing this information.

Based on this research, we find that, for people to consider it acceptable for a digital product to know their location, two essential conditions must be met:

The person must have agency over granting access to location information, and There needs to be a legitimate and understandable need for location info.

Our research supports the scoring rubric in the Me2BA Respectful Technology Specification. Based on this work, we are confident that the current scoring for passing/failing behavior related to a website or mobile app’s location awareness in the Me2BA Respectful Technology Specification accurately reflects the tolerances and sensitivities of individual Me-s and works towards ensuring respectful behavior for digital technologies.

2. Introduction

The Me2B Alliance (“Me2BA”)3 is a nonprofit creating a safe and just digital world through standards development and independent technology testing. At the core of our work is our
Respectful Technology Specification4, currently in development, which provides an objective standard for measuring safe and ethical technology behavior. The Specification consists of a series of tests that evaluate how a connected product or service is behaving towards the people that use it. This helps individuals understand how technology is treating them, and helps businesses build technology that is safe for and respectful to the people that use it.

In particular, the Respectful Tech Specification tests each Me2B Commitment5, including the commitment of location sharing. Among other things, the set of tests for the Location Commitment addresses whether or not the individual has the opportunity to provide permission prior to the sharing, or derivation, of location information with a website or mobile app. Permission is a core attribute of respectful commitments6. Websites typically notify users by asking for permission (often through the browser); mobile apps often reference an individual’s existing location permission settings, activating a device pop up if permission is needed.

In our rounds of product testing against the nascent specification, we received objections from some vendors (“B-s”) for receiving failing scores due to websites “knowing” location (in this case, deriving from the IP header) without the user’s consent or awareness. The vendors argued that automatic derivation of an individual’s location via the IP header is beneficial to and desired by users.  The research described in this report was developed to explore consumer perspectives, and to determine whether the scoring in the specification is sound. 

The primary objective of this study was to understand if the requirements and passing criteria of select location commitment tests in the Me2BA Respectful Technology Specification are appropriate. Toward that end, we conducted quantitative and qualitative studies of consumers’ perception and tolerance for location awareness by digital technologies. The studies explored participants’ understanding of what a location request is, how consumers feel about such awareness, and what are the specific parameters and scenarios that make location awareness acceptable. 

3. Research Design 3.1. Methodology

Our research combined qualitative and quantitative approaches. The core of the research was an online survey of 363 people. We also reviewed other studies conducted by the Me2B Alliance, pulling relevant information from focus groups as well as interviews, with an emphasis on sessions where participants discussed the kinds of information that people share with digital technologies. Two primary research questions guided our work:

How do people feel when a digital technology automatically knows their location? Under what conditions is it acceptable for a digital technology to know one’s location? 3.2. Quantitative Research – Location Awareness Acceptance Survey

The Location Awareness Acceptance Survey, launched via SurveyMonkey on June 10, 2021, contained 23 questions.  363 participants completed the survey. The survey had three main parts. The first two questions involved sentiment analysis –respondents were asked to select from a list of positive and negative adjectives to describe websites or mobile apps that are location aware. The second part involved four questions exploring how having an account affected respondent’s feelings about location awareness. The final section contained eight scenarios involving location awareness for mobile apps and websites. For each scenario, respondents were asked to indicate if it was acceptable for an app or website to know their location, and to specify what level of detail (i.e. from precise location up to country level) and for how long. See Appendix B for the full Survey Questionnaire. 

3.3. Qualitative Research – Focus Groups and Interviews

In addition to the online survey, we also reviewed previous qualitative studies in which we interviewed people about their understanding of the kinds of information that they share with digital technologies. In particular, we reviewed 12 interviews conducted in October 2020, as well as the content of subsequent focus groups with ten of these interviewees. The focus group members met for three sessions, conducted over Zoom, during the summer of 2021. While location tolerance was not initially a planned topic for the focus groups, participants occasionally brought It up organically. We also included questions about location tolerance in the final focus group session. 

3.4. Participants

For all Me2BA studies, we seek participants who have a home broadband connection, regularly use at least two Internet-enabled devices, do not work in the technology sector, and do not live in a large, urban, technology center. Participant recruitment for the quantitative survey was conducted via SurveyMonkey. For our focus groups and previous interviews, we recruited participants via the online platform, UserInterviews.com, which enables screening, participant communication, and incentive payment. Each survey, interview or focus group participant was paid $35 USD for each one-hour session. See Appendix C for the complete Me2BA screening survey.

Of the 363 volunteer participants that completed the Location Awareness Acceptance survey, 180 identified as female and 183 as male. Respondents ages ranged from 18-29 (35%), 30-44 (39%), 45-60 (17%), and over age 60 (8%). Respondents were all from the US, representing every state except Alaska and Montana. Half (50%) of the respondents indicated they earned between $25,000 and $99,999 per year, with 21.8% of these in the under $49,000 bracket.  20% of respondents indicated that they earned under $25,000, 15% earned over $100,000, and 15% preferred not to answer the income question. Almost all of respondents (97%) completed the survey on their mobile phones or tablets – 58% were using iOS Phone / Tablets and 39% used Android Phone/Tablet. Less than 3% were using their laptops – 2% on Windows Desktop/Laptop and 0.3% on MacOS. 

Our qualitative research included reviewing the content of 12 previous interviews, as well as focus groups with ten of these interviewees. Focus group participants included two groups of five participants, two men and three women each, all living in the United States. The ages of the participants ranged from 23 to 70. Profile snapshots of the participants who are quoted in this report are in Appendix D.

For the survey portion of the study, participants agreed to the standard SurveyMonkey consent release. For the interviews and focus group research, each participant reviewed a copy of the Me2B Alliance consent form and gave verbal consent to participate in this study. Audio recordings of participants’ verbal consent were saved as separate audio files and are retained by study personnel. Consent forms can be found in Appendix E.

3.5. Data Analysis

Survey data from the SurveyMonkey questionnaires was downloaded to a Microsoft Excel spreadsheet and analyzed for significant patterns around location awareness and tracking.  We further analyzed this data by gender, age, income bracket and U.S. region. We also analyzed comments made in prior interviews and focus groups and in open-ended, textual survey answers.

In addition, we used the Carrot2 Clustering Workbench program7 with the LINGO algorithm to examine open-ended comments from the survey responses. The LINGO algorithm creates well-described flat clusters and is available as part of the open source Carrot2 framework.  We used the Clustering Workbench program to create content clusters from an Excel file, tune clustering parameters, and then export results into a new Excel file. A list of terms and phrases from the cluster analysis is in Appendix F.

4. Results 4.1. Sentiment Analysis

For the first two questions in the survey, respondents were asked to describe a website or mobile application that knows their location when they first open it. Respondents were provided with a randomized list of five positive and five negative adjectives and were able to choose multiple options. Our objective was to discover how people feel about a website or a mobile app that wants to know their physical location. We were careful to balance negative terms against positive terms that have a similar emotional weight, to avoid skewing the participant toward one side or the other. 

How would you describe a WEBSITE that knows your physical location when you first open it? Check all boxes that apply.

How would you describe a MOBILE APP that knows your physical location when you first open it? Check all boxes that apply.

Answer Choices:  

Annoying, Bad, Confusing, Scary, Creepy

Convenient, Good, Smart, Friendly, Helpful


Figure 1: Sentiment Analysis – Website First Open

Figure 2: Sentiment Analysis – Mobile App First Open

Table 1: Negative Sentiment Summary

Creepy Bad Scary Annoying Confusing Any Negative Term Website 55% 28% 45% 38% 11% 81% Mobile App 41% 26% 32% 32% 11% 68%

Table 2: Positive Sentiment Summary

Helpful Smart Convenient Good Friendly Any Positive Term Website 18% 20% 21% 15% 10% 44% Mobile App 23% 21% 30% 16% 10% 53%

As the above charts show, survey respondents tended to select negative terms to describe a technology that knows their location at a greater rate than positive terms for both website and mobile apps. 81% of respondents chose at least one negative term to describe this behavior in websites and 44% selected at least one positive term. They were less likely to select negative terms when describing a mobile app (68%) versus a website, but slightly more likely to select a positive term for mobile apps (53%) than for a website. 

The top 5 terms to describe websites and mobile apps that know your location immediately were mostly negative – Creepy, Scary, Annoying and Bad – with one positive – Convenient. “Creepy” was by far the most selected term – used by 55% of respondents to describe websites and 41% of respondents to describe mobile apps. The next most common terms were “Scary” (45% for websites and 32% for mobile apps) and “Annoying” (38% for websites and 32% for mobile apps). The terms that selected the least were “Confusing” (11% for both websites and mobile apps) and “Friendly” (10% for both websites and mobile apps). 

The term “Convenient” was chosen more frequently (30% of the time) for mobile apps than for websites (20% of the time). The implication here is that the utility of having location awareness on a mobile app is higher or more evident than for a website. App users must download the software to their mobile apps and some of these apps, such as map apps, require location information to be useful.  

The negative term that was used the least was “Confusing”. Few respondents (11% for both websites and mobile apps) selected “Confusing” to describe a website or mobile app that immediately knows a user’s location. The implication is that users do not find this behavior from their technology to be illogical, and that it may be expected that the technology will know or attempt to determine your physical location.

We were also curious about any associations between the negative terms “Creepy” and “Scary,” and the more positive terms “Convenient” and “Helpful.” Would people be willing to put up with “Creepy” and “Scary” behavior if they also found it “Convenient” and “Helpful”? As Table 3 shows, we learned that this was the case less than 20% of the time, and that there is very little difference between website and mobile app users.

Table 3: Negative Combination Sentiment Summary

WEBSITE
% of all responses
(N=363) MOBILE APP
% of all responses (N=363) Creepy 55.1% (N=200) 41.3% (N=150) Scary 44.6% (162) 32.2% (117) Helpful 21.2% (77) 30.0% (109) Convenient 8.0% (29) 23.1% (84) Creepy and Convenient 17.5% (35) 20.0% (30)  Scary and Convenient 12.5% (25) 12.0% (18) Creepy and Helpful 12.5% (25) 11.3% (17) Scary and Helpful 7.5% (15) 8.0% (12)

Figure 3: Website Net Sentiment

Figure 4: Mobile App Net Sentiment

Net sentiment was calculated by subtracting the number of negative terms from the number of positive terms selected for each response and counting the number of responses that were positive, negative or neutral. A neutral sentiment of zero would indicate that the response had the same number of positive and negative terms. Overall, participants selected mostly negative terms to describe technologies that were location aware – 52% of the adjectives selected for location aware mobile apps were negative, and 65% of the terms selected for location aware websites were negative. Location awareness was more tolerated in mobile apps than in websites – positive net sentiment was at 37% for mobile apps and only 27% for websites.

4.1.1. Sentiment by Gender

When we analyzed sentiment by cohort groups, we found very little difference between male and female respondents. Both gender groups were more negative than positive in their sentiments towards immediate location awareness, especially for websites.

Figure 5: Website Net Sentiment – Female

Figure 7: Mobile App Net Sentiment – Female

Figure 6: Website Net Sentiment – Male

Figure 8: Mobile App Net Sentiment – Male

4.1.1.1. Negative Sentiments by Gender

Table 4: Website Negative Sentiment by Gender

Website Creepy Bad Scary Annoying Confusing Any Negative Term Female 56.1% 27.8% 44.4% 40.6% 10.0% 81.7% Male 54.1% 28.4% 44.8% 35.5% 12.0% 82.0%

Table 5: Mobile App Negative Sentiment by Gender

Mobile App Creepy Bad Scary Annoying Confusing Any Negative Term Female 40.6% 24.4% 32.2% 28.3% 12.2% 67.2% Male 42.1% 26.8% 32.2% 35.5% 10.4% 69.9% 4.1.1.2. Positive Sentiments by Gender

Table 6: Website Positive Sentiment by Gender

Website Helpful Good Smart Convenient Friendly Any Positive Term Female 16.1% 12.8% 19.4% 19.4% 7.8% 42.2% Male 20.8% 16.4% 20.8% 20.8% 12.0% 45.9%

Table 7: Mobile App Positive Sentiment by Gender

Mobile App Helpful Good Smart Convenient Friendly Any Positive Term Female 22.2% 13.3% 22.2% 27.2% 10.0% 52.2% Male 24.0% 18.6% 19.1% 32.8% 9.3% 51.4%

As seen in figures 5-8, the net sentiment score, calculated as the number of positive terms selected by a participant minus the number of negative terms, was similar for both men and women. Tables 4-7 show how frequently each term was chosen, and how often at least one positive or negative word was selected. These tables demonstrate that male and female survey participants chose similar negative terms, at similar levels, to describe immediate location awareness in websites and mobile phones. Overall, men were slightly more favorable towards location awareness in websites, while women were slightly more accepting of location awareness for mobile apps.

4.1.2. Sentiment by Age

We also looked at the data by age group and found that, in general, the older the cohort, the more likely they were to select negative adjectives to describe website and app location awareness.  Notably, however, the 30-44-year-old cohort were the most tolerant to immediate location awareness – even more so than those younger than them.

Table 8: Net Sentiment by Age Cohort

Age Cohort Website Mobile App 18-29

Figure 9

Figure 10 30-44

Figure 11

Figure 12 45-60

Figure 13

Figure 14 over 60

Figure 15

Figure 16

Table 9:  Website Negative Sentiment by Age

Website Creepy Bad Scary Annoying Confusing Any Negative Term 18-29 57.0% 24.2% 42.2% 39.1% 16.4% 82.8% 30-44 48.6% 23.9% 42.3% 32.4% 7.0% 77.5% 45-60 63.5% 36.5% 49.2% 41.3% 11.1% 87.3% over 60 60.0% 46.7% 56.7% 53.3% 6.7% 86.7%

Table 10: Mobile App Negative Sentiment by Age

Mobile App Creepy Bad Scary Annoying Confusing Any Negative Term 18-29 37.5% 21.9% 29.7% 35.9% 14.1% 71.1% 30-44 43.7% 19.7% 29.6% 26.1% 9.2% 66.9% 45-60 39.7% 33.3% 39.7% 28.6% 7.9% 65.1% over 60 50.0% 53.3% 40.0% 50.0% 16.7% 73.3%

Table 11:  Website Positive Sentiment by Age 

Website Helpful Good Smart Convenient Friendly Any Positive Term 18-29 16.4% 14.8% 18.8% 20.3% 14.1% 48.4% 30-44 23.2% 19.7% 24.6% 25.4% 8.5% 48.6% 45-60 17.5% 4.8% 15.9% 22.2% 4.8% 36.5% over 60 6.7% 10.0% 13.3% 3.3% 10.0% 20.0%

Table 12: Mobile App Positive Sentiment by Age

Mobile App Helpful Good Smart Convenient Friendly Any Positive Term 18-29 21.9% 18.0% 19.5% 34.4% 7.8% 55.5% 30-44 25.4% 16.9% 20.4% 29.6% 13.4% 57.7% 45-60 23.8% 11.1% 27.0% 30.2% 6.3% 47.6% over 60 16.7% 13.3% 13.3% 13.3% 6.7% 30.0%

One interesting finding is that people over the age of 60 were much less likely to find location seeking behavior “Convenient”. For websites, only 3% selected “Convenient” while the other age cohorts were in the 20-25% range. And for mobile apps, 13% selected “Convenient” while the other cohorts were in the 30-35% range. In sum, our survey data suggests that age is a better predictor of sentiment towards mobile app and website location awareness than gender.

4.1.3. Devices

Since a majority of respondents (98%) used mobile phones to complete the survey, we also segmented sentiment by device.  Android and iPhone users both used more negative than positive terms to describe websites and mobile apps that were immediately location aware. Overall, negative terms were chosen between 65-85% of the time (depending on which device was being used, and whether it was used on a website or a mobile app), while positive terms were chosen only 43-56% of the time. Negative terms were used slightly more frequently to describe websites (around 80 and 85% of the time) than mobile apps (around 65 and 73% of the time). 

We did find a small difference in sentiment towards immediately location aware apps and websites based on device. Android users were slightly more likely to use a negative term than iPhone users – with a difference of 3.5% for mobile apps and 5% for websites. They were also slightly less likely to use a positive term – with a difference of 3.7% for websites and 6.7% for mobile apps. The choices of specific terms were quite similar across both Android and iPhone users, most often with a difference of just a few percent. A few points do stand out, however. Android users were more likely to choose the term “Bad” to describe websites and mobile apps that were immediately location aware. They were also more likely to use the term “Creepy” and “Scary” to describe mobile apps that were location aware. This negative impression is supported by some of our focus group comments, provided in section 3.6, below.
Negative Sentiments by Device Used

Table 13: Website Negative Sentiment by Device Used

Website Creepy Bad Scary Annoying Confusing Any Negative Term iPhone 54.5% 20.7% 43.6% 38.4% 12.3% 79.6% Android 54.5% 28.7% 44.8% 35.7% 9.7% 84.6%

Table 14: Mobile App Negative Sentiment by Device Used

Mobile App Creepy Bad Scary Annoying Confusing Any Negative Term iPhone 36.5% 20.9% 29.4% 12.3% 32.7% 64.9% Android 47.6% 30.8% 35.7% 6.3% 30.1% 73.4% 4.1.3.1. Positive Sentiments by Device Used

Table 15: Website Positive Sentiment by Device Used

Website Helpful Good Smart Convenient Friendly Any Positive Term iPhone 17.1% 14.7% 19.9% 23.7% 9.5% 46.4% Android 21.0% 15.4% 21.0% 18.9% 11.2% 42.7%

Table 16: Mobile App Positive Sentiment by Device Used

Mobile App Helpful Good Smart Convenient Friendly Any Positive Term iPhone 24.2% 16.1% 19.9% 32.2% 12.3% 56.4% Android 22.4% 16.8% 22.4% 28.7% 6.3% 49.7% 4.2. How Having an Account Affects Tolerance of Location Awareness

Four survey questions investigated whether having an account affects the acceptability or tolerance of immediate location awareness, for both mobile apps and websites.  Respondents were overwhelmingly more sensitive to having apps and websites know their location data when they did not yet have an account. If they did have an account, respondents were more comfortable with mobile apps knowing their physical location than a website. 

4.2.1. “Is Location Awareness OK?”  Account vs No Account 4.2.1.1. Website Figure 17: “Is Location Awareness OK?”
Website, No Account Figure 18: “Is Location Awareness OK?”
Website, Account 4.2.1.2. Mobile App Figure 19: “Is Location Awareness OK?”
Mobile App, No Account Figure 20: “Is Location Awareness OK?”
Mobile App, Account

Table 17: “Is Location Awareness OK?” Summary 

N=363 Website (no account) Mobile App (no account) Website (with account) Mobile App (with account) Yes 22.9% 25.9% 34.2% 44.9% No 72.5% 68.3% 45.2% 35.0% Maybe 3.9% 5.2% 20.4% 19.8% Total responding 99.2% 99.4% 99.7% 99.7%

A majority of respondents did not consider it acceptable for mobile apps and websites to be aware of your physical location at first use, before an account is created – 68.3% for mobile apps and 72.5% for websites. A very small number (5% for websites and 4% for apps) said “Maybe” it would be acceptable for a website or mobile app to know your physical location at first use. The reasons for this were varied. Website users said location awareness would be acceptable if they trusted the site, if location awareness was necessary or useful, and if they gave their permission. For mobile app users, permission was also a primary factor. Mobile users also wanted their consent to be clearly documented.

While a majority of respondents were against immediate location awareness without an account, those numbers went down significantly once a user had an account. With an account, 45% of respondents felt that it was acceptable for a mobile app to know your location, and almost 35% found this acceptable for websites. The percentage of people who indicated “Maybe” it was acceptable for a technology to know your location after you’ve created an account went up to 20%, for both websites and mobile apps. In this case, the most cited reasons for finding location awareness to be acceptable were if the application requires location to function or if users were able to explicitly give permission either via opt in or device settings.

4.2.2. “Maybe” it’s OK – Analysis

We also conducted a closer analysis of the reasons and explanations given by the 179 respondents that chose “Maybe” it was OK for a website or mobile app to know your location – both upon first use, and after an account has been created.

Over 80% (147 out of 179) of the “Maybe” responses referred to situation where users had an account, indicating that having an account was an important initial factor. Almost 60% (87 out of 147) of the reasons why location awareness “Maybe” acceptable when a user already had an account involved some sort of “permission,” with the answers evenly divided for both websites and mobile apps. Around 35% of responses (64 out of 179) indicated that some use or purpose were necessary. Again, these responses related mostly (55 out of 64) to cases where users already had an account.

Overall, people indicated that they would be OK with sharing location information if they were able to give their permission or if the location information was somehow necessary or required. Not all answers explicitly used the term “permission” or “required”. For example, some respondents wrote “if I approve” or “if I have enabled location services,” which indicates permission, or “when ordering food” or “depends on what the app is used for,” which indicates a reasonable need. Generally, responses that included terms such as: “allow”, “let”, “permit”, “choice” or “ask” were counted among those that require “permission” and responses including terms such as: “use”, “need” or “require”, or that mention a specific scenario, were counted among those that indicated a reasonable need for the data. Raw responses from the survey responses that indicate “Maybe” can be found in Appendix G.

4.3. Location Tolerance Scenarios

The survey included eight scenarios in which participants were asked if it is acceptable for a digital technology to know their physical location. Some of the scenarios, such as delivering groceries, had a more obvious need for location data, while for others, the need for exact location was not as clear. For each scenario, we inquired about the level of location detail that it was acceptable for the website or mobile app to have. Specifically, for each scenario, we asked if it was OK for the website or mobile app to know the respondent’s country, state, zip code, home address, exact location, or none of these. We also asked respondents about the specific context or duration of location awareness – “never”, “one time only”, “only when I am using the app/site”, “for a limited period of time” or “all the time.” Respondents were able to select multiple options for acceptable location information.

4.3.1. When Location Information May Be Necessary

The survey presented three different scenarios in which location information is relevant – although the user’s current physical location may not be necessary. These scenarios included: (1) ordering groceries, (2) checking weather and traffic at a vacation destination and (3) sending a gift to an out-of-town friend.

Scenario 1: Ordering Groceries 

When ordering groceries from an online store, the assumption is that the store needs to know where to deliver the groceries. In typical cases, the delivery address and home address are the same. The shopper may or may not be at the delivery location when the order is placed. In this scenario, the shopper is ordering groceries to be delivered to their home, and the website or app is requesting the shopper’s physical location.

Figure 21: “Is Location Awareness OK?”
Ordering Groceries Figure 22: “Ok to Remember Location?”
Ordering Groceries

When ordering groceries online, respondents were pretty specific about what was acceptable. For instance, over 50% of respondents found it acceptable for the technology to know one’s “home address”, while all other choices were selected by fewer than 40% of respondents. In particular, only 31% thought having one’s “exact location” known was OK.  Similarly, most respondents (56%) said it was OK for the site to know or remember their physical location “only while they were using the site,” and the remaining options were all chosen by fewer than 20% of respondents.  

Scenario 2: Weather and traffic in vacation location 

The assumption is that your vacation location is outside your local vicinity, and the website or mobile app does not need to know your physical location if you want to see weather or traffic reports there. However, your physical location may be relevant if a map of your route is being mapped.  

Figure 23: “Is Location Awareness OK?”
Traffic/Weather Figure 24: “Ok to Remember Location?”
Traffic/Weather

When checking weather or traffic reports at an out-of-town location, less than 25% of respondents thought that it was acceptable for the site to know their “exact location,” and even fewer, about 17% thought it was OK for the site to know their “home address”.  Most (40%) found knowing the zip code to be acceptable, while “state” (35%) and “country” (32%) were chosen by a slightly lower percentage. Almost 50% of respondents found it acceptable for the app to know or remember their location “only when I am using the app.” Other options were chosen by less than 20% of respondents. People may be tolerant of location awareness in this type of app because they also use it to check local conditions as they move about an area.

Scenario 3: Sending a Gift 

If you are buying a gift to send to an out-of-town friend, the assumption is that the technology does not need to know your physical location. 

Figure 25: “Is Location Awareness OK?” – Gift Figure 26: “Ok to Remember Location?” – Gift

When buying a gift to be delivered to a friend in a different town, respondents found that it was acceptable for the technology to know their physical location pretty infrequently – about 22% chose “home address” and around 15% chose “exact location.” The other choices – zip code, city, state and country – were chosen by around 30% of respondents. And finally, 27% chose “None”.  In this scenario, the biggest percentage of respondents – 42%-  indicated it was OK for the site to have their info “only when I’m using the site.” Three of the remaining categories – “For a limited period of time,” “One time only,” or “Never” – were chosen by around 20% or respondents, while only 14% indicated it was OK for the site to know or remember their location “All the time”.

4.3.1.1. Comparing Across 3 Location-Necessary Scenarios

Figure 27: Location Acceptance Across Location-Necessary Scenarios by Location Data Type

Table 18: Location Data Acceptance Across Location-Necessary Scenarios

Your exact location Your home address Your zip code Your city Your state Your country None of these Ordering Groceries  31% 53% 39% 34% 29% 28% 9% Sending a Gift out of town  14% 23% 33% 30% 30% 30% 28% Traffic/Weather out of town 25% 17% 40% 32% 36% 32% 16%

Comparing across these three scenarios, we find that having the technology know one’s home address was acceptable to the most people (53% of respondents) when ordering groceries – which makes perfect sense, as the home address is where the groceries most likely need to be delivered.  Outside of this particular case, roughly 28 – 40% of respondents generally found it acceptable in these scenarios for a website or app to know their zip code, city, state or country. Respondents were the most sensitive to giving out their exact location information when sending a gift out of town. In that scenario, having the site know a “Your exact location” was chosen by only 14% of respondents, and 28% – the highest percent of the three scenarios – indicated that “None” of the choices were acceptable.

Figure 28: Location Acceptance Across Location-Necessary Scenarios by Duration of Use

Table 19: Location Duration of Use Acceptance Across Location-Necessary Scenarios

All the time For a limited period of time Only when I am using the site One time only Never Ordering Groceries  19% 20% 56% 15% 9% Sending a Gift  14% 22% 42% 20% 20% Traffic/Weather  18% 20% 49% 14% 17%

Most respondents, when presented with these three scenarios, indicated a preference for the site to remember or know their location “Only when I am using the site” – this option was selected by 42-56% of respondents.  In other words, in these scenarios, roughly half of shoppers would prefer that sites not know or remember their location information when they are not using it.  The remaining options – “One time only”, “For a limited period of time”, “Never” and “All the time” – were generally selected by around 20% of respondents. Again, respondents were the most tolerant of location awareness in the ordering groceries scenario, where only 9% found it to be “Never” OK for the site to know their physical location, and 19% felt that it was OK “All the time”. 

4.3.2. When Location Awareness is Not Necessary

Scenarios 4 – 8 in the survey involved cases where a website or mobile app may request location information even when this information does not appear necessary. These scenarios included: (1) when you are watching a video, (2) creating a new email account, (3) using an online coupon at a new e-commerce site, (4) downloading software and (5) downloading educational software for a child. This final scenario was included due to our recent research on mobile apps developed for schools, which found that many of these apps exposed student information8. The response choices presented in these scenarios were the same as with the earlier scenarios – people were asked about the degree and duration of location awareness, with the option to select multiple answers.

Scenario 4: Watching a Video


Figure 29
Figure 30

Scenario 5: Creating an Email Account


Figure 31
Figure 32

Scenario 6: Using a New E-commerce Site


Figure 33
Figure 34

Scenario 7: Downloading Software


Figure 35
Figure 36

Scenario 8: Downloading Educational App for 4th Grader


Figure 37
Figure 38 4.3.3. Comparing Across 5 Location-Not-Necessary Scenarios
4.3.3.1. Location Acceptance by Location Data Type

 

Figure 39: Location Acceptance in Location-Not-Necessary Scenarios by Location Data Type

Table 20: Location Data Acceptance Across Location-Not-Necessary Scenarios

Your exact location Your home address Your zip code Your city Your state Your country None of these Watching a video 10% 12% 22% 19% 25% 25% 42% Unfamiliar E-commerce  12% 16% 39% 32% 35% 33% 21% Downloading Software to Computer  14% 15% 31% 28% 34% 34% 26% New Email Account  15% 14% 33% 28% 34% 29% 26% 4th Grade App  12% 14% 33% 29% 34% 34% 25% 4.3.3.2. Location Acceptance by Location Use Duration

The percentage of responders choosing how long it was acceptable for a technology to know or remember location was also relatively consistent across scenarios. A majority of responders (65-84%) felt that it was either “Never” acceptable for a service provider, website, or mobile app to know or remember their location, or acceptable “Only when I am using the site”.  Specifically, roughly 36-49% of respondents selected “Never” and 28-35% selected “Only when I am using the site”. The most sensitive case was the unfamiliar e-commerce site – almost 50% of respondents felt that it was “Never” acceptable for a new e-commerce site to know or remember their location information.  In the first set of scenarios, where location awareness was reasonable, up to 19% of respondents felt that the technology could know or remember their location “All the time”. In contrast, in this set of scenarios, not more than 11% of respondents found that acceptable.  

 

Figure 40: Location Acceptance Across Location-Not-Necessary Scenarios by Duration of Use

Table 21: Location Duration of Use Acceptance Across Location-Not-Necessary Scenarios

When is it OK to know your location? All the Time For a limited period of time Only when I am using the site One time only Never Watching a video  10% 19% 35% 13% 39% Unfamiliar E-commerce Site  9% 15% 28% 12% 49% Downloading Software to Computer  11% 17% 32% 17% 37% New Email Account  11% 19% 34% 16% 36% 4th Grade App  11% 17% 34% 13% 40% 4.3.4. Comparing Across All Scenarios

We found some interesting similarities and differences in how participants responded to scenarios where location awareness seemed more relevant (scenarios 1-3), versus where location awareness was not as necessary (scenarios 4-8) – especially when looking at how sensitive respondents were to the level of location detail provided.  

Ordering groceries Weather and traffic in a vacation location Sending a gift to an out of town recipient Watching a video Creating an email account Using an e-commerce site/app Downloading software Downloading an educational app

For example, the geographic information – country, state, city and zip code – had a relatively similar percentage of responses (20-40%) for all eight scenarios (figures 27 and 38, tables 18 and 20). On the other hand, participants were more comfortable sharing their “home address” or “exact location” for scenarios where location awareness was relevant (scenarios 1 –3) and the range in those cases was quite large – from 14% – 53% – depending on scenario. In those scenarios where location information was less relevant (scenarios 4-8), participants were consistently less comfortable sharing “home address” or “exact location” (chosen by around 10-12% of respondents) (figure 38, table 20). Similarly, in scenarios where location awareness was less relevant, 20-26% of participants consistently felt that “None of these” location options were acceptable to share (figure 38, table 20).  In the first three scenarios – where location information was more clearly relevant – the percentage of participants who specified “None of these” location options were acceptable varied quite a bit – from 9% – 28%, depending on the specific scenario (figure 27, table 18) These differences indicate that location awareness is something respondents are sensitive to, and the specific context in which this information is requested – and how apparent the need for location information is – makes a difference. These findings reveal how people prefer to have control over the degree and duration of location sharing. 

4.4. Open-Ended Survey Comments

The final question on the survey was open-ended, asking: “Generally, what needs to happen for it to be OK for a website or a mobile app to know your physical location?” Most respondents reiterated their recognition that the website or app’s need for location information to function was a reasonable condition for providing that information. Additionally, many responses (see sample below) indicate that people want to have the ability to explicitly allow location awareness through actively opting in or providing permission.

“I do feel like my location is always tracked, through numerous sites. You disclose your location to strangers on eBay and other sites all the time. You also disclose it to numerous businesses routinely. I don’t want my location to be tracked, but I give my location out constantly. 

“Why does this app need my location? For marketing or is the information stored in a database? Our personal information is sold to companies all the time. Why wouldn’t our locations be as well?”

“If they’ve disclosed clearly that is a condition of use, and it confirms it will no longer track, if I [can] opt out of it, then it’s acceptable.”

“It is only ok when I am fully aware that it is tracking me. If I don’t feel comfortable, I should have the right to deny it’s access.”

For a deeper look, we used the Carrot2 Clustering Workbench program to identify word clusters and highlight common themes in the responses. The following image indicates the prevalence of various terms and phrases:

57 clusters were created from 361 responses. The most common terms were “Ask” (39 responses) or “Ask Permission” (23 responses), indicating that individuals are by far more comfortable with location awareness if they have been asked to give permission. “Allow” (12 responses), “Access” (11 responses) and “Consent” (9 responses) also indicate potential action on the part of the individual to allow access to location information. Other terms that were frequently used included “Service” (13 responses) “Reason” or “Good Reason” (16 responses) and “Purpose” (5 responses), which indicates that if the service had a reason to use the location information it would be acceptable for the website or app to know it. Terms such as “Delivery” (12 responses) and “Ordering” (11 responses”) indicate specific scenarios where the app or website might need to know the location in order to deliver a product. Terms such as “Weather” or “Weather app” (13 responses), “Directions” (6 response) and “Map” (5 responses) also indicate scenarios where a specific location might be required. Clusters including “Security” (10 responses), “Trust” (10 responses), “Privacy” (9 responses) and “Safe” or “Safety” (10 responses) indicate a concern around risk. A complete list of cluster terms and phrases can be found in Appendix F.

4.4.1. Qualitative Analysis – Focus Groups and Interviews

We also drew quotes from interviews and focus groups that were relevant to the location awareness topic. Detailed information about the focus group participants is in Appendix D.

One focus group participant described their perception of tracking behavior, expressing a preference for location tracking on a computer, because “on your computer…you’re just in that one location anyway,” whereas on a mobile phone, once consent is given “that might stay there and they’ll keep tracking you forever.” (Janice, 7/19/21)

One respondent was explicit about the intrusive nature of location consent, and the importance of relevance: “I do feel like the location consent is…very intrusive because a lot of times whatever I might be looking at, the locations shouldn’t be relevant. If I want to take it to the next step and map out directions, or find a store in my area or something like that, I can see why they might want to confirm my location… But when it’s upon opening up a new app or a new website, I find it very frustrating, especially when it’s a website and I’m on a laptop… I might be Googling something real quick at work, and I’m like, “why do they need to know my work location?” (Tammy 7/19/21)

Many respondents felt that location awareness acceptability depended on the purpose of the website or mobile app, and whether the location awareness was necessary to provide useful information: “Like if it’s a shopping app to locate a store closest to you” or “…if I’m using any type of ride-sharing program, they need to kind of know where I’m at” (Kristin 7/19/21) “GPS type apps, they’re gonna need my location, you know? So, is it kind of a level playing field? Depending on what the app is, because some of them would have to have information about you.” (Janice 5/26/21)

More than one respondent noted the persistent tracking behavior of Google, especially related to having an Android phone.  “I once a month now get an email from Google, which tells me my itinerary of places…. And I never asked for that. And so they’re obviously just tracking me…. You know, but it’s unnecessary and I never asked for it.” (Janice 7/19/21) “I’ve gone to the store and then within 15 minutes of getting home, Google [is] sending me a consumer feedback opinion survey asking me: Was I at this store and did I buy anything and “Can you take a picture of your receipt? … I mean their confidence isn’t high enough to say, “Yes, this was [Walter],’ but if you fill out the survey then they can close that gap and they now have 100% confidence…. And they’ll give you…$0.75 of Google Play store credit, so “see, it was totally worth it now,” right? ….Sometimes it’ll be a day or two later. But this morning I literally had one like 10 minutes after I got home. I had a notification it’s like ‘Hey, where were you out here and which one of these stores in this plaza did you stop at?’ So it was a physical purchase. Yep, just by having an Android phone in my pocket, you know.” (Walter 7/18/21)

5. Insights 

The research described in this report was developed to explore consumer perspectives towards location sharing with digital technologies and to validate passing criteria of specific location tests in the Me2BA Respectful Technology Specification.  Two primary research questions guided our work:

1)     How do people feel when a website or mobile app automatically knows their location?

2)     When is it acceptable for a website or mobile app to know one’s location?

Key insights from our research include:

Participant sentiment is more negative than positive towards a website or app that “knows your physical location when you first open it”.  The terms used to describe websites and apps that are immediately location aware were more often negative than positive. In addition, four of the top five terms used were negative (Creepy, Scary, Annoying and Bad), with “Convenient” being the one positive. 65% of respondents had an overall negative sentiment towards a website that knew their location upon first open; 52% of respondents had an overall negative sentiment towards a mobile app that knew their location upon first open. 30% of respondents indicated that it was “Convenient” for a mobile app to know location information upon first open; this may reflect the element of agency involved in selecting and installing apps creating more tolerance around location awareness in apps versus websites. Android users were slightly more likely to use negative terms to describe location aware apps and websites than iPhone users, and age appears to be a better predictor of sentiment than gender. We found very little difference in sentiment between male and female respondents. When looking at sentiment by age group, we found that, in general, the older the cohort, the more likely they were to select negative adjectives to describe website and app location awareness.  Notably, however, the 30-44-year-old cohort were the most tolerant to immediate location awareness – even more so than those younger than them.  About 70% of respondents indicated it was unacceptable for either a website or an app to know their location before the creation of an account – a “Me2B Marriage”.
Respondents were more tolerant of location sharing if they had an account than if they did not.  If they did have an account, respondents were more comfortable with mobile apps knowing their physical location (45% Yes) than websites (34% Yes). 45% of respondents, however, still felt it was still unacceptable for websites to know their location even with an account. For both websites and mobile apps, “Maybe” responses jumped from 4% (website) and 5% (mobile app) to 20% (both) when respondents have an account, which suggests that having an account increases tolerance for location awareness.  Even though we weren’t testing for it, these findings validate the importance of the Me2B Marriage state as meaningful context for how people experience their Me2B relationships. The specific context in which location information is requested – including the website/app’s need for location information – makes a difference in how accepting or tolerant people are towards sharing that information.    Participants were more comfortable sharing their “home address” or “exact location” for scenarios where location awareness was relevant.  Depending on the scenario, respondents preferred that websites or mobile apps know or remember their location either not at all (“never”), or “only when I am using the site”. Terms used in response to a general question about when location awareness is acceptable highlighted agency and permission, as well as issues of trust and safety, and the importance of specific contexts. The two largest term clusters were “Ask” and “Ask Permission,” while other leading clusters were around related terms such as: Allow, Access, Consent, Reason or Good Reason, as well as: Security, Trust, Privacy, Safe and Safety. Context specific popular terms included: Delivery, Ordering, Weather, Directions and Map. Specific quotes from interviews and focus groups also illustrate the significance of permission, relevance, and control in order for a digital technology to feel respectful.    These include:

“I don’t want my location to be tracked, but I give my location out constantly.”

“Location consent is intrusive – often the locations shouldn’t be relevant.”

“If I don’t feel comfortable, I should have the right to deny it’s access.”

“I might be Googling something real quick at work, and I’m like, “why do they need to know my work location?””

“So they’re obviously just tracking me…. it’s unnecessary and I never asked for it.”

6. Conclusion

Our research demonstrates that location awareness is something people are sensitive to, and that people prefer to have control over the location data being shared.  Website and mobile app consumers are aware in most cases that technologies may track their location. The specific context in which this information is requested, and, in particular, the relevance of the location information to the task, affects how accepting people are of sharing their location information – and to what degree, and for what length of time. 

People are more negatively inclined towards a website or mobile app that automatically knows their location – but, again, context matters. Convenience is a primary factor, while such sites are also seen as “Creepy, Scary, Annoying and Bad.” Key variables that make location awareness acceptable are asking permission and having a valid reason for needing this information.  

Based on this research, we find that, in order for people to consider it acceptable for a digital product to know their location, two essential conditions must be met:

1. The person must have agency over granting access to location information, and 2. There needs to be is a legitimate and understandable need for location info.

Finally, and perhaps most importantly, our research supports the scoring used in the Me2BA Respectful Technology Specification. Based on this work, we are confident that the current passing/failing behavior related to a website or mobile app’s location awareness in the Me2BA Respectful Technology Specification accurately reflects the tolerances and sensitivities of individual Me-s, and indeed defines respectful behavior relating to the collection and use of location information.

Appendix A: Definitions

B: The “B” in Me2B represents the businesses, vendors and service providers that individuals interact with, both online and offline. In GDPR terms, this is the Data Controller.

Location Awareness: A digital technology’s awareness of the user’s current physical location. 

Location Tolerance:  The degree to which a Me will accept their location information being remembered or stored by the digital technology.

Location Access: The ability of a digital technology to establish a Me’s physical location.

Location Behavior: The actions taken by a digital technology to access, use, or track a Me’s location.

Location Use: The use of location information by a digital technology. 

Me: The “Me” in Me2B represents the individual actor – the “Data Subject” in GDPR terms. In this report we are referring to the individual consumer or user of a digital technology.

Me2BA: An acronym for the Me2B Alliance.

Me2BA Commitment: the specific commitment or bargain – such as agreeing to cookies or signing up for a newsletter – that Me’s enter into with a vendor or service provider over the course of most Me2B relationships. These commitments represent inflection points in the relationship trajectory. See “Flash Guide #8: Digital Me2B Commitments and Deals”, https://me2ba.org/flash-guide-8-digital-me2b-commitments-deals/ .

Me2BA Respectful Technology Specification: a collection of tests that provide an objective measure of technology behavior. The tests are designed to measure how safe and respectfully a service or product is behaving. The specification is produced by the Me2B Alliance’s Respectful Tech Specification Working Group.

Appendix B: Survey Questionnaire

Location Awareness Acceptance Survey – Full

Location Awareness – Scenarios

We are interested in learning about your experiences with websites and mobile apps. In particular, we would like to know when it is acceptable for a website or mobile app has access to your location.

Please review the following scenarios. When is it OK for the app or website to know your location?

1. How would you describe a WEBSITE that knows your physical location when you first open it? Check all boxes that apply.

Friendly Creepy Convenient Scary Annoying Bad Smart Confusing Helpful Good

2. How would you describe a MOBILE APP that knows your physical location when you first open it? Check all boxes that apply.

Helpful Creepy Scary Confusing Smart Good Friendly Convenient Annoying Bad

3. If you have an online account on a WEBSITE and the site appears to know your physical location, is this acceptable?

Yes No Maybe (please specify)

4. Let’s say you have an account on a MOBILE APP, and the app appears to know your physical location. Is this OK?

Yes No Maybe (please specify)

5. You download a new mobile app and before you create an account, it appears to know your physical location. Is this acceptable?

Yes No Maybe (please specify)

6. You visit a website for the first time and before you create an account, it appears to know your physical location. Is this acceptable?

Yes No Maybe (please specify)

* 7. You are ordering groceries online to be delivered to your home and it wants to know your physical location. Which of the following location information is OK? Check all that apply.

Your exact location Your home address Your zip code Your city Your state Your country None of these

8. When ordering groceries from a website, when is it OK for it to know or remember your physical location? Check all that apply.

All the time For a limited period of time Only when I am using the app One time only Never

* 9. You are downloading software to your computer and it wants to know your location. Which of the following location information is OK? Check all that apply.

Your exact location Your home address Your zip code Your city Your state Your country None of these

10. If you are ordering something from an online store to send to someone in another state when is it OK for the website to know or remember your physical location?

All the time For a limited period of time Only when I am using the app One time only Never

* 11. You are checking traffic/weather reports for an upcoming vacation and the app wants to know your location. Which of the following location information is OK? Check all that apply.

Your exact location Your home address Your zip code Your city Your state Your country None of these

12. When you are checking traffic/weather reports for an out of town location. When is it OK for the app to know or remember your location where you are now?

All the time For a limited period of time Only when I am using the app One time only Never

* 13. You are using an online coupon at a new-to-you e-commerce site and it wants to know your location. Which of the following location information is OK? Check all that apply.

Your exact location Your home address Your zip code Your city Your state Your country None of these

14. When is it OK for a video website to know or remember your physical location?

All the time For a limited period of time Only when I am using the app One time only Never

* 15. You are buying a gift to send to an out of town friend and it wants to know YOUR location. Which of the following location information is OK? Check all that apply.

Your exact location Your home address Your zip code Your city Your state Your country None of these

16. When is it OK for an unfamiliar e-commerce website to know or remember your physical location?

All the time For a limited period of time Only when I am using the app One time only Never

* 17. You are adding a new email account on your phone and it wants to know your location. Which of the following location information is OK? Check all that apply.

Your exact location Your home address Your zip code Your city Your state Your country None of these

18. When is it OK for a software download website to know or remember your physical location?

All the time For a limited period of time Only when I am using the app One time only Never

* 19. You are watching a video someone sent you and the app wants to know your location. Which of the following location information is OK? Check all that apply.

Your exact location Your home address Your zip code Your city Your state Your country None of these

* 20. When you add a new email account on your phone when is it OK to know or remember your physical location?? Check all that apply.

All the time For a limited period of time Only when I am using the app One time only Never

* 21. You are downloading an educational app for your fourth grader and it wants to know your location. Which of the following location information is OK? Check all that apply.

Your exact location Your home address Your zip code Your city Your state Your country None of these

22. You are downloading an educational app for your fourth grader. When is it OK for the app to know or remember your physical location?

All the time For a limited period of time Only when I am using the app One time only Never

* 23. Generally, what needs to happen for it to be OK for a website or a mobile app to know your physical location?

Appendix C:  Screening Survey

Question 1 (Pick one)

Do you have reliable Internet service in your home?

Yes (accept) No (reject) Not sure (reject)

Question 2 (Pick one)

What kinds of computing devices do you frequently use?

Computer (accept) Smartphone (accept) Tablet (accept) Smart TV or Smart DVD/Blueray player (accept) Connected device (accept) Connected wearable (accept) Smart speaker or personal assistant (accept) Other (accept) None of the above (reject)

Question 3 (Pick one)

In which of the following sectors do you work?

Banking or finance (accept) Business management (accept) Healthcare (accept) Law (reject) Manufacturing (accept) Retail/Wholesale (accept) Technology (reject) Media (accept) Education (accept) Other/none (accept)

Question 4 (Pick one)

Do you live or work in any of the following locations? Austin, Boston, Chicago, Los Angeles, New York City, Raleigh-Durham, Redmond (WA), San Francisco Bay Area, Seattle?

Yes (reject) No (accept) Appendix D: Participant Snapshots

Table 1:Focus Group Study Participants’ Demographic Information

Pseudonym Sex Age Race/Ethnicity Residence Employment Walter M 34 White Hazlet, NJ Trainer (business) Tammy F 42 Black Philadelphia, PA Faculty Coordinator Kristin F 50 White Trafford, PA Disabled Janice F 54 White Pittsburgh, PA HR Analyst

Snapshots

Walter

Snapshot: Self-Described “Nerd” / “Still a Kid”

Walter is a 34-year-old business trainer in Hazlet, NJ. He expressed himself with humor, answering questions gleefully or with wry cynicism at times. He said that he has “too many” accounts; when asked how many he selected the option for between 51 and 100. He stood out for the sheer number of products and services he could name at once that he uses. He understands that they all track him and is moderately cynical about most of it. In one-on-one interviews he was the most opinionated about the imbalance between consumers and technology producers.

Relevant Quotes:

“I’ve gone to the store and then within 15 minutes of getting home, Google [is] sending me a consumer feedback opinion survey asking me: Was I at this store and did I buy anything and “Can you take a picture of your receipt? … I mean their confidence isn’t high enough to say, “Yes, this was [Walter],’ but if you fill out the survey then they can close that gap and they now have 100% confidence…. And they’ll give you…$0.75 of Google Play store credit, so “see, it was totally worth it now,” right? ….Sometimes it’ll be a day or two later. But this morning I literally had one like 10 minutes after I got home. I had a notification it’s like ‘Hey, where were you out here and which one of these stores in this plaza did you stop at?’ So it was a physical purchase. Yep, just by having an Android phone in my pocket, you know.”

Devices regularly used: Windows based home computer with webcam; Android phone; Windows tablet computer; Chrome and Firefox browsers

Key connected products and services discussed: Gmail, Google Calendar, Google “personal database builds”, work email, Hotmail, Android Auto, Reddit (the only social media account he uses regularly), Facebook (disengaged some time ago), Twitter; Fidelity, Robin Hood, Bank of America, multiple credit cards; medical, dental, auto, insurance; Work Dropbox, OneDrive, Google Drive; Zoom, Rodeo, GroupMe; Amazon, Target, Instacart (Aldi, Shoprite); Netflix, Hulu, HBOMax, Disney, XBOX, Playstation, Switch. No online newspaper or magazine accounts, mainly paper comic books. “I guess I’m still a kid.” Tammy

Snapshot: The Skimmer

Tammy is a 42-year-old faculty coordinator from Philadelphia, PA. She estimated that she has somewhere in the range of 51 to 100 accounts, most personal accounts but manages many accounts for her university. In that role, she is responsible for reading online policies, but for her personal use she typically just skims privacy policies and terms of service for items specific to the use of her financial information, credit cards and her email address. Her understanding of her technology relationships appears to be typical of an educated consumer. She Is aware that she is being tracked—she used the term “virtual footprint”—and is skeptical of how companies might user her Information. She worries about credit card breaches, but generally is complacent about what she needs to do to get onto a website or app.

Relevant Quotes: 

“I do feel like the location consent is…very intrusive because a lot of times whatever I might be looking at, the locations shouldn’t be relevant. If I want to take it to the next step and map out directions, or find a store in my area or something like that, I can see why they might want to confirm my location… But when it’s upon opening up a new app or a new website, I find it very frustrating, especially when it’s a website and I’m on a laptop… I might be Googling something real quick at work, and I’m like, “why do they need to know my work location?” 

Devices regularly used: MacOS computer with webcam; iPhone; iPad; Firefox and Internet Explorer browsers

Key connected products and services discussed: Yahoo, work email, Slack, HBO Max, Amazon.com, Amazon Fresh, Macy’s, Old Navy and other retails sites for household items and clothing

Kristin

Snapshot: Cynical Survivor

Kristin is a 50-year-old, retired woman who lives alone in Trafford, PA (near Pittsburgh). When she was working she processed property and casualty insurance claims. She suffers from Multiple Sclerosis. Her disability causes her to rely on delivery services since her mobility is limited. She is an avid Amazon customer and refers to it as her “personal assistant.” She says that she is unconcerned about online fraud or digital harms because she has few assets to lose and feels she needs to live online to survive. She frequently participates in paid marketing studies including programs that pay her to track her technology use. She considers her relationship to technology to be “not good” because her phone and other devices often break on her. She spends a lot of time trying to set up her phone personalization the way she wants “as opposed to what the phone wants me to do” and finds over time this can cause problems.

Relevant Quotes:

“Like if it’s a shopping app to locate a store closest to you” or “…if I’m using any type of ride-sharing program, they need to kind of know where I’m at.”

 “…my side hustle that I’m doing in addition to my disability [benefit] is I’ve sold my soul…to marketing companies, [so] that they can monitor my online activity.” 

Devices regularly used: Cell phone, Kindle, laptop computer

Key connected products and services discussed: Amazon Prime, student account; Alexa, Sam’s Club, bank app; uses virus checkers and ad blockers

Janice

Snapshot: Secret Shopper

Janice is a 54-year-old HR Manager in Pittburgh, PA. Savvy about privacy and tracking cookies, even though she doesn’t think she is very informed nor understands the subtleties and legalese of the digital agreements. She frequently interrupted to apologize that she wasn’t answering my question, but hers were often the more interesting responses. Janice does not use cloud accounts except for her phone backup at Verizon and says that she rarely creates accounts at online stores, other than Amazon, which she uses a lot.

Relevant Quotes: 

“…on your computer…you’re just in that one location anyway,” [whereas on a mobile phone, once consent is given] “that might stay there, and they’ll keep tracking you forever.” 

“GPS type apps, they’re gonna need my location, you know? So, is it kind of a level playing field? Depending on what the app is, because some of them would have to have information about you.”

“I once a month now get an email from Google, which tells me my itinerary of places…. And I never asked for that. And so, they’re obviously just tracking me…. You know, but it’s unnecessary and I never asked for it.” 

Devices regularly used: Chrome OS and Windows computers with webcam; Android phone; Chrome and Windows tablets; Chrome, Firefox and Internet Explorer browsers.

Key connected products and services discussed:  Gmail, AOL, Outlook (work), work software; Facebook Twitter Instagram; credit cards, checking account, investment, insurance; Verizon Cloud; she uses Zoom, Google Meet, Adobe Connect but does not have her own Zoom account. Amazon.com (not a Prime Member); several retail store accounts (“If I buy anything I create an account.”); Netflix, Kanopy, Uber Eats, Uber, The Walnut Grill loyalty app; Pittsburgh Post Gazette (online).

Appendix E: Interview Participant Consent Form

Informed Consent

Me2B Alliance

CONSENT TO ACT AS A RESEARCH SUBJECT

Treatment of consumers by Internet-enabled businesses

Me2B Alliance is conducting a study to understand the concerns of people who use connected products or services. Noreen Whysel will lead the study. You have been asked to take part because you are a consumer or user of connected products and services. There will be approximately 10 participants in this study over a one-month period.

If you agree to be in this study, the following will happen to you:

You will be asked a series of questions about your technology use and your feelings related to your technology use. The interview will last about 40 minutes. It will take place over videoconference and it will be recorded. The interview will be conducted by Noreen Whysel, and one additional Me2B volunteer may observe.

There will not be any direct benefit to you by participating in this study. There will be no cost, and you will be compensated for your participation. The investigator may learn more about how people want to be treated by Internet-enabled businesses.

Participation in this research is entirely voluntary. You may refuse to participate or withdraw at any time. You will not be compensated if you withdraw.

Audio recording:

Audio recording you as part of this project will help our research team better analyze your responses. We will not retain any video recording or imagery of your likeness. We will take the following steps to ensure your privacy:

1. Except to confirm your consent, we will not record any names, personal data, or obviously identifying characteristics. If recorded, such information will be permanently deleted using audio editing software.

2. All identifying details will be concealed in the presentation of data.

3. The researcher will remind you when you are being recorded.

4. The audio recording and original transcript will not be made available to anyone outside our research team.

Risks: There is the possibility of loss of confidentiality. However, research records will be kept confidential to the extent allowed by law. Because this is an investigational study, there may be some unknown risks that are currently unforeseeable.

Ms. Whysel has explained this study to you and answered your questions. If you have other research related questions or problems, you may reach Ms. Whysel at noreen.whysel@me2ba.org.

Appendix F:  Cluster Analysis  Ask (39 docs)

Ask Permission (23 docs)

Ok (17 docs)

Website (15 docs)

Know my Location (13 docs)

Service (13 docs)

Allow (12 docs)

Delivery (12 docs)

Reason (12 docs)

Access (11 docs)

Ordering (11 docs)

Security (10 docs)

Trust (10 docs)

Consent (9 docs)

Getting (9 docs)

Weather (9 docs)

Address (8 docs)

Approve (7 docs)

Info (7 docs)

Privacy (7 docs)

Tracked (7 docs)

Depends (6 docs)

Directions (6 docs)

Don T (6 docs)

Person (6 docs)

Safe (6 docs)

Specific (6 docs)

Acceptable (5 docs)

Maps (5 docs)

Purchase (5 docs)

Purpose (5 docs)

Absolutely (4 docs)

Good Reason (4 docs)

Important (4 docs)

Permission to Access (4 docs)

Safety (4 docs)

Share (4 docs)

Weather App (4 docs)

Account (3 docs)

Feel (3 docs)

Given Permission (3 docs)

N (3 docs)

Physical Location (3 docs)

Send (3 docs)

Sent (3 docs)

Absolutely Necessary (2 docs)

D (2 docs)

Don T need to Know (2 docs)

Emergency (2 docs)

Enter (2 docs)

Function Properly (2 docs)

Getting something Delivered (2 docs)

Google (2 docs)

M not Sure (2 docs)

Personal Information (2 docs)

Settings (2 docs)

Other topics (143 docs)

361 Responses:

requires my permission
I want to have the option of them knowing or not. For some things like grocery deliveries of course they need your location!  When I am the one looking for a specific website of app, I am more likely to give location info
The person using the app should be given the option to opt into sharing location.
It’s disclosed that knowledge of my whereabouts are a condition of use
It needs to be specifically allowed and then I will judge based on the circumstances. Any app or website that tries to do so without permission is automatically untrustworthy.
Secure and safe that nobody can hack and have some privacy
It needs to tell me what it needs the location for in the app and depending on the use (weather app, survey app I trust) I will accept it. It will also depend on whether I trust that company with my address or not.
when I need directions from where I currently am to where I want to go
when sending items on e-commerce. whenever your using GPS or tracking miles ran/walked.
There has to be a compelling reason and a business need to know.
ask permission
getting directions, baNking, shipping
Has to be a reason I find reasonable
Depends on privacy policy and trustworthiness.
only when using the app
my permission
only if you confirm they can have access to that info
It needs to be location specific for weather or maps/gps/traffic.
Emergency reason only
I need something delivered in person.
To allow it
If something ordered is being delivered to my home.
strong security and trust of website/app
Ok
when it is critical for the app to work
with need to know event.
I look back at my answers and I feel like I’m inconsistent. I do feel like my location is always tracked, through numerous sites. You disclose your location to strangers on eBay and other sites all the time. you also disclose it to numerous businesses routinely. I don’t want my location to be tracked, but I give my location out constantly. why does this apps need my location? for marketing or is the information stored in a database? our personal information is sold to companies all the time. why wouldn’t our locations be as well?
Feel secure with that
If you purchase the app or when you are using it
I need to give consent
That I actually get to allow to set the settings  myself
If that is useful for me.
none
Ask permission
If it asks how much you want to have your location tracked
It needs to be on a case by case basis and only upon my approval
If it really needed, if it safe people will say yes . My kids are little so unnecessary I don’t want to share all my data or address.
Ask permission
Explicitly ask and explain in plain English all the ways it will be used.
When you are getting a delivery
I need to be asked permission and knowing my location needs to be necessary
It needs to request permission to collect that data and I will decide if it is acceptable for that specific situation
When I’m searching directions
no,what if they use it to there bad intentions
the service must need my location to function (like a GPS) or for info it needs to verify eligibility or maintain legal requirements (like regional laws, GDPR) and it provides a prompt for me to grant access
I don’t think they should
I need to be purchasing something that is dependent on my location (i.e. Placing an order to be delivered to my location)
If you give them permission or it’s vital for  function
I need to be able to give permission, and have several choices about how much info and when it is available
Na
it has to be a trusted and reputable site that won’t misuse my information
it needs to only be for apps where it makes sense that they need that information.
The app or services should ask for permission to access your location and for how long
It needs to ask, and more importantly RECEIVE approval from me to have access to any of that information
Ask permission
they need a reason that is beneficial to me, not them.
100% safe app
safety is important
Getting deliveries
If it’s an app or website that needs to know.  A website just to buy things doesn’t need to know my location just the shipping location.  Apps that have as nothing to do with location (like an arcade game( don’t need to know where I am or what country I’m in even.
they need to disclose why location is needed and permission to access location information to be granted
If I have chosen to share my info
Your permission
Safe and have a purpose
I don’t think it is okay for a website or an app to track my address.
Never
If something is being delivered to me, for the time, weather, or gps
If I’m getting something delivered
It needs to provide me with a service that depends on location
Upfront information with the legal right to not sale you information to third parties without your consent each and every time
I am ordering something to be delivered. An educational  App need to k ow state standards not physical  Location
information as to why and how it would use the info
If the situation needs my physical location such as weather or delivery
Giving permission and an actual beer such as shipping and delivery
anytime.
If it’s using that location to send me something or download correct information.
Data should be private.
Not much
They need to make sure you are safe with yourself
Only if I’m ok with it. Period.
Delivery the goods
It needs to be useful to me. If not why does it need it.
My explicit consent
i is a time to get to work with me today and
When I decide it’s necessary to provide it
Yes
if it ask
i don’t know
No comment
When they are trying to locate u
if I ordered something and it will be sent to my home
It to ask if I approve.
ask permission
It must have my permission to do so.
None
Only when I put in my address and then only that time
My insurance
For me to allow it
For u to give access to ur location
ask permission before accessing location
In the danger
If I am confident the website is secure and I only need to share my location one time
Thank you so much
Never ok
Nothing
Nothing it’s not ok
it needs to have privacy for customers
None
Have an account with them and only if you give permission
n/a
good
Has to be a need
be trustworthy. have a good reason to need it.
only when I’m on it
Expressed written permission
Not if it’s require to function properly, such as a navigation or weather app
Ask to allow
Backed by somthing
None
Trust for Privacy!
Ordering to your residence
N/a
Consent
No
it has to go through rigorous regulations
bgtv
Jjjuh
If I need to provide it
None
Only when knowing directly helps me and does not hurt me
Livd
it needs to be necessary for the app to function properly.
Comedic hey I don’t
It is only ok when I am fully aware that it is tracking me. If I don’t feel comfortable, I should have the right to deny it’s access
nothing
Ask permission/send alert
O
never
Have a proven account on the site.
great
Need for accuracy
If given permission
They need to be transparent and offer rewards or compensation
Tell me exactly what they do with the info.
No
j
Ok
To give permission or allow to know your location
not sure
No
Yes it’s good
need to be asked permission
They have good reviews.
NA
XXX
For a contract to be put in place so the person knows what is happening.
Sometimes good to know
The email email I sent you
n
I make purchase
if delivering purchase
Allow notifications should be on
none
Background security check
Depends on how useful it is for me
good safety measures and the location is actually needed and not there for some other reason
notbkng
nothing
Allow me to approve it
when consent for knowing location has been made
privacy is needed
To get deals and information around where you are to serve the apps purpose
They ask
They need to
it has to be necessary
If it needs to be on
all information is encrypted and private
uddiuejrri
It needs to ask for permission, and there needs to be a good reason to need the location
not sure
not sure
if they ask
If the location is pertinent to website purpose, ie delivery of goods and/or services, billing for goods or services provided
Give me accurate information about themselves.
.
never
good
When it asks my permission
Full disclosure
yes
maps
Good
safety
when they are given permission
when it is necessary for it to know my location such as ordering something to be delivered.
bing. curgle
No freezing up
When they need to in order to complete a request
no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no
yuhfddc
only when using app
that they ask previously or for a purpose
I need to want to visit the site and trust it enough to even go on it or download it in the case of an app and then it’s ok
When I specifically grant permission
when it has permission
When im ordering something for delivery
Nbfr
request my permission, only remember 1 time OR when in use
Only if is ok’d by me
never
Never
permission
Where the information requested is vital to the completion of the task.
An item being delivered to my home
You enter is and save it
Ordering something that will be delivered or when I need something from a certain store
This is only OK if the website is a hospital or anything that can be of emergency resources.
To have a better app
If it will help with the website or apps performance and will benefit my experience on the website or app
No jn
When you are doing something that you location is need for example buying stuff online.
when you have an account
there is no reason for a website to know my location
if we allow it
Ddm
It’s important for use of the app.
if I give permission
Ask for permission
it must ask every time first
ask permission first
Just monomial
ok
if the service depends on my location
Right to forget
I give specific permission based on value I see and then it forgets it until I give permission again
I need to give consent in some way, all my devices block any attempts to get location access by default so I already have this ability. However I see it as a red flag if a non location-based app (like a video app) asks for my location at ALL.
Gio
With permission, when it related to location need around you, and when settings are preset
maps
profits
Google
Great
it has to have some sort of use or security associated with the use of that information
it needs to ask permission first and to give a valid reason for needing it that relates to the site or app.
it needs a good reason related to the service it is providing.
To know my personal information is not being sold to analytical companies.
Needed to know for transaction
Just make sure the app is trusted with that information
a pop up and request for permission
limited time only
Explicit permission.
If I’m shopping, getting something delivered, looking up local news, events, stores. Social media
To be when something is being sent to me
never. the consumer can just put the address
Trusted site mostly
When you are picking something up.
Hdhd
I’m not sure
Tge website or mobile app needs to have a real reason to know my address that is tied directly with what the service does (like a shipping address). The website or app should not remember my location without asking and I allow it. The app or website should really have an actual need for my location for purposes other than ads, collecting personal data, etc.
must be important and not sketchy
permission
nothing.
Security
I can trust them
Honestly, only map apps and similar need your location.
It’s only ok if my data is secured
when I turn it on and enter it.
it needs to ask permission first.
Hehe
Jenner rjjrnr torment rRNA rant r tntnr. T band f f f f
The user needs to trust that the website/app needs to know the users location in order to function as intended.
Only needed when something is being physically delivered to the house.
when u approve the app
Only one time
Ask for permission
Dmsmskakanamamwkwmwmsosjsnsnskwmwn never
not acceptable
Gg
exactly
When it’s a service provided or the information/ laws / product change per state or exact location. (I.e looking for a product at a store that might be out of stock at another location)
When I give it permission, and only when I am using the app.
Ask permission
Keep it privacy
Good
the app needs to ask and be given permission to access that information
privacy check
Never for a website and for apps only when it is absolutely necessary like for weather apps
The need of requiring your location needs to make sense- like things that involve shipping require addresses, but e-commerce and educational apps don’t need to know your exact address
None
You Need To Fill Out A From For Them To Know Your Physical Location.
Consent
very good
it needs to ask permission
I have to give permission
If I am purchasing goods and need in delivered to my location
only of it is necessary for the function of the app or website
just ask
When it is absolutely necessary, like for mailing
Location-based reason should be provided. Transparency.
must be a trusted source
when it is needed like weather or food but only at the moment im using the site or app
Not to track all the time and then spam with emails or phone calls.
When i say so
Google
Ok.
None
I need to be asked
It’s only ok when you are aware of then tracking your location and you approve them doing so
looking for stores near me
.
permission asked. when location is needed for the service
Dbdnsnshsgx d d dbdbdbdhd
ok
If there is anything beneficial for the user (convenience, curated content relevant to location, etc)
Only ok if delivering to my location
If you approved it and understand what it’s doing by hitting accept giving it permission to know where you are..
Allowed access
hahaha
permission
Security
if it’s safe
For it to ask permission and only allow it when I’m using the app/site
Me to give permission
Maps and delivery services
I need to give consent beforehand and know exactly how descriptive their location details are.
When something is being delivered to me.
I’m ordering something
My permission
make sure that the user agrees first
Safety stuff
When the service offered need the locational data to be effective
none
If they absolutely need it like let’s at Amazon they need your location so they can deliver their product. Also a tennis tournament website they need to know your address to find local tennis tournaments near you.
If my location is germane to what we are doing.
I dont believe an app should ever use your location.
Permission
If they are a trustworthy, first party brand.
deliveries
extra security
if it is delivering something to me or showing me weather traffic or local news
gps
amazing
Ok let
If my location is absolutely needed to provide a service
It would have to be a delivery service
No
ask first
it needs to ask and I will say yes or no on a case by case basis if I agree with the need at that point.
If it has something to do with the location such as weather or directions or when it’s a shopping site.
needs to ask permission
need to know
Yes
Consent to give location first before pinpointing our location.
Nothing. It will never be acceptable
For delivery only.
Is it really necessary
Just agree to it, only needed if it’s pertinent to what you’re trying to do
Opt in
iyes
It’s not ok
I’m not sure

Protect my info

Appendix G: Open Ended Responses from scenarios 3-6

Let’s say you have an account on a MOBILE APP, and the app appears to know your physical location. Is this OK? 

Maybe (please Respond) 

 If I know I’ve put my info in or have agreed to them knowing my location  Only when asked  If they’ve disclosed clearly that is a condition of use, it’s acceptable 

Depends on the app and purpose of locating  Depends on what it is using it for 

if is being used to track my miles when running can be acceptable when in used and allowed p 

Okay for directions app while it’s being used   Depends on privacy policy and trustworthiness. 

You’re on the go so it makes a little more sense. But I could be on my phone at home so it wouldn’t make a difference in that way 

 If it is for gps/directions 

If asked  When I give explicit permission. 

Same answer as the previous question 

if it requested and was given permission previously 

Same as above 

if you allow your location to be known  shopping apps, yes. streaming apps, I understand. 

If i have allowed it to know my location. 

Same answer as above it depends on whether I have a reason for wanting or needing the app to know my location.  if you entered your location its ok 

For apps that need my location but it should ask first every time 

Depends on if I agreed to that 

Still depends on why it needs it and what it’s using it for. 

Yes

Weather app is fine others I don’t know 

maps 

 If I let it 

If I have granted permission 

If u allow access 

depends 

depends on if location is necessary for the app to work. 

Depends on how useful it is for me  depends on what the app is used for 

Only if I allow 

If I allowed it 

if i allow it 

If I have given permission 

only if I allow it 

Na

only ok if I have previously given location permissions 

Same as above 

If it’s like social media and we want to post where we are, insurances that want to know how we drive, app that track miles to get rewards, or a game like Pokémon go. 

if I allow it 

If it’s necessary in order to use the app. 

again, if I think it is okay then it is okay. if I dont give permission it is annoying  if I gave it permission in the sign up process 

only if I’ve specifically let them know my location. 

Only if I gave explicit permission 

depends on if its a food app or rewards app like this 

You obviously want your GPS to know your location, but that’s more information than some random app needs. 

If I have allowed to app to know my location 

if u set the setting for it 

only if I gave the app permission 

Ok 

It depends on why I am using that website 

Permission based 

Convenient but not preferred. 

if I give it permission 

If I have allowed it 

If I have enabled location services in the app that is fine, and usually I select only when I use the app is running GPS/location OK  Depends on whether I have given them permission to know.  Helpful for map locations 

Depends on the app, okay for apps that requires location for proper service such as google maps. Not okay for apps that has no business in knowing my location such as offline games 

If I have them permission 

if it needs my location like amazon or a weather app  Depends on purpose of app  For my weather apps yes but the majority of apps do not need to know your location.  needs to ask permission  tracking….why  If you agree to it  If you opt in  

You download a new mobile app and before you create an account, it appears to know your physical location. Is this acceptable?

Maybe (please specify)

please see 1st answer 

Depends on privacy policy and trustworthiness. 

if you allow your location to be known 

Same reason as above 

I trust them 

Depends on how useful it is for me 

If site is for travel or location of goods  or services 

If I gave it permission 

if it asked permission first 

Depends on location settings 

Permission based 

Because it’s going off the actual computer 

General location ok 

needs to ask permission  

You download a new mobile app and before you create an account, it appears to know your physical location. Is this acceptable?

Maybe (please specify)

please see 1st answer 

Depends on privacy policy and trustworthiness. 

if you allow your location to be known

Same reason as above 

I trust them 

Depends on how useful it is for me 

If site is for travel or location of goods  or services

If I gave it permission 

if it asked permission first 

Depends on location settings 

Permission based 

Because it’s going off the actual computer General location ok 

needs to ask permission  

You visit a website for the first time and before you create an account, it appears to know your physical location. Is this acceptable?

Maybe (please specify)

If they’ve disclosed clearly that is a condition of use, and it confirms it will no longer track, if I opt out of it , then it’s acceptable 

Depends on privacy policy and trustworthiness. 

Thats scary 

If there is a opt-out selection 

if it requested and was given permission previously 

if you allow your location to be known 

I f you were asked permission 

Depends how or why I’m looking at that app but let’s face it iPhone is always located  by apple products  

Access 

Depends on how useful it is for me 

If site is for travel directions. or location of services 

 Na 

 did it ask for permission first? 

 Depends on my risk exposure. If it’s an US entity, I probably don’t care. 

 Permission based 

 If allowed 

 depends on the kind of app 

 if it uses the ip area…maybe….some other way sounds intrusive  if it uses the ip area…maybe….some other way sounds intrusive 

Footnotes: See “Flash Guide #2: What is the Me2B Respectful Tech Specification?”  https://me2ba.org/flash-guide-2-what-is-the-me2b-respectful-tech-specification/ See Definitions in Appendix A See “Flash Guide #1: What is the Me2B Alliance: A Safety Standard for the Internet”,  https://me2ba.org/what-is-the-me2b-alliance-a-safety-standard-for-the-internet/ See “Flash Guide #2: What is the Me2B Respectful Tech Specification?”  https://me2ba.org/flash-guide-2-what-is-the-me2b-respectful-tech-specification/ See “Flash Guide #8: Digital Me2B Commitments and Deals”, https://me2ba.org/flash-guide-8-digital-me2b-commitments-deals/ See “Flash Guide #9: The 10 Attributes of Respectful Me2B Commitments”, https://me2ba.org/flash-guide-9-the-10-attributes-of-respectful-me2b-commitments/ for more information on the attributes of respectful Me2B commitments. See: https://search.carrot2.org/#/workbench LeVasseur, L., Edwards, Z., & Alexanyan, K. (May 4, 2021). “Me2B Alliance Spotlight Report #1: Me2B Alliance Product Testing Report: School Mobile Apps Student Data Sharing Behavior.” https://me2ba.org/school-mobile-apps-student-data-sharing-behavior/ This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/4.0/

DIF Blog

🚀DIF Monthly #23

The November 2021 round of updates from DIF: Stay on top of developments at our Working Groups, news from our members, events and much more.
Table of contents Foundation News; 2. Group Updates; 3. Member Updates; 4. Funding; 5. DIF Media; 6. Members; 7. events; 8. Jobs; 9. Metrics; 10. Join DIF 🚀 Foundation News DIF Comms ToIP & DIF published a Joint Public Statement of Support for Decentralized Identifiers (DIDs) v1.0 specification becoming a W3C Standard Weekly open Comms calls (see DIF Calendar) continue to be a great venue for generating ideas and collecting feedback from our members. All are welcome, so do drop in! 🛠️ Group Updates ☂️ InterOp WG (cross-community) Ongoing focus: Information accessibility and collection Information accessibility: How to better structure information, such as the "faq" and the meeting notes for both members and external readers? Information collection: How do we make it easier to contribute and encourage better editing, is this needed? How to best surface pages/examples? Debate about whether to use github for WG notes David, Chris, Balazs, Juan and Snorre to meet for a tooling meeting 19th Aug to discuss and painpoints related to documentation efforts and WG info presentation (open to all membership). Business models and self-sovereignty problems (report-out from IIW mini-conference) Win-win-win solutions and multi-sided marketplaces Interop problems & business model problems: how to move around credentials Meeting time change discussion - poll to be run soon Consult with Asian working group specifically to gauge demand/interest in joining the interop call 💡 Identifiers & Discovery Universal Resolver Work Item calls have come to an end, work will continue at the main I&D WG, Slack and GitHub - Blog article announcement 🛡️ Claims & Credentials Workitem Status: WACI-PEX Workitem Status: PE (Maintenance) + Credential Manifest Workitem Status: VC Marketplace DIF Grant : Blog post about JWS Test Suite - Status update on submissions, regular meeting time for test suite work item set at next meeting 🔓 DID Auth SIOP special calls have been making a steady progress, Following are notable changes introduced to a SIOP v2 spec Introduced DID Resolution method as part of RP Registration metadata section. When SIOP request is signed, RP’s client_id can be a DID and SIOP can obtain a key signing the request from RP’s DID Doc. The rest of the RP metadata must be obtained from a registration parameter in the SIOP request. Introduced Dynamic SIOP Discovery metadata option. When RP has pre-obtained SIOP’s issuer identifier, it can use OpenID Connect Discovery to obtain SIOP’s metadata, namely authorication_endpoint. When Dynamic discovery is used iss in the ID Token in SIOP response must be a SIOP issued identifier and NOT self-issued.me/v2 OIDC4VP specification has been stable with minimum changes. Work on a spec how to issue VCs using OpenID Connect (which has an option to use Credential Manifest) is also happening, so stay tuned! 📻 DID Comm 18 October 2021 Discussion of Potential DIDComm Users Group IIW Sessions Review Tour of DIDComm Libraries - Alex & Slava DIDComm Mythconceptions - Daniel Future of DIDComm -> IETF Movement (didn't happen) DIDComm Protocols - Sam Moving medical data over DIDComm - community member P2PLib & DIDComm - Oliver There is a general sense that the next version of DIDComm will be at IETF. But DIF can still remain the home of the DIDComm User's Group. The User's Group can become the focus for implementation help, maintain didcomm.org, and work on the Implementer's Guide. Pull Requests Issue Triage - pending close and needs discussion Tasks - PR Needed Issues 📦 Secure Data Storage Notes - EDV Dedicated Call Reviewed PRs; 151 Reviewed Issues; 37, 49, 5 🔧 KERI reorganization of the WG is in process proposal for new work items CESR or CESR-like encoding for cryptographic material compound data representations, events, attachment model, transport representation* authentic log/microledger structure and validation rules potential use-cases for KERI-like systems beyond identifiers did:keri method resolver/spec - ID working group? general structure of components to bring into a spec eventually proposal to do work elsewhere or depending on IETF work 🌱 Applied Crypto WG bbs signatures had biweekly meeting with some new attendees bof secure software supply chain made contact with counterparts in the OpenSSF (open secure software foundation) cbb data encoding boiling down requirements - why can't existing schemes do this? cbb service protocol discussions around requirements JSON Web Proof JWT is built as a layer above JWS JWP was originally thought of as a single layer, but now we're looking at a multi-signing layer, followed by a claims layer. designing it so that it can be used with ZKP pairing friendly curves, as well as single use presentations from traditional algorithms. revocation_methods_for_verifiable_credentials Collected 8 methods 3 additional methods w/o sufficient description Discussed the testcase including numbers Link to the google doc link where you can find the method list, the assessment setup and future results ✈️ Hospitality & Travel Discussion continues around customer journeys, and developing working models based on the existing use-cases identified by the group 🏦 Finance & Banking Presentations: 2nd Nov 2021
David Lutz - Advantage Digital Advisors & Kurtis Minder - GroupSense spoke on anticorrupion and cybercrime-fighting efforts, ransomware et al 21st Oct 2021
Tobias Halloran and Alex Tweedale - cheqd and their approach to SSI 7th Oct 2021
Pieterjan Uytterhoeven - Isabel Group discussed TruliUs, an SSI solution for businesses 🌏 APAC/ASEAN Open Call Discussion with ToIP continues about cohosting APAC calls in 2022 Group Chair & SC Member Catherine is moderating a panel on Strong Authentication Solutions at Identity Week Asia
Nov 16 – Nov 17 28 October Niall Dennehy of AID:Tech presented their approach to using DeFi to deliver international aid and cooperate with NGOs and Governments Affinidi schema Manager presentation: a tool to find and integrate schemas that are widely adopted or create a custom schema according to specific needs in JSON format 23 September Digital Identity Infrastructure: Myanmar & Zada.io Review of implemented COVIDPass, 10,000+ active members on Sovrin Mainnet 🌍 Africa Open Call 4 November
Presentation from Nairobi Decentralized Identity project Gravity postponed until Dec 2 🦄 Member Updates

- Affinidi

Explore and Build with Affinidi.
Affinidi presents a wealth of content for developers, from the basics of VCs, all the way through building an SSI-based app. Learn the fundamentals and pillars of Web 3.0 framework, build SSI-based applications using an SDK, attend events and webinars, and even get certified on SSI.
Sign up to Affinidi's developer portal here!

- DanubeTech

Markus Sabadello of Danube Tech has published a YouTube video statement titled "Big Dreams", as a comment on the DID Core formal objections at the W3C. It is an attempt to give a personal account of some memories that underlie the DID effort.

- Jolocom

Jolocom have recently published two blog articles articles on SSI Can we avoid a (SSI) Babel? – Interoperability Self Sovereign Identity ≠ Blockchain: Why you do not need a Blockchain for Self Sovereign Identities 💰 Funding

eSSIF-Lab

eSSIF-Lab has just launched its final Open Call! Calling SMEs, not-for-profit entities or research organizations developing SSI working solutions or open-source components Apply if you are: Developing a new SSI solution for the real-world Developing business-oriented extensions to the eSSIF-Lab basic infrastructure Calling SMEs, not-for-profit entities or research organizations developing SSI working solutions or open-source components There's €53K available for each proposal selected! APPLY here

NGI Open Calls (EU)

Funding is allocated to projects using short research cycles targeting the most promising ideas. Each of the selected projects pursues its own objectives, while the NGI RIAs provide the program logic and vision, technical support, coaching and mentoring, to ensure that projects contribute towards a significant advancement of research and innovation in the NGI initiative. The focus is on advanced concepts and technologies that link to relevant use cases, and that can have an impact on the market and society overall. Applications and services that innovate without a research component are not covered by this model. Varying amounts of funding.

Learn more here.

🖋️ DIF Media First DIF Grant Work Item has been completed JWS Test Suite has been finished by Orie Steele (Transmute) DIF Grants Program launched earlier this year and now, the work item awarded DIF's first grant in a collabration between DIF and Microsoft has been completed. Consideration for award of further grants is ongoing. If you have any ideas or questions, reach out to us directly! 🎈 Events & Promotions

Identity Week Asia
Tueesday, Nov 16 – Wednesday, Nov 17

APAC/Africa Group Chair & SC Member Catherine Nabbala is moderating a panel on Strong Authentication Solutions 17th Nov

Affinidi Webinar
Thursday, November 25th

As countries prepare to reopen their borders and businesses, digital credentials can ensure a safe travel experience for everyone involved. But what are the challenges that come with it? How can we continue to leverage these credentials beyond COVID?
Join the event here 💼 Jobs

Members of the Decentralized Identity Foundation are looking for:

Software Engineer - Decentralized Identity Foundation (DIF) Project Lead - Location: remote Software Engineer - Decentralized Identity Foundation (DIF) Project Lead - Location: remote/Flexible Community Manager - Location: Berlin, German-speaking Consultant (junior/senior) - Location: Berlin, German-speaking SDK Developer (midlevel/senior) - (Javascript, Typescript, NodeJS) - Location: Berlin Senior Backend Engineer - Location: Remote Senior Frontend Lead - Location: Remote

Check out the available positions here.

🔢 Metrics

Newsletter: 5k subscribers | 29% opening rate
Twitter: 4.931 followers | 14.2k impressions | 4k profile visits
Website: 22.46k unique visitors
Youtube: 200 unique visitors

In the last 30 days.

🆔 Join DIF!

If you would like to get involved with DIF's work, please join us and start contributing.

Can't get enough of DIF?
follow us on Twitter
join us on GitHub
subscribe on YouTube
read us on our blog
or read the archives

Got any feedback regarding the newsletter?
Please let us know - we are eager to improve

Monday, 15. November 2021

Trust over IP

Key Takeaways From The Linux Foundation Member Summit

What has been happening while we’ve been holed up at home? In this year’s LFMS, two themes stood out. The post Key Takeaways From The Linux Foundation Member Summit appeared first on Trust Over IP.

Author: Wenjing Chu, ToIP Steering Committee Member, LF Edge Governing Board Member, Sr. Director of Technology Strategy at Futurewei

The Linux Foundation Member Summit (LFMS) is an annual gathering I always look forward to because it offers organizations and open source community leaders an opportunity to cross domain boundaries and collaboratively manage our common investment in open source. We learn strategies from each other on how to face our biggest common challenges.

But of course, this year wasn’t like any other.

Covid-19 was the elephant in the room. Most of our partners outside of the U.S.—the EU, APAC, even Canada—could not join us in person. For most attendees—including me—this was their first in-person conference since the pandemic began (last year’s LFMS was cancelled at the last minute). But that also meant having the masks, the questionnaires, and yes, vaccine passes (unfortunately, not Good Health Pass compliant).

What has been happening while we’ve been holed up at home? In this year’s LFMS, two themes stood out:

The safety of open source software. Numerous high profile, high impact digital system vulnerabilities occupied news headlines in the last year. Software supply chain, especially open source supply chain security, is identified as by far the most urgent shared challenge in open source.  Countering the retreat from collaboration on open source and open standards. Whether caused by the spillover of international tensions into open source, or by the lack of personal interactions during the pandemic, either way we need to restore it. We need more collaboration, not less.

The relevance of ToIP is clear here: I would go so far as to say that the very center of the open source community’s collective attention is trust. This is true no matter whether it is in the fight against the pandemic in Public Health, the safety of open source software supply chain, FinTech, AgStack (agriculture), public education, green tech, open voice interfaces, or global collaboration in open source and standards.

In that vein, let me share takeaways from several ToIP community members who attended LFMS along with me:

Judith Fleenor, Director of Strategy Engagements, ToIP Foundation

“Listening to all the keynotes and speaking with other project leads, I feel there is so much synergy with the Trust Over IP dual stack interoperability design and what other Linux Foundation projects are working on. The hot topic on everyone’s mind is security and digital equality. Interest in creating a landscape of digital trust to help with the challenges the world is facing was high, whether that be in product supply chain, FinTech, AgTech, resource management, health credentials, enterprise identity and access management or software supply chain. The Trust Over IP dual stack has a place in all those ecosystems. I left feeling what we are doing at ToIP is more relevant and needed now than ever.”

Jim St. Clair, Executive Director, LF Public Health

“It’s exciting to be able to leverage the groundbreaking work we’ve done in ToIP to develop the ‘trust stack’ to apply that to a broad range of open source health solutions, enabling new ways to incorporate privacy and consent into healthcare delivery. This is especially applicable in LMIC (low and middle income) countries, where digital identity offers a new mechanism for patient identification and delivering health benefits while protecting privacy and self-sovereign identity”.

Michael Nettles, Senior Vice President for the Policy, Evaluation and Research Center of ETS; ToIP Steering Committee Member

“The promise of making high quality educational content available and accessible offers the greatest prospect for addressing the national and global challenges of teaching, learning, assessment and recognition. In my inaugural 2021 Linux Foundation summit, I appreciated the opportunity to hear, visit with and learn from new and emerging colleagues and friends from around the globe, about the vast opportunity and potential offered by an expanding open source culture and society, and challenges of identity, security, financial sustainability and the ongoing need for invention.

The summit was abound with evidence of the benefit of collaboration across industries for addressing common technology, human and content challenges, and also how greater access to knowledge and exposure is leading to expansion of opportunities for learning, invention and commerce. I am looking forward to applying these lessons at the intersection of education and public policy and broadening working to expand the audience of participants.”

Kaliya Young, Ecosystems Director, Covid Credentials Initiative;
Chair, ToIP Good Health Pass Interoperability Working Group

“In 2004, I went to my first Open Source Convention (OSCON) to promote and represent Identity Commons. I think it was there that I met Brian Belendorf for the first time – I went for many years after that. Being at the LF celebration felt like ‘OSCON for grown-ups’. Many of the people I had first met there were also in Napa last week.  The session that I found most interesting were asking about how the open source side of LF and the newly brought in open standards JDF part played well together and about the governance and leadership of process in the foundations communities. ”

This year is the 30th anniversary of Linux (the operating system), and of course the Linux Foundation organized a celebration to mark the occasion. It is also a time for reflection (Confucius says, 三十而立). If we compare today’s technology landscape with that of 1991, we’d agree that technology has marched forward at a remarkable pace for the benefit of humanity. In LF Executive Director Jim Zemlin’s words (my rephrasing, sorry), the easy problems have all been tackled in the last 30 years—only the hard ones remain. I believe one of the hardest remaining nuts to crack is a general purpose trust infrastructure for the Internet. That is our mission at the ToIP community. So my biggest takeaway from LFMS was: let’s get on with it!

The post Key Takeaways From The Linux Foundation Member Summit appeared first on Trust Over IP.


Kantara Initiative

Introducing Kantara’s Working Group for Privacy Enhancing Mobile Credentials

When a group of 31 Pennsylvania state residents were asked where they use their state driver’s license, the responses included: • Visiting a notary who does not know me personally for a paper-based transaction.• Cashing a check at a grocery store.• Checking in at the airport with luggage• Checking in for the COVID and flu vaccines• Picking up a package at FedEx or Post Office• Buying tobacco or al

When a group of 31 Pennsylvania state residents were asked where they use their state driver’s license, the responses included: • Visiting a notary who does not know me personally for a paper-based transaction.• Cashing a check at a grocery store.• Checking in at the airport with luggage• Checking in for the COVID and flu vaccines• Picking up a package at FedEx or Post Office• Buying tobacco or alcohol products• Purchasing prescriptions including some cold/allergy medicines• Applying for a fishing or hunting license• Obtaining or renewing a library card (to prove that I still live in the township) Clearly the…

The post Introducing Kantara’s Working Group for Privacy Enhancing Mobile Credentials appeared first on Kantara Initiative.

Friday, 12. November 2021

Trust over IP

ToIP Releases Additional Tools for Governance and Trust Assurance in Digital Trust Ecosystems

Following the September announcement of its first tools for managing risk in digital trust ecosystems, today the ToIP Foundation announced three more pairs of tools to assist in the task... The post ToIP Releases Additional Tools for Governance and Trust Assurance in Digital Trust Ecosystems appeared first on Trust Over IP.

Following the September announcement of its first tools for managing risk in digital trust ecosystems, today the ToIP Foundation announced three more pairs of tools to assist in the task of generating digital governance and trust assurance schemes:

The ToIP Governance Framework Matrix and Companion Guide. The ToIP Trust Assurance and Certification Template and Companion Guide. The ToIP Trust Criteria Matrix Template and Companion Guide.

“These three new tools—each with its accompanying Companion Guide—are explicitly designed to simplify and streamline the process of developing robust governance for any digital trust community building on ToIP infrastructure,” said Scott Perry, co-chair of the ToIP Governance Stack Working Group (GSWG) and a certified WebTrust auditor. “They can help turn a job that often takes years into one that takes weeks or months.”

The physical credentials we use today, such as credit card and driver’s licenses, have governance frameworks and trust assurance schemes built by governments and industry associations over many years. Now we are moving to digital credentials verified using cryptography, we need to make the process of adapting these existing governance frameworks—or creating new ones explicitly tailored for digital life—much easier and faster.

“Governance is both simple and complex. Everyone has their own ideas of what Governance is and should be. The complexity comes when multiple parties need to agree on what it is and should be,” said Savita Farooqui, GSWG member and primary author of the Governance Framework Matrix. “The Governance Framework Matrix divides the problem in small chunks and provides a flexible framework to define governance and seek agreements.”

The Governance Framework Matrix is a recipe for setting the process of governance in motion.  Without a starter set of governance topics to drive discussion and consensus, governing bodies stall in its formation.

The Trust Assurance Companion Guide explains in detail, in plain language, how accountability is generated from community participation in a governance framework.

“The Trust Assurance Template and Companion Guide is akin to the ‘Cliff Notes of Accountability’,” said Drummond Reed, GSWG co-chair. “When you combine it with the Trust Criteria Matrix, it means you don’t need to be a cybersecurity audit professional to grasp what is needed to meet the accountability requirements of your digital trust ecosystem.”

The post ToIP Releases Additional Tools for Governance and Trust Assurance in Digital Trust Ecosystems appeared first on Trust Over IP.


Own Your Data Weekly Digest

MyData Weekly Digest for November 12th, 2021

Read in this week's digest about: 22 posts
Read in this week's digest about: 22 posts

Thursday, 11. November 2021

Me2B Alliance

Do you know where your data is?

When we first began the Me2B Alliance, our central thesis was that technology was unknowable by everyday people. And we held, perhaps, a tacit corollary that industry abused and exploited the natural opacity and unknowability of technology. What we’ve learned, however, over the course of creating our yardstick to measure the behavior of technology, and applying th

When we first began the Me2B Alliance, our central thesis was that technology was unknowable by everyday people. And we held, perhaps, a tacit corollary that industry abused and exploited the natural opacity and unknowability of technology. What we’ve learned, however, over the course of creating our yardstick to measure the behavior of technology, and applying that yardstick to websites and apps, is that there is an appreciable amount of “unknowability” on the part of technology makers as well.

This is primarily due to the way technology is built nowadays, with extensive use of external software components. It’s easy, fast and widely available. Software development is no longer so much about creating from scratch as it is about integrating third party pieces. And why not reuse? Why recreate the wheel if there’s a truly excellent wheel that you can readily use?

The problem is that when you do that, you bring in all of the bad behaviors and data processors (third parties) that may be in that external software. What we are finding is that, because of how you create things like websites and how easy and frictionless it is to integrate third-party components, businesses don’t know what’s happening two-, three-, four-levels removed in these third-party components that include other third-party components, and so on—in a nearly fractal pattern. Ultimately, this makes technology equally unknowable to the makers of technology like websites and mobile apps.

This was a revelation to us. While we did anticipate this going into our work, we didn’t appreciate just how opaque the software supply chain has become to makers of technology. What we’ve learned through the testing we’ve been doing for the past 18 months, is that we’re not only demystifying the behavior of technology for users of technology, but also for the makers of technology.

And because of this awareness, we’re launching a new meme in the spirit of this old PSA from the 1960s-80s, updated to this more current question:

It’s 10 o’clock. Do you know where your data is?

We realize how well this question applies to not just Me-s but also B-s.

If you’re a B and want to know where your data is, contact us for a Data Supply Audit or Pre-Certification Audit. If you’re a Me, check out our Library to educate yourself about data in the digital world.

So we’re excited to launch this as a recurring theme, and we hope you take it to heart, whether you’re a Me or a B. If you’re of the age to remember the original campaign, we hope our renewal sparks delight, as we pay respect to the original PSA through adopting a similar look and feel. You can help us get this message out by sharing our posts on LinkedIn and Twitter!


OpenID

Third Implementer’s Draft of OpenID Connect Federation Specification Approved

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft: OpenID Connect Federation 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the third Implementer’s Draft of this specification. This specification is a product of the OpenID Connect […]

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft:

OpenID Connect Federation 1.0

An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the third Implementer’s Draft of this specification. This specification is a product of the OpenID Connect Working group.

The Third Implementer’s Draft is available at:

https://openid.net/specs/openid-connect-federation-1_0-ID3.html

The voting results were:

Approve – 62 votes Object – 0 votes Abstain – 13 votes

Total votes: 75 (out of 308 members = 24% > 20% quorum requirement)

— Michael B. Jones – OpenID Foundation Board Secretary

The post Third Implementer’s Draft of OpenID Connect Federation Specification Approved first appeared on OpenID.

Third Implementer’s Draft of OpenID Connect for Identity Assurance Specification Approved

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft: OpenID Connect for Identity Assurance 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the third Implementer’s Draft of this specification. This specification is a product of the […] T

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft:

OpenID Connect for Identity Assurance 1.0

An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the third Implementer’s Draft of this specification. This specification is a product of the eKYC and Identity Assurance Working group.

The Implementer’s Draft is available at:

https://openid.net/specs/openid-connect-4-identity-assurance-1_0-ID3.html

The voting results were:

Approve – 70 votes Object – 0 votes Abstain – 4 votes

Total votes: 74 (out of 308 members = 24% > 20% quorum requirement)

— Michael B. Jones – OpenID Foundation Board Secretary

The post Third Implementer’s Draft of OpenID Connect for Identity Assurance Specification Approved first appeared on OpenID.

Wednesday, 10. November 2021

GLEIF

\#5 in the Financial Inclusion Interview Series – Concluding Remarks from GLEIF CEO, Stephan Wolf

As we’ve heard from our partners throughout this interview series, the launch of GLEIF’s digital business identity initiative in Africa has been a success for all involved. It is, however just the start. It has been a model showcase for how small and medium-sized enterprises (SMEs) across the world can gain ‘financial inclusion’ through Legal Entity Identifiers (LEIs). The World Bank’s definition

As we’ve heard from our partners throughout this interview series, the launch of GLEIF’s digital business identity initiative in Africa has been a success for all involved. It is, however just the start. It has been a model showcase for how small and medium-sized enterprises (SMEs) across the world can gain ‘financial inclusion’ through Legal Entity Identifiers (LEIs). The World Bank’s definition of financial inclusion for businesses is that they ‘have access to useful and affordable financial products and services that meet their needs – transactions, payments, savings, credit and insurance – delivered in a responsible and sustainable way’.

While financial inclusion for SMEs across the world is a desirable end goal in its own right, it is also important to recognize that the impact of this initiative – when it is rolled out more broadly across multiple emerging markets – will go far beyond the SMEs and financial institutions involved. It has the potential to positively impact the broader economy by significantly strengthening the global supply chain. Let me explain how these two concepts are linked.

The lack of a universal identity prevents SME growth and overseas trade

SMEs make up 90% of businesses globally. However, without legal credibility or a way to officially prove their identity across borders, many of these businesses struggle to access finance, form partnerships or trade overseas – particularly for those in developing markets where a higher risk factor may be perceived. Banks are prohibited from offering them trade finance without undergoing painstaking and costly Know Your Customer and Anti-Money Laundering checks – processes which are hampered without a verified identifier. As a result, the gap between the demand and supply of global trade finance is growing and has now reached $1.7 trillion following a 15% rise since 2018.

The launch of the business identity initiative has illustrated this problem with a focus on Africa. However, it’s important to remember that this is a global challenge faced by SMEs and banks all over the world. And as a result, countless SMEs are prevented from engaging within the global supply chain – whether that is because they can’t invest, scale, or form the necessary partnerships – due to one simple factor. An inability to prove who they are.

The LEI supports expansion of global supply chains and traceability of suppliers

As we’ve seen in Africa, a profusion of benefits arise when financial institutions facilitate the issuance of LEIs to SMEs by becoming Validation Agents. Which is why financial institutions should now be motivated and encouraged to use this model to deliver a globally recognized identity to their SME customers. Not only will it give SMEs broader access to financial services – a clear benefit to banks – but it has the wider impact of enabling SMEs to apply for trade finance and establish contractual, regulated agreements with banks, payments networks and trading partners. The result will be greater participation in domestic and international markets and a bolstered flow of inbound capital, which can then be used to further fuel the market’s economic development.

Imagine a world where millions more SMEs were able to scale and trade, with trust, internationally. How many more – both in terms of volume and diversity – products and services would be available to us all through the global supply chain, and what would the impact of increased competition be on service and price? It’s an aspirational thought and one which lies within reach. By opening up cross-border trading opportunities to more SMEs, the LEI can be seen as a critical – and immediately available – tool in the drive to create a much broader and more competitive supply chain for businesses worldwide. Additionally, using a global open identifier would help bring transparency to supply chain relationships – a critical component of sustainable supply chain monitoring and reporting.

What’s needs to happen next?

All change has to start somewhere – and the success of the first iteration of GLEIF’s digital business identity initiative in Africa shows what great potential lies ahead for the global supply chain and subsequently the world’s economy if financial institutions across more countries take up the reins and drive it forward.

The result of greater financial inclusion among SMEs will be a strong, more diverse, transparent and competitive global supply chain ecosystem. Consequently, we could expect to see the positive impact – financial growth and prosperity – across all types of companies across all regions of the world.

Now that the initaitive has been set in motion, GLEIF invites more financial institutions to explore the benefits of becoming a Validation Agent to support – and derive the benefits from – broader financial inclusion among SMEs. GLEIF continues to seek dialogue with governments, NGOs, banks and other stakeholders interested in either expanding the LEI initiative across Africa or in replicating the model in other developing countries. We’re here to help.


Me2B Alliance

Me2BA provides human-centered recommendations to the California Privacy Protection Agency

The California Privacy Rights Act of 2020 (“CPRA”) established the California Privacy Protection Agency (“CPPA”). The CPPA has full administrative power and authority to implement the CCPA and CPRA, which basically means that the CPPA will be in charge of updating regulations and adopting new regulations, while enforcement of these regulations will be done by both the CPPA and the Attorney General’

The California Privacy Rights Act of 2020 (“CPRA”) established the California Privacy Protection Agency (“CPPA”). The CPPA has full administrative power and authority to implement the CCPA and CPRA, which basically means that the CPPA will be in charge of updating regulations and adopting new regulations, while enforcement of these regulations will be done by both the CPPA and the Attorney General’s office. 

Me2BA appreciates the CPPA’s initiative and acknowledges the difficult path ahead for this new agency. When the CPPA published an invitation for preliminary comments on their proposed rulemaking the Me2BA jumped into action. Overall, we were pleased to see the breadth of topics covered in the CPPA’s initial batch of questions.  

Our feedback centered around key themes such as: 

Improving the labeling of websites and mobile apps to better disclose potential harms and risks,  Addressing the complexities of auditing, offering suggestions based on our experiences in both establishing objective measurement criteria and performing audits,  Ensuring alignment with global terminology and industry standards,  Underscoring the importance of the Me2B relationship and lifecycle as context in evaluating the behavior of technology, particularly as it relates to identification of users. 

Me2BA was happy to have an opportunity to share our knowledge and experience in product testing with policymakers. Our response was nearly 14 pages long and really only scratched the surface of many of the complicated areas raised by the CPPA.  

We will continue to lend our support in the hope that it will encourage the adoption of practices that will lead to a safe and just digital world. 

READ RECOMMENDATIONS

Tuesday, 09. November 2021

Elastos Foundation

Trinity Tech Releases Hive Node Upgrade v2.4.1

...

EdgeSecure

Dr. Forough Ghahramani Joins the Eastern Regional Network (ERN) Steering Committee

The post Dr. Forough Ghahramani Joins the Eastern Regional Network (ERN) Steering Committee appeared first on NJEdge Inc.

Newark, NJ, November 8, 2021 – Edge is pleased to announce that Associate Vice President for Research, Innovation, and Sponsored Programs, Dr. Forough Ghahramani, has joined the Eastern Regional Network (ERN) Steering Committee–the governing body that leads the effort in supporting a vision to simplify and enable multi-campus data and computation enabled collaborations among academic institutions of all types and sizes to advance the frontiers of research, pedagogy, innovation, workforce development, and broadening the participation of under-resourced institutions and under-represented groups. In response to being invited to join the Steering Committee, Forough stated, “It is an honor to join the Eastern Regional Network steering committee. I look forward to working with this group of distinguished experts to help to advance the vision and mission of the ERN, leveraging the special relationship between researchers and the people who build and support research cyberinfrastructure in the region that it serves. Participation in the ERN is synergistic with my role, as the chief advocate for research at Edge, with a focus on gaining a better understanding of the advanced computing needs, requirements, and outreach for broadening the reach and impact to best support the research community, from the R1’s through to the smaller-less resourced institutions.” 

The ERN was formed in 2017 by a small group of universities and regional network providers who believed in the vision and are committed to providing layered and transparent access to shared data, research computing, edge testbeds, research instruments, and other core facilities to address the growing need for a distributed federated environment designed to simplify, support, and encourage collaborative science, scholarship, and education. Currently there are over 28 colleges and universities from across the region directly involved with ERN activities.

“It is an honor to join the Eastern Regional Network steering committee. I look forward to working with this group of distinguished experts to help to advance the vision and mission of the ERN, leveraging the special relationship between researchers and the people who build and support research cyberinfrastructure in the region that it serves. ” — Dr. Forough Ghahramani

Noted Steering Committee member Dr. Barr von Oehsen, Associate Vice President, Office of Advanced Research Computing, Rutgers University, “Current Steering Committee members unanimously agreed that having Forough’s input and perspective on the future directions of the ERN would be an asset due to the impressive work she has done with leading the ERN Broadening the Reach and Diversity, Equity, and Inclusion efforts.” Echoed Dr. Samuel Conn, President and Chief Executive Officer, Edge, “Forough’s passion for and commitment to the research community across the region made her a natural addition to the esteemed roster of members that comprise the Steering Committee.” 

To learn more about the Eastern Regional Network, visit www.ernrp.org/about.

The post Dr. Forough Ghahramani Joins the Eastern Regional Network (ERN) Steering Committee appeared first on NJEdge Inc.


CU Ledger

CREDIT UNION DIGITAL IDENTITY PROVIDER BONIFII ANNOUNCES NEW PARTNERSHIP WITH FINCLUSIVE

FinClusive’s AML/KYC capabilities create verified identity credentials that will be incorporated into MemberPass – Bonifii’s digital identity solution for Credit Unions       Through this partnership, U.S. Credit Union members can now establish and maintain verifiable digital identities that enable safe, secure, and touchless experiences for many credit union services NOVEMBER 9, 20

FinClusive’s AML/KYC capabilities create verified identity credentials that will be incorporated into MemberPass – Bonifii’s digital identity solution for Credit Unions

 

 

 

Through this partnership, U.S. Credit Union members can now establish and maintain verifiable digital identities that enable safe, secure, and touchless experiences for many credit union services

NOVEMBER 9, 2021 – Bonifii, the first verifiable exchange network designed to enable peer-to-peer services networking for financial cooperatives, and FinClusive, a hybrid fintech/regtech platform that provides comprehensive compliance as a service (CaaS) and identity verification services through global Know Your Customer (KYC)/Know Your Business (KYB), today announced a formal partnership. The two companies will work cooperatively to provide a fully compliant multilateral identity verification solution for credit unions that will bring safer and more secure experiences to their members.

Through this partnership, FinClusive’s Anti-Money Laundering (AML)/KYC capabilities will now be integrated with Bonifii’s MemberPass. This integration enables individual and small business credit union members to establish verifiable digital identities backed by a client’s essential financial crimes compliance (FCC) information. Protected by the latest cryptographic technology, these identities provide due diligence verification for global financial crimes compliance standards and maintain the privacy of sensitive personal or business information and credit union members’ personal- or entity-identifying information (PII/EII).

Furthermore, this integration meets the need for more remote identification solutions in increasingly remote work environments by providing a “touchless” member experience. This enables digital onboarding and supports a shared service across participating credit unions.

These efforts will also go a long way to support inclusive banking efforts by providing a secure, compliance-backed gateway that enables privacy and sustainable financial services access in tandem. Sustainable financial inclusion-for individuals, households, and organizations requires modernized digital identity and compliance solutions to make engagement seamless in an increasingly digitized financial services environment. These capabilities will bring about much-needed modernization to financial cooperatives.

Ultimately, this will strengthen and secure the KYC/KYB onboarding process and enable member portability with a verifiable digital compliance credential utility as more credit unions participate. FinClusive’s CaaS platform can also provide legal entities additional credence by assigning a globally recognized legal entity identifier (LEI) backed by compliance credentials; LEIs are increasingly recognized by global financial services regulators and institutions as the standard for KYB verification. FinClusive and Bonifii’s latest solution is available at all US credit unions currently in the MemberPass network.

Bonifii and FinClusive are also both members of the Indicio Network’s Node Operator Consortium, a professionally-supported enterprise-grade global network designed to support trusted data ecosystems using verifiable digital credentials.

“The addition of FinClusive into the MemberPass verification network strengthens and extends the secure, privacy preserving, and touchless verification experiences that all credit union members are looking for today,” said John Ainsworth, Chief Executive Officer at Bonifii. “In leveraging FinClusive’s Compliance-as-a-service stack, Bonifii is able to provide credit unions and their members a digital identity credential that is continually monitored for legitimacy and financial crimes, ensures essential screens and background checks are up to date and protects users’ privacy. This will allow members to have a faster and safer experience with their credit union service. It also protects credit unions from fraud and identity theft.”

Amit Sharma, Chief Executive Officer of FinClusive, commented: “FinClusive’s mission has always been to modernize the regulatory compliance system and allow alternative financial service providers, small businesses, nonprofits, and marginalized individuals and organizations access to essential financial services. Our vision aligns perfectly with Bonifii’s mission to build trust and increase inclusion between credit unions and their members through new technologies. We are excited about extending a robust full-service suite of compliance capabilities through CaaS and future financial technology enablements—including those related to virtual assets—to the credit union community, who are a cornerstone of community-based financial services—not just in the US, but also globally. I’m proud that we’re doing this in a way that reinforces essential privacy, transparency and modernized regulatory compliance in financial services.”

Since its founding, Bonifii has been committed to improving individual and small business credit union member experiences by reducing the repetitive disclosure of personal information, eliminating the need for multiple usernames and passwords, and combating identity theft as a result. Bonifii and FinClusive are working to advance modern AML and digital identity solutions to better enable financial inclusion with forward leaning community-centered financial services leaders. These capabilities reinforce the importance of community-driven solutions, which benefit from strong controls and inclusive products for all.

FinClusive launched its CaaS application in late 2019 and came to market with its Accounts & Payments (A&P) platform in late 2020, providing customers access to its growing U.S. bank of record partners, and its services via various global blockchain networks and Defi applications, and serves as an “on and off-ramp” between virtual assets and fiat for payments of all types—all with embedded essential AML compliance controls. FinClusive continues to grow its partners globally and also has recently formally launched as a certified issuer and validation agent of legal entity identifiers (LEIs) with the Global Legal Entity Identifier Foundation (GLEIF). FinClusive is providing these services in the U.S.,Latin America, Africa, Europe, and Asia.

About Bonifii

Denver-based Bonifii is the financial industry’s first verifiable exchange network designed to enable trusted digital transactions using open standards and best-of-breed security technologies. Bonifii empowers credit unions to change the way they interact with their members by enabling a seamless user experience in every financial transaction through a secure, private, trusted and transparent resolution of the entities’ identity. To learn more about Bonifii, visit www.bonifii.com, email us at sales@memberpass.com or follow the company on the Bonifii blog, LinkedIn or Twitter.

About FinClusive

FinClusive is a hybrid fintech/regtech company that provides services to the growing fintech and virtual asset/crypto and nonbank FI community – enabling digital access to accounts and payments with embedded full-stack financial crimes compliance (FCC) – in one integrated platform. As a licensed and regulated nonbank financial services provider, FinClusive provides companies the ability to establish insured accounts for themselves and their clients and conduct cross border payments over crypto/blockchain and traditional bank rails, all while maintaining global-standard regulatory compliance. FinClusive is also built to be engaged by decentralized financial services applications, e-commerce, marketplaces and others that are increasingly providing financial products and services in a peer-to-peer context. To learn more about FinClusive, please visit www.finclusive.com, email us at contact@finclusive.com, or follow the company on LinkedIn or Twitter.

About Indicio

Indicio provides development and hosting for Trusted Data Ecosystems. Enterprise, consumer, and mobile applications run on the Indicio Network and use its comprehensive ecosystem of software to issue, verify, and exchange verifiable digital credentials. The company develops, runs, and hosts multiple networks using the latest Hyperledger Indy network monitoring tools and resources. It led to the creation of Cardea, a complete architecture for verifiable and secure health records for Linux Foundation Public Health, and runs comprehensive instructor-led educational training workshops. These power a growing ecosystem that solves fundamental problems in online verification, identity, privacy, and zero-trust security. To learn more about Indicio, please visit: https://indicio.tech/

The post CREDIT UNION DIGITAL IDENTITY PROVIDER BONIFII ANNOUNCES NEW PARTNERSHIP WITH FINCLUSIVE appeared first on Bonifii.


We Are Open co-op

Designing Badges for Co-creation and Recognition

Individual Learner, Communities of Practice Our members are well known for our work on Open Badges, and so we wanted to award badges based on the skills and competencies our intern, Anne, develops during her time with us. Although we outlined some ideas of potential badges before she joined us, we had a hunch that reflective badging, (e.g. awarding assessments based on her as an individual a
Individual Learner, Communities of Practice

Our members are well known for our work on Open Badges, and so we wanted to award badges based on the skills and competencies our intern, Anne, develops during her time with us. Although we outlined some ideas of potential badges before she joined us, we had a hunch that reflective badging, (e.g. awarding assessments based on her as an individual and needs for her future references) would be more beneficial than creating badges in advance.

Earn this badge! Design by Bryan Mathers of We Are Open, licensed under CC-BY

We Are Open has been all about badges lately! Not only have we been working with Participate on the Keep Badges Weird social learning experience, we’ve also been co-creating badges with Anne. This post outlines how we’ve approached each of these.

Co-creating and self awarding badges for our intern

In a recent episode of the Tao of WAO podcast, Doug and Laura discussed the value of self-awarding badges. We’ve found that speaking with learners when they are especially motivated or encouraged provides valuable insight into the challenges that person might be experiencing. Self-awarded badges are an opportunity to endorse a learner’s reflective insight as something that provided value to the issuer. They also allow for iteration of the credentials themselves.

Issuing Open Badges by Bryan Mathers is licenced under CC-BY-ND

Based on the badges we’d outlined, for example, Anne awarded herself three of the six first-month badges we thought of in advance. She convinced us to combine badges, pointing out that our initial ideas were too “micro” and that that level of granularity wasn’t as valuable to her.

Anne also awarded herself a “Shadow Jumping” badge, something we wouldn’t have thought of ourselves!

Description: This badge is issued to people who have “gotten over themselves”. This badge is issued to people who have messaged the entire organization, commented on other people’s work, written public blog posts and otherwise shown that they trust their own instincts and voice.
Criteria: The earner can self-assign this badge when they start to feel like a part of their organization.

Anne reflected that her hesitancy to “jump over one’s own shadow” is partially shaped by growing up in a patriarchy. Indeed, women (as well as non-binary folks) often learn from a young age to be more restrained, to not trust their own decisions and be doubtful about their voice. Another aspect of her reflection was that traditional schooling and “normal” work environments reassert hierarchical modes of thinking that seem antithetical to “openness”. Both of these reflections led us to think about how Badges are a great way to work against learned patterns. As we co-create badges, we are also helping the learner to reflect on patterns in society that influence their behaviours.

The value of co-creating badges with the learner is that badges can be shaped to the needs of the outcome. Learners might expect something outside of the learning objectives a creator attaches to an internship or other learning content. As goals are individual and often intrinsic — focusing on the learners requires co-creation together with them.

Co-creation in Communities of Practice

In the Keep Badges Weird community, we are beginning to badge what are called “Value Cycles”. The idea is that activities that happen within communities that are useful to others, and as people participate in these activities, they are creating value for themselves, others and the community at large. We’re particularly interested in the intersection from co-creation and collaboration in a community to being recognised for that co-creation.

Keep Badges Weird badges by Bryan Mathers of We Are Open is licensed under CC-BY

This exploration is front and center in the Keep Badges Weird community, with learning activities for people who are Badge Curious and for those who wish to learn more about Value Cycles in Communities of Practice (e.g. CoP Curious). The Value Creator activity goes straight to the heart of what it means to be a community member and asks the learner to be useful in a community they are interested in. As with our intern’s “Shadow Jumping” badge, we’re asking people to step outside of a learned behaviour (i.e. waiting to be called on before speaking up or to be invited into a community)..

We don’t know what kind of conversations will start to emerge when people start to contribute and co-create, but we’re interested to find out! Come on the Keep Badges Weird journey with us. Earn the badges we’ve already established and co-create badges together alongside other community members by building your own badges.

Conclusion

The great thing about badges is that they can recognise behaviours that just aren’t within the usual domain of we call ‘credentials’. In addition, not only is there a huge amount of value in recognising these behaviours, but also in badges providing a motivational element for individuals who might want to display that behaviour.

Our examples in this post cover behaviours relating to confidence and working openly, but badging can work for almost any kind of pro-social behaviour. For example, it’s World Kindness Day later this week, and kindness is definitely something we should recognise!

Next steps

Questions? Ideas? An anecdote about badges in your Community of Practice? Start a discussion, we’re learners here too.

Thanks to Anne Hilliger & Doug Belshaw for all their help on this post!

Designing Badges for Co-creation and Recognition was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.


Lissi

Das Lissi Wallet: Unterstützung von zusätzlichen Karten und Informationsbanner.

Das Lissi Wallet unterstützt zusätzliche Karten und Komfort Funktionen. Import von zusätzlichen Karten Das Lissi Wallet unterstützt verifizierte Nachweise, Kundenkarten und .Pkpass Dateien Das Lissi Wallet unterstützt nun zusätzlich zu verifizierbaren Nachweisen (erste Abbildung) auch .Pkpass Dateien, sowie sonstige Karten. Jede Karte im Geldbeutel, welche ein Bar-Code oder Q
Das Lissi Wallet unterstützt zusätzliche Karten und Komfort Funktionen. Import von zusätzlichen Karten Das Lissi Wallet unterstützt verifizierte Nachweise, Kundenkarten und .Pkpass Dateien

Das Lissi Wallet unterstützt nun zusätzlich zu verifizierbaren Nachweisen (erste Abbildung) auch .Pkpass Dateien, sowie sonstige Karten.

Jede Karte im Geldbeutel, welche ein Bar-Code oder QR-Code hat, kann nun einfach digital im Lissi Wallet abgelegt werden (zweite Abbildung). Dies können Kundenkarten, Mitgliedskarten oder z.B. auch Geschenkkarten sein. Bei Bedarf kann der Barcode dann beim Händler gezeigt werden anstatt die Karte selber mitzuführen.

Häufig werden Tickets, wie ein Boarding Pass bei Flügen oder auch Gesundheitspässe, welche zur Einreise im Ausland benötigt werden als .pkpass ausgestellt. Diese Pässe können einfach in das Wallet importiert werden und können mit dem Lissi Wallet bei Bedarf am Flughafen oder im Zug präsentiert werden (dritte Abbildung). Aktuell ist diese Funktion lediglich für Android verfügbar.

Automatisches akzeptieren von eingehenden Verbindungen und Nachweisen und Anzeige von Informationen über Interaktionen via Banner

Zusätzlicher Komfort und Informationen im Lissi Wallet

Verbindungsanfragen sowie die Annahme von verifizierbaren Nachweisen können nun automatisiert werden. Nutzende können die automatische Annahme von neuen Verbindungen in den Einstellungen vornehmen bzw. werden nach dem Aufbau von drei Verbindungen gefragt, ob sie diesen Prozess automatisieren möchten. Unabhängig davon, ob die Verbindung automatisch angenommen wird oder nicht werden Nutzende über den Verbindungsaufbau informiert (erste Abbildung). Die automatische Annahme von neuen Nachweisen kann bei einem individuellen Kontakt aktiviert werden (zweite Abbildung).

Wenn Nutzende einen neuen Nachweis erhalten informiert ein grüner Banner über die erfolgreiche Ablage des Nachweises im Wallet (dritte Abbildung). Zudem werden Nutzende darüber informiert, dass Informationen erfolgreich mit einem Kontakt geteilt wurden (vierte Abbildung).

Du möchtest es gern mal selber testen? Jetzt auf www.lissi.id/demo ausprobieren!

Grüße, Euer Lissi Team


The Lissi Wallet now supports additional cards and convenience features

The Lissi Wallet now supports additional cards and convenience features. Import of additional cards The Lissi Wallet does supports verified credentials, custom cards and pk.pass files The Lissi Wallet now supports .pkpass files, as well as other custom cards, in addition to verifiable credentials (first screen). Any card in the wallet that has a bar code or QR code can now be easi
The Lissi Wallet now supports additional cards and convenience features. Import of additional cards The Lissi Wallet does supports verified credentials, custom cards and pk.pass files

The Lissi Wallet now supports .pkpass files, as well as other custom cards, in addition to verifiable credentials (first screen).

Any card in the wallet that has a bar code or QR code can now be easily stored digitally in Lissi Wallet (second screen). These can be customer cards, membership cards or, for example, gift cards. If required, the barcode can then be shown to the merchant instead of carrying the card itself.

Often tickets, such as a boarding pass for flights or health passes, which are required for entry abroad, are issued as a .pkpass file. These passes can be easily imported into the wallet and can be presented with the Lissi Wallet at the airport or on the train if needed (third screen). Currently, this feature is only available for Android.

Automatically accept incoming connections and credentials and display information about interactions New convenience features within the Lissi Wallet

Connection requests and the acceptance of new credentials can now be automated. Users can activate the automatic acceptance of new connections within the settings or after the establishment of three connections. Regardless of whether the connection is accepted automatically or not, users are informed about the connection setup (first screen). The automatic acceptance of new credentials can be activated for individual contacts as desired (second screen).

When users receive a new credential, a green banner informs them that the credential has been successfully stored in the wallet (third screen). In addition, users are informed that information has been successfully presented to a contact (fourth screen).

Want to try it out yourself? Head over to www.lissi.id/demo.

Cheers, Your Lissi Team


Velocity Network

Velocity Network™ Highlighted In The Latest Industry Report from Talent Tech Labs: The Role of Blockchain In The Future of Work

The report highlight Velocity Network, and includes a piece from Dror Gurevich, our CEO, on our vision and the progress we've made thus far. The post Velocity Network™ Highlighted In The Latest Industry Report from Talent Tech Labs: The Role of Blockchain In The Future of Work appeared first on Velocity.

Monday, 08. November 2021

Good ID

2021 FIDO Developer Challenge: Outcomes and Winners

By Joon Hyuk Lee, APAC Market Development Director, FIDO Alliance Editor’s Note: This is the final blog posting covering the 2021 FIDO Developer Challenge. We invite you to read the […] The post 2021 FIDO Developer Challenge: Outcomes and Winners appeared first on FIDO Alliance.

By Joon Hyuk Lee, APAC Market Development Director, FIDO Alliance

Editor’s Note: This is the final blog posting covering the 2021 FIDO Developer Challenge. We invite you to read the previous blog posts to learn more about past stories:

Announcing the FIDO Developer Challenge for Developers Across the Globe FIDO Developer Challenge: Welcoming Teams to the Implementation Stage

This year’s FIDO Developer Challenge reached a successful conclusion, with a ceremonial event during Authenticate 2021 in Seattle. The recorded video of the ceremony is available now, and we’re pleased to share more detailed stories of the three finalists as well as the rest of the teams that made it to the final stage.

Leaders of the Top Three Teams.

Gold Winner – Lockdrop

Lockdrop, a company based in Toronto, Canada, strengthened their document transfer service using end-to-end encryption with WebAuthn as an MFA authentication option. The team wants to help businesses and people exchange larger datasets easily and securely, a problem that is prevalent across most industries and results in people falling back to insecure and/or archaic forms of data transfer such as email, fax, CD-ROMs (yes, CD-ROMs!), and USB sticks.

Silver Winner – Shaxware

Shaxware is a company located in Tokyo, Japan. They created a Proof of Concept, fashioning the Japanese National ID Card (My Number Card) into a FIDO roaming authenticator. They proposed to extend WebAuthn by using the external IC card as a primary digital certificate.

Bronze Winner – SoundAuth

SoundAuth is the team name for a company (Trillbit) based in Boston with R&D staff stationed in India. This team built a FIDO MFA solution that leverages data over sound technology to provide a seamless user experience while eliminating the need to rely on an additional hardware token or internet connectivity.

From the initial pool of applicants, fourteen teams from eight different countries (Canada, France, India, Japan, Malaysia, South Korea, USA, Vietnam) competed throughout the FIDO implementation stage – including the three finalists detailed above. There were also many concepts that did not make the top three yet have shown compelling ways to leverage the strength and usability of FIDO Authentication. Examples include:

a FIDO and AI-based remote test proctoring system (India) a web payment system, leveraging FIDO-based digital wallet (France) a FIDO-based online note-taking apps for developers (Vietnam) FIDO-based VPN access (South Korea) FIDO and AI-based assisted technology for visually impaired people (South Korea)

Thanks and final thoughts

The 2021 FIDO Developer Challenge was made possible by the support and active engagement from the event sponsors – who not only helped fund the event operations and prizes, but gave hands-on feedback and guidance as judges. Thanks also to the W3C and WebAuthn community for guidance and support through the FDC Discord Channel – it was great to see so many people weighing in to help these development teams.

We were very pleased to have built off of our prior developer hackathon efforts in Korea, to have brought the challenge global, and to have added  a focus on public APIs. The Challenge demonstrated that the combination of open technology coupled with the entrepreneurial vision of a developer will result in inspiring outcomes and innovation. We look forward to expanding this effort in 2022. Please don’t hesitate to reach out (https://fidoalliance.org/contact/) should you have any feedback or suggestions on the program.  

The post 2021 FIDO Developer Challenge: Outcomes and Winners appeared first on FIDO Alliance.


Me2B Alliance

Me2B Alliance Recommendation Provides First Steps For Creating Safe and Respectful Technology

SAN DIEGO, Nov. 08, 2021 (GLOBE NEWSWIRE) -- Me2B Alliance, a non-profit standards organization which advocates for safe and respectful technology, today announced the publication of its first official recommendation: “The Attributes for Safe and Respectful Me2B Commitments.” The recommendation outlines baseline best practices to ensure that safe interactions, or commitments, are taking place on we
Me2B Alliance Recommendation Provides First Steps For Creating Safe and Respectful Technology Recommendation identifies the key attributes needed to facilitate safe relationships with technology

November 08, 2021 09:00 ET | Source: Me2B Alliance

SAN DIEGO, Nov. 08, 2021 (GLOBE NEWSWIRE) — Me2B Alliance, a non-profit standards organization which advocates for safe and respectful technology, today announced the publication of its first official recommendation: “The Attributes for Safe and Respectful Me2B Commitments.” The recommendation outlines baseline best practices to ensure that safe interactions, or commitments, are taking place on websites and mobile applications. Some examples of these commitments include creating an account online, signing up for newsletters, or agreeing to accept cookies while browsing a website.

The Me2B Alliance is a professional standards organization that follows well established best practices to develop and ratify its recommendations and specifications. The recommendation was developed by the Respectful Tech Spec Working Group and accepted by members of the Me2B Alliance through a multi-step approval process. It marks a significant milestone in the Me2B Alliance’s mission to develop standards that ensure safety and individual agency over technology. The high-level requirements found in the recommendation map to several specific tests in the Me2B Safe Website Specification for Respectful Technology. That detailed specification is currently under review and is expected to receive approval soon.

The lack of transparency in how users’ personal data is collected and shared has far-reaching consequences. Stories about data leaks and scrutiny from legislators over the spread of misinformation online grips the headlines on a near daily basis. Social media giant Facebook, for example, is facing backlash after a whistleblower’s testimony in congress suggested that the company prioritizes profits over the safety of its users by pulling funds away from programs that safeguard against harmful content. On a smaller scale, the governor of Missouri has garnered media attention by threatening to take legal action against a journalist who uncovered that the Department of Elementary and Secondary Education (DESE) was exposing over 100,000 teachers’ Social Security numbers due to a security flaw on its website.

Without standards for building respectful websites and mobile applications, the people who use them face significant safety risks. The Me2B alliance refers to these individual users as Me-s. The businesses, products and services people interact with are referred to as B-s. By publishing its recommendation, “The Attributes for Safe and Respectful Me2B Commitments”, the Me2B alliance hopes to encourage safe and healthy relationships between people (Me-s) and the tech they use every day (B-s).

“As it stands, the connected technology we use every day is harming us as individuals and societies,” said Lisa LeVasseur, executive director at the Me2B Alliance. “We are a standards organization that advocates for Me-s. Our new recommendation gives technology makers – B-s, an opportunity to start building safe and respectful relationships with people by identifying the basic attributes of safe online commitments.”

Some of the notable attributes for safe and respectful Me2B commitments include:

Providing a clear data processing notice before any user information is collected or processed Giving users a chance to provide viable permission before any transaction is carried out Minimizing when and how people are uniquely identified in the course of the Me2B relationship Minimizing the amount of data collected from users. It must be proportional to the commitment taking place Ensuring that any data collected is private by default without any additional action from the users Ensuring that users can terminate or change online commitments easily. The changes or terminations should also be recorded, and the record should be provided to the user

The full document, “Recommendation: Attributes of Safe & Respectful Me2B Commitments”, is available for download free of charge on the Me2B Alliance website. Organizations interested in advancing standards in safe and ethical data and mobile and internet practices can visit the website to learn more about Me2B Alliance membership.

About the Me2B Alliance
The Me2B Alliance is a nonprofit fostering the respectful treatment of people by technology.  We’re a new type of standards development organization – defining the standard for respectful technology. Scenarios where user data is being abused, even inadvertently – highlight the types of issues we are driven to prevent through independent testing, as well as education, research, policy work, and advocacy.

PR Contact:
Mike Smith
Montner Tech PR
msmith@montner.com


Energy Web

How large is the market for Energy Web DIDs?

Evaluating the total number of DIDs and the impact on the overall utility of the Energy Web Token (EWT). Decarbonizing power grids with… software? Surprisingly, the biggest blocker in decarbonizing the electric grid is the lack of connectivity and shared standards, not the lack of new renewable energy resources. The energy sector needs a secure, scalable way to identify the growing number o
Evaluating the total number of DIDs and the impact on the overall utility of the Energy Web Token (EWT). Decarbonizing power grids with… software?

Surprisingly, the biggest blocker in decarbonizing the electric grid is the lack of connectivity and shared standards, not the lack of new renewable energy resources. The energy sector needs a secure, scalable way to identify the growing number of clean energy resources, verify attributes about them (like location, capabilities, and financial relationships), and manage permissions and/or behaviors based on those attributes. In short, modern grids need an identity and access management solution tailored for the sheer volume and diversity of clean energy resources in the market.

Legacy approaches are not up to the task; it’s simply not feasible for any single company or platform to manage everything, and relying on point-to-point integrations between individual systems is too costly and complex to manage at scale. This is exactly why we are building open-source tools to unlock the full potential of decentralized identifiers (DIDs) with the Energy Web Decentralized Operating System (EW-DOS).

What are DIDs?

A DID is a digital, verifiable identity that is user-generated and not coupled to any centralized institution. It can be used to identify any object or subject, such as a person, an organization, a device (an electric vehicle on a smart meter), and non-tangible assets (like contracts). DIDs allow users to have control over both their identities and any data associated with them.

Instead of a central entity being in charge of issuing identities and verifying credentials for each identity, any individual or asset can create an identity, and then establish verified credentials over time through interactions with peers or authorities on a trusted, decentralized network.

A DID resides in a DID registry, which in the case of Energy Web, is on the Energy Web Chain. Because Energy Web DID technology is developed based on the established W3C standards, it is flexible enough to work with any technology and use case within the energy sector and outside it.

If you’re interested in learning more about DIDs, here’s a website that simulates and explains how they work, the Energy Web — DID Explainer. You can also dive into details in our Gitbook (Self-Sovereign Identity — Energy Web Digital Infrastructure (gitbook.io))

What is the DID business model?

Energy Web DIDs are created and controlled by users. They are free to use and open source. Anyone can use our entire DID tech stack and the Energy Web Blockchain without paying for it, except for the blockchain transaction (gas) fees. This would be the equivalent of launching a website on your own server, using free, open-source technologies like Linux, MySQL, and WordPress. It’s perfectly possible, but people and companies rarely do it, because this approach is inconvenient and cumbersome. It takes a lot of effort to launch a website like this, and it takes a lot of effort to maintain it. In the end, this approach tends to be quite expensive after considering all the time, effort, and associated risks.

What usually happens is users buy services from specialized providers. In the website example, users can buy pre-configured virtual servers from a cloud provider like Amazon Web Services or Azure or decide to buy a managed website service from a website builder like Wix or Squarespace. These services come with a Service Level Agreement (SLA) that guarantees the level of service users can expect such as website uptime, storage space, or the number of CPU cores. Users pay for convenience and reliability delivered by the specialized service providers because after considering all the costs and risks, this tends to be a cheaper solution.

At Energy Web, we understand that in order to have any meaningful adoption of enterprise applications using decentral technology, a DID-based tech stack has to be offered in a convenient and reliable way as well. This is why we’re developing the Decentralized Service Level Assurance (DLSA) solution. With this solution, users will be able to subscribe to professional-grade services delivered by specialized service providers. More about DSLA:

What’s new in EW-DOS? The Utility of the Utility Token for Utilities How companies benefit from participating in the public EW-DOS infrastructure Coming soon: quality-of-service guarantees for decentralized technologies

The main purpose of DSLA is to support DIDs using EW-DOS infrastructure. Therefore, we believe that the total number of DIDs in the ecosystem will be a good proxy for evaluating the economic activity on the Energy Web stack and the overall utility of the Energy Web Token (EWT).

DIDs in the energy sector

The first, primary users adopting DIDs on the open-source EW-DOS infrastructure will be enterprises operating in the energy sector. This is happening because of the groundbreaking transformation in the energy industry: customer spend on clean energy is on track to eclipse utility spending on all energy.

Customers are investing in clean energy assets. These assets are the future of the energy sector: battery storage, smart AC, electric cars and charging stations, solar systems, the list goes on.

A fundamental challenge faced by energy companies is caused by the fact that most of these clean energy assets are not integrated with market participant operating systems. Energy Web solves this problem by building operating systems for energy grids using DID-based, open-source software and standards. Open-source digital infrastructure makes it possible for customer-owned assets to enroll and participate in coordinated grid operator programs:

In the future, each energy sector stakeholder and eventually each asset will have its own DID. This includes consumers, companies operating in the space (grid operators, aggregators, renewable energy installers, EV charging network operators, independent power producers), solar systems, batteries, EVs, EV chargers, smart meters, and smart thermostats.

Energy Web has already implemented DID infrastructure for the California Independent System Operator (CAISO) in their Flex Alert program. We’re also working on rolling out DIDs for Australian Energy Market Operator (AEMO). This architecture also underpins ELECTRA CALDENSE, EV DASHBOARD with ELIAAPG.

Potential demand

We estimate, that by 2030 there can be between 200 million and 1.2 billion DIDs using the Energy Web tech stack. Around 83% of them will belong to energy assets like electric cars, solar PV systems, smart meters, and the rest (about 17%) will belong to people interacting with these assets. Here’s the logic behind our estimates:

First, we took data from Bloomberg New Energy Finance and Rocky Mountain Institute that forecast the total number of green and flexible energy-related devices. All the devices that would potentially use DIDs. These devices include:

Storage System Installations Electric Vehicles EV Chargers Smart Thermostats (AC / Heating) Water Heaters HVAC Water Heaters Commercial Appliances Commercial Lighting Solar PV Inverters Wind Turbines Smart Meters

The industry forecasts that the total number of devices will grow from 2.2 billion in 2022 to 3.8 billion in 2030.

Given the strong network effects of DID technology, the exponential rate of adoption should be expected. Therefore, we assumed 3 scenarios for the adoption of the EW tech stack:

The optimistic scenario, where we assume the DID usage to increase 8% month to month (for every 100 DIDs we assume 108 DIDs next month) The pessimistic scenario, with a 6% monthly usage increase The “in the middle” scenario, with a 7% monthly increase

For all 3 scenarios, given Energy Web’s existing footprint in several of the world’s largest energy markets, we assume a starting point market share of 0.1% (1/10 of a percent) in 2022 for the commercial, B2B applications and 0.02% (2/100 of a percent) for domestic applications and smart meters.

Then, we estimate how many additional DIDs will be issued to people interacting with the assets. This number ranges between 0.1 (we assume in that case that 1 person will manage 10 devices) and 1 (1 person per device). On average, we expect 1 person to interact with around 5 devices.

This means that in 2022 we’re expecting to issue a total of around 728,000 DID for devices and people. We believe reaching close to 1 million DIDs in 2022 is feasible based on our current pipeline and recently completed project. For example, the above-mentioned CASIO Flex Alert can reach all California residents, close to 40 million people.

Based on the adoption scenario, we arrive at 3 different numbers of DID in 2030:

201 million DID and a market share of 4% for the conservative scenario, almost 500 million DIDs and a 10% share for the “in the middle” scenario and 1.2 billion DIDs and a 25% market share for the optimistic scenario

Here is the breakdown of different types of devices using our DID, for all 3 scenarios.

pessimistic“In the middle”optimistic

The goal of issuing 200 million and more DIDs is very ambitious but doable by 2030. The middle adoption scenario assumes issuing almost 83 million DID to individuals by 2030. For context, this means onboarding around 16% of the existing customers of energy companies that are the current members of Energy Web.

To put these numbers in perspective, we compared them to the entire IoT market (the energy sector devices are just a subset of the broader market of connected IOT devices). The total number of connected IoT devices is expected to reach 27 billion by 2025, growing from the current 12 billion already connected devices. [source: State of IoT 2021: Number of connected IoT devices growing 9% to 12.3 B (iot-analytics.com)]

This means that in 2025 all the energy assets will account for just 10% of the total IoT market, and the EW DIDs’ share will be only around 0.04% (4/100 of a percent) (yes, the tiny purple line on the chart below).

Given the fact that energy-related devices underpin every aspect of our professional and personal lives, it is quite possible that Energy Web DID technology will be adopted by many other industries and sectors thanks to its flexibility, security, and focus on privacy. A shared, open-source solution widely used by regulators, grid operators, energy companies, solar installers, EVs, and consumers would be much welcomed by industries like agriculture, logistics, smart appliances, and many more.

Finally, Energy Web is a non-profit organization, and there’s no need to charge high fees and extract value to generate profits for shareholders. The value-added by DSLA and DID solutions will be transferred back to the Energy Web community. This means a win-win situation for existing and new users of the platform: thanks to DSLA, there will be no downsides or disincentives for using DID technology. Instead, there will be very strong, positive network effects, making our ambitious DID adoption and related decarbonization goals possible.

If you care about climate change and support our mission, here are additional resources explaining how you can get involved!

About Energy Web

Energy Web (EW) is a global nonprofit organization accelerating a low-carbon, customer-centric electricity system by unleashing the potential of open-source, decentralized technologies. EW focuses on building core infrastructure and shared technology, speeding the adoption of commercial solutions, and fostering a community of practice.

Visit energyweb.org to find out more.
Twitter | LinkedIn |YouTube | Reddit | Telegram | Discord

How large is the market for Energy Web DIDs? was originally published in Energy Web Insights on Medium, where people are continuing the conversation by highlighting and responding to this story.


MyData

Companies and cities: Taking steps towards smarter cities with the MyData approach

Finnish companies are eager to unlock the full potential of data to create better smart city services. With support from MyData Global via the Human-Centric Companies and Cities (H3C) project, Finnish companies are building up capacities for human-centric service design, participating in data sharing ecosystems, and strengthening their ethical business practices. As Joose Väinölä from... Read

Finnish companies are eager to unlock the full potential of data to create better smart city services. With support from MyData Global via the Human-Centric Companies and Cities (H3C) project, Finnish companies are building up capacities for human-centric service design, participating in data sharing ecosystems, and strengthening their ethical business practices. As Joose Väinölä from...

Read More

The post Companies and cities: Taking steps towards smarter cities with the MyData approach appeared first on MyData.org.

Saturday, 06. November 2021

Elastos Foundation

Elastos Bi-Weekly Update – 05 November 2021

...

Friday, 05. November 2021

Energy Web

Announcing the London Upgrade on the Energy Web Chain

TL/DR: The London upgrade is coming to the Energy Web Chain (EWC) on November 10th. This update will modify the transaction fee market, and keep the EWC aligned with the latest developments in the Ethereum ecosystem. If you are running an EWC node, you must update it to a London-compatible client and update the chainspec as soon as possible. EWC validators have already completed all the n

TL/DR:

The London upgrade is coming to the Energy Web Chain (EWC) on November 10th. This update will modify the transaction fee market, and keep the EWC aligned with the latest developments in the Ethereum ecosystem. If you are running an EWC node, you must update it to a London-compatible client and update the chainspec as soon as possible. EWC validators have already completed all the necessary updates. If you are an EWC user or EWT holder, no action is required.

In August 2021 the Ethereum mainnet implemented the London upgrade, which introduced five improvement proposals that modified the way transaction fees and gas refunds are handled. Combined, these updates improve the overall performance and usability of EVM blockchains (including the Energy Web Chain).

In September 2021, after observing the successful Ethereum upgrade, the EWC validators voted to adopt London on the EWC as well. Since then the EWC validators have successfully implemented the upgrade on the Volta test network and are now preparing for the upgrade to occur on the main EWC.

The EWC London upgrade will occur at block 14,735,788, which will occur on or around Wednesday, 10 November (the precise time will depend on block time variation). All full node operators must update their node to a London-compatible client and implement the London chainspec prior to the transition block. Due to subtle variations in the EWC block time, it is recommended to perform the update several days prior to the expected transition date.

FAQ

Who does this announcement impact?

This announcement only impacts people or organizations that are operating a full node on the EWC. All EWC node operators should update the client and chainspec as soon as possible. As of the time of publication, all EWC validators have already completed the necessary updates to successfully implement the London upgrades.

If I’m an EWT holder, but I’m not operating my own full node, is there anything I need to do?

No, if you connect to the EWC via the public RPC and Metamask, an exchange (including Kucoin, Kraken, Liquid, Bitmart, or Hotbit), a web wallet (e.g., MyCrypto), or hardware wallet (e.g., Trezor, Ledger) then you do not need to take any action.

Why is the London upgrade happening on the EWC?

The EWC is a public, proof-of-authority EVM blockchain and it benefits from adopting the latest upgrades and improvements from the wider Ethereum community. The EWC validators voted to adopt the upgrades contained in the London upgrade in September 2021.

What will happen before, during, and after the upgrade?

As mentioned above, the decision to proceed with the upgrade is made by the EWC validators via the established governance process. After the decision is approved and before the upgrade occurs, all EWC validators and other node operators will update their node clients and chain specs. During the upgrade (i.e., at the specified transition block), the new rules defined within the improvement proposals will take effect, creating a “new and improved” version of the EWC. There are no expected operational or performance impacts to the EWC during the upgrade. Following the upgrade, users and node operators can continue to interact with the EWC as normal.

If you have any questions or encounter any issues, please get in touch via our Telegram or Discord channels.

About Energy Web

Energy Web (EW) is a global nonprofit organization accelerating a low-carbon, customer-centric electricity system by unleashing the potential of open-source, decentralized technologies. Energy Web focuses on building core infrastructure and shared technology, speeding the adoption of commercial solutions, and fostering a community of practice.

Visit energyweb.org to find out more.
Twitter | LinkedIn |YouTube | Reddit | Telegram | Discord

Announcing the London Upgrade on the Energy Web Chain was originally published in Energy Web Insights on Medium, where people are continuing the conversation by highlighting and responding to this story.


Digital ID for Canadians

DIACC Women in Identity: Elena Dumitrascu

DIACC is hosting a series of spotlights showcasing our amazing female DIACC members in the digital identity space, noting the importance of diversity. These spotlights…

DIACC is hosting a series of spotlights showcasing our amazing female DIACC members in the digital identity space, noting the importance of diversity. These spotlights will be regularly socialized through DIACC’s LinkedIn and Twitter channels as well as our monthly member newsletters.

If you’re a DIACC member and would like us to feature your spotlight, contact us today to learn more!

What has your career journey looked like?

Throughout my career, I’ve always worked with emerging tech. In the beginning, that meant e-commerce which evolved into Fintech, which evolved into Digital Identity. Throughout this journey, I’ve worn different hats from development to architecture to sales, and now an entrepreneur. I’ve had the opportunity to understand how all the pieces of the business work together and the biggest takeaway I’ve had from that is how critically important someone’s willingness to be a team player is versus their technical aptitude. You can always teach technical aptitude but good team players are always hard to find.

When you were 20 years old, what was your dream job and why?

I wanted to be a lawyer because I felt like lawyers understood how the world works. That wasn’t necessarily correct but it felt like the type of career that would give me the most growth and exposure for career opportunities possible as an adult.


As a female leader, what has been the most significant barrier in your career?

It was not recognizing my strengths and spending energy trying to be more like other males in my field instead of recognizing my own strengths as a woman and focusing on those.

How do you balance work and life responsibilities?

The biggest thing right now is learning how to make that next strategic hire that can take things off your plate so you can be balanced in work and life. Recognize that if you surround yourself with very good people, they will give you the opportunity to go away and not have any worries.

How can more women be encouraged to pursue careers in the digital ID/tech space?

It does start early. For young women interested in more of the programming side of technology, we need to encourage young girls to take that computer science class in grade 7 and not think that technology is just for guys. However, there’s a big misunderstanding that to work in tech you must be a coder. There are many fields within the technology sector including very creative outlets such as product, design, marketing, and sales. If you’re mid-career, don’t be afraid of making that shift and consider exposing yourself to new disciplines by taking some online classes.

What are some strategies you have learned to help women achieve a more prominent role in their organizations?

It’s to encourage women to speak up and to put their hand up for roles that they would otherwise consider unattainable.

What will be the biggest challenge for the generation of women behind you?

I think a big challenge is that the fact that they are growing in a world that is already tech-enabled and that does not award them the ability to troubleshoot and learn the way that we did. This gave us the ability to be more creative with our solutions. We weren’t able to jump to the internet to find a solution, we struggled until we solved it.

Don’t necessarily succumb to the traditional thinking of what’s right and what’s wrong. We need to remind them to think for themselves and that their value is their own original thought.

What advice would you give to young women entering the field?

It’s the same advice my dad gave me – keep your options and be curious. You’re not going to know truly what your career will look like until at least 5 years in an industry. It’s so vast, it’ll take a while to find your sweet spot. Stay open to options.

Elena Dumitrascu is Co-founder & CTO at Credivera

Follow Elena on Twitter and LinkedIn.



Own Your Data Weekly Digest

MyData Weekly Digest for November 5th, 2021

Read in this week's digest about: 16 posts, 2 questions, 1 Tool
Read in this week's digest about: 16 posts, 2 questions, 1 Tool

Thursday, 04. November 2021

CU Ledger

November Investor Update

The post November Investor Update appeared first on Bonifii.

The post November Investor Update appeared first on Bonifii.


Oasis Open

Invitation to comment on Code List Representation (genericode) v1.0

Genericode is a single semantic model of code lists and accompanying XML serialization and schema that can encode a broad range of code list information. The post Invitation to comment on Code List Representation (genericode) v1.0 appeared first on OASIS Open.

First public review since 2007 - ends December 4th

OASIS and the OASIS Code List Representation TC are pleased to announce that Code List Representation (genericode) Version 1.0 is now available for public review and comment. This is its first public review since the initial development of this specification in 2007, and the fourth overall.

Code lists can be defined as controlled vocabularies or coded value enumerations. Examples of standardized code lists include country abbreviations, currency abbreviations, shipping container descriptors, and airport codes. Examples of non-standardized code lists used between trading partners include financial account types, workflow status indicators, and any set of values representing the semantics of related concepts known between the parties involved in information interchange. Code lists have been used for many years, and they have often been published and disseminated in manners that have not been IT-enabled for ease of computer processing.

The Code List Representation format, “genericode”, is a single semantic model of code lists and accompanying XML serialization (supported by a W3C XML Schema) that can encode a broad range of code list information. The serialization is designed to IT-enable the interchange or distribution of machine-readable code list information between systems. Note that genericode is not designed as a run-time format for accessing code list information, and is not optimized for such usage. Rather, it is designed as an interchange format that can be transformed into formats suitable for run-time usage, or loaded into systems that perform run-time processing using code list information.

The documents and related files are available here:

Code List Representation (genericode) Version 1.0
Committee Specification Draft 04
16 October 2021

Editable source (Authoritative):
https://docs.oasis-open.org/codelist/genericode/v1.0/csd04/genericode-v1.0-csd04.xml
HTML:
https://docs.oasis-open.org/codelist/genericode/v1.0/csd04/genericode-v1.0-csd04.html
PDF:
https://docs.oasis-open.org/codelist/genericode/v1.0/csd04/genericode-v1.0-csd04.pdf
PDF marked with changes since previous public review in 2007:
https://docs.oasis-open.org/codelist/genericode/v1.0/csd04/genericode-v1.0-csd04-DIFF.pdf

JSON examples:
https://docs.oasis-open.org/codelist/genericode/v1.0/csd04/json-example/
Schematron constraints:
https://docs.oasis-open.org/codelist/genericode/v1.0/csd04/sch/
XML examples:
https://docs.oasis-open.org/codelist/genericode/v1.0/csd04/xml/
XML constraints:
https://docs.oasis-open.org/codelist/genericode/v1.0/csd04/xsd/
JSON translation in XSLT:
https://docs.oasis-open.org/codelist/genericode/v1.0/csd04/xslt/

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/codelist/genericode/v1.0/csd04/genericode-v1.0-csd04.zip

A public review metadata record documenting this and previous public reviews is available at:
https://docs.oasis-open.org/codelist/genericode/v1.0/csd04/genericode-v1.0-csd04-public-review-metadata.html

How to Provide Feedback

OASIS and the Code List Representation TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public review starts 05 November 2021 at 00:00 UTC and ends 04 December 2021 at 23:59 UTC.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=codelist).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/codelist-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the OASIS Code List Representation TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/codelist/

Additional references

[1] https://www.oasis-open.org/policies-guidelines/ipr

[2] https://www.oasis-open.org/committees/codelist/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#RF-on-Limited-Mode
RF on Limited Terms Mode

The post Invitation to comment on Code List Representation (genericode) v1.0 appeared first on OASIS Open.


DIF Blog

Mission Accomplished: Universal Resolver Calls coming to an end

The Universal Resolver is a tool which resolves Decentralized Identifiers (DIDs) across many different DID methods

Written by Markus Sabadello and Bernhard Fuchs, edited by Chris Kelly

In May 2021, the DIF Identifiers & Discovery Working Group set up a weekly Special Work Item Call (held in addition to regular "main" Working Group calls), to make progress specifically on the Universal Resolver project, developing a tool which can resolve DIDs across multiple DID methods, based on the W3C DID Core 1.0 and DID Resolution specifications. The minutes and recordings of these weekly meetings can be found on the Working Group's agenda page on GitHub, hosted alongside the Open Source Universal Resolver documentation and code.

Photo by Greg Rakozy / Unsplash

The main achievements of the dedicated Work Item calls can be summarized as follows:

Driver policy updates: added a troubleshooting guide for dockerized drivers . Successful issue review: all GitHub issues have been addressed with PRs and/or closed with explanatory comments along the way. Improvements in deployment, testing, and release: Helm charts contributed by member org Spherity GmbH, Prometheus integration, etc. Review and application of findings from a Security Quickscan, conducted by security specialists from Radically Open Security.

Considering that the group has accomplished these goals, there is currently no more need for dedicated calls. Work on the Universal Resolver work item will continue on Github (under the Universal Resolver and Identifiers &Discovery repositories) and on DIF Slack in the Identifiers & Discovery Working Group channel, #wg-id. Going forward, a time slot on the "main" I&D Working Group calls can be requested by any member of the community to discuss topics related to the Universal Resolver project.

Current topics and future plans for the Universal Resolver include:

An open directory of well-known public instances of the Universal Resolver, operated by the community (see open PR). Additional integration with test suites, to verify standards-compliance of drivers. Ongoing addition and maintenance of drivers for supported DID methods.

As a service to the community, DIF will continue to host an instance of the Universal Resolver (currently reachable at https://dev.uniresolver.io/), which can be used for testing and experimentation.

Many thanks to all who have contributed to this important project!

Why not get involved at the Decentralized Identity Foundation and see what else is in the works!

Wednesday, 03. November 2021

Hyperledger Aries

The Pathway to Becoming a Hyperledger Maintainer

When I first came across Hyperledger Aries, I was still a student at the University of Applied Sciences in Utrecht. I had never contributed to open source, and only minimally... The post The Pathway to Becoming a Hyperledger Maintainer appeared first on Hyperledger Foundation.

When I first came across Hyperledger Aries, I was still a student at the University of Applied Sciences in Utrecht. I had never contributed to open source, and only minimally understood how the process of contributing and maintaining even functioned. Now, only two years later, my company (Animo) specializes in building SSI solutions using Hyperledger Aries and other SSI technologies, and I am one of the core contributors to a lot of the open source libraries built on top of it.

In this blogpost I’m going to share what it’s like to be a maintainer for the Hyperledger Aries project. You’ll learn how you can start contributing and maybe even set yourself on a path to becoming a maintainer.

The ecosystem

Hyperledger Aries provides standards and protocols focused on holding and exchanging verifiable credentials, but it is much more than that. Hyperledger Aries provides the foundation for peer-to-peer interactions, exchange of verifiable credentials and secure messaging. It provides standards through the so-called Aries RFCs and has open source implementations in Go, JavaScript, Python, Rust and .NET.

Aries uses DIDComm for a secure messaging protocol, but DIDComm is a lot more than just a way to exchange credentials. Once you start getting a sense of the enormous potential of DIDComm, it’s difficult not to get excited. Aries provides you with an agent that helps you manage your digital interactions, just like your browser helps you interact with the web.

At Animo, we’re leveraging Aries at the core of almost all of our projects. We contribute to several open source frameworks, develop applications on top of these frameworks and build end-to-end solutions using verifiable credentials. For example, we recently started a pilot with the Centre for Emergency Control Room Innovation that leverages DIDComm for secure communication and exchange of location between the emergency call centre staff and a qualified volunteer. Although we are involved with several Aries frameworks, we have a particular expertise in (and fondness for) Aries Framework JavaScript (AFJ).

We use AFJ for most of our projects. We’ve contributed a lot to it because, simply put, we saw the potential of the framework and someone needed to do the work to get it there. Being a maintainer of a project means more than just contributing code.It means you’re responsible for the overall direction and vision of the project. Maintainers concern themselves with the roadmap, the place of the project within the ecosystem and coordination of working group efforts and calls. On a more operational level, there’s also a lot of reviewing pull requests, addressing github issues, answering questions on Rocket.Chat and writing documentation. If this sounds time consuming, that’s because it is. But putting in the effort is essential to creating long lasting, structurally sound code that can be freely used by anyone to build amazing things.

Contributing to a project hosted by Hyperledger, specifically, means you get a lot of the needed infrastructure other projects might not have. There is a wiki for meeting notes, a Zoom account for our meetings, GitHub repos, unlimited CI minutes, a chat platform, and assistance from the Hyperledger staff when needed.

Becoming a maintainer

I can recommend that every developer be involved with open source, and every company invest in open source software. Open source software provides the foundation for almost all software in the world, and is essential for a world where self-sovereign identity becomes a standard.

Besides, working on open source software can be a really good learning experience. You get to work with some of the greatest minds of the industry on the future of digital identity. Maintaining and contributing to Hyperledger, and open source in general, has been really valuable for me. There is something magical about how open source works, and how we can work together towards a shared goal, even if you’re halfway across the world.

I can imagine that sounds a bit intimidating. Luckily, you don’t have to start out this way. You can start the way we all do, by quietly listening to working group calls until you find something you want to participate in. Once you decide you’d like to become a contributor or a maintainer, you’ll find that communities will be happy to help you get started.

Here are some of my personal tips to get involved with a Hyperledger project. I’ve used the AFJ community as an example throughout.

Attend working group calls – Working group calls are the perfect place to introduce yourself and show your ambition to contribute to the project. This is also the place to stay up to date on the current and planned work of the project. (AFJ Meetings) Get familiar with the codebase – Even though it can be daunting and hard to make sense of a project at first, it is important to get familiar with the project. You should make it as easy as possible for maintainers to review your initial PR and get it merged! (AFJ Repository) Answer questions on Rocket.Chat – Help other people get started with the project and answer their questions! You learn a lot by finding answers to other people’s questions. And also don’t hesitate to ask questions yourself. There are a lot of people with very specific domain knowledge eager to answer your questions. (Aries Channel, AFJ Channel) Look at open issues – Knowing what to work on can be complex when getting familiar with a new project. Github issues often describe missing features or bugs, which can be a great way to find the first item to work on. In AFJ, we currently have more than 70 open issues,  all waiting for someone to pick them up. (AFJ Open Issues) Read about the topic – Read about the topics that underpin the project. For SSI, I recommend reading the Self Sovereign Identity book. If you’re ready to get a bit more in-depth, I recommend to start reading the Aries RFCs. These are fundamental for contributing to any Aries project.

My best advice is to experience it yourself. Even the smallest pull request is valuable to a project and can give you the confidence to keep going. And, before you know it, you’re the maintainer of a project yourself.

If you have any questions, or if you’d like to make contributing to open source software your job, you can reach me at timo@animo.id. We’re always looking for motivated and ambitious people to join our team and are always happy to help new contributors get started.

The post The Pathway to Becoming a Hyperledger Maintainer appeared first on Hyperledger Foundation.


Ceramic Network

Building the Social Graph Infrastructure for Web3.0

How CyberConnect is using Ceramic to connect everyone in Web3.0

The breakthrough innovation of the Ethereum blockchain is the enablement of smart contract execution in a decentralized way, which opened the door for decentralized applications interacting with digital assets. The next major step on the roadmap of web3 will be the bloom of decentralized social networks and the blockchain-based Metaverse. A decentralized social graph protocol to describe the relationships between users and entities will be a critical backbone for this.

Using Ceramic, CyberConnect is building a new decentralized social graph protocol. This critical piece of web3 infrastructure is blockchain-agnostic and openly accessible for developers to build decentralized social networks and other apps in the Metaverse.

Want to get the latest updates on CyberConnect? Follow the team on Twitter!

The downfalls of today's gated social networks

The rise of global social network giants has empowered the centralized tech cartels to misuse user data, infringe on user privacy and impose censorship. As reported after the investigation by Cambridge Analytica, Facebook collected social graphs and personal profiles from millions of users without their consent, with the end goal of fueling more directed political advertising and inappropriately profiting from the personal data of their users. The current landscape of web2, filled with centralized social networks, has deviated from the principle of the World Wide Web. Namely: to enable the decentralization of information on a large scale.

CyberConnect Protocol: A user data solution for Web3.0

In the early web2 era, there were isolated social graphs for each social application, but people quickly got tired of registering and redeclaring friends on every new site. Thus, the optimal solution at that time was to consolidate all the relationships onto one app, i.e. Facebook. As soon as Facebook gained mass adoption and realized the value of the social graph it owned, the company swiftly changed its policy and shut down its API to protect itself from future competition. The initial promise of a shared social graph was broken, and the door to the world's largest social data was closed for good.

To combat this paradigm, CyberConnect aims to empower Web3 social networks to be decentralized, censorship-free, and self-sovereign. CyberConnect is proposing a new decentralized social graph protocol, a web3 infrastructure that is blockchain-agnostic and openly accessible to all. The goal is not to build a one-for-all social network. Instead, CyberConnect welcomes all web3 citizens and dApps to contribute to the protocol, building social networks and Metaverses collaboratively.

As the next stage of web3 begins to take shape, the CyberConnect protocol will offer decentralized options for how data is used and perceived with the following features:

Publicly accessible: the decentralized social graph data will be publicly accessible for all dApps as an add-on feature for developers to leverage user connections to grow beyond their existing user base Self-sovereign: while the social graph data is open to all, only users have full control over their own social graphs (i.e., adding, deleting, and updating the connections) Blockchain-agnostic: instead of tying to a single blockchain, the protocol is created for a multi-blockchain ecosystem to support connections from anywhere Decentralized governance: inspired by Ethereum’s vision, CyberConnect will commit to the ideals of shared security, permissionless systems, and decentralized governance, which will shape the roadmap and development of the protocol Token-incentivized: in order to support the long-term development of the CyberConnect Protocol, CyberConnect will introduce a token-incentivized model in the beginning stage to fairly reward all contributors who help bootstrap the social graph Options for privacy-preserving features: CyberConnect knows some users care about their connection data more than others do, and as such is actively researching the technical solutions for enabling privacy-preserving features in the future Play socially with friends and see your rank in web3 games Using Ceramic to build a decentralized social graph database

At the heart of CyberConnect is a tamper-proof data structure that efficiently facilitates the creation, update, query and verification of user-centric data. Long-term data retention on CyberConnect is guaranteed through Ceramic’s blockchain anchoring and a custom data pinning service.

Multi-account identity

CyberConnect also uses Ceramic and the platform's 3ID DID method to ensure that users are authenticated and authorized to write data streams. The 3ID DID handles secure key rotation (different from blockchain private key) so that users are not at risk of losing their transactional private key and thus access to all their corresponding social data. 3ID DID also supports cross-chain, multi-wallet use cases so that users can connect accounts into a seamless identity structure, ensuring CyberConnect is future proof.

Identity index for composability

CyberConnect also uses IDX, Ceramic's identity protocol, for easy user data indexing and integration with other protocols and applications. IDX provides a unified interface for application developers to query data within an user's namespace, both within and outside of CyberConnect.

Universal social graph index

CyberConnect also sources and curates social graph data from platforms including Foundation, Rarible, and even web2 platforms such as Twitter. The aggregation of all this data creates a rich and unique user experience. For example, imagine a social platform that is able to provide every user with an automatically generated "suggested user list" based on who they have bought NFTs from historically, who they've transacted with (sent/received tokens or NFTs), and who they follow on other platforms like Rarible and Twitter. This is dramatically different from most new social platforms being created in today's centralized architecture, in which you start from scratch at every opportunity.

CyberConnect also indexes higher dimensional network data, which allows it to generate new connection suggestions based on existing social graphs. This curation and indexing aims to combine both the user-owned publicly accessible social graph with other off-chain data from across web2 and web3 applications.

Get content recommendations based on a personal social graph

This universal social graph index is exposed to application developers through an API gateway. Developers can easily build a new "instagram for NFTs" without worrying about building and managing the corresponding database to store contact lists and follows. As such, CyberConnect accelerates time to value for application developers, allowing them to focus on content curation and recommendation algorithms based on the social graph data. Similarly, developers can focus on game experience instead of social components, using CyberConnect to import existing friends lists, similar to Steam.

What's Next for CyberConnect

Beyond the CyberConnect Protocol, the CyberConnect team has also recently announced CyberChat, a trustless, decentralized chat app that helps round out the social ecosystem for web3. CyberChat enables users to log in with a blockchain wallet, create their user profile based on on-chain data, and frictionlessly send chat messages while interacting with the blockchain. With CyberChat, decentralized projects and DAOs can now manage their communities on a crypto-native basis.

For more information, read the official white paper on the CyberConnect website. Follow the team on Twitter or join their communities in Discord & Telegram to stay up-to-date!

Website | Twitter | Discord | GitHub | Documentation | Blog | IDX Identity


Commercio

Commercio.Network will participate in the Cosmoverse Conference

Commercio.Network will participate in the Cosmoverse Conference, on the topic of Blockchain to be held in Lisbon, Portugal on 5th and 6th November 2021. https://cosmoverse.org/ Commercio.network, one of Europe’s most innovative Blockchain companies is focused on three crucial topics of Digital Transformation for companies, namely:  – e-Identity: Identity management respecting privacy with Sel

Commercio.Network will participate in the Cosmoverse Conference, on the topic of Blockchain to be held in Lisbon, Portugal on 5th and 6th November 2021.

https://cosmoverse.org/

Commercio.network, one of Europe’s most innovative Blockchain companies is focused on three crucial topics of Digital Transformation for companies, namely:

 – e-Identity: Identity management respecting privacy with Self sovereign identity through the Blockchain.

 – e-Signature: The management of advanced electronic signatures by the Blockchain

 – e-Delivery: The certified delivery of documents and proof of their existence via the Blockchain.

Co-founder Enrico Talin of Commercio.Network, which is one of the sponsors of this important event, will give a presentation, in person, on the main topic of commercio.network, the S.S.I. (Self Sovereign Identity): the huge potential market related to the theme of privacy by design.

Another topic that will be covered by Enrico Talin are NFTs (Non-fungible Tokens – digital representation of valuable physical assets) and he will explain the relationship with EIDAS regulations and the new MiCA (Markets in Crypto Assets Regulation).

L'articolo Commercio.Network will participate in the Cosmoverse Conference sembra essere il primo su commercio.network.


MyData

MyData, my climate, and my carbon

With COP26 taking place this week, governments, companies, and individuals are discussing how we can all reduce our carbon emissions. The task is monumental, and technology has an important role to play – both in reducing its own carbon footprint and in helping the wider world track and reduce their emissions.  Keeping to 1.5 degrees will... Read More The post MyData, my climate,

With COP26 taking place this week, governments, companies, and individuals are discussing how we can all reduce our carbon emissions. The task is monumental, and technology has an important role to play – both in reducing its own carbon footprint and in helping the wider world track and reduce their emissions.  Keeping to 1.5 degrees will...

Read More

The post MyData, my climate, and my carbon appeared first on MyData.org.

Friday, 29. October 2021

DIF Blog

A DIF & ToIP joint Statement of Support for the Decentralized Identifiers (DIDs) v1.0 specification becoming a W3C Standard.

This move has the potential to unlock new opportunities for our digital lives.

This statement was co-written by DIF and ToIP, it can also be read at ToIP’s blog here.

On 3rd August 2021, the World Wide Web Consortium (W3C) proposed advancing the Decentralized Identifiers (DIDs) v1.0 specification to their W3C Recommendation stage, the ultimate level of the W3C standards process, which indicates that the specification as currently defined is technically sound, mature and ready for adoption. This includes the expectation that this will allow for widespread implementation, as well as further development and ongoing evaluation, paving the way for future versions.

Collectively, the memberships of the Decentralized Identity Foundation (DIF) and the Trust Over IP (ToIP) Foundation represent over 350 companies globally who are committed to the development and implementation of decentralized identity and trust infrastructure. Many of these organizations have contributed directly or indirectly to the W3C DID 1.0 specification for one simple reason: the DID layer of cryptographically verifiable identifiers is foundational to the common infrastructure we are building together and on top of; therefore, this spec is an integral part of DIF’s and ToIP’s shared vision for an empowered, secure and interoperable future, and in line with W3C TAG Ethical Web Principles.

As such, DIF and ToIP support the Decentralized Identifiers (DIDs) 1.0 specification becoming an official W3C Recommendation. DID 1.0 represents the efforts of over thirty active W3C Working Group contributors over the past two years— on top of contributions from dozens of others in the W3C Credentials Community Group and its predecessors for several years before that. This is a significant milestone in the digital identity sector. Having common ground for development, particularly in terms of interoperability, allows work to continue with renewed energy and focus. It also mitigates the risk of shifting goalposts, which seriously hinders long-term development, investment, and widespread adoption.

DIDs are a critical part of a technical foundation for the products and activities of many of our members. Many of the implementations in the DID Working Group’s implementation report were developed by engineers and companies who collaborate openly at DIF on points of technical interoperability, and at ToIP on points of policy and governance. DIF also hosts the Universal Resolver, a community project which puts practical intra-DID method interoperability into practice by co-developing a “translation engine” for diverse DIDs with contributions from DIF members and non-members alike. Similarly, other DIF efforts like the DID Communications protocol and the Presentation Exchange protocol and ToIP efforts like the ToIP Trust Registry Protocol serve to align a broad range of implementations and ecosystems already building on these standards, laying the groundwork for robust interoperability across ecosystems and diverse families of technologies.

This specification is the result of half a decade of sustained, broad-based, dedicated work on the part of W3C, DIF, and ToIP members. We acknowledge also the work done by numerous, forward-thinking organizations who have already built working implementations using the provisional specification, thereby laying the foundations of new infrastructures for “identity data”. We believe DIDs will change the course of digital identity by building in better user controls, portability, and interoperability at the lowest possible level, while also offering increased security and simplicity for implementers and service providers. This advancement unlocks new opportunities for our digital lives, and we look forward to leveraging DIDs and other technologies developed in the community to champion a new class of user-first, self-owned digital identity systems.

Signed,

Decentralized Identity Foundation (DIF) & Trust over IP Foundation (ToIP)

October, 2021


Digital ID for Canadians

Spotlight on Nuance

1. What is the mission and vision of Nuance? Nuance’s mission is to facilitate fast, easy, secure access to the services that people depend upon.…

1. What is the mission and vision of Nuance?

Nuance’s mission is to facilitate fast, easy, secure access to the services that people depend upon. When a person contacts a company or government agency, they should be able to quickly verify themselves with minimal work on their part. They should also know that their identity is safe and that the company or agency that they’re engaging with is using the latest technology to detect and stop fraudsters. Nuance promotes an accessible, biometrics-based approach to authentication in which a person’s voice acts as a central, lifelong credential that frees them to use whichever device or channel they want. Where other biometric modalities like fingerprint sensors and face scanning require a person to have access to a particular device, voice biometrics can be enrolled and then authenticated against in any channel. Therefore, by adding voice biometrics to their digital identity, governments and enterprises can ensure that they are offering a secure, accessible to everyone, including vulnerable and less technology-savvy clients. A biometrics-based approach also enables organizations to stop digital identity fraud at the source—the actual fraudster—by detecting fraudsters no matter the device or identity they hide behind. And it helps law enforcement agencies identify and prosecute organized fraud groups to protect their citizens from identity theft and related crimes.

2. Why is trustworthy digital identity critical for existing and emerging markets?

Both corporate and government entities need to trust that the person they’re interacting with is actually who they claim to be; likewise, people need a convenient, accessible way to prove their identity to governments and companies. A trusted digital identity, based on principles of accessibility and universality, is key to facilitating these interactions.

Furthermore, as people increasingly prioritize data privacy and security, governments and companies should embrace these principles in kind. By adopting strong, state-of-the-art authentication and fraud prevention technologies like voice biometrics, enterprises and government services can demonstrate to their clients that they share these values.

3. How will digital identity transform the Canadian and global economy? How does your organization address challenges associated with this transformation?

Digital identity will enhance privacy protection by enabling new ways to share specific identity attributes without having to share an identity in its entirety. Digital identity will also increase accessibility to critical services: pairing a person’s digital identity with their biometrics will allow that person to receive services without requiring a security factor that they may not have access to, such as a smartphone or physical identity card.

Nuance enables secure, accessible digital identity that goes beyond the simple digitalization of government IDs by providing technology to append biometric voiceprints to identities, as well as behaviourprints and “conversationprints”.

4. What role does Canada have to play as a leader in this space?

Through DIACC, Canada is taking the lead in adopting a secure, accessible digital identity framework that will facilitate the interoperability of digital ID standards and approaches between provinces. Further, in establishing leadership in developing such a framework, Canada will play a key role in developing a digital identity that can be used outsides of its national borders. By adopting biometrics as part of its strong digital identity framework, Canada can demonstrate the importance of making digital identity fully accessible to everyone.

5. Why did your organization join the DIACC?

It’s time to transform national identities, but digitization is only one step: digital identity initiatives must aim to provide better services with fewer barriers even while proactively moving against abuse from fraudsters who have amassed the valuable personal information of millions of citizens over the past decade. Enriching digital identities with other data including biometric factors is critical to increasing access to services for more vulnerable populations and to fighting fraud more effectively.

Nuance has more than 20 years’ experience helping banks, telecommunication providers, insurance companies and governments deliver better services and fight back against ever-evolving fraud threats. We’re very excited to share our expertise and collaborate with other organizations to accelerate the adoption of secure, accessible digital identities across Canada and around the world.

6. What else should we know about your organization?

Nuance is a global leader in biometric authentication and fraud prevention, helping governments and enterprises deliver better services and fight back against ever-evolving fraud threats. Our Gatekeeper biometric security solution reduces friction and increases trust in every interaction across voice and digital channels while helping fraud teams prevent, detect, and investigate more fraud. Over 500 organizations have enrolled over 600 million biometric prints through our solutions, securing over 8 billion customer engagements and preventing more than $2 billion in fraud losses annually.


Oasis Open

Invitation to comment on Energy Interoperation Common Transactive Services (CTS) v1.0

Common Transactive Services (CTS) permits energy consumers and producers to interact through energy markets by simplifying actor interaction with any market. The post Invitation to comment on Energy Interoperation Common Transactive Services (CTS) v1.0 appeared first on OASIS Open.

First public review ends December 1st

OASIS and the OASIS Energy Interoperation TC are pleased to announce that Energy Interoperation Common Transactive Services (CTS) v1.0 is now available for public review and comment. This is its first public review.

Common Transactive Services (CTS) permits energy consumers and producers to interact through energy markets by simplifying actor interaction with any market. CTS is a streamlined and simplified profile of the OASIS Energy Interoperation (EI) specification, which describes an information and communication model to coordinate the exchange of energy between any two Parties that consume or supply energy, such as energy suppliers and customers, markets and service providers.

The documents and related files are available here:

Energy Interoperation Common Transactive Services (CTS) Version 1.0
Committee Specification Draft 01
29 October 2021

PDF (Authoritative):
https://docs.oasis-open.org/energyinterop/ei-cts/v1.0/csd01/ei-cts-v1.0-csd01.pdf
Editable source:
https://docs.oasis-open.org/energyinterop/ei-cts/v1.0/csd01/ei-cts-v1.0-csd01.docx
HTML:
https://docs.oasis-open.org/energyinterop/ei-cts/v1.0/csd01/ei-cts-v1.0-csd01.html

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/energyinterop/ei-cts/v1.0/csd01/ei-cts-v1.0-csd01.zip

A public review metadata record documenting this and any previous public reviews is available at:
https://docs.oasis-open.org/energyinterop/ei-cts/v1.0/csd01/ei-cts-v1.0-csd01-public-review-metadata.html

How to Provide Feedback

OASIS and the Energy Interoperation TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of our technical work.

The public review starts 29 October 2021 at 00:00 UTC and ends 01 December 2021 at 23:59 UTC.

The TC requests that comments should cite the line numbers from the PDF formatted version for clarity.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC’s “Send A Comment” page (https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=energyinterop).

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
https://lists.oasis-open.org/archives/energyinterop-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the Energy Interoperation TC can be found at the TC’s public home page:
https://www.oasis-open.org/committees/energyinterop/

Additional references

[1] https://www.oasis-open.org/policies-guidelines/ipr

[2] https://www.oasis-open.org/committees/energyinterop/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#RF-on-Limited-Mode
RF on Limited Terms Mode

The post Invitation to comment on Energy Interoperation Common Transactive Services (CTS) v1.0 appeared first on OASIS Open.


Trust over IP

A DIF & ToIP joint Statement of Support for the Decentralized Identifiers (DIDs) v1.0 specification becoming a W3C Standard

This statement was co-written by DIF and ToIP. On 3rd August 2021, the World Wide Web Consortium proposed advancing the Decentralized Identifiers (DIDs) v1.0 specification to their W3C Recommendation stage,... The post A DIF & ToIP joint Statement of Support for the Decentralized Identifiers (DIDs) v1.0 specification becoming a W3C Standard appeared first on Trust Over IP.

This statement was co-written by DIF and ToIP.

On 3rd August 2021, the World Wide Web Consortium proposed advancing the Decentralized Identifiers (DIDs) v1.0 specification to their W3C Recommendation stage, the ultimate level of the W3C standards process, which indicates that the specification as currently defined is technically sound, mature and ready for adoption. This includes the expectation that this will allow for widespread implementation, as well as further development and ongoing evaluation, paving the way for future versions.

Collectively, the memberships of the Decentralized Identity Foundation (DIF) and the Trust Over IP (ToIP) Foundation represent over 350 companies globally who are committed to the development and implementation of decentralized identity and trust infrastructure. Many of these organizations have contributed directly or indirectly to the W3C DID 1.0 specification for one simple reason: the DID layer of cryptographically verifiable identifiers is foundational to the common infrastructure we are building together and on top of; therefore, this spec is an integral part of DIF’s and ToIP’s shared vision for an empowered, secure and interoperable future, and in line with W3C TAG Ethical Web Principles.

As such, DIF and ToIP support the Decentralized Identifiers (DIDs) 1.0 specification becoming an official W3C Recommendation. DID 1.0 represents the efforts of over thirty active W3C Working Group contributors over the past two years— on top of contributions from dozens of others in the W3C Credentials Community Group and its predecessors for several years before that. This is a significant milestone in the digital identity sector. Having common ground for development, particularly in terms of interoperability, allows work to continue with renewed energy and focus. It also mitigates the risk of shifting goalposts, which seriously hinders long-term development, investment, and widespread adoption. 

DIDs are a critical part of a technical foundation for the products and activities of many of our members. Many of the implementations in the DID Working Group’s implementation report were developed by engineers and companies who collaborate openly at DIF on points of technical interoperability, and at ToIP on points of policy and governance. DIF also hosts the Universal Resolver, a community project which puts practical intra-DID method interoperability into practice by co-developing a “translation engine” for diverse DIDs with contributions from DIF members and non-members alike. Similarly, other DIF efforts like the DID Communications protocol and the Presentation Exchange protocol and ToIP efforts like the ToIP Trust Registry Protocol serve to align a broad range of implementations and ecosystems already building on these standards, laying the groundwork for robust interoperability across ecosystems and diverse families of technologies.

This specification is the result of half a decade of sustained, broad-based, dedicated work on the part of W3C, DIF, and ToIP members. We acknowledge also the work done by numerous, forward-thinking organizations who have already built working implementations using the provisional specification, thereby laying the foundations of new infrastructures for “identity data”. We believe DIDs will change the course of digital identity by building in better user controls, portability and interoperability at the lowest possible level, while also offering increased security and simplicity for implementers and service providers. This advancement unlocks new opportunities for our digital lives, and we look forward to leveraging DIDs and other technologies developed in the community to champion a new class of user-first, self-owned digital identity systems.

Signed,

DIF & ToIP 

October, 2021

The post A DIF & ToIP joint Statement of Support for the Decentralized Identifiers (DIDs) v1.0 specification becoming a W3C Standard appeared first on Trust Over IP.


Own Your Data Weekly Digest

MyData Weekly Digest for October 29th, 2021

Read in this week's digest about: 16 posts, 2 Tools
Read in this week's digest about: 16 posts, 2 Tools

Thursday, 28. October 2021

MyData

Event: MYDATA OPERATOR AWARDS 2021

The MyData Operator Award recognises personal data companies that have shown leadership by providing human-centric solutions that empower individuals to manage their personal data. The MyData Operator Awards 2021 will be handed out at MyData in the Netherlands on 17 November. 16.30:  Welcome address by MyData Global Chair, Antti “Jogi” Poikola  16.45: Keynote presentation (TBC)... R

The MyData Operator Award recognises personal data companies that have shown leadership by providing human-centric solutions that empower individuals to manage their personal data. The MyData Operator Awards 2021 will be handed out at MyData in the Netherlands on 17 November. 16.30:  Welcome address by MyData Global Chair, Antti “Jogi” Poikola  16.45: Keynote presentation (TBC)...

Read More

The post Event: MYDATA OPERATOR AWARDS 2021 appeared first on MyData.org.


MyData and the European Union’s latest data developments

The European Union (EU) is a global regulatory powerhouse in the data rights space, with the General Data Protection Regulation (GDPR) being the most well known example. The upcoming Data Governance Act may be the next globally influential, data-related regulation benefiting citizens at home and abroad. In this blog, MyData Chair, Antti “Jogi” Poikola explains... Read More The post MyData a

The European Union (EU) is a global regulatory powerhouse in the data rights space, with the General Data Protection Regulation (GDPR) being the most well known example. The upcoming Data Governance Act may be the next globally influential, data-related regulation benefiting citizens at home and abroad. In this blog, MyData Chair, Antti “Jogi” Poikola explains...

Read More

The post MyData and the European Union’s latest data developments appeared first on MyData.org.


Blockchain Commons

2021 Q3 Blockchain Commons Report

Q3, 2021 saw Blockchain Commons projects that spanned the spectrum from our first security review through continued reference releases, new translations, and the expansion of our specification work into standards and laws. Our major work included: Reference Libraries: Released Security Review for SSKR Reference Apps: Released SeedTool 1.1 and 1.2 Released Minor QR Tool Updates Bitcoin Utilities: Up

Q3, 2021 saw Blockchain Commons projects that spanned the spectrum from our first security review through continued reference releases, new translations, and the expansion of our specification work into standards and laws.

Our major work included:

Reference Libraries:

Released Security Review for SSKR

Reference Apps:

Released SeedTool 1.1 and 1.2 Released Minor QR Tool Updates

Bitcoin Utilities:

Updated Bitcoin Standup Scripts Released Gordian Server 1.0.0

Learning Resources:

Finished Portuguese & Spanish Translations of Learning Bitcoin Released New SSKR Docs

Looking to the Future:

Supported the Standardization of DIDs Initiated Discussion of Principal Authority Testified in Wyoming & Elsewhere

Looking to the Future:

Began Investigations of Ethereum Finalized Our Second Intern Program Read More Reference Libraries

Some of our most important work at Blockchain Commons is on specifications that improve the interoperability and resilience of cryptocurrency wallets. Our reference libraries allow developers to incorporate those specifications into their own code.

SSKR Security Review. However, there’s one more thing required before our libraries can be used in production releases: security reviews. Our vision is that third-party developers using our libraries will work with us to contract a security review from a third-party. They can take advantage of all the libraries already reviewed, and then they can increase that selection with a review of their own. Our sustaining sponsor, Bitmark, began that process this quarter by arranging a security review for our bc-shamir and bc-sskr libraries through Radically Open Security (ROS).

The folks at ROS tested our software and noted potential security problems. We then worked with them to close all issues that we felt were a priority. Because Blockchain Commons is dedicated to transparency, we have published the review and our response, which includes a listing of issues that we resolved, as well as those we did not (and why). Thanks to this review, we feel that the bc-shamir and bc-sskr libraries are the first of our reference libraries ready for production deployment.

Project Nayuki Port. We also released a minor new utility library, a port of the Project Nayuki QR library into Swift as QRCodeGenerator. We’d discovered that Apple’s native iOS QR generation is inefficient for QR codes where individual segments require different optimization. Nayuki does the right thing, by individually optimizing each segment, so we ported it over as a replacement for the native Apple libraries, for use in our own code and by other developers.

Reference Apps

Our reference apps provide exemplar use of our specifications (and libraries).

SeedTool Updates. The release of Seedtool was one of our big events in Q2. In Q3 we’ve continued that work through two notable upgrades, releasing 1.1 in July, 1.2 in August, and 1.2.1 in September. Some of the biggest updates included arbitrary key derivation, preset SSKR schemes, and developer functions that make it easier to test out QR & UR-based requests and responses. We also added our first Ethereum support, through the ability to derive Ethereum private keys and addresses from your stored seeds. Our updated SeedTool Manual describes all of the latest functionality.

QRTool Updates. Seedtool wasn’t the only reference app to get attention; QRTool also received some minor updates in July, though those largely took the form of minor bug fixes. Updating QR Tool to use the Project Nayuki library port will be our next big update for QR Tool, sometime in the future.

Bitcoin Utilities

Other utilities make it easier to use Bitcoin and other blockchain and crypto-technology.

Bitcoin Standup Updates. Bitcoin Standup was one of Blockchain Commons’ first releases. It automates the installation of a secure Bitcoin Core setup on a Debian Linux device or virtual machine . However, Bitcoin Core is always changing, requiring occasional updates. Our newest version of Bitcoin Standup, 0.8.0, updates the scripts to work well with Bitcoin Core 22.0 (which made some changes to its code signing).

However, Bitcoin Standup 0.8.0 does more than that. We’ve always imagined Standup as an engine that can install a wide variety of cryptocurrency and blockchain applications, and the new version of Standup offers the opportunity for the first such addition: cypherpunkpay, an easy and accessible server for receiving Bitcoin payments. This addition, though just a starting point, was one of the Human Rights Foundation (HRF) projects initiated by our 2021 interns, to offer cyryptocurrency support for activists.

Gordian Server Officially Released. Our Gordian Server project took Bitcoin Standup as a jumping-off point and offered the same ability to easily install Bitcoin Core on the more accessible macOS UI. Like Bitcoin Standup it’s intended as the heart of a self-sovereign setup, where you can control both your wallet and your server. We released Gordian Server in some preliminary versions in 2020, but we’ve now polished it to improve its stability and ease of use, and have released it as the Feature-Complete 1.0.0. Like our newest Standup release, this version of Gordian Server has also been updated to work correctly with Bitcoin Core 22.0.

Learning Resources

One of Blockchain Commons’ goals has always been to improve the developmental understanding of Bitcoin. We also extend that goal to our own releases by working to make our specifications as accessible as possible.

Learning Bitcoin Translations. Our popular Learning Bitcoin from the Command Line course has brought numerous developers into the industry. We’re thus thrilled to offer complete translations in Portuguese and Spanish. This enormous amount of work was the product of a number of volunteers, some of whom were also working with us as interns, which means that the HRF should again be thanked for their support. We hope that these translations will help bring Bitcoin development to the Spanish- and Portuguese-speaking world, which seems particularly important given El Salvador’s recent move to Bitcoin as a currency. (Learning Bitcoin also enjoyed quite a few minor edits as a result of the translations, as well as updates to include i2p and some recent revisions, resulting in our release of version 2.1; we’ve also got plans for 3.0.)

New SSKR Docs. Shamir’s Secret Sharing is a critical element of #SmartCustody in today’s digital-assets world, which is why our SSKR library received our first security review. We’ve also been expanding our docs to talk more about how and why to use secret sharing (and why not to). Our newest SSKR docs include Designing SSKR Share Scenarios, which discusses many models for sharing (including all of the default scenarios now found in SeedTool), and SSKR Dangers, which talks about why we ultimately prefer multisigs to secret-sharing.

Building to Specifications & Laws

Specifications and supportive references are the first steps in bringing new ideas to the industry. To reach their fullest potential, those ideas eventually have to become something more …

DID Standardization. The DID specification, which is currently a 1.0 candidate recommendation for an international standard, is our next big technical step forward for self-sovereign identity. Unfortunately, big centralized companies such as Apple and Google have taken notice and unsurprisingly raised complaints. We’ve offered some support with language and with championing the hard work already done, though the heavy lifting continues to be done by the editors, including Drummond Reed, Manu Sporny, Amy Guy, and Markus Sabadello.

Principal Authority. Many specifications and standards need legal support to reach their fullest potential. Our work in Wyoming has resulted in the state legislature arriving at a legal definition of digital identity that centers on the concept of principal authority. This quarter, we released a paper on how principal authority defines self-sovereign identity, and what the next steps are. (We also presented the paper and testified about it to the Wyoming legislature.)

eResidency & Other Testimony. Overall, we’ve been thrilled to be working with Wyoming, creating some of the first and best laws for supporting blockchains, cryptocurrency, digital identity, and digital companies. In a recent presentation, we urged them to leverage the infrastructure they’ve created into an eResidency program that can extend these benefits to companies worldwide. In other testimony for Wyoming, North Dakota, Texas, and the Netherlands we have provided support new laws for DAOs, updates to GDPR regulations and have advised how to avoid vendor lock-in and future-proof technology.

Other Future Expansions

Finally, we’re also looking to the future in other ways.

Ethereum Expansion. As noted, we’ve expanded Gordian SeedTool to support Ethereum key derivations. We’ve also been experimenting with selling some self-sovereign-identity NFTs to raise funds for Blockchain Commons. Generally, this all demonstrates our goal of bringing many of our philosophies, architectures, and models to the Ethereum blockchain. In particular, we believe that #SmartCustody, and especially SSKR, could help Ethereum, which has a lot of its own challenges for responsible key management, such as the lack of true multisig. If you’d like to support our expansion into Ethereum, please become a sponsor and let us know why you did (or watch for upcoming NFT auctions!).

Second Intern Program. Finally, we’ve just completed our second summer’s intern program, and we’re thrilled to have another batch of interns who we helped to introduce to the world of blockchain development and who in turn helped us push forward projects such as our Learning Bitcoin translations and revisions. They also: produced a secure development setup guide and a pseudonymity guide that offered more support for activists and HRF; developed a mori-cli program for leaving behind your digital assets; worked on creating a stable version of Esplora; and more. Some of our 2021 interns have already gone on to other paid work in the field; we’re looking forward to seeing what they create next!

Thank you, as always, for your interest in Blockchain Commons and the improvement of the entire blockchain field. If you like what we’re doing, we again encourage you to become a Github sponsor so that we can continue forward with our work of making the industry independent, private, interoperable, and resilient!

Wednesday, 27. October 2021

Digital Identity NZ

The emerging framework of digital identity in NZ

All the latest news from the Digital Identity New Zealand community The post The emerging framework of digital identity in NZ appeared first on Digital Identity New Zealand.

As I write my first newsletter to you as Digital Identity New Zealand’s Executive Director, I’m acutely aware that I am familiarising myself with the controls as I operate them. Michael left large shoes to fill, so my feet will have to grow! I’ve been away from Aotearoa a while, so it’s good to be back and appreciate the progress being made. In my time away, I was privileged to lead an international digital identity industry organisation; one of the very few that operate a digital identity trust framework. So, you’ll understand how excited I was to arrive back in time to see the Digital Identity Trust Framework Bill progress through Parliament to its current Select Committee stage.
 
I look forward to joining you on that journey and bringing some learnings from my previous gig along too. I expect it to be DINZ’s key focus these next few months. Stakeholder collaboration is the key to success in the case of Trust Frameworks, so you can be sure that I’ll be looking for opportunities where DINZ can play a role.
 
I would also like to remind the community that nominations for the DINZ Executive Council are currently open. All member organisations can nominate a representative. Please help shape both the history and future direction of Aotearoa’s Digital Identity sector by submitting your nomination using the online form. The deadline for nominations is 5pm Thursday 28 October. Online elections will follow, and the new Council will be announced at our Annual Meeting on Thursday 2 December. If you are a member and would like to attend the Annual Meeting please register beforehand.
 
As many of you will be aware, the Digital Identity Trust Framework (DISTF) Bill was introduced to Parliament, has had its First Reading and the Select Committee is now accepting public submissions. This is great news and something that industry in general has encouraged and now welcomes. There is no better time to join and get involved in Digital Identity New Zealand to help shape this piece of the country’s tech history.
 
To that end, DINZ received a request from the Department of Internal Affairs to circulate to its primary member contacts some information about the Select Committee schedule and process. DINZ duly did so on October 15th and now wishes to share that with the wider community. Have your say on the Digital Identity Services Trust Framework Bill by making a submission before 2 December 2021.

Ngā mihi,

Colin Wallis
Executive Director

To receive our full newsletter including additional industry updates and information, subscribe now

The post The emerging framework of digital identity in NZ appeared first on Digital Identity New Zealand.

Tuesday, 26. October 2021

Kantara Initiative

Adams Named Kantara Initiative Identity Assurance Framework Program Manager

RICHMOND, VA. – October 2021 – Kantara Initiative, Inc., has announced the hiring of Lynzie Adams as manager of its Trust Framework Operations Program (TFOP). Kantara is a leading global consortium improving trustworthy use of identity and personal data through innovation, standardization and good practice. “There is a growing global market demand for independently assessed Trust Mark se

RICHMOND, VA. – October 2021 – Kantara Initiative, Inc., has announced the hiring of Lynzie Adams as manager of its Trust Framework Operations Program (TFOP). Kantara is a leading global consortium improving trustworthy use of identity and personal data through innovation, standardization and good practice. “There is a growing global market demand for independently assessed Trust Mark services for digital identity,” said Kay Chopard, Executive Director at Kantara. “A Kantara Trust Mark provides business and public sector customers with confidence that the digital identity solutions they procure have been assessed and been found conformant to a set of Kantara-defined criteria specific to…

The post Adams Named Kantara Initiative Identity Assurance Framework Program Manager appeared first on Kantara Initiative.


SelfKey Foundation

SelfKey Wallet Now Featured on Yada Wallets

We’re happy to announce that SelfKey Wallet is now featured on Yada Wallets. The post SelfKey Wallet Now Featured on Yada Wallets appeared first on SelfKey.

We’re happy to announce that SelfKey Wallet is now featured on Yada Wallets.

The post SelfKey Wallet Now Featured on Yada Wallets appeared first on SelfKey.

Monday, 25. October 2021

Digital ID for Canadians

DIACC Industry Survey

The intent of this DIACC Industry Survey is to identify any pain points Canadian industries have that prevent the use of trusted Digital Identity frameworks. Target audience…

The intent of this DIACC Industry Survey is to identify any pain points Canadian industries have that prevent the use of trusted Digital Identity frameworks. Target audience for this survey includes those from both the public and private sectors who are at least somewhat familiar with the concepts of Digital ID as well as any current regulatory enablers and barriers to digital identity growth.

This survey was created in the Summer of 2021 with the support and input of DIACC’s Outreach Expert Committee members and should take approximately 10 minutes to complete. Responses to this survey will help inform the DIACC membership and the Digital ID community on how to bring Digital ID concepts to the forefront, leading to possible proof of concepts in order to dispel what may be potential myths related to Digital ID. Reports will be generated and published semi-regularly summarizing responses and the types of findings received.

This survey is available in both English and French.

Survey close date: February 28, 2022

Access the survey.


We Are Open co-op

Keep Badges Weird…

at the Badge Summit Our session description for the Badge Summit Clay Shirky wrote: “Communications tools don’t get socially interesting until they get technologically boring.” Ten years on, badges have become mainstream, and we’re thinking around how we can continue to innovate with badges. We’ve been working with Participate on a project lovingly titled “Keep Badges Weird”.
at the Badge Summit Our session description for the Badge Summit

Clay Shirky wrote:

“Communications tools don’t get socially interesting until they get technologically boring.”

Ten years on, badges have become mainstream, and we’re thinking around how we can continue to innovate with badges. We’ve been working with Participate on a project lovingly titled “Keep Badges Weird”.

Keep Badges Weird is a social learning approach revolving around Open Badges (“badges”) in Communities of Practice (“CoP”). This week, at the 2021 Badge Summit, we are “officially” launching the project with a participatory session. We’ll give a brief overview of the project, and then invite people to explore what recognition inside of a CoP looks like.

Community Content

Our aim is to help people learn about both badges as well as how CoPs have activities that provide value to others. Our “CoP Curious” course explores value cycles and our “Badge Curious” course goes through the ins and outs of open badges and digital credentialing.

Although the theory and practice of badges and CoPs play central roles in our community content, it is the people who join a community who shape that community’s culture and direction. We’re excited to discover how this experiment breeds new value for social learners of all stripes. We’re eager to learn how we can support someone who is trying to get an organisation to start thinking about upskilling in a non-traditional way. We’re hopeful that we can deliver a better understanding of how CoPs actually function while showing how badges can work to build trust through recognition.

Thinking about Community of Practice Value Cycles as gears. Image CC BY-ND Laura Hilliger of WAO Landscapes of Practice

As many other CoPs exist on Participate’s platform, it feels like an excellent place to Keep Badges Weird and see how recognition can motivate and encourage people in what are called “Landscapes of Practice” (LoP).

“[I]n landscapes, practitioners actively find their way through a complex geography of local practices, and by doing so they gradually discover which practices matter to them the most as social spaces for developing their competence.” (Wenger-Trayner et al., 2014)

Participants can contribute by:

Participating — in more than one community Creating — something of value to others Reflecting — on what they have learned

There are loads of other communities on the Participate platform — from communities organised around teaching the Sustainable Development Goals to communities looking at project based learning, game design or improving remote learning offerings. We will use a LoP approach to help learners create intersections and pathways to other communities that might be of interest to them.

And of course the Badges
“Motivation and peer and self assessment are great reasons to put badges into practice.” Dr. Wayne Gibbons
Badge Design for Participate’s Keep Badges Weird CoP, CC-BY-ND by Bryan Mathers of WAO

We have a new suite of badges to encourage participation, create value for others, and reflect on that experience. Participants will be able to both earn AND award badges, so they’ll have a chance to prove that they’ve understood the theory surrounding CoPs and badges as well as put those theories into practice.

We’ve made the community discoverable on the Participate platform, and you can already join the learning experience. You can also come meet We Are Open and Participate collaborators at the Badge Summit this Wednesday! With your feedback, we will continue to iterate this learning experience for all the other CoP-curious folk and Badge Champions out there.

Keep Badges Weird… was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.


Trust over IP

Engaging with the Ontario Digital Identity Program

We recently had the honor to host a presentation from our Canadian counterparts in Ontario about their technology roadmap for their Digital Identity (ID) program. The aim of their program... The post Engaging with the Ontario Digital Identity Program appeared first on Trust Over IP.

We recently had the honor to host a presentation from our Canadian counterparts in Ontario about their technology roadmap for their Digital Identity (ID) program.

The aim of their program is to “make accessing online and in-person services simpler, safer and more secure”, and they’re aiming to introduce Digital ID later this year.

They’ve been busy since their announcement in October 2020, hosting roundtable discussions with large market participants, surveying and consulting with the public and small-to-medium businesses, developing a tech roadmap to get questions and input from private-sector partners, and publishing the technical tools they’re going to leverage.

Ontario’s simplified version of how Digital ID will work. Read more on their website.

The recent presentation to the ToIP Foundation was to further their goal of aligning and interoperating with the broader market for digital identity. They recognize the importance of market engagement, technology standards, and of partnering with the private sector in building a digital identity ecosystem. Ultimately, all this will help drive end user adoption and the delivery of value.

The presentation covered:

A summary of findings from government-led public consultations on digital identity An overview of Ontario’s Digital ID technology roadmap, and discussions about the technology stacks and infrastructure Ontario’s proposed conceptual model for digital identity, and the principles that inform it

The presentation emphasized how the Government of Ontario’s digital identity strategy and roadmap is building upon the ToIP dual-stack model. It was exciting and gratifying to see a major public sector organization contributing to a digital identity ecosystem based on the interoperable open standards that are the heart of our efforts here at the ToIP Foundation. Equally, we hope that Ontario will benefit through exposure of their efforts to our worldwide presence—and further inspire others to adopt decentralized digital trust infrastructure.

If you are not yet a member of the Trust Over IP Foundation and wish to participate in future state-of-the-art member briefings such as this one, we encourage you to read more about membership.

The post Engaging with the Ontario Digital Identity Program appeared first on Trust Over IP.

Friday, 22. October 2021

Digital ID for Canadians

DIACC Women in Identity: Chandra Rink

DIACC is hosting a series of spotlights showcasing our amazing female DIACC members in the digital identity space, noting the importance of diversity. These spotlights…

DIACC is hosting a series of spotlights showcasing our amazing female DIACC members in the digital identity space, noting the importance of diversity. These spotlights will be regularly socialized through DIACC’s LinkedIn and Twitter channels as well as our monthly member newsletters.

If you’re a DIACC member and would like us to feature your spotlight, contact us today to learn more!

What has your career journey looked like?

I started my career overseeing, managing, and growing small companies and pivoted into applied technology when I joined the Data team within ATB four years ago. Since then, I have moved to work within ATB Ventures alongside other strategists and technologists to deliver long-term high-value concepts as the Head of Product. I am particularly passionate about the safe and secure utilization of data within emerging technologies and creating experiences that people love. A recent career highlight for me was becoming a patent-pending author on the ATB Ventures’ Turing Box invention, a responsible AI framework.

When you were 20 years old, what was your dream job and why?

I think when I was 20, I dreamt of making the world a better place – in that regard, little has changed. Today, I think about it through the lens of business models, product development, and value creation. Then, I probably thought about it through the lens of art and poetry – neither more important than the other, but I was particularly better at the one I formed a career around.


As a female leader, what has been the most significant barrier in your career?

I have worked with some incredible mentors and leaders but the most significant barrier that I’ve experienced – and so many of the women I work with experience – is having a confidence level match your level of expertise. Confidence and capability are not opposing forces, but they don’t always mature at the same rate; if you’re able to surround yourself with mentors who provide you clear reflection on your capabilities, eventually your confidence will enable you versus create barriers for you.

How do you balance work and life responsibilities?

I am someone who enjoys to think and enjoys to reflect, because of that, I am (generally) quite clear on what drives me, what brings me purpose, what ‘fills my cup’ – and perhaps more importantly: what doesn’t. Balancing work and life responsibilities for me means creating time for the parts of life and work that bring me purpose; I fundamentally believe that anyone who thinks they have this completely figured out is either lying or a super human – I, and my work-life balance, are a continuous work in progress. But I listen to myself, to my body, I create time to reflect – to think – and it generally keeps me in a mental model in which I can do my best, within and outside of work.

How can more women be encouraged to pursue careers in the digital ID/tech space?

The women I have been grateful enough to learn from, across life and work, have all seemed to have the great ability of seeing the system (the forest through the trees) – which is where digital identity is going to become powerful. Platforms and Technology-Driven business models are not just about the tech – they’re about the system by which they operate: the customers, the market, the technology – the system. I have been lucky enough to be surrounded by mentors who helped me see my place in this system – not because I am a woman, but because I have the skills to move the world of digital identity forward alongside a diverse group of peers.

What are some strategies you have learned to help women achieve a more prominent role in their organizations?

The recent data I’ve read about imposter syndrome in women was discouraging – and unfortunately results in detracted career growth. In order to overcome this, figure out a way to build confidence in your own ability (i.e., a sandbox opportunity so that you can try/scale/ fail/ grow without any risk of failure). Do something once and the data point is there to say that you can do it again. It is also important to build community and support so that you know even if you do fail, you know that peers have your back. Intentionally build bridges through developing cross functional leadership. And – perhaps most importantly – remember that everyone feels it, to some degree – they’ve just learned skills to rise above it, and so will you.

What will be the biggest challenge for the generation of women behind you?

The biggest challenge for the generation coming up behind me will be balancing digital and physical personas (versus the work-life balance my generation is currently tackling). As the pandemic and technology increasingly push the world toward globalization, opportunities for access and career evolution will become increasingly democratized, but it will also increase our time spent across exclusively-digital channels, creating potential risks of further segregation between our physical-selves and our online(digital)-selves.   

I would imagine that generations coming up behind us will laugh at our inability to manage work-life-balance (as organizations continue to pursue greater online-working norms); they will be attempting to strike a far more difficult balance between their online-persona versus in-person-persona.

What advice would you give to young women entering the field?

Find someone to mentor. If you learn how to write and communicate through written language – you can articulate strategy & operations – if you can learn how to speak and communicate through inspiration and storytelling – you can become a leader; and if you can do both: you will be unstoppable. Being able to mentor someone will help refine your communication, articulate your position as a leader, and mitigate any imposter syndrome. Practice and posture – the more you do something (show up as a leader, mentor, speaker, etc.), the more real it will become.

Chandra Rink is the Director, Product (Innovation & Strategy) at ATB Financial.

Follow Chandra on LinkedIn



Elastos Foundation

Elastos Bi-Weekly Update – 22 October 2021

...

CU Ledger

Bonifii increases financial inclusion with GlobaliD digital wallet and Indicio Network

Bonifii increases financial inclusion with GlobaliD digital wallet and Indicio Network Privacy-preserving credential helps onramp underbanked to traditional banking services Denver, CO — (October 25, 2021) — Bonifii, the financial industry’s first verifiable exchange network for financial cooperatives, today announced the Bonifii credential, a decentralized digital identity that provides underserv

Bonifii increases financial inclusion with GlobaliD digital wallet and Indicio Network

Privacy-preserving credential helps onramp underbanked to traditional banking services

Denver, CO — (October 25, 2021) — Bonifii, the financial industry’s first verifiable exchange network for financial cooperatives, today announced the Bonifii credential, a decentralized digital identity that provides underserved individuals with access to traditional banking services in a way that maximizes their privacy and security. Bonifii created the digital credential in partnership with GlobaliD, a trust platform and digital wallet. The credential is underpinned by the Indicio Network, a global network built on Hyperledger Indy for decentralized digital identity using distributed ledger technology (DLT).

The Bonifii credential transforms the way new accounts are created by streamlining the delivery of information needed to open an account at a traditional financial institution. By enabling an end-to-end digital online application process, the credential offers a secure and meaningful entry point into accounts with financial institutions for millions of underbanked people, giving them a pathway to achieving financial stability.

“Now, financial institutions that use the Bonifii credential can achieve higher levels of assurance than traditional application methods. The identity of the account applicant can be verified from a variety of attributes that create trust and assurance,” said John Ainsworth, CEO and President of Bonifii. “This type of digitally verifiable KYC reduces fraud, increases financial inclusion, and provides friction-free interactions between account holders and financial institutions.”

The FDIC reported in 2019 that over 12 percent of Hispanic households, nearly 14 percent of Black households, and over 16 percent of American Indian/Alaska Native households in the U.S. don’t have access to a mainstream checking account. The FDIC also reports that while these figures have been trending downward, the number of unbanked households will likely increase in the aftermath of the ongoing Covid-19 pandemic.

“Real financial inclusion will only be possible with fraud-resistant mechanisms that can adapt to peoples’ real-life situations and economic activities,” said Ainsworth. “Bonifii combines the availability of the GlobaliD wallet and services that run on the publicly available Indicio Network to ensure secure, privacy-preserving, scalable access to millions of underbanked people. This combination of technology also minimizes the risk of illicit activity, reduces the widespread problem of fraud, and simplifies the challenge of compliance within the U.S. financial system.”

“Our partnership with Bonifii and Indicio is about the three i’s—inclusion, innovation, and interoperability,” said Greg Kidd, co-founder and CEO of GlobaliD. “With a simple, universal credential, anyone can now access traditional financial services—all of which is powered by a fundamentally self-sovereign solution.”

Bonifii chose to partner with GlobaliD due to their deep experience in secure, private, portable, digital identity and payments, their experience with the Indicio Network, and their existing use of digital money transaction platform Uphold. Uphold also relies on GlobaliD to sign up and login their customers. In turn, Uphold provides GlobaliD users an easy way to hold assets, send funds to other GlobaliD users, and spend money against their GlobaliD wallet.

“Access to traditional banking services will transform the lives of millions of people. The Bonifii credential will help people currently without the traditional paper documents required to open an account and, at the same time, provide financial institutions with enhanced protection from fraud,” said Heather Dahl, CEO, Indico. “Indicio is committed to further supporting deployments that enable financial inclusion and protect customers’ privacy and institutions from fraud. Our mission is to enable innovators, like Bonifii and GlobalID, to create trusted data ecosystems to help improve the world.”

For more information about the Bonifii credential visit https://bonifii.com

###

About Bonifii – https://bonifii.com

Denver-based Bonifii is the financial industry’s first verifiable exchange network designed to enable trusted digital transactions using open standards and best-of-breed security technologies. Bonifii empowers credit unions to change the way they interact with their members by enabling a seamless user experience in every financial transaction through a secure, private, trusted and transparent resolution of the entities’ identity. To learn more about Bonifii, visit www.bonifii.com, email us at sales@memberpass.com or follow the company on the Bonifii blog, LinkedIn or Twitter.

About GlobalID – https://global.id

GlobaliD is a trust platform that seamlessly integrates digital identity, communications, and payments — the core building blocks for the next chapter of the internet. Unlike existing offerings, GlobaliD’s open, portable, and interoperable solutions put individuals back in control of their digital lives rather than governments or corporations, while allowing developers and businesses to easily take part in building the future. GlobaliD has offices in the U.S. and Europe and its digital identity framework has been recognized by the World Economic Forum and the Brookings Institute.

About Indicio – https://indicio.tech/

Indicio provides development and hosting for Trusted Data Ecosystems. Enterprise, consumer, and mobile applications run on the Indicio Network and use its comprehensive ecosystem of software to issue, verify, and exchange verifiable digital credentials. The company develops, runs, and hosts multiple networks using the latest in Hyperledger Indy network monitoring tools and resources. It led the creation of Cardea, a complete architecture for verifiable and secure health records for Linux Foundation Public Health and runs comprehensive instructor-led educational training workshops. These power a growing ecosystem that solves fundamental problems in online verification, identity, privacy, and zero trust security.

Media contact Information
Julie Esser, SVP Client Engagement
jesser@memberpass.com

608.217.0678

The post Bonifii increases financial inclusion with GlobaliD digital wallet and Indicio Network appeared first on Bonifii.


Own Your Data Weekly Digest

MyData Weekly Digest for October 22nd, 2021

Read in this week's digest about: 14 posts, 2 questions
Read in this week's digest about: 14 posts, 2 questions

Thursday, 21. October 2021

EdgeSecure

Executive Director, New Jersey Esports Innovation Center

Location: Atlantic City, New Jersey Position Summary The Executive Director will be responsible for launching and growing the New Jersey Esports Innovation Center in Atlantic City, a new membership-based nonprofit... The post Executive Director, New Jersey Esports Innovation Center appeared first on NJEdge Inc.

Location: Atlantic City, New Jersey

Position Summary
The Executive Director will be responsible for launching and growing the New Jersey Esports Innovation Center in Atlantic City, a new membership-based nonprofit focused on research/development and innovation to advance New Jersey’s position as a leader in the burgeoning esports industry. The Center’s initial work will concentrate on five areas: catalyzing collaborative technology innovation; supporting workforce development and education in the esports industry; positioning New Jersey and Atlantic City as esports leaders; promoting best practices for regulating wagering and ensuring integrity in esports; and advocating for diversity, inclusion, and healthy gaming practices as essential components of esports culture. The Center will connect relevant corporate, investment, academic, nonprofit, and government stakeholders within the industry and be a locus for developing Atlantic City as a hub for esports competition, research, innovation, and wagering. The Executive Director will form and evolve relationships with key partners, identifying ways to respond to industry needs and strengthen New Jersey’s esports ecosystem. The Executive Director will report to the Center’s Board of Trustees.

Remote work may be necessary at least through 2021 and will be possible at least part-time going forward. Some travel to conferences, meetings, and industry events will be required (mostly within New Jersey with some out-of-state domestic travel).

Core Responsibilities

Develop and maintain strong relationships with existing Center members Connect with esports industry stakeholders within and outside New Jersey to grow the Center’s membership and impact Serve as public facing advocate for the esports industry in New Jersey Establish and mature mutually beneficial relationships with key partners, identifying ways to grow and strengthen the esports industry in New Jersey Identify and pursue funding opportunities and potential sponsors for the Center Lead day-to-day management of Center operations, supervise staff, and delegate tasks as necessary Develop and execute portfolio of Center programming activities to include workforce development programming (job training workshops, internship program, etc.), industry panels, seminars, product demonstrations, coding challenges, and conferences or other thought leadership events Organize quarterly Industry Advisory Board (IAB) and Nonprofit Advisory Board (NAB) meetings; Present options to IAB and NAB for members to vote on funding decisions, including research grants Report to Board of Trustees, IAB, and NAB on Center activities, achievements, and challenges; prepare annual report for members and public Undertake strategic planning process to define medium- and long-term goals for the Center Provide input to the New Jersey Division of Gaming Enforcement and the Esports Integrity Coalition on shaping regulatory and integrity rule sets to govern wagering on esports events and competitions in New Jersey.

Qualifications Required

Bachelor’s degree or equivalent experience, and 7+ years of experience in technology, gaming, and/or entertainment, including at least 2 years of management experience Strong stakeholder engagement skills; able to work closely with others across private industry, academia, and government Familiarity with esports industry Excellent communication, interpersonal, and organizational skills Flexible and adaptable to changing landscape

Qualifications Preferred

Previous experience leading an innovation-focused organization Strong understanding of technology needs and challenges in esports industry and/or esports wagering Previous experience in business development and/or identifying funding opportunities Master’s in Business Administration or other relevant graduate degree

Conditions
Employment with the Center is contingent on passing a background check, disclosing current and former business relationships with and/or investments in esports-associated organizations, and verifying no competing interests with the mission of the Center.

Compensation and Benefits
$80,000-$100,000, based on qualifications

Apply [contact-form-7]

The post Executive Director, New Jersey Esports Innovation Center appeared first on NJEdge Inc.


Energy Web

API access security for DApps

Any web developer knows the drill: In order to access an API, you need an API-Key. This is true for e.g. Google Maps (or any other service) and has been copied by more decentralized services like The Graph Protocol. As the application developer, it is your responsibility to create an API Key which grants access to the service and allows assigning the queries to your account. The pictur
Any web developer knows the drill: In order to access an API, you need an API-Key.

This is true for e.g. Google Maps (or any other service) and has been copied by more decentralized services like The Graph Protocol. As the application developer, it is your responsibility to create an API Key which grants access to the service and allows assigning the queries to your account.

The picture below shows the process: The browser makes a request to the application server, which in turn calls the API with an API-Key.

browser to app server to API server

This authorization scheme works really well in the scenario in which there is an application server. What about DApps?

The difference with DApps

A Decentralized Application (DApp) typically has no application server. The logic is all on the client and the data is in some distributed storage system like a blockchain or IPFS. This is great in theory, but as most users do not have an IPFS node or an RPC node running locally on their computer, it is difficult for them to use such applications without some services being involved (e.g. Infura, Alchemy, Quiknode).

The typical setup then looks something like this:

API key is stored in the browser

This of course is a problem for the application developer who has paid for the account to which the API key belongs. As any user of the DApp has to get access to the API Key, some users might be mischievous and misuse the access rights to the service.

Replacing API Key with Authentication

A more secure mechanism is to replace the API Key with user authentication. Each user has to send a login token to the API Service, which uniquely identifies them and allows the API Server to make sure only authorized users can access the service.

This could be achieved with public-facing services like Azure Active Directory or AWS IAM (collectively IAM System or IAMS) but it is cumbersome and requires a separate configuration for each API Service and IAMS. By default, nobody has access to your User Directory, and that is the way you want to keep it. So in order for an API Service to use your IAMS tenant you would need to configure it especially for this.

There is no way, in a centralized IAMS, to create a setup in which an API service is granted access to all IAMS tenants without their explicit consent.

Decentralizing the authorization system

That is where a decentralized IAMS (e.g. Switchboard) comes into play. In a decentralized IAMS, the user information is not stored on the server, so there is no need to give the API Server access to anything; the information is held by the users themselves in the form of verifiable credentials.

The role definitions or access rights are saved in publicly accessible, censorship-resistant storage. The most important part is that the definitions must be signed by one of the delegated authorities. When a definition is read, it must be possible to tell if it is genuine or not.

In such a scheme, the API access would look like this:

the request contains a bearer token instead of an API key

The browser attaches a claim to the header of the request; which the API server can verify in the roles' definition database. In the current implementation of Switchboard, the role definitions are stored on the Energy Web Chain in the Energy Name Services (ENS) smart contracts.

The advantages to the developer

From a developer’s perspective, this is great news. They can control who accesses the API services they’re paying for and even set different access levels for paying customers and visitors.

While many API services already allow setting different access levels per API Key, there is no way for the developer to control if there are any malicious users among the user base. It is pretty trivial for a malicious developer to extract API Keys from a DAPP and reuse them for their own profit.

This might not be a problem yet because there are very few real DAPPs and among those even fewer are popular enough to be the target of an attack, but this will change with the growing adoption of blockchain and other decentralized systems.

Conclusion

If you are a developer and want to write a DApp because you believe in decentralization or simply because you find the serverless concept really cool, then you probably are using API-Keys in your front-end. If this is the case, then you should consider the security risk the publication of the API-Key in your front end represents and ask yourself if it would make sense to switch to a user authentication scheme.

API access security for DApps was originally published in Energy Web Insights on Medium, where people are continuing the conversation by highlighting and responding to this story.


MyData

Hub spotlight: MyData Japan – Promoting ethical approaches to personal data

MyData Global supports the 30 hubs based around the world to implement the MyData Declaration. In turn, hubs help grow the global MyData movement by hosting events and carrying out activities, such as lobbying governments and companies to be more ethical in their approach to personal data management. This update focuses on MyData Japan efforts... Read More The post Hub spotlight: MyData Jap

MyData Global supports the 30 hubs based around the world to implement the MyData Declaration. In turn, hubs help grow the global MyData movement by hosting events and carrying out activities, such as lobbying governments and companies to be more ethical in their approach to personal data management. This update focuses on MyData Japan efforts...

Read More

The post Hub spotlight: MyData Japan – Promoting ethical approaches to personal data appeared first on MyData.org.

Wednesday, 20. October 2021

Digital ID for Canadians

DIACC’s Digital ID & Me Podcasts

DIACC’s Digital ID & Me podcasts aims to demystify the who, what, where, and why of Digital Identity with a global perspective through a Canadian…

DIACC’s Digital ID & Me podcasts aims to demystify the who, what, where, and why of Digital Identity with a global perspective through a Canadian lens and to bring awareness to interested individuals and organizations on the society changing benefits and challenges of Digital Identity. We discuss Digital Identity concepts, current events with experts, and sometimes read interesting articles.

Our podcasts are available on various listening platforms so be sure subscribe and follow!

Podcastics Apple Podcasts Spotify Amazon Music Deezer Stitcher

GLEIF

\#4 in the Financial Inclusion Interview Series – How globally recognized digital business identities could change Zimbabwe’s economy for good, with Munyaradzi Kamhozo from NMB Bank Limited

All around the world, small and medium sized enterprises (SMEs) lack the legal documentation that can prove who they are to banks, service providers and other businesses. As a result, millions are struggling to access trade finance and create partnerships, particularly in developing economies. Following the launch of GLEIF’s digital business identity initiative designed to bridge this trade fin

All around the world, small and medium sized enterprises (SMEs) lack the legal documentation that can prove who they are to banks, service providers and other businesses. As a result, millions are struggling to access trade finance and create partnerships, particularly in developing economies.

Following the launch of GLEIF’s digital business identity initiative designed to bridge this trade finance gap in Africa, we’re catching up with our key partners to hear their thoughts on how the project will bring about greater financial inclusion for SMEs on the continent and beyond.

Munyaradzi Kamhozo is Account Relationship Manager at NMB Bank Limited, a registered commercial bank based in Zimbabwe.

NMB Bank’s role in this initiative is to act as the Validation Agent, working with the London Stock Exchange Group (LSEG) as the Local Operating Unit (LOU), to issue SME clients with globally recognized digital business identities. Project partners GLEIF, Cornerstone Advisory Plus and Cenfri supported NMB Bank Limited to complete the required qualification process.

The LEI presents a significant opportunity to help close the current trade financing gap and support more SMEs to engage in international and domestic trade. NMB Bank Limited saw that potential, which drew them to the Validation Agent role, supporting its key objectives to create a market leading proposition for its SME client base, foster greater financial inclusion in the region and support the growth and formalization of the Zimbabwean economy.

How could this LEI initiative improve domestic and international trade out of Zimbabwe?

Most Zimbabwean SMEs rely on an international supply of raw materials. At least 80% of our SME customers engage with international suppliers on a regular basis. Currently, however, if an SME in Zimbabwe completes a telegraphic transfer to a supplier based in Europe, the correspondent bank will have to validate the identity of the Zimbabwean business and, without an established form of legal identity, this process can take up to a month.

The LEI initiative will help by building trust in both the global financial ecosystem and in key supplier relationships. Using an LEI can significantly reduce the time correspondent banks take to validate the identity of the SME, ensuring that they can quickly access key supplies without building up excessive interest on local currency loans which, for SMEs in Zimbabwe, range from 40 per cent to 60 per cent per annum depending on the financial institution.

The benefits of the LEI also apply to Zimbabwean exports. By obtaining an LEI, SMEs can increase their international visibility and credibility with new overseas clients. All buyers must screen new suppliers to validate that they are who they say they are. With an LEI, this process will be faster and simpler than ever before. This will help to create new opportunities for our exporters, enabling them to foster new markets and grow domestic and international trade.

How is the LEI initiative helping NMB Bank compete and/or differentiate itself in the financial services marketplace?

One of the principal benefits of being a Validation Agent is that NMB Bank is now able to offer an entirely new service to our SME clients which allows them to save significant time when partaking in international transactions and opens opportunities to access trade finance, something which none of our competitors can offer currently. Addressing these key pain points will help us grow our client base and deliver an attractive proposition to SME customers.

From a compliance perspective, becoming a Validation Agent meant NMB Bank also had to undertake a comprehensive training program to get us up to speed with GLEIF’s regulatory standards. This has allowed us to realign our internal processes with an international standard of best practice. We can now set the standard for due diligence processes in the region.

By supporting SMEs as part of the Validation Agent role, NMB Bank is also actively supporting the Reserve Bank of Zimbabwe’s National Financial Inclusion strategy, which aims to increase financial and economic inclusivity in the country.

What long-term potential do you see in the LEI initiative, both for banks and SMEs in Zimbabwe?

Zimbabwe, like many African countries, has a sizeable ‘informal economy’. It is estimated that around 80.8% of those employed in sub-Saharan Africa work within the informal sector. Unfortunately, this means businesses operating in this sector lack the credentials necessary to grow and often find themselves losing money when undertaking cross-border transactions. In the long term, we can see the LEI helping to formalize our economy. With a globally standardized identifier, our businesses can prove their legitimacy and engage in regulated trade, leading to the generation of more money for the businesses and their employees.

We also believe that the LEI will have long term impacts on access to trade finance. SMEs currently struggle to access finance as they are perceived as ‘too risky’ by international lenders. As a result, the current trade finance gap in African stands at $81 billion. When we apply for credit lines for our SME clients with an LEI, the screening process undertaken by the Development Finance Institutions to identify the applicant will be much simpler, meaning SMEs can access more trade finance, faster than ever before. This will also allow many businesses to be freed from the control of loan sharks as more legitimate lines of credit become available to them.

For banks, in particular, the LEI initiative will help to streamline onboarding processes. By adopting the role of Validation Agent, banks can provide a faster and more efficient experience for new clients by handling the LEI issuance process internally. Banks will also benefit from a simplified approach to establishing automated beneficial ownership systems, in line with Zimbabwe’s national project to do so. This means the initiative will contribute significantly to supporting Anti-Money Laundering and Counter-Financing of Terrorism.

What kind of change in Zimbabwe would you like to see result from broad LEI adoption among SMEs?

Overall, we want to see accelerated financial inclusion in line with Zimbabwe’s National Inclusion Strategy. Broad adoption of the LEI is a big step towards achieving this.

The formalization of Zimbabwe’s economy as a result of LEI adoption will not only benefit banks and SMEs, but the entire population. At an international level, a formal economy means more taxes are paid, which, in turn, means our government can invest more into key infrastructure projects to support the growth of the nation, improving the standard of living for all.

We’d also like to see a change in the perception of Zimbabwe in international markets. Our national mantra is ‘open for business’. We want to be seen in this way. Currently, we are seen as a risky market in the eyes of international lenders, banks and suppliers. The LEI presents an opportunity to help us overturn this perception. If the world knows who you are, the opportunities will flow in.


OpenID

Notice of Vote for Third Implementer’s Draft of OpenID Connect Federation Specification

The official voting period will be between Wednesday, November 3, 2021 and Wednesday, November 10, 2021, following the 45 day review of the specification. For the convenience of members, voting will actually open on Wednesday, October 27, 2021 for members who have completed their reviews by then, with the voting period still ending on Wednesday, […] The post Notice of Vote for Third Implementer’s

The official voting period will be between Wednesday, November 3, 2021 and Wednesday, November 10, 2021, following the 45 day review of the specification. For the convenience of members, voting will actually open on Wednesday, October 27, 2021 for members who have completed their reviews by then, with the voting period still ending on Wednesday, November 10, 2021.

The OpenID Connect Working Group page is https://openid.net/wg/connect/. If you’re not already a member, or if your membership has expired, please consider joining to participate in the approval vote. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration.

The vote will be conducted at https://openid.net/foundation/members/polls/256.

– Michael B. Jones, OpenID Foundation Secretary

The post Notice of Vote for Third Implementer’s Draft of OpenID Connect Federation Specification first appeared on OpenID.

Notice of Vote for Third Implementer’s Draft of OpenID Connect for Identity Assurance Specification

The official voting period will be between Wednesday, November 3, 2021 and Wednesday, November 10, 2021, following the 45 day review of the specification. For the convenience of members, voting will actually open on Wednesday, October 27, 2021 for members who have completed their reviews by then, with the voting period still ending on Wednesday, […] The post Notice of Vote for Third Implementer’s

The official voting period will be between Wednesday, November 3, 2021 and Wednesday, November 10, 2021, following the 45 day review of the specification. For the convenience of members, voting will actually open on Wednesday, October 27, 2021 for members who have completed their reviews by then, with the voting period still ending on Wednesday, November 10, 2021.

The eKYC and Identity Assurance Working Group page is https://openid.net/wg/ekyc-ida/. If you’re not already a member, or if your membership has expired, please consider joining to participate in the approval vote. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration.

The vote will be conducted at https://openid.net/foundation/members/polls/251.

– Michael B. Jones, OpenID Foundation Secretary

The post Notice of Vote for Third Implementer’s Draft of OpenID Connect for Identity Assurance Specification first appeared on OpenID.

omidiyar Network

Reimagining Capitalism Series: Rebalancing the Relationship Between Government, Markets, and…

Reimagining Capitalism Series: Rebalancing the Relationship Between Government, Markets, and Communities This post expands on the fourth key pillar for building a new economic paradigm as outlined in Our Call to Reimagine Capitalism. Read the first post in this series, “An Introduction to Ideas, Rules, and Power and How They Shape Our Democracy and Economy” here. By Audrey Stienon, Associat
Reimagining Capitalism Series: Rebalancing the Relationship Between Government, Markets, and Communities This post expands on the fourth key pillar for building a new economic paradigm as outlined in Our Call to Reimagine Capitalism. Read the first post in this series, “An Introduction to Ideas, Rules, and Power and How They Shape Our Democracy and Economy” here.

By Audrey Stienon, Associate, Reimagining Capitalism

Understanding society’s mutual responsibilities within the context of COVID-19

Throughout the course of the pandemic, our lives have changed in ways that would have been nearly unthinkable when the crisis began. We entered lockdowns believing that it would be impossible to sustain such a drastic change to the status quo for more than a few weeks; and yet here we are, a year and a half later, with many of the rituals and requirements of social distancing still in place, having largely adapted to living in this new normal.

Across history, pandemics have been an existential threat to societies precisely because, beyond a staggering death toll, they have the power to strain to the point of collapse the three legs on which, like a stool, society stands: representative governments that set and enforce the rules for how diverse people wish to live together and advance their collective wellbeing; markets that mobilize decentralized incentives to generate and distribute wealth, goods, services, and knowledge across society; and communities that unite people across shared identities and build inclusive spaces where people can find a sense of belonging, support, and meaning.

These three legs are all social constructs that vary in shapes and sizes across countries, but our experience in learning to live with COVID illustrates the key ways in which each is essential to our ability to make it through a crisis like the pandemic. Government coordinated the formal public health response even as publicly funded biomedical research provided the basic building blocks for the vaccines, which the government then distributed across the country. The markets and businesses innovated to meet rapidly changing needs in a socially-distanced world — enabling many employees to work from home, promoting contactless delivery, and even mass-producing necessities like hand sanitizer and ventilators. And communities across the country adopted new norms and behaviors to support and protect the safety of their members.

Even so, the monumental difficulties that we have faced in effectively responding to the pandemic have drawn attention to the challenges undermining the support each leg provides to society. Necessary government coordination was undercut by partisanship, polarization, and ideological self-sabotage. Markets proved to be overly reliant on brittle supply chains and failed to ensure that the immense wealth created by a small subset of companies because of the crisis trickled down to struggling communities. And many communities — driven by a deep mistrust of government, companies, and even other communities in our society — rejected and fought against the adoption of public health precautions to the detriment of us all.

We may yet get through the worst of this public health crisis, but if history is any guide, we are certain to feel the reverberations of COVID long after the threat of the virus has been brought fully under control. If we are to make it to the other side of this challenge with our society still standing as a thriving liberal market democracy, we must shore up and strengthen all three of these legs.

What happens when we saw off two legs of a three-legged stool?

The types of governments, markets, and communities that ideally support democratic societies have much in common. All three are strengthened in environments of vibrant competition — be it competition between political ideologies and policy options, business models and technological innovation, or options for environments where people can build connections and a sense of belonging. This implies that all three thrive when everyone has the right to participate, challenge the status quo, and offer new ideas of how to do things better.

They also all share a common vulnerability to concentrations of power which — as American history and current events can attest — are inevitably used to exclude and stifle competition: unopposed political power will silence opposing views and opinions through tools like voter suppression; monopolistic market power will be used to prevent rivals from threatening profits; community power will be used to erect protectionist barriers — including discrimination, segregation, and outright violence — to avoid having to share community benefits with perceived outsiders.

Since each leg struggles to regulate itself to prevent such corrosive concentrations of power, they are each dependent on the other two to act as checks on power that can protect competition. Representative governments, responsible for securing everyone’s basic and equal rights, can enact and enforce rules against discrimination and monopolies that require communities and markets respectively to remain open to new members and ideas. Competitive markets both create and connect a diverse range of communities and political interest groups who share the common interest of opposing government or community efforts to empower one group over all others. Inclusive community needs and preferences inspire the new ideas of government and markets, and community members have the power as voters, protesters, consumers, investors, and employees to mobilize if the other two pillars fail to meet their demands.

All this implies that the wellbeing of a democratic society — as well as any hope of building a democratic society in which the equal participation of all of its members is truly valued — rests on the collective strength of these three legs. Should any one of them fail, our democracy will begin to crumble.

In recent decades, we have become overly dependent on markets to meet society’s needs. For decades, conservative politicians, economists, and many business leaders sold Americans on the idea that markets were more efficient and less prejudiced than either government or communities. In response, policymakers, business leaders, and a large number of community representatives acted to systematically shift the societal responsibilities of government and communities onto markets by restricting the activities of these two legs. Government capacity to provide public services, earn income through taxes, or regulate was limited, while the distress of communities asking for support and to have their concerns addressed was ignored.

Although markets are remarkable and powerful tools, they will never be capable of single-handedly upholding societal wellbeing — just as no one could hope to sit comfortably on a stool balanced entirely on one leg. Markets will always be shaped by government rules and community norms and values, and — rather than making markets stronger — weakening the other two legs has only engendered a version of markets with few checks to prevent either the concentration of economic power or the use of that power to limit competition from other businesses, political ideologies, or societal norms across all of society. As a result, our country is one in which our markets no longer provide widespread wealth and opportunity and in which neither our restrained government nor economically starved communities have the capacity to provide support or new opportunities to the people that markets have been unable to reach. This has fueled mistrust in markets incapable of delivering the shared prosperity that was promised, in governments unable to respond to the demands of their constituents, and in other distressed communities increasingly seen as competitors for scarce resources and government attention.

As America makes its way out of the pandemic and we prepare ourselves to confront the challenges, like climate change, looming ahead, we must all as individuals, voters, companies, communities, and governments make a concerted effort to strengthen the social foundations on which we stand. This will entail deepening the communal ties that bind us to each other, reinvigorating the governing bodies that allow us to work together towards common goals, and, finally, redesigning our markets so that they generate wealth not for its own sake, but for the sake of increasing the wellbeing of every person in our society.

Finding our balance

To that end, Omidyar Network aims to support organizations working to reimagine and rebalance the responsibilities that government, markets, and communities have in supporting social wellbeing. Driven by a deep appreciation for the importance of of each of these legs, we aim to help develop ideas and expectations about the economic roles each can play to support society; to advance the implementation of new rules that strengthen their capacity to act on these roles; and to invigorate counterweights and checks on concentrations of economic power across them.

(To learn more about how we believe ideas, rules, and power interact to shape our economy and democracy, consider reading the first installment in this series here.)

First, we need a stronger understanding of the respective roles of markets, government, and communities in the economy, as well as insight into how to strengthen their capacity to fulfill these roles after decades of underinvestment and neglect. Rather than having to choose between market or government solutions to their economic challenges, communities must be able to work with government to access and help design market systems that prioritize the wellbeing of the many rather than the few.

We therefore have partnered with a range of organizations developing new ideas on how to design a socially-driven economy built on a more equitable distribution of power across society. Notably, we support the work of Xavier de Souza Briggs, Senior Fellow at the Brookings Institution Metropolitan Policy Program, who is identifying strategies to mobilize stakeholders from across the economy — including civil society, business leaders, worker organizations, and local and federal government agencies — around the common goal of revitalizing struggling metropolitan communities. Similarly, the Roosevelt Institute, for example, is leading on research exploring the consequences of power imbalances between public, community, and market actors, while Demos is working to develop institutions for building community power over economic decisions. Meanwhile, Omidyar Network has created the Community Infrastructure Fund for Mutual Aid, a learning project that aims to explore how to equitably address the socio-economic needs of communities while providing the essential infrastructure for organizations that have stepped up meet these needs where other institutions have failed them.

Second, we aim to revitalize competitive markets grounded by their responsibilities towards stakeholders across society. To this end, we have supported efforts to advocate for changes in the rules governing markets to allow businesses and other market actors to pursue goals beyond just short-term profit maximization. Public Citizen, JUST Capital, and the Value Reporting Foundation, for example, are advocating that government mandate that companies disclose information on environmental, social, and governance (ESG) issues and on their political spending. Such disclosures would make it easier for people who invest in companies, as well as the general public, to hold companies to account for how their activities impact society. Similarly, B Lab, an organization known for certifying businesses that advance a social purpose (B Corp), is advocating for policies to reform rules of corporate governance so that business leaders take a greater range of stakeholders into account when making their decisions. Finally, we continue to invest in organizations working to strengthen regulation that can curb the power of tech platforms, including the American Economic Liberties Project, Open Markets Institute, and the Anti-Monopoly Fund at the Economic Security Project.

Finally, we are working with organizations strengthening the power of stakeholders from across society to influence the role that markets play in society.

One piece of this work involves building the power of communities to influence the shape of markets and the behavior of market actors. Community Change and the Action Center on Race and the Economy (ACRE), for example, are building the power of communities of color to shape economic decisions and move us closer to a more inclusive democracy and economy. Meanwhile, recognizing that working people both constitute their own community and are key members of their own local communities, the California Coalition for Worker Power is mobilizing worker centers, worker advocates, labor policy experts and labor unions to ensure that every worker in California has the power to come together and improve their work conditions and their communities. Finally, Faith in Action, seeks to mobilize faith-based communities to fight against an economy of exclusion and instead create a moral economy based on a new set of values, beliefs, and identities.

The second element of this work entails building the power of stakeholders who can work within markets to hold them accountable to a wider range of social values. For example, organizations such as the Shareholder Commons and Interfaith Center on Corporate Responsibility (ICCR) equip the people and organizations who invest in businesses with the tools to use their power as shareholders to engage with companies on their ESG performance. Similarly, For the Long Term is working to support public fiduciaries and other government entities that invest in markets on behalf of citizens and public sector workers — such as public pension funds or state and municipal treasurers — to more actively pressure companies to behave in ways that serve their beneficiaries and contribute to public wellbeing. Meanwhile, organizations like The Leadership Now Project are engaging directly with business leaders themselves to mobilize their existing power to strengthen American democracy.

For all our failings, America’s response to the COVID pandemic has shown that each of the three legs still has the strength to support our society, even during a destabilizing crisis. That said, we must not take this stability for granted. We celebrate the incredible work of our grantees in this space, and commit to continuing our work to maintain a more balanced system.

Read more:
Pillar Three: Building Counterweights to Power
Pillar Two: Building an Anti-Racist and Inclusive Economy
Pillar One: Grounding Our Economy in a New Ideas and Values
An Introduction to Ideas, Rules, and Power and How They Shape Our Democracy and Economy

Reimagining Capitalism Series: Rebalancing the Relationship Between Government, Markets, and… was originally published in Omidyar Network on Medium, where people are continuing the conversation by highlighting and responding to this story.


Digital ID for Canadians

BC Government’s Verifiable Credential Issuer Kit Proof of Concept Report

The intent of this report is to communicate the project drivers, what the POC demonstrated, the experience and learning of the participants, and how governments…

The intent of this report is to communicate the project drivers, what the POC demonstrated, the experience and learning of the participants, and how governments might proceed to implement digital identity in their own programs. This report uses a narrative approach to summarize the results of this POC. This report provides strategic and operational insights regarding the results of this POC for other government entities that are interested in building a POC or production system using SSI. The report was written based on a set of interviews with people who were part of this initiative. The interviewees subjects included government staff, vendors who responded to the call to collaborate, and observers from within the identity management industry.

Download the paper.

DIACC_BC-Governments-Verifiable-Credential-Issuer-Kit_Proof-of-Concept-Report_ENG


omidiyar Network

In Support of Tech Whistleblowers Who are Holding Tech to Account

In Support of Tech Whistleblowers Who are Holding Tech to Account Digital technology today is more widespread, more convenient, and more ubiquitous than ever before. With a strong Silicon Valley heritage, Omidyar Network recognizes that the promise and the ethos of technology has always been about it being a distributed good, empowering and connecting people all over the world. But as most p

In Support of Tech Whistleblowers Who are Holding Tech to Account

Digital technology today is more widespread, more convenient, and more ubiquitous than ever before. With a strong Silicon Valley heritage, Omidyar Network recognizes that the promise and the ethos of technology has always been about it being a distributed good, empowering and connecting people all over the world. But as most people have experienced first-hand, today’s tech ecosystem is out of balance.

While technology pervades nearly every aspect of our lives, it remains largely unregulated with little oversight. A handful of tech giants wield tremendous, unchecked power, and has chosen repeatedly — in contravention of the original ideals of the tech community — profit over consumer, social, and market health. This outsized market dominance, social, and political power has the potential to threaten our individual freedoms, economies, and democracies.

With little competition, regulation, or other countervailing checks and balances, Big Tech has too much influence. Until recently, these platforms largely avoided meaningful public oversight which has allowed them to do as they wish, often at the expense of consumers, start-ups, and their employees.

Even as Big Tech’s reach has extended further and faster, it has remained largely opaque. We have had a nagging feeling that the harms they cause are known to them — and are far worse than the public could imagine. That has been validated as truth by a series of courageous whistleblowers who have spoken out and delivered evidence of wrongdoing and misconduct. We stand by them as they have put everything on the line to hold these tech giants to account.

For those who are considering blowing the whistle, we know that it is a difficult, and often dangerous and expensive decision. That’s why we supported tech leader and whistleblower, Ifeoma Ozoma, and her many partners in creating The Tech Worker Handbook, a collection of resources for people “who are looking to make more informed decisions about whether to speak out on issues that are in the public interest.”

We are grateful to the brave people who have called out Big Tech for its bad behavior. They are an important part of creating systemic checks and balances for Big Tech. Because of them, policymakers are taking notice and taking action to rein in their excessive power and restore trust and balance in digital markets.

In Support of Tech Whistleblowers Who are Holding Tech to Account was originally published in Omidyar Network on Medium, where people are continuing the conversation by highlighting and responding to this story.


EdgeSecure

Cybersecurity Insurance – Rising Costs and What You Need to Know

The post Cybersecurity Insurance – Rising Costs and What You Need to Know appeared first on NJEdge Inc.

Velocity Network

WORK. podcast with Dror Gurevich, CEO of Velocity Network Foundation

Our CEO, Dror Gurevich joined Open Assembly's WORK. podcast to discuss how Velocity is reinventing how career records and credentials are shared across the labor market. The post WORK. podcast with Dror Gurevich, CEO of Velocity Network Foundation appeared first on Velocity.

Tuesday, 19. October 2021

OpenID

Registration Open for OpenID Foundation Virtual Workshop — Thursday, December 9, 2021

Workshop Overview OpenID Foundation Workshops provide technical insight and influence on current Internet identity standards. Technologists from member organizations will provide updates on all active OpenID Foundation Working Groups as well the OpenID Certification Program. The workshop will also include a session on the GAIN POC with Don Thibeau and Donna Beatty providing updates from […] The p

Workshop Overview

OpenID Foundation Workshops provide technical insight and influence on current Internet identity standards. Technologists from member organizations will provide updates on all active OpenID Foundation Working Groups as well the OpenID Certification Program. The workshop will also include a session on the GAIN POC with Don Thibeau and Donna Beatty providing updates from recent listening sessions and POC next steps.

Please note that the workshop will be recorded and available for playback on the OpenID Foundation website. The Foundation’s Note Well Statement can be found here and is used to govern workshops.

 

Workshop Details
WHEN: Thursday, December 9, 2021 — 9am-12:00pm PT
REGISTRATION REQUIRED: https://www.eventbrite.com/e/openid-foundation-virtual-workshop-tickets-194712519387 


Workshop Agenda

TIME (PT) PRESENTATION PRESENTER 9:00-9:05 Welcome & Introduction Nat Sakimura & Gail Hodges – OIDF 9:05-9:20 Welcoming the Foundation’s Newest Sustaining Members Gail Hodges – OIDF 9:20-9:35 Financial-grade API WG Update Dave Tonge – Moneyhub 9:35-9:50 eKYC-IDA WG Update Mark Haine – Considrd Consulting 9:50-10:05 OpenID Certification Program Update Joseph Heenan – OIDF & Authlete 10:05-10:20 Shared Signals & Events WG Update Atul Tulshibagwale – Google

 

10:20-10:45 GAIN POC Status & Next Steps Torsten Lodderstedt — yes.com & Don Thibeau – OIDF 10:45-11:00 MODRNA (Mobile OpenID Connect Profile) WG Update Bjorn Hjelm – Verizon

 

11:00-11:15 Fast Federation (FastFed) WG Update Tim Cappalli – Microsoft 11:15-11:30 AB/Connect WG Update Michael Jones – Microsoft 11:30-11:35 Enhanced Authentication Protocol (EAP) WG Update 11:35-11:50 Self-issued OpenID Provider (SIOP) Update Kristina Yasuda – Microsoft 11:50-12:00 Open Q&A Session and Closing Remarks Nat Sakimura & Gail Hodges – OIDF

 

 

The post Registration Open for OpenID Foundation Virtual Workshop — Thursday, December 9, 2021 first appeared on OpenID.

Monday, 18. October 2021

MyData

MyData matters: empowering children and families online

The MyData Matters blog series covers the work of thematic groups and emerging themes relevant to the personal data and digital rights space. Thematic groups work on domains or issues where digital rights require particular attention and promote the MyData declaration via their activities and outputs.   At the 2019 MyData conference, the pressing issue of... Read More The post MyD

The MyData Matters blog series covers the work of thematic groups and emerging themes relevant to the personal data and digital rights space. Thematic groups work on domains or issues where digital rights require particular attention and promote the MyData declaration via their activities and outputs.   At the 2019 MyData conference, the pressing issue of...

Read More

The post MyData matters: empowering children and families online appeared first on MyData.org.

Sunday, 17. October 2021

GLEIF

Q3 2021 in review: The LEI in Numbers

The Global LEI Foundation (GLEIF) is proud of its ongoing transparency initiatives. Namely its open approach to providing unrestricted access to the latest LEI data from around the world with the Quarterly LEI System Business Reports, which are made publicly available free of charge. Through this ‘LEI in Numbers’ blog series, GLEIF aims to highlight key data from the latest report, explaining tren

The Global LEI Foundation (GLEIF) is proud of its ongoing transparency initiatives. Namely its open approach to providing unrestricted access to the latest LEI data from around the world with the Quarterly LEI System Business Reports, which are made publicly available free of charge. Through this ‘LEI in Numbers’ blog series, GLEIF aims to highlight key data from the latest report, explaining trends and profiling successes from the global LEI rollout.

The latest report, covering Q3 2021, shows positive growth in the volume of LEIs worldwide. More than 60,000 LEIs were issued in Q3, representing a quarterly growth rate of 3.3%. This steady increase is welcome news as it is common for issuance levels over the summer months to slow. As a result, the total active LEI population is now 1.88 million.

For a further summary of the past quarter’s data, the below infographic contains the key statistics from Q3 2021.

In Q3, Iceland was the largest growth market for LEI issuance, with one of the highest growth rates seen in 2021 (30.8%). This is another significant quarterly increase for Iceland. Between Q1 and Q2, it doubled its growth rate from 9.2% to 19%. This regional growth was driven largely by strong competition among LEI issuers.

Aside from growth in new LEI issuance, renewal rates grew across EU jurisdictions (65.5%, up from 65.0% in Q2) and non-EU jurisdictions (63.0%, up from 62.9% in Q2). The average renewal rate of jurisdictions with more than 1000 LEIs globally remained steady. This consistently high level of LEI issuance and renewals across multiple regions is testament to the maturity of the Global LEI System and its increasingly central role in bringing trust to ecosystems.

In Q3, a new issuer was onboarded into GLEIF’s network of Local Operating Units (LOUs): NordLEI. Previously, NordLEI had been operating as a registration agent in the Nordics before adjusting their status to LOU to actively drive greater LEI adoption across Northern Europe.

For the full report which includes further detail on the status of LEI issuance and growth potential, the level of competition between LEI issuing organizations in the Global LEI System and Level 1 and 2 reference data, please visit the Global LEI System Business Reports page.

If you are interested in reviewing the latest daily LEI data, our Global LEI System Statistics Dashboard contains daily statistics on the total and active number of LEIs issued. This feature now enables any user to review historical data by geography, increasing transparency on the overall progress of the LEI.

For further detail, or to access historical data, please visit the Global LEI System Business Report Archive. We look forward to sharing our progress each quarter as we continue to drive LEI adoption in 2021.

Saturday, 16. October 2021

Kantara Initiative

Trust and interoperability in healthcare identity systems

The view from Kantara’s Executive Director, Kay Chopard Cohen “Often variations in interoperability are not due to technical issues but are caused by deficits in trust between organizations and by anti-competitive behavior that results in patient Electronic Health Information (EHI) [being held in silos].” (Office of the National Coordinator for Health Information Technology; TEFCA Draft 2) As with

The view from Kantara’s Executive Director, Kay Chopard Cohen “Often variations in interoperability are not due to technical issues but are caused by deficits in trust between organizations and by anti-competitive behavior that results in patient Electronic Health Information (EHI) [being held in silos].” (Office of the National Coordinator for Health Information Technology; TEFCA Draft 2) As with many aspects of identity management, the challenges we see in managing electronic health information often emanate from a lack of trust – not from a failure of technical capability. Patients want to know that their personal information is held safely and securely…

The post Trust and interoperability in healthcare identity systems appeared first on Kantara Initiative.

Friday, 15. October 2021

Nyheder fra WAYF

WAYF certificeret efter ISO 27001

WAYF er nu blevet certificeret efter standarden for informationssikkerhed ISO 27001. Det er resultatet af den auditering som DNV gennemførte hos WAYF den 23. september 2021. Language Danish Read more about WAYF certificeret efter ISO 27001

WAYF er nu blevet certificeret efter standarden for informationssikkerhed ISO 27001. Det er resultatet af den auditering som DNV gennemførte hos WAYF den 23. september 2021.

Language Danish Read more about WAYF certificeret efter ISO 27001

Own Your Data Weekly Digest

MyData Weekly Digest for October 15th, 2021

Read in this week's digest about: 16 posts, 4 questions, 1 Tool
Read in this week's digest about: 16 posts, 4 questions, 1 Tool

Thursday, 14. October 2021

aNewGovernance

OKP4 takes on a European dimension by opening an office in Munich

OKP4 takes on a European dimension by opening an office in Munich

While OKP4 is beginning to deploy its first use cases in France, particularly in agriculture and logistics, the company is now opening a German subsidiary in Munich. This is an opportunity for the company, specialized in the creation and animation of Data Spaces, to take on a European dimension that can be very essential when it comes to data issues.

OKP4 has officially launched its German subsidiary in Munich at the beginning of October 2021, in collaboration with SCE Space Cooperative Europe, founding member of aNewGovernance. OKP4 GmbH, the new subsidiary of the young Toulouse-based company, will be able to deploy OKP4’s Data Spaces offerings on the German market, particularly in agriculture and industry.

The creation of this subsidiary was also an opportunity for OKP4 GmbH to welcome Onecub, another founding member of aNewGovernance, into its capital for their expertise in digital identity management and consent management.

OKP4’s goals in Germany are clear: to establish Data Spaces projects within German organizations, but more importantly, to reinforce OKP4’s position as a reference in Europe about governance and Data Spaces management for organizations.

Emmanuel MONDON and Markus HAUSER of SCE seized this opportunity to organize a real learning expedition with interesting meetings such as: Invest in Bavaria (the development agency of the state of Bavaria), The Bayerischer Bauernverband (the Bavarian Farmers’ Union), and innovation consulting structures such as ARTTIC or EURA AG.

The founders of OKP4 GmbH also met with the heads of the TUM World Agricultural Systems Center (Hans Eisenmann-Forum for Agricultural Sciences) to discuss agricultural data sharing ecosystems and to consider academic collaborations in the context of European innovation projects (Eurostars 3 and Horizon Europe).

The European network of actors working on Data Spaces continues to grow and shows a growing dynamic with even more collaborations and more partnerships. Data Spaces are the future!

Contacts:
Emmanuel Aldeguer : +33 6 50 95 28 51 – e.aldeguer@okp4.com
Hiba Ouadghiri : h.ouadghiri@okp4.com

About OKP4
OKP4 is a start-up that develops Data Spaces which are digital commons infrastructures for sharing data. OKP4 creates the optimal conditions for sharing (not exchanging) data and turning it into knowledge by implementing a system for measuring contributions and organizing their remuneration.
More information on: okp4.com

Wednesday, 13. October 2021

DIDAS

DIDAS provides extensive commentary to the target vision for e-ID in Switzerland

Earlier this year a popular vote has rejected a proposed law on electronic identification ( results ).  It was however very clear that a new solution has to be found soon as e-ID can be an important enabler for multiple use-cases and accelerate digitalisation of many daily processes for both the individuals and organisations, if ...

Earlier this year a popular vote has rejected a proposed law on electronic identification ( results ).  It was however very clear that a new solution has to be found soon as e-ID can be an important enabler for multiple use-cases and accelerate digitalisation of many daily processes for both the individuals and organisations, if done correctly.

Federal Department of Justice and Police (FDJP) has started a public consultation, which should inform Federal Council’s upcoming policy decision.  A discussion paper “on the target vision for an e-ID” has been published, which explores a number of different options and approaches to the future of electronic identity.  Self-Sovereign Identity  (SSI) has been highlighted as one of the possible options and a number of questions has been raised.

It was a great opportunity for DIDAS to provide in-depth commentary to the proposed vision and contribute our collective ideas and expertise to help make a well informed decision. Our submission (in German) is available here

So what did we advocate for?

For us, the members of DIDAS, it was crucial to emphasise that the upcoming policy decision will determine the future of digitalisation efforts in Switzerland and, consequently,  its position at  international level. The authors of the discussion paper have proposed 3 “levels of  ambition”:

e-ID ( secure identification option without media discontinuity  – e.g. identity card that can be used in the digital world  + login) e-ID linked to other state-regulated proofs  ( basic electronic identify + cryptographically linked additional attributes – e.g. driver’s license, diploma, COVID certificate, criminal record, etc) Ecosystem of digital proofs  ( e-ID is just one credential, other credentials that are independent of the e-ID are possible, government and private bodies can issue credentials  )

It’s very clear to us that only the Ecosystem of Digital Proofs (Level of Ambition 3) represents the actual ambition that is worth pursuing – creation of a true, future-proof and flexible foundation for digital Switzerland.  To create such an ecosystem it’s important to adopt the right approach ( principles, technology, governance model, etc) and  make sure that the government plays the appropriate role and enables rather than hinders the future growth and success of this ecosystem.

We have made strong argument in favour of focusing on adopting SSI principles and best practices as the foundation for Ambition Level 3.  We highlighted and outlined both the advantages that this will bring ,as well as the open questions that still need to be addressed. E.g. on technology and legislation level.  We know that SSI is not perfect yet, but we need to focus on the rapid progress that is being made ( as well as contribute to it) in order to create solid foundation that will last for years to come rather than make a short term decision in favour of something better understood but not designed for the ownership and privacy of the data, open ecosystems, transparent governance and flexibility.  We are fully convinced that given the timeframe to draft and implement the future legislation we have ample opportunity and time to get it right!

We further argued that the Government will play an important, enabling role for the ecosystem and by adopting SSI can safely focus on the attributes (or verified credentials) that it has historically been providing. Thus facilitating a smooth transition from a paper-based world to  a future, where verifiable data enables new levels of efficiency and flexibility without negatively affecting privacy for both the individuals and organisations.

We are looking forward to the future collaboration with relevant governmental agencies and policy makers that are engaged in decision making process. We’ll continue to explain and promote SSI. Many of our members already implement solutions using SSI principals and technology stack – we happy to provide this expertise to help build the true digital foundation for the future of Swiss Confederation.


CU Ledger

Equifax Launches Digital Identity as a Service

Equifax Launches Digital Identity as a Service Introduces Innovation Partnership with Bonifii as a first adopter of new solutionATLANTA, October 13, 2021— Equifax (NYSE: EFX) today announced the launch of its new Digital Identity as a Service capability as well as an Innovation Partnership with Bonifii as a first adopter of the new solution.“The Equifax [...] The post Equifax Launches Digital Id
Equifax Launches Digital Identity as a Service Introduces Innovation Partnership with Bonifii as a first adopter of new solution

ATLANTA, October 13, 2021— Equifax (NYSE: EFX) today announced the launch of its new Digital Identity as a Service capability as well as an Innovation Partnership with Bonifii as a first adopter of the new solution.

“The Equifax Cloud is helping our partners and customers address the evolving fraud landscape and deliver innovative solutions to today’s market challenges faster than ever before,” said Bryson Koehler, Chief Technology Officer at Equifax. “Businesses worldwide are challenged with detecting increasingly sophisticated fraud attempts, and the cloud enables secure and scalable real-time insights and decisions that simply aren’t possible in a non-cloud environment.”

Equifax Digital Identity as a Service combines data and analytics with modern cryptography to provide a higher degree of trust without sacrificing user experience. Adding Digital Identity as a Service to Bonifii’s MemberPass® will help enable credit unions to more confidently onboard members.

“There’s a common misconception that financial institutions must choose between mitigating fraud risk and acquiring new customers,” said Adam Gunther, Senior Vice President of Global Identity and Fraud at Equifax. “With Digital Identity as a Service it’s possible to achieve both with greater identity assurance through optimized technologies.”

Digital Identity as a Service gives consumers greater control over what information is shared, enhances protections against synthetic identity fraud and third-party account takeover, and strengthens user profiles with differentiated data only Equifax can provide.

Credit unions interact with members across a number of channels, including websites and mobile applications, call centers, ATMs and branch drive-through lanes. MemberPass gives credit unions control over identity authentication while protecting personal data. It assigns members a digital credential that serves as verification for contact center interactions, loan applications and financial transactions.

Bonifii’s technology helps enable trusted peer-to-peer digital interactions among financial institutions, and helps them meet complex data demands while minimizing friction and supporting growth.

“When credit union members authenticate with a MemberPass ID, we want to be certain they are who they say they are,” said Bonifii CEO John Ainsworth. “Working with Equifax will allow MemberPass to help credit unions have the confidence to grow their businesses by saying “Yes” more to good consumers. That is the aspiration of this Innovation Partnership.”

Equifax Digital Identity as a Service gives credit union members more control over their information and will help to facilitate faster and easier user experiences for previously onboarded users. Functionality from Equifax’s suite of identity protection products including Digital Identity Trust, Document Verification and the recently acquired Kount Identity Trust Global Network are incorporated into the new holistic solution.

The Innovation Partnership is an example of technology-driven co-innovation that benefits all parties, particularly consumers. Bonifii will be the first of many organizations to participate.

For more information on Equifax Identity and Fraud Solutions, visit equifax.com. For more information on Bonifii MemberPass, visit bonifii.com.

 

ABOUT BONIFII
Denver-based Bonifii is the financial industry’s first verifiable exchange network designed to enable trusted digital transactions using open standards and best-of-breed and security technologies. Its mission is to provide a premier digital network of peer-to-peer financial exchange for financial cooperatives. The network brings a high degree of assurance to the exchange of value between peers over the Internet and other digital networks and streamlines processes affected by expensive, inefficient, proprietary and siloed systems. For more information, visit Bonifii.com

ABOUT EQUIFAX INC.
At Equifax (NYSE: EFX), we believe knowledge drives progress. As a global data, analytics, and technology company, we play an essential role in the global economy by helping financial institutions, companies, employers, and government agencies make critical decisions with greater confidence. Our unique blend of differentiated data, analytics, and cloud technology drives insights to power decisions to move people forward. Headquartered in Atlanta and supported by more than 12,000 employees worldwide, Equifax operates or has investments in 24 countries in North America, Central and South America, Europe, and the Asia Pacific region. For more information, visit Equifax.com

FOR MORE INFORMATION

Kate Walker for Equifax
mediainquiries@equifax.com

Julie Esser for Bonifii
jesser@memberpass.com

The post Equifax Launches Digital Identity as a Service appeared first on Bonifii.

Tuesday, 12. October 2021

GLEIF

\#3 in the Financial Inclusion Interview Series – The vital role of LEI Issuers in facilitating wider adoption of globally recognized business identities across Africa with Alberta Abbey from LSEG (London Stock Exchange Group)

All around the world, small and medium sized enterprises (SMEs) lack the legal documentation that can prove who they are to banks, service providers and other businesses. As a result, millions are struggling to access trade finance and create partnerships, particularly in developing economies. Following the launch of GLEIF’s digital business identity initiative designed to bridge this trade fin

All around the world, small and medium sized enterprises (SMEs) lack the legal documentation that can prove who they are to banks, service providers and other businesses. As a result, millions are struggling to access trade finance and create partnerships, particularly in developing economies.

Following the launch of GLEIF’s digital business identity initiative designed to bridge this trade finance gap in Africa, we’re catching up with our key partners to hear their thoughts on how the project will bring about greater financial inclusion for SMEs on the continent and beyond.

We spoke with Alberta Abbey, LEI Analyst, Data & Analytics, LSEG to discuss how this initiative will support wider adoption of globally recognized business identities, in the form of Legal Entity Identifiers (LEIs), across Africa and how to encourage more entities across Africa to obtain LEIs.

LSEG performs an important role in the Global LEI System as a LEI Issuer, also known as a Local Operating Unit (LOU). LEI Issuers are accredited by GLEIF to issue LEIs to legal entities, supplying registration, renewal and other services, and acting as the LEI system’s primary interface with legal entities. They also work in cooperation with Validation Agents, a new operational model within the system which allows financial institutions to obtain and maintain LEIs for their clients, to support their issuance workflows.

What was LSEG’s role within this flagship initiative?

As the LEI issuing organisation, we provide training and ongoing support to the African Validation Agent.

Why did you decide to become involved with the initiative?

LSEG joined this initiative to facilitate wider LEI adoption across Africa. By demonstrating the uses and benefits of LEIs, our aim is that this project will encourage more entities across Africa to obtain LEIs. We started the project with a partnership approach, which we intend to continue beyond the pilot.

As the 2nd largest issuer of LEIs globally, this project is a good opportunity to partner with the African agent to make LEIs more easily accessible across the continent.

As the LEI Issuer in the Africa LEI initiative, what benefits does LSEG hope to realize through its participation, for itself and also for the banks and SMEs in the region?

We’re pleased to be working with NMB Bank, which is the Validation Agent. Through the collaboration, we’re providing the platform that gives entities in the region access to obtain LEIs, thereby making their status internationally verifiable through GLEIF.

Monday, 11. October 2021

OpenID

Announcing OpenID Foundation Sessions at the FIDO Member Plenary on Thursday, October 21, 2021

The OpenID Foundation is pleased to be a part of the FIDO Alliance Member Plenary agenda next Thursday, October 21st. The Plenary follows the FIDO Alliance’s Authenticate 2021 Conference that takes place Monday, October 18th through Wednesday, October 20th. Both events are being hosted at the Motif Hotel in Seattle. OpenID Foundation Secretary and Microsoft […] The post Announcing OpenID Foundati

The OpenID Foundation is pleased to be a part of the FIDO Alliance Member Plenary agenda next Thursday, October 21st. The Plenary follows the FIDO Alliance’s Authenticate 2021 Conference that takes place Monday, October 18th through Wednesday, October 20th. Both events are being hosted at the Motif Hotel in Seattle.

OpenID Foundation Secretary and Microsoft Standards Architect, Dr. Michael Jones, will kick things off for the Foundation on Thursday by addressing the full Member Plenary highlighting the linkages between OIDF and FIDO standards followed by introducing the three OIDF breakout sessions that all Plenary participants are welcome to attend.

Please note that virtual attendance for the Plenary and OIDF sessions is free. On the FIDO Authenticate enrollment website, participants who only wish to attend the Plenary and OIDF sessions select “Plenary remote only” and there is no fee.

Fees only apply to attend the Authenticate 2021 Conference remotely or attend in person. OpenID Foundation members please check your inbox as special offers to attend Authenticate and/or the Plenary have been sent.Registration is required to access the virtual participation information and vaccination is required for in person attendance.

OIDF Sessions at FIDO Member Plenary on Thursday, October 21, 2021 Session: Plenary All Member
9:00-10:00 am PT

Presenter: Dr. Michael Jones, Standards Architect at Microsoft and OpenID Foundation Secretary.

Two session objectives:

Explain linkages between FIDO and OIDF standards Introduce 3 OIDF sessions to follow that afternoon, welcome plenary participant attendance.

 

Session: “The Global Assured Identity Network & the OpenID Foundation Proof of Concept: Building an Assured Identity Layer for the Internet”
10:30am-12:00 pm PT open session (all welcome)

Presenters:

Don Thibeau, Non-Executive Director, OpenID Foundation Donna Beatty, Co-Chair GAIN POC, Open ID Foundation

Session Description:

The Globally Assured Identity Network White Paper was extraordinary effort of 150 co authors who proposed a pragmatic approach to the burning business problem of the international interoperability of digital identity. The presenters will describe the follow up to the GAIN initiative and why FIDO Alliance members might be interested. They will introduce the GAIN Proof of Concept (PoC) and global community input to help shape the PoC and maximize benefit for all participants and supporters.

For More Information:

Blog posts announcing GAIN: https://openid.net/2021/09/20/global-assured-identity-network-white-paper/ Blog pot announcing GAIN POC Listening Tour: https://openid.net/2021/09/29/announcing-the-gain-poc-pre-launch-listening-tour/

 

Session: “How to bring Mobile driving licenses to the web & apps”
1:30-3:00 pm PT open session (all welcome)

Presenters:

Kristina Yasuda, Microsoft, Identity Standards Architect David Kelts, Get Group North America, Director of Product

Session Description:

As governments start to issue digital versions of their driving licenses, national IDs and passports, we anticipate demand by relying parties to be able to accept them both in the real world (TSA checkpoints, bars, retailers, & beyond) and on the web and in apps too. How will this work?

We welcome the community to join for a rich discussion to learn about the current landscape and established standards (e.g. ISO 18013-5 and Open ID Connect SIOP), and what we might expect from standards in development like ISO18013-7 and ISO 23220. Where is the line between standards and private company services providing OS services? How can the community facilitate scale adoption, to realize the ecosystem wide benefits more swiftly? We will also discuss the linkages between mobile driving licenses, verifiable credentials, and self sovereign identities, and where they converge and compete.

For More Information:

OpenID Connect Self-Issued Identity Providers v2: https://openid.net/specs/openid-connect-self-issued-v2-1_0.html

 

Session: Introducing Shared Signals & Events: A standard to fight fraud in an interconnected, “API-first” world
5:00-5:45 pm PT open session (all welcome)

Presenters:

Annabelle Backman, Amazon Web Services, Principal Security Engineer Tim Capalli, Microsoft, Digital Identity Standards Architect

Session Description:

Join us to learn about how this new open standard fights fraud, securely and privately, through the sharing of security events, state changes, and other signals between related and/or dependent systems. With this standard you can:

Manage access to resources and enforce access control restrictions across distributed services operating in a dynamic environment. Prevent malicious actors from leveraging compromises of accounts, devices, services, endpoints, or other principals or resources to gain unauthorized access to additional systems or resources. Enable users, administrators, and service providers to coordinate in order to detect and respond to incidents.

For More Information:

Blog post: https://openid.net/2021/08/24/shared-signals-an-open-standard-for-webhooks/ OpenID Foundation Shared Signals and Events Website: https://openid.net/wg/sse/

PLEASE NOTE! The OIDF Shared Signals and Events WG will carry on with a Closed Session (invitation only) from 5:45-6:30pm PT to discuss strategy so a subgroup will stay in the room and on Zoom.

The post Announcing OpenID Foundation Sessions at the FIDO Member Plenary on Thursday, October 21, 2021 first appeared on OpenID.

MyData

Request for proposal for a visual identity refresh for MyData Global

MyData Global is looking for an experienced design agency to refresh its visual identity and logo. MyData Global exists to empower people by putting every person in control of their personal data. Through the MyData Declaration, we steer government and company policy towards the ethical use of personal data. To achieve these aims, we bring... Read More The post Request for proposal for a vi

MyData Global is looking for an experienced design agency to refresh its visual identity and logo. MyData Global exists to empower people by putting every person in control of their personal data. Through the MyData Declaration, we steer government and company policy towards the ethical use of personal data. To achieve these aims, we bring...

Read More

The post Request for proposal for a visual identity refresh for MyData Global appeared first on MyData.org.


Digital Identity NZ

Digital Trust Hui Taumata/summit announced

Digital trust summit a call for action to address Aotearoa’s digital identity challenges. The Digital Trust Hui Taumata/Summit will headline next year’s Techweek22 festival and provide an opportunity for a cross-section of stakeholders to share insights on building a thriving trust economy.  Scheduled for the 19th of May at TSB Auditorium, and with a one-day … Continue reading "Digital Trust
Digital trust summit a call for action to address Aotearoa’s digital identity challenges.

The Digital Trust Hui Taumata/Summit will headline next year’s Techweek22 festival and provide an opportunity for a cross-section of stakeholders to share insights on building a thriving trust economy. 

Scheduled for the 19th of May at TSB Auditorium, and with a one-day programme featuring keynote talks, panels, use cases and roundtable discussions, the Digital Trust Summit is a must-attend event for all those invested in the future of New Zealand’s digital ecosystem.

Personal data is the new currency of the digital economy. Used effectively, this data can deliver benefits for individuals, businesses and government. But as Aotearoa reaches its digital adolescence, pertinent questions remain:

How will identity, security and experience integrate? How can citizens maintain sovereignty over their personal data? What underpins a successful transition toward open finance? How will Te Ao Māori be woven into Aotearoa’s Digital Identity? What are the global opportunities for New Zealand as a ‘trusted digital economy’?

The speed of our digital transformation and the benefits it delivers for society has much to do with trust. That is to say, declining trust in the way personal information is secured, validated and applied will prevent us from realising the collective economic benefits of digital. With an undoubtedly kiwi flavour, the Digital Trust Hui will seek to answer these questions and more with the help of local and international leaders. 

Register your interest here

The post Digital Trust Hui Taumata/summit announced appeared first on Digital Identity New Zealand.

Friday, 08. October 2021

Elastos Foundation

Elastos Bi-Weekly Update – 08 October 2021

...

Own Your Data Weekly Digest

MyData Weekly Digest for October 8th, 2021

Read in this week's digest about: 14 posts, 2 Tools
Read in this week's digest about: 14 posts, 2 Tools

Thursday, 07. October 2021

EdgeSecure

Case Study: Bergen Community College, Professional Development for Online Learning

The post Case Study: Bergen Community College, Professional Development for Online Learning appeared first on NJEdge Inc.

Like many institutions, Bergen Community College (BCC) — a 2-year associate’s degree-granting institution based in Paramus, New Jersey, and the largest community college in the state — faced challenges to its instructional model in response to the COVID-19 pandemic. The transition to online learning represented a shift not only for students, but also for many of the college’s faculty, who had little prior experience teaching online. Following the first year of the pandemic, in which the institution experienced the challenges and opportunities of online learning first hand, instructional leadership identified the need for more structured professional development tailored to online learning delivery. Bolstered by a student survey which indicated the need for more robust, quality online learning experiences and HEERF grant funding, BCC sought a partner to build professional development and student resources.

As a nonprofit technology partner, Edge was uniquely positioned to support BCC’s need for online learning professional development. Edge’s Online Learning & Instructional Technology Acceleration (OLITA) program provides a suite of services, including professional development, designed to rapidly enhance an institution’s ability to deliver online learning. The Edge team, led by Chief Digital Learning Officer Joshua Gaul and Member Account Manager Erin Brink, worked closely with Amarjit Kaur, Managing Director of the Center for Innovation in Teaching and Learning (CITL) at BCC, and the institution’s faculty support team, to develop a professional development roadmap to meet the specific needs of BCC’s faculty.

“Finding a way to develop online teaching expertise for all of our faculty is key,” said Kaur. “While we did have a distance learning mentor program in place and faculty were able to look to them for ad hoc guidance over the last year, there was a need to develop a structured professional development program for remote instruction. We looked to Edge to help us bring all of our faculty up to a baseline on   remote teaching. You cannot survive as an instructor in modern higher education if you don’t have the basic skills to adapt your course to a new modality – whether online, hybrid, hyflex, or other models. We’re preparing our faculty for that reality.”

Institution Summary

Customer Name: Bergen Community College
Main Campus: Paramus
Locations: 3
Number of Students: 12,500+
Number of Faculty/Staff: 1,500+

Rather than a “how-to” guide to use a specific tool or set of tools online, the Edge team created a “Fundamentals of Online Teaching” professional development program focused on applying teaching theory to the online, hybrid, and hyflex modalities. The result was a detailed, standardized, self-paced course consisting of five modules that the college’s instructors would take on their own. Following the completion of each module, the faculty will come together with Edge experts and their peers for a roundtable session to review the content of the module, ask questions, and connect with colleagues to discuss what they’ve learned. This model creates a feeling of community and common cause for BCC’s instructors while also helping to inform the creation of future professional development modules based on specific areas of need for BCC’s faculty.

By collaborating closely with academic leadership in the development of the professional development program, the Edge team ensured buy-in and a positive experience from the BCC community. The course modules were also designed to be delivery-system agnostic, so that the college could allow instructors to take the self-paced courses via a web browser, or within the LMS of their choice.

“Working with Edge isn’t like going out to commercial providers and trying to pick the service from a mass-market menu that best fits your needs,” said Kaur. “It’s a true partnership. Edge has been able to create a customized professional development program that includes the institution’s existing academic support services, enabling us to expand instructional support to reach all faculty and students in the online setting.”

Alongside the professional development program for instructors, Edge developed a “Fundamentals of Online Learning” course for students, applying similar principles to the faculty professional development course. As a result, both instructors and students will be prepared to engage in a positive, unified online learning experience, paving the way for increasing student satisfaction and improved student success in online courses. 

“The Fundamentals of Online Learning course Edge created for our students prepares them for the new online learning spaces we’re creating and The Fundamental of Online Teaching for our teachers provides foundational knowledge for remote teaching, when needed,” Kaur said.

Does your institution have online learning professional development or instructional design needs? Contact Edge today.

The post Case Study: Bergen Community College, Professional Development for Online Learning appeared first on NJEdge Inc.


Digital ID for Canadians

ICTC and DIACC Collaboration

ICTC and DIACC Collaborate to Ramp Up Innovation in Identity Management, Security, and Data Privacy (Ottawa, October 7, 2021) The Information and Communications Technology Council…

ICTC and DIACC Collaborate to Ramp Up Innovation in Identity Management, Security, and Data Privacy

(Ottawa, October 7, 2021) The Information and Communications Technology Council (ICTC) and the Digital Identity Authentication Council of Canada (DIACC) have penned a memorandum of understanding to collaborate on the advancement of identity management, security, and data privacy innovation.

The collaboration sets out an exchange and transfer of knowledge and expertise to drive conversations that influence debate and lead to actions that advance the adoption of identity management, data privacy, and security innovation. The collaboration will also seek to improve public and private sector trust and ability to adopt these innovations in Canada and globally.

Specific goals of the collaboration include:

Accelerate the adoption of interoperable Digital Identity solutions and services that unlock economic opportunities for Canadian consumers and businesses Support the adoption of the Pan-Canadian Trust Framework Educate business legal and technical decision-makers, and participate in other educational opportunities Seek opportunities of mutual interest for research and undertake other projects that are identified and agreed upon

“Digital identity provides the underpinning of a high performing digital-led economy, driving higher economic values for businesses while enabling new services for Canadians in an environment of trust. We are delighted to partner with DIACC to spur innovations and unlock new opportunities for the Canadian market and consumers,” said Namir Anani, ICTC President and CEO.

“ICTC shares our goal of enabling Canada’s full participation in the global digital economy, so we are excited by this collaboration, which will leverage the strengths of both organizations toward creating innovative and effective solutions for the adoption of identity management and data security,” said DIACC President, Joni Brennan.

About ICTC

The Information and Communications Technology Council (ICTC) is a not-for-profit, national centre of expertise for strengthening Canada’s digital advantage in a global economy. Through trusted research, practical policy advice, and creative capacity-building programs, ICTC fosters globally competitive Canadian industries enabled by innovative and diverse digital talent. In partnership with an expansive network of industry leaders, academic partners, and policy makers from across Canada, ICTC has empowered a robust and inclusive digital economy for over 25 years.

About DIACC

The Digital ID and Authentication Council of Canada (DIACC) is a not-for-profit corporation of Canada that benefits from membership of public and private sector leaders committed to developing a Canadian digital identification and authentication framework to enable Canada’s full and secure participation the global digital economy. DIACC’s objective is to unlock economic opportunities for Canadian consumers, and businesses by providing the framework to develop a robust, secure, scalable and privacy-enhancing digital identification and authentication ecosystem that will decrease costs for governments, consumers, and business while improving service delivery and driving GDP growth. The organization leverages the agreed upon DIACC 10 principles for a Canadian and universal identity ecosystem to guide the DIACC initiatives.


Trust over IP

A Year in Review: New Beginnings and Successes

The Internet is one of the most extraordinary developments in human history. It is connecting the world farther, faster, and deeper than any previous communications network. It is steadily digitizing... The post A Year in Review: New Beginnings and Successes appeared first on Trust Over IP.

The Internet is one of the most extraordinary developments in human history. It is connecting the world farther, faster, and deeper than any previous communications network. It is steadily digitizing every company, industry, and economy it touches. And it is establishing new pathways for information of all types to flow.

Unfortunately, all of this has come with a growing downside. The Internet wasn’t designed with an integrated layer for digital identity, security, and privacy. As a result, we are now suffering from cybersecurity and cyberprivacy problems so severe that they have at times brought entire companies and industries to their knees.

The Trust Over IP (ToIP) Foundation was launched in May 2020 to tackle this problem at its very core: to define a complete architecture for Internet-scale digital trust. It combines cryptographic assurance at the machine layers and human accountability at the business, legal, and social layers. While ambitious, this mission is so urgent and essential that the Foundation has grown from its initial 27 founding member organizations to over ten times that number in just one year.

As part of the Foundation’s launch, working groups were established from the dedicated efforts of our founding members and volunteers. What those groups have accomplished in their first year has been phenomenal. Specifications, recommendations, guides, white papers, and glossaries have all been delivered. Through the groups’ efforts the Foundation has supported Digital Trust advances in many organizations and operations, especially important as the world grapples with the pandemic and the voluminous increase in everyday online activity.

Here’s a small taste of what our working groups have been up to since their inception last year.

Technology Stack Working Group (TSWG)

The TSWG provides guidance and specifications that support the ToIP 4-layer model from a technical standpoint.

The TSWG has, amongst many accomplishments:

Created and pushed a Task Force recommendation that constructs a mapping of Kim Cameron’s “Laws of Identity” Created a task force in late 2020 to create early specifications for Authentic Chained Data Containers. This task force is focused on the semantics of source provenance, authorization provenance, and delegation. Focused the Interoperability Task Force on the creation of interoperability test suites that leverage and extend the Hyperledger Aries test suites. Multiple underlying Layer-1 technologies are being examined as well.  Focused the Technical Architecture Task Force on building the TSS (ToIP Standard Specification) that defines the overall technical requirements for the four layers of the ToIP Stack Created a Trust Registry Task Force to handle creation of the specifications and API (OpenAPI 3.0 compatible) for trust registries. This work was spawned from the urgent need identified by the Good Health Pass Interoperability Working Group. Governance Stack Working Group (GSWG)

The GSWG specifies tools, templates, and other resources for developing governance frameworks (collections of rules and policies). These, in turn, support the integration of the legal, business, and social components of Digital Trust.

The GSWG has, amongst many accomplishments:

Made steady progress with the ToIP Governance Architecture TSS Advanced the ToIP Governance Metamodel to the point where the GSWB now plans to issue it as a separate specification (apart from the ToIP Governance Architecture TSS), along with an associated Companion Guide Contributed heavily to the governance framework recommendations in the Good Health Pass Interoperability Blueprint Advised the authors of several ToIP-based governance framework projects in the market Initiated a Trust Assurance Task Force focusing on governance risk assessment and accountability Drafted a Risk Assessment Worksheet Template and associated Companion Guide  Ecosystem Foundry Working Group (EFWG)

The EFWG facilitates a community of practice among governance authorities, implementers, operators, and service providers of Trust over IP Layer-4 ecosystems. 

The EFWG has, amongst many accomplishments:

Formed the Internet of Research Ecosystem Task Force to pioneer implementation of academic resource identifiers ecosystems for the research community Created the COVID-19 Credentials Governance Framework Task Force to develop reference materials, best practices, and templates that enable diverse organizations to respond with technology Formed the YOMA Ecosystem Task Force to create a ToIP-based Governance Framework to positively impact youth and local communities around the world Formed the Human Trafficking Safety Response Task Force to research the use of ToIP models to effect the transformation of global human trafficking response Drafted the initial Ecosystem Foundry Concepts and Workflow Model to aid ecosystem development and operation Utility Foundry Working Group (UFWG) 

As with the EFWG, the UFWG also facilitates a community of practice among governance authorities, implementers, operators, and service providers, but instead for Trust over IP Layer-1 utilities.

The UFWG has, amongst many accomplishments:

Worked alongside utility conveners to document their utility into story formats Committed best practice documents to the WG GitHub Repository, such as Decentralized Network Best Practices and Decentralized Network Design Principles Worked to publish a public UFWG paper with which will incorporate many of our outputs as well as case studies from utility projects we’ve interfaced with Committed to expanding the coverage of the UFWG to non-Indy-based ledgers. Inputs and Semantics Working Group (ISWG) 

The ISWG provides an open forum for discussing the concepts and components that will ultimately shape a Dynamic Data Economy (DDE), a safe and secure decentralized data sharing economy. 

The ISWG has, amongst many accomplishments:

Delivered whitepapers such as Decentralized Resource Identifiers in the Research Landscape Contributed to the Good Health Interoperability Blueprint (“GHP Blueprint”), such as for “Standard Data Models and Elements” and “Security, Privacy, and Data Protection” Housed the Health Care Task Force (HCTF) that led to GHP Blueprint recommendations Defined a privacy controller credential to ensure trustworthiness for the use of decentralized identifiers across ecosystems Facilitated several presentations from external presenters of storage and portability solutions Tackled important security concepts such as data correlation attacks, machine-readable data agreements, and data protection requirements Concepts and Terminology Working Group (CTWG)

The CTWG analyzes and maintains terminology requirements of stakeholder groups within and outside the ToIP Foundation.

The CTWG has, amongst many accomplishments:

Maintained glossaries for the reuse of terms across groups, with mapping of terms and definitions across groups to encourage harmonization Surveyed the available terminology development and maintenance tools on the market Authored its own specification for a ToIP Term tool Innovated with an approach called “terms wikis” to enable different stakeholder groups to develop and maintain glossaries in their own contexts. Interoperability Working Group for Good Health Pass (IWG-GHP)

The IWG-GHP facilitated a community of practice among implementers, issuers, holders, verifiers, governance authorities, and other participants within the Good Health Pass digital trust ecosystem.

The IWG-GHP has, amongst many accomplishments:

Authored a blueprint based on an outline created by ID2020, going live in June 2021 Coordinated the meeting and responses of ten different drafting groups Completed a 150-page report, the Good Health Pass Interoperability Blueprint, that makes key recommendations on how to reopen global travel with verifiable credentials for sharing COVID-19 health status (tests, vaccinations, and recovery). There’s More To Do

Our work is just getting started! We encourage anyone interested in Digital Trust to join Trust Over IP and get involved in our working groups.

Read more about membership and find out the latest working group activity.

Here’s to our continued advancements and successes!

The post A Year in Review: New Beginnings and Successes appeared first on Trust Over IP.


Ceramic Network

The Sovereign Data Hackathon starts today!

Register for the virtual hackathon for two weeks of building, workshops, and more than $10,000 in prizes!

This week Facebook went dark, serving to remind the world of the importance of decentralized identity, sovereign data, and Web3 application architectures. A user-centric data architecture is key to building Web3 applications: one where data is hosted on a decentralized network, stored with individual users, written and queried by applications client-side, and reusable across applications.

Hack the sovereign web

Kicking off today, the Sovereign Data Hackathon is a virtual event that runs for two weeks, from October 7th to October 21st, and brings together developers, product owners, and designers from around the world to help build the future of Web3 data applications.

There's still time to register. Sign up for the hackathon here.

Along with co-sponsors Figment, Radicle, Chainlink, Gnosis, Mask Network, Unstoppable Domains, Fluence Network and 3Box Labs – we're offering:

$10,000+ in prizes 2 weeks of workshops, talks, and online community events Challenges & Prizes

Bounties will reward teams that creatively develop awesome applications on Ceramic's sovereign data stack, but also those that expand the open source ecosystem of standards, tools, and integrations around it. For an example of some tools created by the community that are featured extensively in this hackathon, check out DataModels, Glaze, and Self.ID.

Bounties will be offered in three tracks during the #SovereignData hackathon:

1. Open Track Open Prize: Best Hack using Self.ID or Glaze Add decentralized data features to existing open source projects 2. Data Models and Standards Add new data models to the DataModels Registry Issue identity-related credentials to DID DataStore Tooling to migrate schemas from schema.org to DataModels Schema discovery/curation models Tooling for automatic schema upgrades/migration (e.g. productizing ideas from Cambria project) 3. Partner Track Build an app using DID DataStore for storage and Magic for authentication Integrate Safe:DID with Radicle to add profiles to Radicle Orgs Backup Mask contact list on Ceramic Create a reference implementation for using Self.ID with Unstoppable Domains Build a POC using Chainlink and Ceramic Workshops and Talks

The event will feature workshops, talks and AMAs throughout the first week. Register for specific sessions here.

Hackathon Kickoff
Thursday October 7th at 11 AM EST

How Ceramic is Enabling Collaboration on the Sovereign Web
Thursday October 7th at 11:30 AM EST

Introducing Glaze and the Self.ID SDK
Friday October 8th at 8 AM EST

Building with Unstoppable Domains
Friday October 8th at 11 AM EST

Chainlink: Connecting Smart Contracts to Ceramic Network
Monday October 11th at 9 AM EST

Learn How to Add Decentralized Identity to Your dApp with Ceramic
Monday October 11th at 11 AM EST

Using Web3 Magic on your Web2 Social Network
Tuesday October 12th at 11 AM EST

Decentralizing Collaboration with Radicle Ethereum
Tuesday October 12th at 12 PM EST

AMA with Michael Sena, 3Box Labs CEO, on building Ceramic Network
Wednesday October 13th at 10:30 AM EST

Sign up for the hackathon Register for the hackathon which kicks off today (Oct. 7) and lasts until October 21st Review the bounties Hop into the Ceramic Discord for ideas, support, meeting teammates, or sharing what you're planning to build.

Best of luck to all the #SovereignData hackers!

Website | Twitter | Discord | GitHub | Documentation | Blog | IDX Protocol


Digital Identity NZ

Executive Council nominations now open

This year, there are seven positions up for election. Nominations due by 5pm 28 October. The post Executive Council nominations now open appeared first on Digital Identity New Zealand.

In December 2019, members elected the first Digital Identity NZ Executive Council. The Council is the governing group for the association; providing guidance and direction as we navigate the developing world of digital identity in Aotearoa. Each Council member is elected for a two-year term, with elections held annually and results notified at the AGM in December. So, as we approach the end of the year it is time for us to call for nominations for the Council seats coming up for re-election.

This year, there are seven positions up for election, x3 positions in the Major Corporate, x3 positions in the Corporate Other, and x1 position for the SME/Start-up category.

When we formed the Executive Council we asked that you consider electing a diverse group of members who reflect the diversity of the community we seek to support. You did that. The power of that diversity has shone through in the work of the Council this year, especially as we consider the importance of Te Tiriti in a well-functioning digital identity ecosystem.

As the Council has considered its own makeup, we’ve identified a number of areas where diversity, as well as expertise in the digital identity space, might help us better serve the community. Nominations from those involved in the business and service sectors and kaupapa Māori organisations are especially encouraged. We also encourage suggestions from young people within your organisations, as the viewpoint of young people is extremely essential and relevant to the work we perform. Digital Identity NZ has a policy on Board diversity which you can read here.

Once elected in December, one of the first responsibilities of the new Council will be to elect a new Chair for the EC Council or consider re-electing the current chair. Following the departure of David Morrison, who served as Chair of our organisation since 2018, in February 2021, the council elected Ben Tairea as the new Chair, and both are excellent Kairahi (guides/counsellors/leaders). Currently supporting Ben diligently are Sat Mandri, co-chair and Tamara Al-Salim, deputy chair and their serving terms are through to 2022.

2022 is a pivotal year for digital identity with the introduction of the Digital Identity Bill and further development of the ecosystem. We are looking forward to some stellar nominations to help us in exploring and pursuing the best opportunities for Digital Identity NZ to make a positive difference in 2022 and beyond.    

Executive Council Nominations  

There is now an opportunity to put yourself forward or nominate someone else, for a role on the Digital Identity NZ Executive Council. This year we have vacancies for the following positions:

Corporate – Major (3 positions) Corporate – Other (3 positions) SME & Start-up (1 position)

The nominees for the above positions must be from a Digital Identity NZ member organisation, and be from the same Digital Identity NZ Group that they are to represent on the Executive Council.

All nominations must be entered into the online form here by 5pm, Thursday 28 October 2021.

Digital Identity NZExecutive Council roles and responsibilities include:

Direct and supervise the business and affairs of Digital Identity NZ Attend monthly Executive Council meetings, usually two hours in duration (video conferencing available) Represent Digital Identity NZ at industry events and as part of delegations Assist with managing and securing members of Digital Identity NZ Participate in Digital Identity NZ working groups and projects Where agreed by the Executive Council, act as a spokesperson for Digital Identity NZ on particular issues relating to working groups or projects Be a vocal advocate of Digital Identity NZ    

Online Voting


Voting will take place online in advance of the meeting. The results will be announced at the Annual Meeting. Please see the Charterfor an outline of Executive Council Membership and election process. Each organisation has one vote that is allocated to the primary contact of the member organisation.    

Annual Meeting Details

The Annual Meeting is scheduled for 10:00am on Thursday 2 December 2021 and is to be held via Zoom. Register for the event here. 

Notices and Remits

If you wish to propose any notices or motions to be considered at the Annual Meeting, please send them to elections@digitalidentity.nz by 5pm, Thursday 11 November 2021.    

Key Dates:

Now: Call for Nominations for Executive Council representatives issued to Members 28 October: Deadline for nominations to be received 4 November: List of nominees to be issued to Digital Identity voting members and electronic voting commences 11 November: Any proposed notices, motions, or remits to be advised to Digital Identity NZ 2 December: Annual Meeting, results of online voting announced.  

The post Executive Council nominations now open appeared first on Digital Identity New Zealand.

Wednesday, 06. October 2021

omidiyar Network

Corporations, Capital Markets, & the Common Good — How We’re Working to Reorient the Rules and…

Corporations, Capital Markets, & the Common Good — How We’re Working to Reorient the Rules and Rebalance Power in Our Economy By Chris Jurgens, Director, Reimagining Capitalism At Omidyar Network, we believe business can be a powerful force for good. This is a belief rooted in Pierre Omidyar’s founding of eBay and in Omidyar Network’s decade of experience investing in impact-oriented en

Corporations, Capital Markets, & the Common Good — How We’re Working to Reorient the Rules and Rebalance Power in Our Economy

By Chris Jurgens, Director, Reimagining Capitalism

At Omidyar Network, we believe business can be a powerful force for good. This is a belief rooted in Pierre Omidyar’s founding of eBay and in Omidyar Network’s decade of experience investing in impact-oriented entrepreneurs. Businesses play an essential role in creating profitable solutions that benefit customers, address societal problems, sustain quality jobs, and support healthy communities.

We’ve seen particularly powerful examples of this during the COVID crisis, as corporations mobilized their research and development capabilities to invent new vaccines and leveraged global supply chains to distribute them at unprecedented speed and scale. Thousands of companies small and large responded to the needs of their employees, their customers, and their communities with compassion and care.

But while many individual businesses are making a positive impact, at the macro level, our corporations and capital markets are not delivering the societal outcomes we need. The current paradigm of shareholder-driven capitalism is serving as an engine of inequality and a major impediment to addressing our most pressing societal challenges — persistent structural racism, a fraying social contract, and an accelerating climate crisis. Many of these problems have only been exacerbated by the pandemic.

Essential workers have been on the frontlines of sustaining our economy through the depths of this crisis, at significant risk to themselves and their families, despite an economic system that too often does not fairly value or respect their contributions to it. In this country, the average grocery store cashier makes about $11 an hour, and a home health care aide makes $25–27,000 a year — levels where it’s hard to make ends meet.

Meanwhile, the stock market has soared during COVID, and the richest shareholders have added $4 trillion to their wealth in just the last year. Most essential workers have not meaningfully benefited from this windfall. The top 10% of the income distribution own of 84% of stock, while half of Americans own none and Black households own only 1.9%. While we are starting to see encouraging signs of a reviving economy, most Americans have fallen further behind in the last two years and overall inequality has worsened.

We are seeing these outcomes — more concentrated wealth and power, declining economic mobility — because our economic system has been designed to produce them. W. Edwards Deming, a pioneer of systems thinking, stated that “every system is perfectly designed to get the results it gets.” The version of capitalism that currently governs our markets is designed not to produce societal wellbeing, but to maximize returns to shareholders.

Over the last several decades, a set of beliefs, norms, rules, and laws have served to codify and entrench the idea that a business’s primary objective should be maximizing financial returns for equity holders in markets with minimal government intervention, and that this orientation will both deliver optimal outcomes for business and markets as well as for society writ large.

This model has failed. It is based on the wrong ideas, driving the wrong decisions, and delivering exactly what you would expect — wealth for shareholders, but problems for society. To fix this, we need to rewire the rules and incentives that are driving the system.

The Path Forward, from Individual Solutions to Systems Change

At Omidyar Network, we spent a decade supporting the growth of impact investing and working to harness the power of business to drive positive social and environmental outcomes. We’re proud of that work. But we’ve realized that the efforts of even the most well-intentioned companies and investors to contribute to positive impact won’t ultimately succeed at the scale we need unless we fix the underlying rules and incentives that wire the markets in which they operate — rules that too often reward decisions which generate financial returns for shareholders but are harmful for society.

The current system constrains what individual businesses or investors can achieve on their own — because the system is designed to reward returns to shareholders and punish actions which deviate from that result. We’ve seen time and again that this system is resilient, and it will strike back.

Just ask former CEOs Paul Polman of Unilever and Emmanuel Faber of Danone, among the most visionary champions for corporate purpose and stakeholder-centric decision making. Both pushed their companies to prioritize stakeholder and societal outcomes as part of long-term value creation strategies, and both were punished by activist investors who saw this as violating the orthodoxy of short-term profit maximization.

Individual businesses are fundamentally constrained by the pressures of competition and the demands from our capital markets. They can move on win-win scenarios, where investments or policies that improve ESG outcomes can also be clearly shown to benefit the bottom line. But let’s be honest. Not everything can be a win-win. Often, there’s a direct tension between what insatiable profit-maximizing market forces demand in the short-term and what delivers value for long-term investors and other stakeholders. In this context, we can’t rely on the voluntary actions of corporate leaders alone — we need structural solutions which change the incentives.

We also recognize the need to address both sides of the impact coin. We believe investors can contribute to tremendous positive impact by investing in solutions that solve societal and environmental problems — but this risks being outweighed by the negative impacts generated by those financial sector actors that drive extractive speculation, prioritize short-term distributions to equity holders over long term value creation, and powerfully reinforce the current paradigm of profit maximization without regard for societal costs. Unless we address the rules that both enable positive impact, and curb negative impacts, our markets won’t deliver the outcomes we need.

That’s why as part of our commitment to Reimagining Capitalism, Omidyar Network is committing $10 million to a new focus area: Corporations, Capital Markets, and the Common Good. The vision for this work is to reshape the rules that govern markets to incentivize corporations and their investors to contribute to the common good, curb the pressures that drive businesses to contribute to negative outcomes on people and the planet, and empower stakeholders to hold companies accountable for their impacts on society.

To realize this vision, we’re shifting our work with business and investors to two upstream issues which we think are critical to systems change — shifting policy and shifting power.

Reorienting the Rules

We think three shifts are key to rewiring the rules that drive corporate and investor decision making.

First, the rules — particularly those defining fiduciary duty — should reinforce that corporations are accountable to workers, customers, suppliers, and communities — not solely shareholders. Second, the rules should drive businesses to systematically account for their impacts on people and planet, so that companies can better manage their impacts, and stakeholders can hold those companies accountable. Third, the rules need to curb pressures from capital markets that reinforce short-termism, drive excessive financialization, and enable outright extraction to benefit speculators at the expense of stakeholders and society.

This is why we are partnering with a range of advocacy organizations — including Americans for Financial Reform, B Lab, and The Value Reporting Foundation — seeking to shift corporate governance rules, create a harmonized system of mandatory ESG disclosure in the US and globally, and build a fairer financial system.

Rebalancing Power

In addition to shifting policy, it’s also critical to shift power — particularly by strengthening stakeholders’ voice in corporate and investor decision making. We think this means strengthening structural bargaining power for workers, increasing worker voice in corporate governance, and in seizing opportunities to make more workers owners themselves.

This also means shifting the investment management industry to focus more clearly on serving the needs of the vast majority of investors (by number, if not by assets under management) who are working people saving for their retirement and their children’s education. These days, most such individuals are highly diversified investors saving for the long-term through passive investment strategies through which they own the entire market. What matters most for such investors’ long-term wellbeing and financial security is neither chasing alpha nor minimizing tracking error in an index — it’s the health of our societal systems. It’s employers that provide quality jobs, an economy that delivers broad-based prosperity, stable democratic governance, and a planet that isn’t beset by climate catastrophe.

Those interests of the average investor are fully in line with the long-term orientation of building a more sustainable, inclusive capitalism. There is a tremendous opportunity to leverage the voice of those individual investors via more active stewardship by the fiduciaries that vote their shares and represent their interests in engaging companies and fund managers. Truly representing these investors’ interests would mean making long-term investments in growth, focusing more on worker wellbeing, and addressing systemic risks like the climate crisis.

Mobilizing the power of these long-term shareholders is essential to countering the pressure from those financial sector actors bent on “downsize-and-distribute” tactics like squeezing workers, prioritizing public company share buybacks over long-term investments, or stripping the assets from privately-held companies to fund dividend recapitalizations that juice short-term returns.

This is why we’re partnering with organizations like the Interfaith Center for Corporate Responsibility (ICCR) and The Shareholder Commons that are working with institutional investors to drive a more systemic, forceful investment stewardship agenda.

Finally, if we are going to shift corporate and investor decision making, we also believe we need to look at the whole picture. Privately-owned firms represent a large and growing proportion of our economy, but they lack the accountability mechanisms — like disclosure regimes and shareholder engagement — we have for public markets. That’s why we’re focused on increasing transparency and strengthening accountability mechanisms in private markets — particularly in the context of the private equity industry. We’re exploring how to work with private equity firms and their limited partners on strengthening the industry’s attention to stakeholder and societal issues, as well as advancing policy ideas that can help improve transparency for investors and mitigate risks to stakeholders.

That’s why we’re exploring opportunities to enable private equity firms and their LPs to better measure and benchmark the ESG performance of their portfolio companies. Simultaneously, we’re supporting advocacy to ensure workers’ interests are protected by working with partners like the United for Respect Education Fund.

Building a new capitalism

Over the last several decades, we’ve built an economic system to optimize market efficiency and maximize shareholder returns and hoped it would also yield the societal outcomes we want. That hasn’t worked, full stop. We need to stop designing our society to serve the wellbeing of markets and restructure our markets so that they serve the wellbeing of society.

We see this work to shift the rules that drive corporations and capital markets as an important complement to Omidyar Network’s commitments to shifting ideas and ideology by creating a new economic paradigm, strengthening worker power, and checking concentrated market power.

Changing this system will take time, energy, and engagement from everyone that has a stake in it — particularly those whose voices have been excluded.

We aspire to play a role supporting those change-makers that are seeking to shifting policy and shifting power as two key pieces of a new economic architecture. And we are eager to partner with all of those who share our vision of building an economy that works for everyone.


eSSIF-Lab

Meet the eSSIF-Lab ecosystem: the 2nd Business-oriented Programme participants

After a tough competition among interesting proposals, eSSIF-Lab has selected 11 most promising projects out of 21 proposals submitted in the open call. There were 154 applications started all together, from 27 countries.

Are you curious to know what SSI Solutions will be joining the 2nd Business-oriented Programme?

Meet them: Blockchain Certified Data Academic Verifiable Credentials (Academic VCs) – https://www.bcdiploma.com/ Upstream Dream AB Patient-controlled information flows for learning health systems (The LHS project) – https://www.genia.se Mopso Srl Amlet (A.W.) – https://www.mopso.eu/ Credenco B.V. Digital Certificate of Good Conduct (CoCG) – https://www.credenco.com Stichting Cherrytwist Decentralized Open Innovation Platform (DOIP) – https://alkem.io Truu Ltd Healthcare Professionals Digital Staff Passport (Health DSP) – https://www.truu.id Fair BnB Network Società Cooperativa Stay Fair, Play Fair – a co-operative habitat for music  – https://fairbnb.coop/ ZENLIFE SARL-S Zenlife eConsent – https://zenlife.lu/ – under construction LearningProof UG HonorBox-SSI –  https://learningproof.xyz WorkPi B.V. Work Performance Intelligence (WorkPi) – https://workpi.com/ yes.com AG European Bank Identity Credentials (Eubic) – https://www.yes.com If you want to know more about these projects, summaries of all the SSI Solutions under development will be published in the projects section of the website soon. Project teams that got it are currently active and running the 1st stage of the Programme which is the development of the Proof of Concept, the official Programme kick-off took place on Friday 10th September 2021. There’s 15K€ available in this 1st stage. Hackathon will be the following, taking place by the end of September, where those best in class will be selected to join Stage 2 of the Programme.

To stay updated with the results and follow-ups, join the NGI Community.

Tuesday, 05. October 2021

GLEIF

\#2 in the Financial Inclusion Interview Series – What bridging the $81bn trade finance gap could mean for Africa with Barry Cooper from Centre for Financial Regulation and Inclusion (Cenfri)

All around the world, small and medium sized enterprises (SMEs) lack the legal documentation that can prove who they are to banks, service providers and other businesses. As a result, millions are struggling to access trade finance and create partnerships, particularly in developing economies. Following the launch of GLEIF’s digital business identity initiative designed to bridge this trade fin

All around the world, small and medium sized enterprises (SMEs) lack the legal documentation that can prove who they are to banks, service providers and other businesses. As a result, millions are struggling to access trade finance and create partnerships, particularly in developing economies.

Following the launch of GLEIF’s digital business identity initiative designed to bridge this trade finance gap in Africa, we’re catching up with our key partners to hear their thoughts on how the project will bring about greater financial inclusion for SMEs on the continent and beyond.

Barry Cooper is a Technical Director at the Centre for Financial Regulation and Inclusion (Cenfri), an independent, not for profit think tank which works on African financial sector development.

Cenfri has a wide reach across Africa, holding relationships with both regulators and Financial Service Providers (FSPs). Cenfri’s role in the initiative was multifacted and involved finding candidate banks in suitable jurisdictions where the initiative could have the most impact on MSMEs and act as a demonstration case; engaging with regulators regarding the initiative; leading working sessions with the selected bank to guide them through the LEI process and address any challenges; and report writing and validation; among others. Cenfri and Cornerstone Advisory Plus’s evaluation mechanism successfully identified suitably regulated markets and FSPs that have a strong interest and investment in their micro, small and medium enterprise (MSME) clients.

Why did you decide to become involved with the initiative?

Cenfri has done a lot of work on identity, anti-money laundering (AML), counter financing of terrorism (CFT), know-your-customer (KYC) and MSME finance issues and this opportunity resonated with our work. In addition, we strive to lead on best and next practices and were greatly attracted to this initiative as this was the first in Africa, and provided a significant opportunity to shape key practices.

How does your organization benefit from its involvement in the LEI initiative?

Involvement in this initiative benefits Cenfri as we gain unique learnings from prototyping the process, helping to inform our approaches to solving MSME finance issues, particularly in our focus countries in Africa, which include Zimbabwe.

The LEI initiative has also provided a tool that we can recommend to institutions and regulators to address AML-CFT, compliance and de-risking challenges. In addition, Cenfri obtained its own LEI, which we can benefit from using ourselves.

What problems does LEI usage enable SMEs in Africa to overcome in the medium to long-term?

There are 54 states in Africa, each with their own incorporation bodies and registries, which each have varying processes and idiosyncrasies. Reliable verification and further incorporation of information for due diligence and risk management processes require high local country skill levels, can take significant time and is prohibitively costly and hence employed more in larger transactions. MSME, and even some corporate, transactions in Africa are either not progressed or are subject to default assumptions of higher risk.

LEI usage enables MSMEs to obtain a much stronger identity which is globally accessible, trusted and verified. Local banks have deep expertise in their national systems, risks and processes. The LEI harnesses this knowledge in a globally accessible format. The LEI is positioned to overcome risk management information asymmetries enabling better formal trade flows through more accessible trade finance, more accurate finance risk ratings, reduced unfavourable risk premiums, limited transaction delays and fewer outright rejections. It also helps to create more visibility for MSMEs and increases opportunities to trade and connect with partners they may otherwise not have been able to connect with. In addition, it can solve compliance challenges for AML-CFT by ensuring they are adhering to the highest standards globally.

What would the African SME landscape look like if Africa’s $81bn trade finance gap could be narrowed? What would this mean for the regional economy?

Narrowing the $81bn trade finance gap could have material implications for the African economy and its people, with the potential to enable significant growth and competitiveness in international markets. The question remains whether changes in trade activity would be inclusive with positive impact at the lowest income levels or if the benefit would be limited to primary industries and existing corporates, benefitting established social strata. Positive measures, like the LEI, are intended to help MSMEs to participate on a fair footing, promoting sustainable growth and economic diversity. Contributing over 50% of employment worldwide according to the World Bank, a small increase in the size and income of MSMEs can have a significant impact on employment levels and enable the supply of services more efficiently throughout markets. Narrowing the trade gap should link with fostering intra-regional trade between African countries to further enable inclusive growth and development.

What opportunities could be created for the people of Africa if all SMEs could be equipped with globally recognized business ID?

Equipping all SMEs with an LEI will create a universal, continent-wide, robust and interoperable global identity. We see the unlocking of significant latent business and employment opportunities not only for global trade but particularly for trade within the Africa region which in the past has been systemically difficult between 54 states. The LEI will greatly enhance the accessibility and competitiveness of MSMEs not only globally but within their countries and the region. As mentioned previously, moderate MSME growth can have a significant impact in employment across diverse economic sectors and particularly at the lower income levels. Through enhanced networking effects the LEI can also result in better distribution of goods and services across countries, enabling access to additional local, sustainable products and services for Africans.


Kantara Initiative

Kantara’s Kay Chopard Talks Digital Security, Diversity, and Business Advice on Let’s Talk About Digital Identity 

In August, Kantara Executive Director Kay Chopard spoke with Oscar Santolalla on Let’s Talk About Digital Identity, a Ubisecure-produced podcast. Chopard and Santolalla discussed a wide range of topics, including Chopard’s vision for Kantara and the digital security world, her role in supporting diversity and inclusion, and other topics. Before listening to the full podcast, we invite you to read

In August, Kantara Executive Director Kay Chopard spoke with Oscar Santolalla on Let’s Talk About Digital Identity, a Ubisecure-produced podcast. Chopard and Santolalla discussed a wide range of topics, including Chopard’s vision for Kantara and the digital security world, her role in supporting diversity and inclusion, and other topics. Before listening to the full podcast, we invite you to read highlights from Chopard’s episode below:  Oscar: What attracted you to digital identity?  Kay: What I find intriguing about digital identity is that it’s one of the most rapidly advancing technologies. It’s becoming more and more clear that digital identity impacts…

The post Kantara’s Kay Chopard Talks Digital Security, Diversity, and Business Advice on Let’s Talk About Digital Identity  appeared first on Kantara Initiative.

Monday, 04. October 2021

Digital Identity NZ

A key place for Identity in the Digital Strategy for Aotearoa

All the latest news from the Digital Identity New Zealand community The post A key place for Identity in the Digital Strategy for Aotearoa appeared first on Digital Identity New Zealand.

How we keep pace with changes in digital technologies, and how they are used in our economy and across our communities, will have a strong impact on Aotearoa New Zealand’s future prosperity.

The potential benefits from digital ways of working are exponential. They will help improve lives, expand consumer and career choices, and contribute to solving wider issues, such as climate change.

Our government is embarking on a journey to create A Digital Strategy for Aotearoa that seeks to respond to the social, economic, education and cultural opportunities from digital technology, along with the risks that these technologies can bring.

The strategy will endeavour to set out key goals, priorities and activities for the short to medium term (two-five years), as well as longer term results (out to 2031 and beyond).

The overarching framework for the strategy will consist of three pillars:

As we have stated previously, Identity along with Privacy and Security is one of the three core elements of Trust. 

As the Digital Strategy for Aotearoa begins to take shape, DINZ will be at the centre of the conversation around why a thriving Digital Identity ecosystem is an essential element in achieving the strategic vision of enabling all of Aotearoa New Zealand to flourish and prosper in a digital world.

In other news, I’m sad to say that I will be stepping down as Executive Director for Digital Identity New Zealand this month and someone very well known to many people across the Digital Identity community,Colin Wallis, will be stepping into my shoes.

Colin is a Kiwi who has been overseas for a few years and has recently returned.  For the last five years up until mid-June, Colin led theKantara Initiative, a globally acknowledged Trust Framework Operator of conformity assessment and Trust Marked schemes for Identity, Credential and Consent Management Service Providers.

Building on 21 years of contribution to international standards and industry consortia, Colin will continue to maintain some of his other leadership positions across the consortium space in Information Security, Privacy and Trusted Identity.  While leading Kantara he was a member of the OECD’sInternet Technical Advisory Committee amongst others and will continue his contributions to standardisation into ISO/IEC JTC1/SC27/WG5 Identity Management and Privacy technologies.

Before heading off overseas, Colin worked in the Government’s digital identification programmes, initially at the State Services Commission and later at the Department of Internal Affairs (Government Login Service, iGovt and RealMe), where he has regularly represented New Zealand in international fora.

With his depth of knowledge and experience, it will surprise no-one that Colin was named in One World Identity’s Top 100 Influencers in Identity.

I’d like to welcome Colin into the role and wish him all the best.

Ngā Mihi,

Michael Murphy
Executive Director

To receive our full newsletter including additional industry updates and information, subscribe now

The post A key place for Identity in the Digital Strategy for Aotearoa appeared first on Digital Identity New Zealand.


Ceramic Network

The next architecture for building Web3 data apps

We're replacing the popular IDX runtime with a more powerful set of tools for building applications on Ceramic including DID DataStore, DataModels, and Self.ID.

The Ceramic community is committed to providing the best possible developer experience for building Web3 data applications. Over the past few months, the community has made significant upgrades to Ceramic's emerging open source developer tools and data standards ecosystem, including replacing the popular IDX.js client with a more powerful and flexible set of tools. This post describes the best ways to build applications on Ceramic today as of October, 2021.

The Web3 data architecture

The primary difference between Web3 and Web2 applications is their data architecture. Web3 applications rely on a user-centric ("self-sovereign" or "sovereign") data storage architecture. In this model, application data is hosted on a decentralized network, stored with each individual user, and is written to and queried by applications client-side. This contrasts to Web2 applications, which rely on an application-centric design where all data for all users of an application is stored in a single database server siloed to that application.

What's needed to build sovereign apps?

Therefore, building Web3 data apps requires a few foundational primitives:

Network for decentralized data availability with fast mutability Protocol for identity-centric, model-based data storage and retrieval Client for performing CRUD operations on users' stores at runtime User-centric data models

As you can see, Web3 data applications are built on the concept of data models for storing and retrieving structured data from user-controlled storage. Web3 takes a model-based approach vs. an application-based approach in order to allow for simple data reuse and composability across applications. It's much easier for applications to share individual data models with other applications (e.g. user profile, social graph, skills, linked blockchain accounts) than it is to force these applications to share entire databases containing all different kinds of data, many of which are not shared between applications.

Creating a great developer experience around building applications with user-centric data models is important to accelerating adoption of this new Web3 data architecture. Tools that improve the developer experience and increase cross-application data interoperability include:

Tooling to create and deploy data models Tooling to share, discover, and reuse data models Example: Decentralized social network

As a simple example of how this all works, let's consider a decentralized social network. Behind the scenes this application can be reduced to just four data models, where each user maintains their own data in their own store for each model:

PostList: stores an index of a user's posts Post: stores a single post Profile: stores a user's profile FollowList: stores a list of users they follow Application deployment and usage

To deploy this data application, a developer would deploy each of these data models to Ceramic. After they're available on the network, they can be used by any application to CRUD a user's data store for that model. For example, if another developer is building a new social network and wants to bootstrap it with existing users and content, they can simply reuse the same data models as the initial social network and their application will be able to automatically load and support storage interactions on this existing data. This is how multiple applications can collaborate on shared data sets, and how open data standards and protocols can emerge from any developer in the community.

For an example of two applications building on the same data models to achieve data interoperability, try the Self.ID and DNS applications. Any change to data in one application is automatically reflected in the other.
IDX: ID-centric, model-based storage protocol

Ceramic provides a decentralized network for data availability with fast mutability, the foundation upon which Web3 data applications can be deployed and run. About a year ago the Ceramic community first introduced CIP-11 "Identity Index", commonly referred to as the IDX protocol. It specifies a protocol for identity-centric, model-based data storage and retrieval implemented on top of Ceramic – the second requirement for building sovereign applications.

IDX.js: The most popular IDX client

IDX protocol (CIP-11) is just a specification and not working code. To make the protocol usable by application developers, the 3Box Labs team created IDX.js, a runtime library for performing CRUD operations on users' data stores – the third and final requirement for building Web3 data applications. They also created supporting tools such as the IDX CLI, and a reference application, Self.id, to showcase IDX.js and related Ceramic technologies.

By serving as a simple entry-point to building applications on Ceramic, adoption of IDX.js has accelerated in lockstep with growth of the Ceramic ecosystem and has become the most popular way to build applications on Ceramic. Almost all of the applications currently deployed on Ceramic mainnet are using IDX.js.

Usage of IDX.js has accelerated with usage of Ceramic Why change a good thing?

In an attempt to offer more features, service more use cases and provide the best developer experience, the scope of IDX.js grew beyond simply providing a bare-bones implementation of the IDX protocol to a point where it became unnecessarily monolithic and opinionated.

As a result, IDX.js and associated libraries idx-constants, idx-tools, idx-cli are being deprecated. They are replaced by a new collection of tools outlined in the rest of this post.

If you are currently using IDX.js and/or 3ID Connect, there is no rush to upgrade your code. There are no breaking changes to the IDX protocol itself, and the data interactions of the new libraries are fully compatible with IDX.js.
DataModels: Open source for data models

DataModels allows developers to create, share, reuse, and discuss open source data models for Ceramic applications that can be used with the IDX protocol, enabling cross-application data interoperability.

DataModels Registry

The DataModels Registry is an open-source, community-created repository of reusable application data models for Ceramic. It provides a single place where developers can openly register, discover, and reuse existing data models – the foundation for interoperable applications built on shared data models. Currently the registry is implemented as an open source Github repository dual-licensed under MIT and Apache 2. In the future, it will be decentralized on Ceramic.

Installation & Usage

All data models added to the registry are automatically published to npm under the @datamodels organization. Any developer can install one or more data models by using the @datamodels/model-name convention, making those models available for storing or retrieving data during runtime with any IDX client, including DID DataStore or Self.ID, both of which are described below.

Install DataModels from the @datamodels npm org DataModels Forum

The DataModels Forum is located within the DataModels Registry repository. Every model in the DataModel Registry has its own discussion thread which the community can use to leave reviews, have discussions, discuss upgrades, etc. Developers can also post ideas for DataModels to solicit input from the community prior to adding it to the Registry.

Glaze: Ceramic Developer Suite

Glaze is a suite of low-level developer tools for building applications on Ceramic. Glaze aims to provide developers with more flexibility and control by unbundling IDX.js into smaller, more specific packages.

DID DataStore.js: Core IDX client

DID DataStore is a bare-bones IDX runtime client – a stripped-down replacement for IDX.js – with less scope and fewer dependencies. If you've used IDX.js, you'll notice that DID DataStore does not come bundled with default data models, such as basicProfile, nor does it support CAIP-10 blockchain accounts links out of the box. If you want to use DID DataStore with data models or blockchain accounts you will need to separately install these as packages. If you want a more bundled, drop-in solution similar to IDX.js, see Self.ID below.

DataModels.js: A runtime for DataModels

DataModels.js is a runtime library that simplifies the process of using data models in your application. It is frequently used with DID DataStore, and supports a few useful runtime features for DataModels:

Availability – ensures the data models used your application are available on your Ceramic node, so they can be used with a Ceramic or IDX client, such as DID Datastore Aliasing – allows developers to assign human-readable names to their data models, so they can more easily be used within application code instead of needing to reference data models via their streamID
If you've used IDX.js or the IDX CLI, DataModels serves as a replacement for running the idx bootstrap command or using similar bootstrap files, and eliminates the need to create aliases at runtime.
More Glaze Tools DevTools is a library for managing the full lifecycle of DataModels, such as creating custom models, adding to existing or creating new schemas and definitions, and publishing DataModels to any Ceramic node. Glaze CLI is an upgraded command line interface that is designed to support Glaze development flows. It provides more functionality than the core Ceramic CLI, and adds native functionality for DataModels and DID Datastore. Self.ID: Bundles for building Ceramic apps

Self.ID is a suite of high-level bundles that simplify the development process for building Ceramic applications.

Self.ID Core: Read-only bundle

Self.ID Core is a package that comes pre-installed with everything you need to build applications that read data from accounts on Ceramic. Self.ID Core offers cross-platform support, but read-only APIs. If you are currently using IDX.js, Self.ID Core is very similar. It includes:

Ceramic client: JS Ceramic HTTP Client with all required setup. The only thing you need to do is pass in your node's CeramicURL IDX client: DID DataStore.js DataModels runtime: DataModels.js Popular DataModels: Basic Profile, 3ID Keychain, Crypto Accounts, Web Accounts Popular utilities: Support for CAIP-10 blockchain accounts Self.ID Web: Browser bundle

Self.ID Web extends the Self.ID Core bundle with write APIs and provides built-in user authentication. Self.ID Web only supports browser applications, and is now the most popular bundle for building Ceramic applications.

3ID Connect: Browser-based, cross-chain user authentication system that is compatible with blockchain wallets. 3ID Connect allows users to connect one or more blockchain accounts from any chain to their Ceramic decentralized identity. 3ID Connect supports all EVM chains and other blockchain platforms such as NEAR, Cosmos, Filecoin, and Tezos. More Self.ID Tools Image Utilities: for uploading images to IPFS, storing them in multiple sizes and resolutions, and retrieving one most desirable to your application UI. Great for optimizing application performance when handling images such as user profiles photos. Sometimes you want to show a full-resolution image (e.g. profile page), and other times you only low-res thumbnails (e.g. dashboard). 3Box Legacy Profiles: A utility function for loading a legacy 3Box profile as a BasicProfile. Previously, this was provided by IDX.js. FAQs Which library should I use?

If you are already familiar with IDX or are more advanced in your development needs, DID DataStore is likely a better option; it offers the most flexibility and new features will be implemented there first. If you use custom data models (schemas and definitions), you should get familiar with the new set of tools for data models including the DataModels Registry and DataModels.js.

If you are just getting started with Ceramic and IDX, Self.ID should provide a smoother experience. It allows you to build Web3 data applications without having to understand all the concepts in order to have a working setup. You should still learn about Ceramic and the rest of the ecosystem if you want a better understanding of the full set of possibilities.

What should I do now?

IDX.js and related packages are being deprecated. Moving forward new features and improvements will only be implemented in the Glaze and Self.ID packages. We recommend that you update your app to use the new packages whenever possible.

Join the developer community

The Ceramic community is passionate about building Web3 data applications. If you want to learn more about anything mentioned in this post, encounter any issues trying to use the new tools, either for a new project or migrating from IDX.js, please join the Ceramic Discord!

To get started building Ceramic applications, head over to the developer documentation for Glaze and Self.ID now!

Friday, 01. October 2021

OpenID

Opportunity to Join the OpenID Foundation Certification Team

The OpenID Foundation is pleased to announce that it is looking to add a part-time member to the successful OpenID Certification program team. The OpenID Foundation enables deployments of OpenID Connect and the Financial-grade API (FAPI) to be certified to specific conformance profiles to promote interoperability among implementations. Later in 2021, the Foundation will be addi

The OpenID Foundation is pleased to announce that it is looking to add a part-time member to the successful OpenID Certification program team. The OpenID Foundation enables deployments of OpenID Connect and the Financial-grade API (FAPI) to be certified to specific conformance profiles to promote interoperability among implementations. Later in 2021, the Foundation will be adding eKYC & IDA conformance tests and certifications to the program. The certification process utilizes self-certification and conformance test suites developed by the Foundation.

The Foundation is seeking a consultant (contractor) to join the team on a part-time basis. This team member will provide development, maintenance, and support services to the program that include but are not limited to implementing new tests, addressing conformance suite bugs, and responding to and processing certification requests.

SKILLS:

Experience with Java or a similar language (willingness to learn more Java) Knowledge of OAuth 2 / OpenID Connect / Financial-grade API (FAPI) / JWTs (with an interest in becoming an expert on these standards) Experience participating in relevant working groups (e.g. IETF OAuth, OpenID Connect and/or FAPI) Experience with the OpenID Certification conformance suite is ideal An interest in security & interoperability

TASKS:

Development tasks such as: Developing new test modules Updating existing conformance tests when changes to the specs are approved Extending the FAPI conformance tests to work against servers in new ecosystems including to adding additional security / interoperability checks Undertaking more extensive development tasks including developing conformance tests for previously untested specifications Reviewing code changes done by other team members Pushing new versions to production as/when necessary & writing release notes Responding to queries sent to the certification team mailing list Processing submitted certification requests Investigating / fixing reported bugs in the conformance suite Attending OIDF working group calls as/when necessary Attending 1 hour virtual team call every 2 weeks

If this opportunity is of interest, please send your resume and cover letter to certification@oidf.org. Please include in your cover letter how your skills and experience align to the requirements outlined above, your availability on a part-time basis, and your hourly rate.

The post Opportunity to Join the OpenID Foundation Certification Team first appeared on OpenID.

Lissi

Diskussion über die Sicherheit von Wallets für digitale Identitäten

Bild: Diskussion über die Sicherheit von Wallets für digitalen Identitäten Aktuelle Diskussion und Kontext Am 23. September 2021 hat die Bundesregierung erstmals den digitalen Personalausweis und Führerschein für das ID-Wallet einer breiten Öffentlichkeit vorgestellt und es war für kurze Zeit möglich einen Personalausweis und Führerschein in das ID-Wallet abzuleiten. Hierbei ist es leider zu
Bild: Diskussion über die Sicherheit von Wallets für digitalen Identitäten Aktuelle Diskussion und Kontext

Am 23. September 2021 hat die Bundesregierung erstmals den digitalen Personalausweis und Führerschein für das ID-Wallet einer breiten Öffentlichkeit vorgestellt und es war für kurze Zeit möglich einen Personalausweis und Führerschein in das ID-Wallet abzuleiten. Hierbei ist es leider zu Problemen gekommen, da die Nachfrage um ein vielfaches höher als angenommen war. Im weiteren Verlauf haben Mitglieder rund um den Chaos Computer Club (CCC) die ID-Wallet, sowie die zugrundeliegende Technologie in einem Artikel kritisiert. Da das Lissi Wallet hier genannt und gezeigt wurde, möchten wir eine Einordnung schaffen, einen Überblick über die angesprochenen Probleme geben und potenzielle Lösungen diskutieren.

Abgrenzung ID-Ökosystem der Bundesregierung und “Schaufenster sichere digitale Identitäten”.

Seit 2019 führt das Bundesministerium für Wirtschaft und Energie (BMWi) ein Projekt zur Förderung neuer digitaler Identitätslösungen durch. Nach einer sechsmonatigen Wettbewerbsphase, für die sich jede Institution in Deutschland bewerben konnte, wurden vier Projekte zur Förderung im Rahmen der Schaufenster Sichere Digitale Identitäten ausgewählt. Die ausgewählten Projekte (im folgenden Schaufensterprojekte) sind Forschungsprojekte, die mit über 120 involvierten Institutionen gemeinsam innerhalb von drei Jahren neue Lösungskonzepte für digitale Identitäten erforschen und umsetzen, darunter zahlreiche Institute mit dem Schwerpunkt IT-Sicherheit. Folgende Projekte nehmen am Schaufenster Sichere Digitale Identitäten teil: ONCE, ID-Ideal, SDIKA und IDunion.

Parallel dazu hat die Bundesregierung im Dezember 2020 ein eigenes ID-Ökosystem rund um die ID-Wallet gestartet. Das BMI beschreibt das Projekt wie folgt: “Bürgerinnen und Bürger können künftig persönliche Daten und digitale Nachweise verschlüsselt in ihren Smartphones speichern und dann selbstbestimmt, sicher und einfach für Online-Dienste von Unternehmen und Behörden verwenden.”

Das Lissi Wallet ist bisher nicht Teil des ID-Ökosystems der Bundesregierung und wird überwiegend im Rahmen des Schaufensterprojekts “IDunion” genutzt und weiterentwickelt. Es ist bisher nicht darauf ausgelegt offizielle Dokumente wie den Personalausweis und Führerschein zu speichern und dies war bisher für Endanwender*innen auch nie möglich. Ziel der Schaufensterprojekte ist es allerdings genau dies in Zukunft zu erreichen und dafür entsprechende Sicherheitsmechanismen zu entwickeln.

Insofern sind wir für jede Kritik an der Lissi Wallet sehr dankbar und nehmen die von Lilith Wittmann und Fabian Lüpke, der unter dem Pseudonym “Flüpke” im Internet Auftritt, geäußerten Bedenken ernst. Gleichwohl ist es sehr wichtig diese immer im Kontext der verschiedenen Anwendungsfälle und deren Vertrauensniveaus zu betrachten!

Probleme und mögliche Lösungswege

In ihrem gemeinsamen Artikel sowie einer Proof of Concept (PoC) Implementierung sprechen Lilith und Flüpke mehrere Probleme der Walletlösung an. Wir möchten diese Probleme nochmal kurz in eigenen Worten erklären und mögliche Lösungsoptionen aufzeigen.

1. Verifizierung von anfragenden Parteien

Bei verifizierten Dokumenten in einem ID-Ökosystem ist ein wichtiger Aspekt, dass die ausstellende Partei nicht in die Präsentation eines Nachweis gegenüber der anfragenden Partei involviert ist. Für den Prozess der Anfrage und der Präsentation wird eine direkte Kommunikation mit Ende-zu-Ende Verschlüsselung zwischen Nutzer*innen und der anfragenden Partei genutzt. Um die benötigten Schlüssel für die sichere Kommunikation auszutauschen, wird hierzu oftmals ein QR-Code genutzt, welcher Nutzer*innen über einen bereits bestehenden sicheren Kommunikationskanal übermittelt werden muss.

Beschriebenes Problem: Sollte der sichere Kanal kompromittiert werden, kann dies einer Angreifer*in erlauben, eine sogenannte “Man-In-The-Middle-Attacke” durchzuführen. Hierzu tauschen Angreifer*innen Schlüssel und Endpunkte aus und präsentieren Nutzer*innen einen gefälschten QR-Code, welcher das Ergebnis der Abfrage und damit die persönlichen Daten umleiten. Das Problem besteht darin, dass Nutzer*innen grundsätzlich keine Möglichkeit haben, die anfragende Partei innerhalb der Wallet zu authentifizieren und Betrüger*innen sich als beliebige Institution ausgeben könnten um persönliche Informationen anzufragen. Die Verantwortung den initialen Kommunikationskanal zu überprüfen liegt somit auf der Nutzerseite.

Mögliche Lösung: Um die Legitimität einer Anfrage verifizieren zu können, müssen sich anfragende Institutionen zuvor in einem öffentlichen Register z.B. mit öffentlichen dezentralen Identifikatoren (DIDs) registrieren. Die öffentlichen DIDs können durch eine vertrauenswürdige Partei (z.B. einem Vertrauensdiensteanbieter) in einer “Trusted List” zertifiziert werden. Das Wallet von Nutzer*innen kann bei neuen Anfragen die Authentizität über die entsprechende “Trusted List” validieren und Nutzer*innen die verifizierte Identität der anfragenden Partei anzeigen.

Grundsätzlich wäre auch denkbar, dass nur verifizierbare Institutionen hoheitliche Dokumente abfragen dürfen. Ob dies in der Realität sinnvoll wäre ist zu diskutieren. Alternativ müssen Nutzer*innen darüber aufgeklärt werden, dass die anfragende dritte Partei nicht verifiziert werden kann und die Daten nur geteilt werden sollten, wenn Nutzer*innen dem Kontext der Anfrage vertrauen. Mit der zunehmenden Offenheit der Ökosystems ergeben sich somit auch zusätzliche Risiken für Nutzer*innen.

2. Der Missbrauch von verifizierten Daten:

Wenn Informationen mittels einer verifizierbaren Präsentation mit einer dritten Partei geteilt wurden, dann erhält diese Partei die angefragten Klardaten (z.B. Name, Geburtsdatum) und eine entsprechende Signatur vom Aussteller der Informationen, um zu überprüfen, dass die erhaltenen Informationen unverfälscht sind.

Beschriebenes Problem: Angreifer*innen, welche verifizierte Identitätsdaten abfangen konnten, können diese missbräuchlich verwenden. Dieses Problem unterliegt der Annahme, dass ein Angriff, wie in Punkt 1 beschrieben, möglich und erfolgreich war.

Bestehende Lösung: Jede verifizierbare Präsentation eines verifizierbaren Nachweises ist mit einer Nonce versehen, die sogenannte Replay-Attacken verhindert. Die Angreifer*in ist somit nicht in der Lage mit den gestohlenen Daten weitere Anfragen zu beantworten und neue verifizierbare Präsentationen zu erstellen. Sie kann ausschließlich die gestohlenen Klardaten nutzen. Da schon durch die Preisgabe der Klardaten ein Schaden entstehen kann, ist es trotzdem notwendig den unter Punkt 1 beschriebenen Angriff auszuschließen.

Wie geht es weiter:

Neben den aufgezeigten Lösungsansätzen gibt es sicher noch eine Reihe weiterer Möglichkeiten und auch das beschriebene Angriffsszenario ist, wie bereits erwähnt, je nach Anwendungsfall differenziert zu bewerten.

Sowohl im ID-Ökosystem der Bundesregierung als auch in allen Schaufensterprojekten kommen sogenannte “selbstbestimmte” Identitätslösungen (kurz SSI) zum Einsatz. Viele andere Staaten weltweit, entwickeln derzeit ähnliche Lösungen. Deutschland geht dabei keinen Alleinweg.

Grundsätzliche Problemstellungen werden z.B. global auf dem halbjährlich stattfindenden Internet Identity Workshop (IIW) diskutiert. Der nächste IIW findet vom 12. — 14. Oktober statt. Wir möchten gern alle Beteiligten aufrufen sich hier zu treffen, um offen und konstruktiv über die Lösungsansätze zu sprechen.

Darüber hinaus werden wir im Rahmen der Schaufensterprojekte gemeinsam mit zahlreichen Institutionen die bestehenden Herausforderungen lösungsorientiert angehen und begrüßen konstruktive Kritik und die Beteiligung der Öffentlichkeit. Nur gemeinsam können wir erfolgreich ein Fundament für unsere digitale Gesellschaft schaffen!

Das Lissi Team freut sich auf eine konstruktive Diskussion.


Own Your Data Weekly Digest

MyData Weekly Digest for October 1st, 2021

Read in this week's digest about: 18 posts, 4 questions, 1 Tool
Read in this week's digest about: 18 posts, 4 questions, 1 Tool

Wednesday, 29. September 2021

EdgeSecure

“How to Learn Like Your Students”: Applying Best Practices for Online Learning to Professional Development

The post “How to Learn Like Your Students”: Applying Best Practices for Online Learning to Professional Development appeared first on NJEdge Inc.

Webinar

As best practices for online learning are identified and applied to courses and students, professional development must keep pace. By applying online learning best practices to professional development, including asynchronous, self-paced learning, faculty can better prepare to deliver engaging learning experiences, both online and in-person.

In this session, you’ll learn:

How platform-agnostic professional development prepares instructors to optimize the online learning experience How asynchronous, self-paced learning for professional development can reinforce the application of online learning principles How asynchronous learning and collaboration can enable your institution to customize and improve professional development over time Complete the Form Below to Access Webinar Recording [contact-form-7]

The post “How to Learn Like Your Students”: Applying Best Practices for Online Learning to Professional Development appeared first on NJEdge Inc.


“How to Learn Like Your Students”: Applying Best Practices for Online Learning to Professional Development

The post “How to Learn Like Your Students”: Applying Best Practices for Online Learning to Professional Development appeared first on NJEdge Inc.

Safe and Accelerated Procurement via Lead Agencies and Shared Services

The post Safe and Accelerated Procurement via Lead Agencies and Shared Services appeared first on NJEdge Inc.

Safe and Accelerated Procurement via Lead Agencies and Shared Services

The post Safe and Accelerated Procurement via Lead Agencies and Shared Services appeared first on NJEdge Inc.

Webinar

Lead Agencies and shared services exist to provide public entities with a collaborative model for accelerated procurement. Procurement decision makers with an in-depth understanding of how to leverage these options bring an added dimension of value to their organizations.

In this session you’ll learn:

The legal foundations of lead agency procurements and shared services agreements The basis upon which education institutions and public entities can share contracts and resources How Lead Agencies provide contractual and pricing benefits How a Lead Agency like Edge can procure contracts for use by our members How Shared Services Agreements allow education institutions and public entities to share resources to accelerate positive organizational outcomes Complete the Form Below to Access Webinar Recording [contact-form-7]

The post Safe and Accelerated Procurement via Lead Agencies and Shared Services appeared first on NJEdge Inc.


Berkman Klein Center

Big Brother: A critique of the 4th Industrial Revolution

Investment in transportation, agriculture, healthcare, and education should take priority over investment in surveillance technologies. While artificial intelligence (AI), a signature technology of the 4th Industrial revolution (4IR), has been projected to transform the socioeconomic landscape of Africa by creating new efficiencies in the public and private sectors, it has some way to go to live
Investment in transportation, agriculture, healthcare, and education should take priority over investment in surveillance technologies.

While artificial intelligence (AI), a signature technology of the 4th Industrial revolution (4IR), has been projected to transform the socioeconomic landscape of Africa by creating new efficiencies in the public and private sectors, it has some way to go to live up to this hope. Instead of exciting public-led applications such as the use of AI by the National Health Service (NHS) in the United Kingdom to fight diseases, the most promising applications of AI in Africa are, not surprisingly, private sector-dominated. From behemoths like Google and Facebook to smaller startups, private firms are attempting to create impact at scale in Africa through applications such as chatbots in healthcare and the financial industry and AI drone-empowered disease surveillance in agriculture. As I’ve explained elsewhere, African countries will falter in their quest for an AI-led 4IR economic boost if they neglect investments in foundational 2nd and 3rd IR technologies such as efficient transport systems, power grids, and reliable broadband connections for a critical mass of the population. The 4IR does not happen in a bubble; it feeds upon successful integration with 2nd and 3rd IR technologies. Little wonder, then, that the most visible public-private partnership in AI deployment for societal good during the Covid-19 pandemic was its use for disease surveillance in Johannesburg — within Africa’s most advanced economy where 2nd and 3rd IR technologies are better developed than in most of Africa.

A huge part of AI’s ineffectual public sector-led impact in Africa is poor statistical capacity, which might be a good intervention point for AI capacity-building grants for the continent. Government and other public statistical agencies are poorly equipped to keep accurate and granular records in critical sectors such as economic indicators, health data, environmental data, and even transportation data. AI systems feed on large, accurate, and digitized datasets to produce insights for development, and in Africa today, the organizations with the capacity to harness such data power are typically in the private sector. We probably should not expect a replica of a UK NHS intervention in Africa anytime soon. There doesn’t seem to be enough political will to build efficient public statistical systems in Africa. The only exception seems to be in biometric surveillance.

Photo: Pixaby

It seems ironic that one of the most extensive public sector-led applications of AI in Africa is the implementation of biometric surveillance technology. Many African cities have become urban experiments in the deployment of AI-powered biometric surveillance. A few examples will suffice. In 2019, Police in Uganda bought $126 million worth of CCTV surveillance technology from telecommunications firm Huawei to help control crime in Kampala, the country’s capital. In Nairobi, Kenya, Huawei has also implemented a new communications network which links 1,800 surveillance cameras with 195 police bureaus and 7,600 police officers. In South Africa, the Department of Homeland Security’s (DHA) draft identity management policy proposed that biometric information recorded by numerous surveillance cameras installed in public spaces across the country will be linked to the DHA’s population register and this database shared with the Police. In Madagascar, Huawei is also installing over 1,000 CCTV cameras in the country’s major cities. Other African countries which have deployed surveillance technology include Algeria, Botswana, Côte d’Ivoire, Egypt, Ghana, Malawi, Nigeria, Rwanda, South Africa, Tanzania, Uganda, Zambia, and Zimbabwe.

A conspicuous thread linking many of these projects is Huawei, the Chinese telecommunications giant. Many of these surveillance projects are linked with Huawei’s safe cities project, a Chinese-led global partnership in security infrastructure. China has been a major partner in Africa’s economic renaissance, having built about 70% of the 4G telecommunications infrastructure on the continent. The Infrastructure Consortium for Africa estimates China’s contribution to infrastructure development financing at $25.7 billion in 2018, about a quarter of the total $100.8 billion committed to infrastructure projects. China is also emerging as perhaps Africa’s most important trading partner, with an estimated $200 billion worth of trade in 2019.

China will remain an important partner for Africa. Nevertheless, it does not seem right that in the poorest continent on the planet, the most visible, public-led 4IR implementation is in security — and is simply a tool to maintain authoritarianism in many countries. Security is not the most urgent problem confronting Africa. Indeed, there are those who would argue that Africa’s security challenges are exacerbated by poor governance. The same local political will that has brought about these security investments in Africa can also be brought to ensure that 4IR impacts are more strongly felt in public sectors such as transportation, agriculture, healthcare, education — probably Africa’s greatest needs. A good place to start might be in partnerships to strengthen public statistical capacities and international knowledge transfers critical for the success of AI applications in Africa. The China-African partnership might be more meaningful if some of the agenda setting is African and recognizes that implementing effective public sector AI applications which improve the livelihoods of ordinary people will improve security better than a thousand biometric surveillance systems.

Big Brother: A critique of the 4th Industrial Revolution was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.

Monday, 27. September 2021

GLEIF

\#1 in the Financial Inclusion Interview Series – Yann Desclercs from Cornerstone Advisory Plus speaks about countering the de-risking trend in African economies with the LEI

All around the world, small and medium sized enterprises (SMEs) lack the legal documentation that can prove who they are to banks, service providers and other businesses. As a result, millions are struggling to access trade finance and create partnerships, particularly in developing economies. Following the launch of GLEIF’s digital business identity initiative designed to bridge this trade fin

All around the world, small and medium sized enterprises (SMEs) lack the legal documentation that can prove who they are to banks, service providers and other businesses. As a result, millions are struggling to access trade finance and create partnerships, particularly in developing economies.

Following the launch of GLEIF’s digital business identity initiative designed to bridge this trade finance gap in Africa, we’re catching up with our key partners to hear their thoughts on how the project will bring about greater financial inclusion for SMEs on the continent and beyond.

We spoke with Yann Desclercs, Managing Director, Cornerstone Advisory Plus to discuss how broad adoption of the LEI in the African financial system could help to reduce the continent’s trade finance gap. Cornerstone Advisory Plus is an advisory firm based in Cote d ́Ivoire, West Africa. It specializes in compliance advisory and training services for private and public sector institutions, including regulators and financial sector supervisors.

As part of the multi-stakeholder initiative, Cornerstone Advisory Plus assisted with the coordination of the project in collaboration with the other project partners. In addition, the Cornerstone team provided technical content and insight, facilitated stakeholder engagements and conducted data analysis with a special focus on compliance and KYC data. Cornerstone Advisory Plus also brought a francophone West African and international perspective to the project.

Having worked on the ground with financial institutions in Africa, what impact could broad LEI usage have on the broader financial system?
African financial institutions are struggling to access international correspondent banking networks, either because they do not have the critical size required in terms of volume of activity, or, more importantly, because they are not always fully compliant with international AML and KYC standards and sanction regimes. As a result, the African financial system is widely perceived as high risk by the international financial community. International banks have therefore formed the assumption that establishing links with these institutions would lead to costly due diligence processes, which would outweigh the potential additional revenue generated by transaction fees. The outcome of this risk vs reward analysis usually prevents these banks from establishing links with African financial institutions and can lead to them severing ties from existing relationships, a phenomenon known as ‘de-risking’.

Broad usage of the LEI can provide greater transparency in the African financial system. This would help improve the risk assessments for individual entities together with the perception of system itself, opening it up to a worldwide network of international financial institutions. This would certainly help support the effective inclusion of African financial institutions in the global economy.

Do you think the broad usage of the LEI could also have an impact on SMEs in the region?
Of course. As we know, de-risking has a huge impact on African economies and SMEs in particular, which make up the largest economic subset. A recent report from AfDB and Afreximbank shows that the continent’s trade finance gap is estimated at US$81bn, largely due to compliance and KYC issues and de-risking. SMEs are the most affected by this issue. Reversing the trend of de-risking by fostering transparency of the African financial system through the broad adoption of the LEI could help to reduce the trade finance gap for SMEs and wider African economies.

How can the LEI initiative help banks with their internal processes? How can they become more efficient as a result?
Banks that participate in this LEI initiative and take on the role of a Validation Agent can leverage their existing KYC process to obtain LEIs for their customers, with minimal to no additional steps, depending each bank’s KYC framework. As a result, participating banks can obtain strong global business IDs for their customers and help them to address globally recognized verification processes, all while streamlining their internal processes for periodic KYC renewals and ongoing customer information updates.

Another key benefit of equipping clients with an LEI is the simple identification of parental links between corporations using the GLEIF database, which can prove particularly useful in establishing beneficial ownership links as required by FATF recommendations and most jurisdiction’s laws. All these efficiency gains in the KYC process could eventually lead to greater cost efficiency by reallocating compliance resources proportionally and utilizing an effective risk-based approach as per FATF’s first recommendation, which is translated into most international and national laws.

What strategic benefits can banks realize by participating in the LEI initiative? How does it help them grow revenue, opportunities or market share?
Participating banks can benefit from improved risk perception within the international financial community, ultimately leading to increased trade capacity and corresponding market share. They can also develop a competitive edge by offering their customers globally recognized business IDs, delivering additional benefits for their SMEs and corporate customers.

This competitive edge coupled with the enhanced trade capacity could lead to significant growth in both market share and revenues, subject of course to an aligned and appropriate commercial, marketing and communication strategy.

What kind of ID services could an African bank anticipate developing once it has equipped its SME customers with LEIs?
The sky is the limit. However, for the purpose of this interview, let’s focus on existing platforms such as the MANSA repository created and managed by a partnership led by Afreximbank. The MANSA repository is a single source of the primary data required for the conduct of customer due diligence on African entities including financial institutions, corporates and SMEs. Subject to an agreement between MANSA initiative and GLEIF, the LEI could be offered as an option/choice for the identification verification part of the repository. The LEI being an internationally recognized global business ID, it could potentially add on to the already established reputation of the MANSA repository and fast track the onboarding for all entities who already have an LEI.

This fast-tracked onboarding process could apply to any other national or regional ID platform on the continent. To achieve this in practice, discussions need to be conducted between GLEIF and the platform managers around the continent in order to establish collaborative avenues in order to reach an LEI-based onboarding process in the existing ID platforms.


omidiyar Network

Our Vision for Fair, Equitable Tax Policy

Photo by Kelly Sikkema on Unsplash Imagine a world where our oldest and youngest Americans get the care they need. A world where racial inequities are something we work to face and heal rather than exacerbate. Imagine a world where our public schools and universities provide excellent educations that set our students up for success. A world where new businesses can flourish and research and de
Photo by Kelly Sikkema on Unsplash

Imagine a world where our oldest and youngest Americans get the care they need. A world where racial inequities are something we work to face and heal rather than exacerbate. Imagine a world where our public schools and universities provide excellent educations that set our students up for success. A world where new businesses can flourish and research and development lead to incredible breakthroughs promoting well-being in science and technology. And imagine a world where our roads, bridges, and drinking water are safe and our infrastructure helps to mitigate the looming climate crisis. This world doesn’t have to be a dream. It is possible if we view our government as a force for social good — intended to benefit the largest number of people in the largest possible way — and our tax policy as a means to get there.

What we decide to do together and how we choose to pay for it reflects what we value as a society. It is how we express our democratic priorities for the collective good. It signifies our priorities and considerations of fairness and reciprocity. And it signals how we treat the most privileged versus people who are left behind or left out; individuals and businesses; investors and employees. Unlike almost any other government policy, tax squarely answers the question: “What (if anything) do we owe to each other?”.[1]

Tax is a complicated and often emotional issue because it tends to be a proxy for the collision of two core but divergent concepts that guide American society: the roles of individual responsibility versus the common good. Beyond that, tax is also one of the most visible representations of the role of government in our lives, and it sets key incentives for many aspects of our economy and society.

Our government is not just an abstract, remote bureaucracy. Under democratically legitimate governance, it represents all of us. Government is intended to be a means to enact our collective will, and one of the critical ways we can build a “more perfect union.”

More practically, our government is responsible for maintaining our nation’s roads and bridges; keeping our air, food, and water safe; taking care of our veterans; conducting and funding research that can lead to medical and technology breakthroughs, new energy technologies, and critical vaccines; providing health care and education; and much more. Our government is what makes our market economy possible, providing a stable currency of exchange; enforceable contracts and property rights; and consumer protections. Our government has a profound impact on our everyday lives. It has played an even more important role during the Covid pandemic, keeping families and small businesses afloat during these challenging times, just as it has in wartime and other past emergencies.

But good government is not free. It must be adequately funded to carry out its charge effectively.

With sufficient revenue, we could pay for programs and services that give every American a chance to get ahead: creating jobs that pay a livable wage; investing in education and making college affordable; shoring up our safety net programs for the long term; reducing poverty; and protecting people who have been marginalized by our current systems. To make these government services accessible and responsive, we need quality civil service and civil servants — which also cost money.

We recognize that our government does not always live up to these ideals. Often, it falls short because it is not adequately funded. For decades, conservative politicians and thought leaders have been advocating for smaller government, which erodes its ability to function properly. At the same time, political pressures can sway policymakers to do the bidding of special interests at the expense of those with less influence or power.

We believe in the role of government and the value it can bring. Tax policy is a critical means to achieve a healthy and stable democracy, economy, and shared values. Americans agree. According to a September 2020 survey by Gallup, “For the first time in Gallup’s 28-year trend, a majority of Americans think the government should do more to solve the nation’s problems. As the U.S. continues to struggle with the coronavirus pandemic, the resulting economic downturn, and racial injustice issues, 54% of U.S. adults favor increased government intervention.”

For these reasons, we believe US tax policy should be guided by four core principles that reflect the values of a democratic country; values that center the well-being of the many over the benefits of a privileged few.

Omidyar Network’s Principles for Fair and Equitable Tax Policy

People with less shouldn’t pay more than people with plenty. Wealth should not be rewarded more than work. Big businesses should pay their fair share. Tax expenditures should build toward the future we want for all.

The Current Situation

Our tax code furthers the divide between the haves and the have-nots — not just in the size of their wallets, but also in how they relate to and support each other. This can and has led to erosion of our sense of shared belonging and reciprocity.

In a variety of important ways, our tax code is not aligned with our American values of fairness and equity.[2] It contributes to a corrosive inequality (across incomes, wealth, geography, gender, and race) that undermines our social fabric and our democracy, which in turn creates openness to authoritarian responses and solutions, a theme the Tony Blair Institute for Global Change warned of in 2018.

If we look at our federal tax system as a whole and for individual taxpayers, it is, broadly, progressive[3]. People with higher incomes tend to face higher tax rates on their income. For instance, the bottom 20% of households pay just 0.9% of their income in federal taxes, while the top 1% of households pay one-third of their income in federal taxes.

However, rates do not tell the whole story. From a tool created by the Economic Policy Institute to examine how US taxes and spending affect income inequality:

Decades of corporate tax cuts and increases in payroll taxes, which are less progressive, have weakened the equalizing effect of the federal tax system. Those taxpayers who derive most of their wealth from capital assets enjoy preferential tax rates while flat taxes on consumer goods, such as the gas tax, disproportionately harm those at the bottom of the income distribution. And the decline in corporate tax rates also explains why some analyses of the absolute richest households (the top 0.1% or the Forbes 400, for example) show their tax rates are actually lower than those faced by typical taxpayers.

Because of our upside-down tax code, in many cases, as Warren Buffet famously pointed out, people who have lower incomes end up paying a higher share of their income in taxes than people who have higher incomes.

We also tax income generated from labor at a higher rate than capital generated from wealth and investment. And businesses can take advantage of loopholes to avoid taxes that most employees cannot, again preferencing those with power.

What We Believe & What We Should Do

Our society, democracy, and the functioning of our economy depend on citizens knowing that our social contract is being honored, and that there is fairness and reciprocity and opportunity for all, not just for some. The current tax code and its outcomes, however, do not live up to this standard; rather, they undermine trust and stand in the way of shared prosperity.

We know it requires much more than a fair tax code to build an equitable and inclusive economy. Often, tax is an output, redistributing money as a result of other economic policies. Ultimately, we believe we will have better outcomes if we focus upstream, building the markets and systems we want rather than trying only to remedy their unequal outcomes on the back end. So we view tax policy as a, “Yes, and.”

To that point, Omidyar Network also works on issues like expanding worker power, reshaping markets so that they incentivize businesses to contribute to the common good, and reining in monopoly power to increase competition and spark innovation.

In our effort to reimagine capitalism and seed a new economic paradigm, we argue that our government must govern markets in ways that prioritize the public good. We also call out the failings in our economic system that foment economic insecurity, exacerbate inequality, and deny opportunity, and as we have recently experienced, has resulted in the consequent openness to authoritarian siren songs.

Omidyar Network, in alignment with our Call to Reimagine Capitalism in America, believes our tax code currently reinforces wealth and income inequality. We believe instead it should promote fairness, reciprocity, and a renewed social contract based on mutual trust between individuals and government. We urge our funding partners, current and future grantees, and policymakers at the local, state, and federal levels to consider the following principles when evaluating, advocating, and enacting tax policy:

People with less shouldn’t pay more than people with plenty.

The current tax code doesn’t ask enough of the wealthy.

This is grounded in the Peter Parker Principle: With great power comes great responsibility. Before Spiderman, even Adam Smith, the Father of Economics and Capitalism wrote in The Wealth of Nations:

“[I]t is not very unreasonable that the rich should contribute to the public expense, not only in proportion to their revenue, but something more than in that proportion”, because a tax on “the luxuries and vanities of life [which] occasion the principal expense of the rich… would in general fall heaviest upon the rich; and in this sort of inequality there would not, perhaps, be anything very unreasonable.”

We believe we have mutual obligations to each other that should be reflected in our tax code, and that wealthy individuals have a responsibility to pay their fair share. People with higher incomes and assets should have both higher nominal and effective tax rates. Our tax code should reflect our values and reinforce broadly shared prosperity for the many, not just the privileged few.

2. Wealth should not be rewarded more than work.

Currently, our tax code gives preferential treatment to wealth-holders by taxing capital income at lower rates than labor income. This is true nominally through lower statutory rates and substantively through lower effective rates. This not only fuels inequality but disincentivizes work and deemphasizes investment in the real economy at the expense of increasing returns for shareholders.[4]

Economists Emmanuel Saez and Gabriel Zucman wrote, “Less capital taxation means that the wealthy — who derive most of their income from capital — can mechanically accumulate more. This feeds a snowball effect: wealth generates income, income that is easily saved at a high rate when capital taxes are low; this saving adds to the existing stock of wealth, which in turn generates more income, and so on.”

Research suggests that many CEOs who take a $1 salary are rewarded with stock, option, or bonus packages that match — or even outweigh — the cash they sacrifice on a pay stub.[5] One 2011 study of 50 executives concluded that the average “$1 CEO” gives up $610k in salary but gains $2m in other “not-so-visible forms of equity-based compensation.” These skewed compensation schemes are a predictable response to the incentives in our tax code.

There are many potential policy remedies to bring capital and labor taxation more in balance, and in turn, reduce economic inequities. Reflecting this principle, we support equalizing the treatment and rates (nominal and effective) between labor income and capital gains, which would likely entail raising tax rates on capital.

3. Big businesses should pay their fair share.

As with individuals, we suggest that large companies who earn more should pay more.

Part of that belief is based on an obligation to the common good but also acknowledges that many companies benefit from a range of government-provided services or investments (like the internet, highways, the postal system, government-sponsored research) that contribute to their ability to get off the ground, their profitability, and their basic operations.

Our tax policies and a raft of tax expenditures, both large and small, create a broad labyrinth of incentives to catalyze smart investments, support research and development, foster competition and competitiveness, slow the pace of climate change, and fuel our economy[6].

At its best, tax policy can motivate businesses to hire people who would otherwise have a hard time finding work, including veterans and people with disabilities; encourage them to invest in communities that have been overlooked and left out; bring jobs home from overseas; promote clean energy to address our growing climate crisis; and help small business owners get started and succeed.

We are an organization founded by an entrepreneur. We believe our tax policies should help new businesses get off the ground, and we share the goal of fostering a vibrant, dynamic start-up economy. In alignment with The Tax Foundation, we too believe our tax code should be seen as a vehicle for accelerating economic growth and dynamism.

For decades, economists posited that higher individual and corporate tax rates stifle entrepreneurship and new start-up formation. The opposite is true. Data shows if you overlay corporate tax rates with rates of new business creation, you’ll see that as corporate tax rates decreased over time, so did new business creation[7]

Additionally, evidence on the effect of tax on entrepreneurship is mixed at best, as the Center on Budget and Policy Priorities has noted:

150 executives surveyed by Endeavor Insight, a research firm that examines how entrepreneurs contribute to job creation and long-term economic growth, said a skilled workforce and high quality of life were the main reasons why they founded their companies where they did; taxes weren’t a significant factor.

Our government and our tax policies provide the infrastructure for new businesses to not only get started, but to thrive. From support for R&D, to roads and bridges that move goods, to public services and universities that educate our students and working people, to basic elements and institutions that guarantee rule of law and the enforceability of contracts and private property, our government and our tax policies champion corporate opportunity.

With that opportunity again comes an obligation for corporations to pay their fair share. The corporate share of federal tax revenue has dropped by two-thirds in 60 years. Corporate tax revenue accounted for 32.1% of federal revenue in 1952, but by 2012, the share of corporate tax revenue had fallen to 9.9%, according to the Office of Management and Budget.

Why? It’s not because businesses are less profitable, or less competitive (In 1952, post-tax corporate profit was 8.6%; in 2012, it was 11%[8]). Rather our tax code now has enshrined a range of loopholes and exemptions that not only allow, but encourage, corporations to avoid or evade taxes.[9]

In 2020, 55 of the nation’s largest and most profitable corporations — including FedEx, Nike and Archer-Daniels-Midland — paid no federal corporate income tax, according to the Institute for Taxation and Economic Policy. This was legal. It was not fair.

Tax avoidance schemes involving tax havens in places like the Cayman Islands are estimated to cost as much as $100 billion a year in lost revenue, according to a US Senate subcommittee report from 2008.

We do not fault them for taking advantage of the laws as written to minimize their tax obligations. They are behaving legally and rationally given the system’s rules. But we believe the laws themselves should change to better reflect our shared values.

While corporations can reduce the amount they owe in taxes in a variety of legal ways, we believe that avoiding fair taxation should not be a badge of honor. As billionaire entrepreneur Mark Cuban said, “While some people might find it distasteful to pay taxes, I don’t. I find it patriotic.”

Growth over the past 60 years has actually been stronger when corporate tax rates were higher, according to the Economic Policy Institute.

We need to close loopholes and strike the right balance in our corporate tax policy so that businesses can remain competitive while fulfilling their obligation to the broader community for the benefit of most Americans.

4. Tax expenditures should build toward the future we want for all.

There is always a push and pull with our tax code. Above, we spoke primarily about how we can pull back bad behavior and promote fairness. We also can use tax policy and tax expenditures to push good behavior forward and toward the outcomes we want as a society.

According to the Congressional Joint Committee on Taxation (JCT), the projected cost of the tax expenditures in 2020 was $1.795 trillion, with $172 billion in corporate expenditures and $1.62 trillion in individual expenditures.[10] The US tax code in recent years annually enshrines between 280–300 separate tax expenditures, roughly 60% of which are aimed at individual taxpayers, and the other 40% at business taxpayers.

The three biggest individual tax incentives by dollar amount are for employer-sponsored health plans, earnings on defined contribution pension plans, and reduced rates on dividends and long-term capital gains (see principle #2 above). A number of them are broad-based and well-intentioned, for instance, home mortgage interest deductions to promote home ownership, charitable contributions, or several more recent corporate tax expenditures, aimed at encouraging companies to repatriate income and jobs from overseas and remove intellectual property loopholes to avoid paying US tax. Others are quite narrow, for instance, commuting to work by bicycle.

However, in any broad analysis, like the vast majority of our tax code, tax expenditures tend to favor the wealthy and well-connected corporations. According to the Congressional Budget Office (CBO), on the individual taxpayer side, the top 1% of earners receive 17% of the benefit from individual tax expenditures. Lobbyists have wrangled expenditures for their clients’ special interests, including special depreciation schedules for corporate jets, loopholes that allow inversions, subsidies for fossil fuels, and deductions for CEO bonuses, as well as regular tax law that allows wealthy owners to depreciate their ownership of multi-billion-dollar sports teams.

Instead of being unduly swayed by corporate lobbyists, we encourage policymakers to examine tax expenditures with a holistic lens toward the future we want to build. We suggest the questions below as a guide so that expenditures are a vehicle for prosperity, fairness, and equity in our tax system:

How can tax expenditures help close the racial wealth gap and address the systemic inequities that marginalize Black, Brown, and poor families? How can tax expenditures help us mitigate and adapt to a rapidly changing climate? How can tax expenditures spur research and development to prepare for the future, and invest in the real economy (while correcting for current shortfalls that allow R&D investments to be opaque on tax returns)? How can tax expenditures spark innovation to create the tech we want in service of the common good? How can tax expenditures promote economic mobility and growth for the many, and improvement of the safety net for the least fortunate? How can tax expenditures more generally reinforce a fairer, more progressive tax system?

The recent changes to and expansion of the Child Tax Credit (CTC) provide one clear answer to these questions. If made permanent, the CTC could “dramatically reduce childhood poverty and improve children’s chances of upward intergenerational mobility, increasing both their future earnings and the corresponding tax revenue that will be collected on it.”[11] These are the types of tax expenditures that can have a dramatic, positive impact on our society for many Americans.

In theory, our tax code is “race-neutral.” However, it builds on a toxic legacy of policies that unfairly and unequally distribute resources. Recent analysis by the Tax Policy Center shows a variety of ways in which tax policies also exacerbate income and wealth inequalities stemming from long-standing discrimination in areas such as housing, education, and employment. According to a study by the National Community Reinvestment Coalition, three out of four neighborhoods redlined on government maps 80 years ago continue to struggle economically.

Educational outcomes are also linked to redlining. The Annenberg Institute for School Reform at Brown University found that districts and schools located in formerly redlined neighborhoods have lower average test scores. Today, 44% of Black families own their own home, compared to 74% of white families. To encourage more Black families to buy homes and build wealth, we could give a credit for first-time home buyers instead of a deduction for mortgage interest, which benefits borrowers buying bigger homes.

Conclusion

As policymakers consider new tax policies, we suggest they meet the following tests:

Does it benefit the many, not just the privileged few? Does it address collective challenges, not just individual ones? Does it reduce wealth and income inequalities, rather than increase them? Does it promote upward mobility for all? Does it help achieve our shared values (e.g., reducing child poverty, creating good jobs, equity across race and gender)? Does it foster innovation, economic growth, and investment in the real economy, rather than incentivize shareholder primacy and stockpiling cash and profits? Does it preserve the principle of progressivity in our tax policy overall? Does it discourage “bad behavior” and mitigate externalities (e.g., carbon tax, sin taxes on alcohol and cigarettes, financial transactions tax)?

We are committed to applying this test to our own advocacy work related to revenue-focused policies at the federal and state level.

Tax policy must be reformed so that it is fairer and more equitable. We believe restructuring our tax code can take many forms, and while we do not prescribe specific policy recommendations or rates here, we do commit to greater transparency in our own work related to tax[12], and to honoring the principles outlined above. There is much that we as philanthropists, our grantees, advocates, lawmakers, and regulators can do so that every American has a fair chance to prosper and thrive and we no longer have to imagine that world, we can live in it.

_____________________________________________________

[1] A riff of T.M. Scanlon’s book of a similar title: What We Owe To Each Other

[2] Thomas Paine in “The Rights of Man”: Whatever is my right as a man is also the right of another; and it becomes my duty to guarantee as well as to possess.

[3] This is not always the case at the state level, however.

[4] Oren Cass, “The Corporate Erosion of Capitalism,” March 2021: https://americancompass.org/essays/the-corporate-erosion-of-capitalism/

[5] https://thehustle.co/1-ceo-salary/

[6] We also recognize that there are many instances of corporate tax policy that incentivize what we consider “bad behavior”, such as fossil fuel subsidies.

[7] 2020 and the response to Covid, saw the first major uptick in new business formation in years. It is too early to know if this is a durable trend or a one-off response to the major employment shock of March 2020.

[8] Source: Adapted from Bivens (2015)

[9] We also note that these corporations spend a significant amount of money to make sure it is the law. According to the Sunlight Foundation: Between 2007 and 2012, 200 of America’s most politically active corporations spent a combined $5.8 billion on federal lobbying and campaign contributions. [But] what they gave pales compared to what those same corporations got: $4.4 trillion in federal business and support. https://sunlightfoundation.com/2014/11/17/fixed-fortunes-biggest-corporate-political-interests-spend-billions-get-trillions/

[10] Source: Joint Committee on Taxation, “Estimates of Federal Tax Expenditures for Fiscal Years 2018–2022

[11] Washington Center for Equitable Growth, accessed September 4, 2021 https://equitablegrowth.org/the-child-allowance-will-pay-dividends-for-the-entire-u-s-economy-far-into-the-future/

[12] A list of Omidyar Network’s partners within our Reimagining Capitalism portfolio can be found here. Many of them are working for better and fairer tax policy.


We Are Open co-op

Climate change (for the better)

Helping Julie’s Bicycle realise their digital vision Image CC BY-ND Bryan Mathers of WAO Julie’s Bicycle is a uniquely-named climate not-for-profit mobilising the arts and culture to take action on the climate and ecological crisis. In October 2006, Alison (not Julie) got on her bike to meet some friends from the music industry for dinner at a restaurant called Julie’s. That night toget
Helping Julie’s Bicycle realise their digital vision Image CC BY-ND Bryan Mathers of WAO

Julie’s Bicycle is a uniquely-named climate not-for-profit mobilising the arts and culture to take action on the climate and ecological crisis.

In October 2006, Alison (not Julie) got on her bike to meet some friends from the music industry for dinner at a restaurant called Julie’s. That night together they dreamed up a vision of the future where festivals were powered by solar, venues were off-grid and covered in flowers, museums were community energy providers, artists were united as beacons for change.

WAO are currently helping JB with two strands of work. The first strand, which we can discuss here, involves digital transformation that includes hiring a digital product team. If you, or anyone you know, might be interested in applying for any of the roles, check out JB’s recruitment page. The first position is currently live, and more positions will be released over the next few weeks and months.

The second strand, led by Outlandish and to which we’re contributing, involves work with a large commercial music organisation. We’ll be able to share more details on that in due course.

At a crossroads Image CC BY-ND Bryan Mathers of WAO

Since 2007, JB has helped organisations in the arts and culture sector calculate their carbon emissions. The tools developed achieve this, Creative Green Tools, are used by more than 5,000 organisations and sit alongside high-impact programmes and policy change.

These tools have, however, been developed piecemeal and in response to rounds of funding over the last decade or more. While they are looked after by a specific member of the JB team, they have been developed by freelancers based on the needs of particular projects and programmes.

Now, at a time when the urgency of the climate crisis is being felt everywhere, JB is creating their first digital team. This team will not only improve and expand Creative Green Tools, but potentially create new products and services.

Bringing this development in-house can be scary for not-for-profit organisations like JB. They are funding their mission, so making bold changes requires not only business modelling and securing funding, but ultimately a vision and a leap of faith.

Digital supports everything Image CC BY-ND Bryan Mathers of WAO

As we stand now, almost a quarter of the way through the 21st century, there is no such thing a “non-digital” organisation. But the level of capacity organisations have to develop their own products and services differs wildly.

To grow sustainably, JB are aware that they need knowledge and expertise they don’t currently have in-house. So, after some initial scoping, JB have hired WAO to help them not only hire a digital team, but bring in processes and workflows that will help their talented team thrive.

Turning capacity into action Image CC BY-ND Bryan Mathers of WAO

Since its inception, JB has been an effective, impactful organisation pushing the arts and culture sector towards a more sustainable way of being. With additional digital skills, and WAO’s help, JB is looking to turn its research, tools, and capabilities into products and services that work at scale across complex sectors.

WAO is pleased to be working alongside Julie’s Bicycle. Our members can see the vision that JB’s staff has been sharing. From tour and festival planning to museum and gallery retrofitting, Julie’s Bicycle is a beacon for the arts and culture sector, and we are happy to help Julie’s Bicycle prove that climate consciousness can work at scale.

Climate change (for the better) was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

Friday, 24. September 2021

Elastos Foundation

Elastos Bi-Weekly Update – 24 September 2021

...

Good ID

Authenticate Virtual Summit: The Imperative for Strong Authentication for Government Services

Authentication plays an increasingly important role in how governments are providing services around the world. At the Authenticate Virtual Summit on Sept. 23, 2021, users, experts and vendors from around […] The post Authenticate Virtual Summit: The Imperative for Strong Authentication for Government Services appeared first on FIDO Alliance.

Authentication plays an increasingly important role in how governments are providing services around the world.

At the Authenticate Virtual Summit on Sept. 23, 2021, users, experts and vendors from around the world detailed how strong authentication helps to enable government services and new efforts to secure online identities. Users including the U.K. National Health Service (NHS), as well as the U.S. Government’s login.gov and Internal Revenue Service (IRS) provided insights into the present and future of online authentication and digital identities.

In the opening session of the event, Andrew Shikiar, executive director and CMO of the FIDO Alliance, outlined the strategic imperative for FIDO in government services around the world.

“COVID-19 created an imperative to really accelerate digital transformation activities,” Shikiar said. “When the pandemic hit all of a sudden, everyone was at home and all activity brought requirements for modern authentication schemes that go far beyond passwords, even beyond traditional multi-factor authentication.”

Shikiar noted that the FIDO Alliance standards align very well with global regulations and policies and there is a growing trend of government guidance for authentication that cites the use of FIDO.

“It’s important to enable trust in the government ecosystem,” Shikiar said. “This comes through the engagement FIDO does with different regulators and government bodies and ultimately will be manifested through the secure implementation of digital identity services to citizens worldwide.” 

Technology Helping to Push FIDO Strong Authentication Forward

A key path for enabling FIDO specification is via vendors that support government efforts. 

Patrick Sullivan, CTO of security strategy at Akamai, commented that password credential stuffing attacks are very common. He noted that Akamai’s platform sees as many as a billion password attacks per day. That’s where multi-factor authentication and more specifically strong authentication based on FIDO Alliance standards play a strong role. Sullivan noted that there is a clear need to provide multi-factor authentication in a low friction environment where it’s delivered in the form factor of an app on a smartphone.

“We’re not asking users to carry around a hardware token to accomplish FIDO2 as we move in that direction, and by introducing less friction, there’s less risk of our users doing something anomalous,” Sullivan said.

Jeff Frederick, manager of solutions engineering at Yubico, noted during his session that in government, many agencies in the U.S use Common Access Card (CAC)/Personal Identity Verification (PIV) credentials that go beyond basic passwords. Frederick noted that FIDO2 standards, which are supported on his company’s YubiKey device, provide a strong impersonation resistant authentication protocol that uses public private key cryptography.

“It’s very similar to PIV/CAC and FIDO2 is an open standard that’s managed by the FIDO Alliance, so that any vendor can support this and use it today,” Frederick said. “It’s built into all major operating systems and all major browsers so there’s no middleware that you need to install to make this work and it’s just an easy to implement solution that will modernize the federal authentication infrastructure across the board.”

Making Identity and Authentication Less Taxing at the IRS

The IRS proofs and authorizes tens of millions of taxpayers every year, across both digital and non digital channels, according to Courtney Rasey, assistant to the director, Identity Assurance, Privacy Governmental Liaison, & Disclosure (PGLD) at the IRS.

“None of those tens of millions of taxpayers who are calling the IRS are doing so just because they want to, it’s not really a fun weeknight activity,” she said. “They need to resolve an issue to meet their tax obligation and we know that, so we’re always striving to provide better service to taxpayers, to help them get the service that they need in the most convenient and efficient way possible.”

One way the IRS is looking to be more convenient to taxpayers is with its Secure Access Digital Identity (SADI) platform that was launched in June of 2021. Rasey explained that SADI leverages a Credential Service {rovider (CSP) that identity proofs the taxpayer and then provides the IRS with a digital identity credential.

“Users are eventually going to be able to access all IRS online applications utilizing that single digital identity credential,” Rasey said. “The IRS is moving more and more applications behind SADI throughout fiscal year 2022 and as we do move more applications taxpayers are going to be able to do so many things with just one credential.”

Moving Toward Zero Trust with Strong Authentication

In May, President Biden signed Executive Order 1402, which directs U.S. government agencies to improve cybersecurity. One of the primary provisions of the executive order is to move the federal government toward a zero trust architecture.

“When we talk about zero trust, we’re talking about an architecture where people and their devices aren’t trusted just by virtue of being inside an organization’s enterprise network,” explained Eric Mill, senior advisor, Office of Management and Budget (OMB).

Mill noted that in a zero trust model, people and devices are validated at each step and  authentication is context-aware. The OMB is strongly encouraging the adoption of phishing resistant multi-factor authentication, with FIDO WebAuthn as a good alternative option in environments where CAC/PIV isn’t feasible.

“We’re pushing very hard on multi-factor authentication and we really view reliable authentication as a critical foundation of zero trust architecture,” Mill said.

In a Policy Deep Dive session, Jeremy Grant, managing director, technology business strategy at Venable, noted that there are a number of reasons why authentication is important to governments. 

Grant said that FIDO specifications can help governments to protect access to their own assets and can help to enable more high-value citizen facing services to the public. 

“I think what we’re seeing in 2021, is a really different environment across the globe, where FIDO authentication is emerging, not just as another permitted option, but in many cases as a preferred choice of governments across the world,” Grant said.

How the National Health Service (NHS) uses FIDO

Among the areas in the world where FIDO is finding a home is in the U.K. 

The National Health Service (NHS) is the publicly funded medical and healthcare system in the U.K. and it has embraced FIDO standards to help improve human health.  With the NHS Login service, citizens get a centralized identity for health services while the NHS app provides a simplified application for accessing and managing an individual’s access to health services.

Priyanka Mittal, technical architect for the NHS Login and NHS app, said that over the past 18 months there has been a 10-fold increase in the user base for NHS login as demand has grown during the pandemic.

Sean Devlin, tech lead for the NHS App, explained that initially the services started out using an SMS based two-factor authentication approach, but wanted to find a more seamless approach. NHS decided to use FIDO UAF and built out its own implementation, using eBay’s open source FIDO implementation as a starting point.

Devlin said that before using FIDO, users had to navigate as many as five different screens to get through a multi-factor authentication flow. With FIDO, it’s a single screen.

The NHS has also saved a lot of money by moving to FIDO. With over 500,000 FIDO logins per day, Devlin estimates that the NHS is saving on the order of £8,000 per day on SMS messaging costs.

Bringing FIDO Strong Authentication to Login.gov

FIDO specifications also play a pivotal role at login.gov, which is a single sign-on platform for U.S. government services.

Jonathan Hooper, login.gov Engineering Lead at the General Services Administration (GSA), explained that the authentication portal fronts over 200 sites across the U.S. government,  spread across 27 different agencies. Hooper explained that starting in 2018, login.gov began expanding the use of multi-factor authentication, including the WebAuthn specification.

“We don’t want to be ‘big brother,’ we want to make sure that we can protect users’ privacy and the things built into the protocol that helped to do that were very attractive to us,” Hooper said. “WebAuthn is also very cheap, it is much cheaper to do a WebAuthn authentication event than it is to do SMS by several orders of magnitude.”

Improving Digital Identity with FIDO

A FIDO-based approach for digital identity could soon be finding its way to Canada as well according to Joni Brennan, president, Digital ID & Authentication Council of Canada (DIACC). An effort currently underway is the Pan Canadian Trust Framework (PCTF) which is an information assurance framework.

“We think that there’s a great opportunity here to leverage an information assurance framework, coupled with FIDO Alliance driven specifications, to create and to verify that end to end experience that’s needed for digital ID adoption,” she said.

The need for secured digital identities was also highlighted by Amit Mital, special assistant to the President and senior director, National Security Council at the White House.

“Today, when we authenticate ourselves and identify ourselves, we might use one of dozens of popular systems,” Mital said. “

So the ecosystem itself is very decentralized, and it’s very unharmonized. It is also fundamentally unsecure.”

Mital said that there is a clear need for strong remote identity solutions that can provide easy, secure, affordable and reliable ways to identify consumers across digital systems. 

“It’s clear that there are a diverse and large number of scenarios that need digital identity and there is no single entity that can solve all these scenarios,” Mital said. “We need an ecosystem that brings together the best ideas and innovation from the private sector, both large companies and startups, as well as the government at both the federal and the state, the local, tribal and territorial lands.”

Wrapping up the day’s event, Andrew Shikiar, executive director of the FIDO Alliance, observed that there are a lot of conversations ongoing about  different types of government services and their dependency on secure digital identity.

“Ultimately, identity and authentication are core to deploy new services at scale, in a way that meets the requirements for government agencies, and for citizens alike,” Shikiar said.

The webcast is now available on demand. To watch the recording, visit the event page.

For more discussions on moving past passwords to modern strong authentication, attend Authenticate 2021 on October 18-20, 2021 in Seattle or virtually. The full agenda and details to register are available at authenticatecon.com

The post Authenticate Virtual Summit: The Imperative for Strong Authentication for Government Services appeared first on FIDO Alliance.


Ceramic Network

Announcing Ceramic's Sovereign Data Hackathon

Help build shared, open infrastructure to power self-sovereign data

Ceramic is live on mainnet 🚀👩🏽‍🚀🍾🥂 and we're celebrating the best way we know how: a hackathon! Join us for the Sovereign Data Hackathon, from October 7th to 21st, for a chance at over $10,000 in bounties. Hackers have the option to build with a wide variety of web3 technologies, with bounties co-sponsored by projects such as Radicle, Unstoppable Domains, Mask Network, Figment and Chainlink. The virtual event will offer developers a chance to earn prizes for adding to the identity tooling on Ceramic, integrating the identity tooling into other open source projects, or even pushing forward your own projects!

We'll be announcing some new identity-related tooling next week for hackers to build with at the event, so stay tuned!

What is Ceramic?

Ceramic is Web3's sovereign data network, giving developers a platform to build data-rich applications on fully decentralized infrastructure. It works with existing wallets and keys, any blockchain (or L2), and provides developers an easy way to add multi-account identity, profiles & metadata, user generated content, user data storage, or other forms of dynamic data to any app. Ceramic lets you easily build rich applications with aggregated identity and reputation, social features and content, and user data storage. Eliminate the need for a backend or custom contracts and give users control over their own data.

How to get involved Register for the hackathon, which kicks off October 7th and lasts until October 21st Read up on our documentation Hop into the Ceramic Discord to ask questions, meet community members and share what you're planning to work on!

Website | Twitter | Discord | GitHub | Documentation | Blog | IDX Identity


Own Your Data Weekly Digest

MyData Weekly Digest for September 24th, 2021

Read in this week's digest about: 15 posts, 1 Tool
Read in this week's digest about: 15 posts, 1 Tool

Thursday, 23. September 2021

Trust over IP

Trust over IP Foundation Issues Its First Tools for Managing Risk in Digital Trust Ecosystems

The growing interest in verifiable digital credentials, such as mobile driver’s licenses or digital health passes, means companies and governments need new tools for managing risk in this decentralized infrastructure.... The post Trust over IP Foundation Issues Its First Tools for Managing Risk in Digital Trust Ecosystems appeared first on Trust Over IP.

The growing interest in verifiable digital credentials, such as mobile driver’s licenses or digital health passes, means companies and governments need new tools for managing risk in this decentralized infrastructure. “Risk management in financial services, such as banking and credit card networks, is a mature field,” said Scott Perry, co-chair of the ToIP Foundation Governance Stack Working Group. “But as we move into decentralized identity management, where individuals manage credentials in their own digital wallets, we need new risk management tools designed for this paradigm.”

To begin to fill this gap, today the Trust Over IP (ToIP) Foundation announced the release of the ToIP Risk Assessment Worksheet (Excel format) and Companion Guide (PDF). These new tools are intended to equip architects of digital governance frameworks — ”rulebooks” for establishing trust online—with the knowledge they need to perform a risk assessment grounded in generally accepted global standards and techniques, including:

Proper consideration and identification of potential risks, Critical analysis of risks in terms of likelihood and severity, Calculating a systematic risk impact score, Triaging risks for further treatment, Risk mitigation requirements and strategies, Performance of an annual review to reassess existing risks and consider new ones.

The Risk Assessment Worksheet and Companion Guide provides a step-by-step method of performing a systematic risk assessment that conforms with industry-standard guidance such as ISO/IEC 27005 and NIST 800-30. This process identifies and categorizes risks by likelihood and severity in order to create a risk score that can be color-coded, and stack ranked to highlight the need for countermeasures as shown below. The Worksheet and Companion Guide include enough background and educational content that even risk assessment novices should be able to drive the risk assessment process. “A key missing piece of building open digital trust ecosystems has been a deep understanding of the various risks they introduce.

This can scare off key stakeholders“, said Darrell O’Donnell, CEO of Continuum Loop and Chair of the ToIP Governance Stack Working Group. “The Risk Assessment Worksheet is a powerful tool that helps create clarity about where the real risks are in an ecosystem and what to do about them.”

The Risk Assessment Worksheet and Companion Guide are the first deliverables from the ToIP Governance Stack Working Group (GSWG), whose mission is to produce a complete suite of tools, models, templates, and guides for digital governance frameworks. GSWG member Vikas Malhotra, CEO of WOPLLI Technologies, explained why risk assessment was at the top of the list: “Willingness to take risks is key to forming trust. A risk assessment process helps to qualify and quanfy the risk in a situation, so that the potential trustor can use the information to understand if they should take the risk or not.”

These new tools for risk assessment are already being put to use by digital trust ecosystems being incubated within the ToIP Ecosystem Foundry Working Group. An example is the YOMA governance framework for youth education and life skills credentials in Africa. “Designing a digital trust ecosystem without first assessing the specific risks it is intended to address is like laying underground pipes without testing them to determine the possibility of leakages” said Frednand Furia, who is leading the Yoma Trust Assurance Task Force. “The ToIP Risk Assessment Worksheet and Companion Guide have already proved to be very effective in architecting the YOMA Rules governance and trust framework.”

The post Trust over IP Foundation Issues Its First Tools for Managing Risk in Digital Trust Ecosystems appeared first on Trust Over IP.


Energy Web

Canary in the Sunshine: Australia is showing the rest of the world what a modern grid looks like

Project EDGE is setting the standard for a customer-centric grid architecture that maximizes the value — and impact — of distributed resources “Customers don’t want kilowatt-hours; they want… hot showers and cold beer.” Amory Lovins’ famous quip highlights a paradox of the global energy transition: although hardly anyone gives a second thought to the machinations of the grid, consumer behav
Project EDGE is setting the standard for a customer-centric grid architecture that maximizes the value — and impact — of distributed resources
“Customers don’t want kilowatt-hours; they want… hot showers and cold beer.”

Amory Lovins’ famous quip highlights a paradox of the global energy transition: although hardly anyone gives a second thought to the machinations of the grid, consumer behavior is perhaps the most significant force transforming the electric utility industry.

Each year actual adoption of electric vehicles, flexible loads, rooftop solar arrays, battery storage systems, and other DERs exceeds even the most bullish of predictions. Transitioning to a decarbonized, distributed electricity system seems less like a wicked problem and more like an irreversible trend.

Case in point: the Ford F-150 Lightning. When the best-selling vehicle (a pickup truck, no less) in the most car-crazy country on Earth turns into a 180 kWh power plant on wheels with the ability to provide full-home backup power for over a week, distributed energy has officially gone mainstream.

There is no doubt that an ever-growing fleet of DERs represents a massive opportunity to improve resiliency, lower costs, and reduce carbon emissions in grids across the world. Yet even as DERs get cheaper, more powerful, and more plentiful, they remain chronically underutilized.

Regulations like FERC Order 2222 and frameworks like Integrated TSO/DSO Coordination have been developed specifically to address this challenge and tap into burgeoning DER resources in the US and Europe, respectively. Yet while FERC 2222 is ostensibly designed to remove barriers to DER participation in all energy markets, it has caused much hand wringing, delayed regulatory filings from every major ISO / RTO, and as yet, no tangible results. In Europe, progress on TSO/DSO coordination isn’t much further along. Despite plenty of excellent work on conceptual frameworks, hesitation remains amongst grid operators (and regulators) to lean into the transition.

Why? By and large, incumbents are focused on solving the wrong problem. Too often, the assumption is that the key to unlocking the full potential of DERs is some sort of optimization: How can we perfectly utilize lots of small-scale, flexible assets to balance the variable nature of large-scale renewables like wind and solar? That work is important, but it’s not the real barrier to redesigning our grids’ architecture and toolsets. Focusing on DER optimization is like debating the merits of Gmail vs. Apple Mail vs. Microsoft Outlook before you’ve solved a more fundamental issue: how to send and receive email through a common, narrow waist protocol.

Before we can optimize DERs, the grid needs its own equivalent of SMTP — an open protocol through which DERs of all shapes and sizes can seamlessly exchange data and integrate into markets. The solution may not be easy, but it is surprisingly simple: there needs to be a shared view of DER attributes, relationships, and behaviors across all participants so each can perform their respective function. Just as the physical grid evolved over a century ago, the best way to achieve this is through shared, public digital infrastructure, rather than leaving it up to individual companies to manage independently. We can all move better and faster when we move together.

To see the answer in action, look to Australia.

Australia’s National Electricity Market (NEM) is at the bleeding edge of the distributed energy world, and it’s only getting more advanced in the coming years. With the highest per capita penetration of solar PV in the world, an incredibly mature storage market, a host of EV incentives, and greatly expanded opportunities for demand-side market participation, Australia is on pace to get nearly half of its electricity from DERs by 2040.

In a deregulated energy market like the NEM, there are lots of proverbial cooks in the kitchen. For any given customer who owns rooftop solar or storage, there’s a long list of stakeholders, including the DER manufacturer (or “OEM”), the DER installer, the local distribution utility (Distribution Network Service Provider, or “DNSP”), their energy retailer, perhaps an aggregator, and of course the Australian Energy Market Operator (AEMO).

Each of these parties, including the customer themselves, is interested in the DER for different reasons. The customer might primarily care about how the DER delivers comfort or economic benefit, the OEM cares about operational performance and warranties, the DNSP cares about the DER’s impact on network congestion, the retailer on tariffs and/or wholesale market exposure, the aggregator on its impact to deliver grid services or optimize its DER portfolio, and AEMO cares about its contribution (or lack thereof) to the aggregator’s portfolio delivery.

Today each of these stakeholders operates more or less in their own separate world with limited, if any, information about the others. Typically, the information each stakeholder has about the DER and its influence on their domain is protected; sharing is not encouraged and customers need to register separate accounts with each entity. This presents a number of problems.

The primary revenue opportunity for DER owners is providing one or more services in the NEM wholesale market via an aggregator. As more aggregators enroll more DERs into more services and markets, the collective impact on the distribution network can be detrimental if DER behavior is not informed by physical grid constraints. Even though they manage interconnection requests, the DNSPs don’t ordinarily enroll DERs to use for local services, so they don’t monitor or manage their behavior on an ongoing basis. Yet most customers would happily enroll in complementary local services programs for DNSPs to maximize their revenue potential.

So we currently have markets where participants often act in operational silos, and DERs are not utilized to their fullest potential. Data exchanges, where they exist, are accomplished through bespoke point-to-point integrations between each participant’s system. Maintaining alignment across all their systems, managing access and permissions, and establishing relationships is extremely costly relative to the value of any given DER.

Project EDGE: Overcoming the Barriers of Legacy Data Exchange

In Project EDGE, Energy Web (EW) is working with AEMO, AusNet (a key DNSP), and Mondo (a large aggregator), to build a shared infrastructure for establishing identity, roles, and permissions for all market participants. Instead of the bilateral point-to-point integrations, we’re building a hub and spoke architecture in which each participant’s IT system integrates with a common, shared data exchange solution. In other words, the hub isn’t unilaterally controlled by any single party; rather, it’s built using EW’s Decentralized Operating System (EW-DOS), which allows every single market player to participate by hosting nodes (i.e., servers) that facilitate data exchange between all parties’ internal IT and OT systems. It provides a shared, trusted view of identity, relationships, and permissions for different actors and components within the system. EW-DOS also streamlines message exchange, and allows AusNet (the distribution utility), and AEMO (the wholesale market operator) to coordinate on the utilisation of DERs simultaneously across local and wholesale services.

In EDGE, all participating organizations and DER assets are given a unique digital identity via decentralized identifiers, or DIDs. DIDs not only contain information about the physical location and attributes of DERs, but also define relationships (e.g. mapping a given DER to a specific aggregator’s portfolio) as well as roles within the EDGE marketplace (e.g. permissions to send/receive, or read/write certain types of data).

On the aggregator side, DIDs act as a common anchor point for enrolling and operating DERs in multiple markets based on their technical capabilities and where they are connected in the distribution grid. On the grid operator side, DIDs help the DNSP pair enrollment information with actual, physical grid constraints — such as congestion or capacity limits on certain distribution feeder circuits — so AEMO can factor those constraints into wholesale market operations. In short, DIDs become the common currency — the narrow waist protocol — by which all parties develop a shared understanding of the system state and move forward from there.

DERs are interconnected physically to the grid. With EDGE, they are now also interconnected digitally to each other and to grid operators’ systems, unlocking a next wave of the energy transition. By leveraging a shared infrastructure, EDGE removes the traditional friction for identity verification and data reconciliation among aggregators, DNSPs, and AEMO. Being fully open source, there are no licence fees, which helps significantly reduce market operating costs, as well as competitive barriers for existing and new entrants. Having designed it to be protocol agnostic, the EDGE architecture is highly flexible, ensuring participants don’t need to reengineer their own systems to engage with it.

In the ongoing energy transition, decarbonization via renewable energy is an unstoppable runaway train. Meanwhile, decentralization — via connecting and leveraging low-carbon DERs at scale — is gaining major momentum due to growing investment by customers, and in part regulatory tailwinds from FERC Order 2222 and similar regulations. But despite their rapid growth, DERs too often remain islands unto themselves — myriad isolated outposts connected to the edges of the electricity grid, collecting data in siloed, private databases.

Before we can make use of that data to optimize DERs for local or system benefits, the grid needs a narrow waist protocol through which DERs can seamlessly and securely establish identity and share data amongst all stakeholders.

Grid operators from the U.S. and EU can and should look at what’s happening in the Southern Hemisphere with Project EDGE: DIDs anchored to public digital infrastructure provide the necessary on-ramp for DERs to be the integral grid-connected assets evangelists have been saying they are. What we’re building may be driven by the requirements of the NEM, but the open-source EW-DOS stack is directly relevant to any market looking for ways to better tap into DERs. If you’re a grid operator facing similar challenges or opportunities — however you want to look at it — come join us.

www.energyweb.org

Canary in the Sunshine: Australia is showing the rest of the world what a modern grid looks like was originally published in Energy Web Insights on Medium, where people are continuing the conversation by highlighting and responding to this story.


DIF Blog

🚀DIF Monthly #22

The latest round of updates from DIF: Stay up to date on developments on our Working Groups, W3C DIDCore standards specs, our new Decentralized Identity Knowledgebase and much more.
Table of contents Group Updates; 2. Member Updates; 3. Funding; 4. DIF Media; 5. Members; 6. events; 7. Jobs; 8. Metrics; 9. Join DIF 🚀 Foundation News DIF "Frequently Asked Questions" Knowledgebase

DIF has launched a massive Decentralized Identity Knowledgebase, structured as a long series of frequently-asked questions and answers. This synthesizes a year of educational efforts in the interop WG, blog posts, newsletters, and many other DIF inputs in a format we hope will be helpful as a reference and onboarding document throughout the decentralized identity space. Please peruse it, particularly the sections about your personal research focus and/or your company's specialty and products, opening issues, or PRs on GitHub wherever you feel a correction or addition is needed. This is intended as a community resource, so PRs are open to your input, and feel free to share the document or subsections on the broader community!

H&T group is looking for more technical engagement

Work on Decentralized Identities continues apace at H&T. There are a number of item-based weekly calls discussing the details of various theoretical models, real-life challenges, and applied use-case scenarios for the sector. Anyone with interest is invited to join their calls and tackle the technical challenges ahead together. More details about the meeting series and how to attend: Here

🛠️ Group Updates ☂️ InterOp WG (cross-community) 8th Sept Presentation by Stephen Curran on Aries: introduction, implementations, interoperability, and test harness Sept saw much excitement and discussion around the W3C announcing its intention to move the DID spec to Recommendation stage, including one public objection from Mozilla Planned meeting to discuss the second-part follow-up to the "Library interop-palooza" discussion (agenda), involving Aries, MATTR, Spruce, and Veramo, was postponed. Comments and additions to the agenda are welcome. 💡 Identifiers & Discovery [Liam McCarty, Unum ID] presented 'Bridging Digital and Physical: Make Identifiers Identify.' Association between the physical world and digital identity is important. Wallets in browsers are tough Standards exist as proof-of-concept (e.g., Webauthn), but are of limited use and scope CTA: We need community action to advocate for general, hardware-backed cryptographic signatures on the web! 🛡️ Claims & Credentials DIF Grant #1: Winner Announcement Transmute Technologies + New Workitem: JWS Testsuite Recommended Schema Set for DIF - ~2 months Employment, Education, ID Looop in experienced parties Also review/use existing external definitions (e.g. https://schema.org/EmployeeRole) Verifier Universal Interface (VUI) initiative discussion 🔓 DID Auth Joint working group with OIDF The work on "OpenID Connect for SSI" specification family conducted in liaison between DIF and OpenID Foundation has been presented twice during EIC 2021, mainly featuring two specifications "Self-Issued OP v2 (SIOP v2)" and "OpenID Connect for Verifiable Presentations (OIDC4VP)". Link to the slides: https://t.co/Ltey1guLWu?amp=1 Link to the recordings: https://t.co/lTyCZnwef1?amp=1 Both specs are ready to start implementing and being improved based on implementation feedback. In OIDC4VP, progress has been made on using Presentation Exchange in the request-response syntax, for example, agreeing to include presentation_submission inside the signed ID token even when VP is being sent back separately as a VP Token. In SIOP v2, some relevant discussions worth highlighting are how to use DIDs as Relying Party's (RP) client_id to resolve it and obtain RP's registration metadata; using universal links and trust frameworks to invoke SIOP instead of using custom URL schema. 📻 DID Comm Adrian (Main Incubator) wants to contribute BLE to DIF in the Name of IDunion. 267 - ECDH-1PU article -> in progress didcomm.org update -> can be already used to register new protocols PRs 277 - Clarifies purpose of to attribute 270 - update the number of recipients keys in a JWE envelope 260 - from_prior now MUST 238 - Multiple keys of different types and Keys negotiation 218 - Need info about multiple recipients Other Discussion Topics 220 - Differentiating different forms of DIDComm messages 138 - foundation / core protocols 250 - combining OOB and feature discovery 🔧 KERI SAI (Self-Addressing Identifier) crate announcement hash-based/self-addressing only Using KERI for SSH provide a module for PAM to allow anyone to use KERI keys to log in to a machine DIDComm and KERI KEL/TEL interop is… hard serialization in a common/standard way is needed breaking out KERI sub-modules KERI addresses many of the negative feedback points on the DID spec can parts of KERI be broken out to be used in other ID systems? complexity of KERI makes progress on implementation slower decoupling modules make maintenance and usage easier

🌱 Applied Crpyto WG

Proposed work items: Data Encoding Proposal Service Protocol Proposal Policy-as-code language Proposal BoF effort around secure software supply chain Proposal BBS Signatures Proposal JSON Web Proof Proposal Scalable Revocation Method(s) for Verifiable Credentials

🌱 Wallet Security WG

individual capabilities vs. groups/level of assurances Examples for different Wallet Security Levels: Level 1: German government issues Digital Passport to the recipient Level 2: AWS issues "Solution Architect" certification to the recipient Level 3: Home Depot issues free membership cards to the recipient most high-security relevant questions (especially in regulated use cases) are handled upfront in the design/certification phase. Therefore certification/assertion of the wallet will be highly relevant

⚙️ Product Managers (Keith)

There were no meetings in August

✈️ Hospitality & Travel

H&T have presented two excellent Use-Case Webinars #1 (11 Aug 2021) / Decentralized Identity for Hospitality & Travel On-demand profile element sharing – using SSI to simplify profile updates for consumers and to ensure more current and accurate info for travel providers 50% of YouTube viewers found the Webinar via browsing and 25% via search, indicating relevance and promotion by YT algorithm #2 (01 Sep 2021) / Hospitality & Travel Use Cases
* I'm entitled to a discount – using SSI to change the selling model to a more personalized, peer-to-peer approach where a traveler with multiple credentials can shop for the best offer across multiple brands and discount programs Both of these webinars serve as an exploration of how Decentralized Identities can both meet existing needs and redefine user-, commercial- and state-processes, and also as an applied business case to pitch the tech to interested vendors and relevant authorities.

🪙 Finance & Banking

Presentation by Lennart Lopin, CTO of Byte Federal AML/KYC requirements for crypto businesses in the intersection between legacy banking and cryptocurrency, cash logistics, and law enforcement Personal identifiable information and Identity Theft: security requirements and data privacy policies vs. Bank Secrecy Act and the proliferation of personal data Big Data and Big Tech combined with Surveillance State and Regulation overload - challenges for the private citizen and new paradigm shifts enabled by strong cryptography Trade-offs are necessary, but solutions need to be re-engineered from the ground up and involve correct policy goals first. A free society saves lives, innovates, and lifts humanity. 🦄 Member Updates Affinidi A lot of exciting updates for developers interested in Self Sovereign Identity (#SSI) and Verifiable Credentials (#VC) : Selective Disclosure Support for different key types under your DID Better performance on user encrypted VC backup storage 💰 Funding OSCAR HAS AN EMA

NGI Open Calls (EU)

Funding is allocated to projects using short research cycles targeting the most promising ideas. Each of the selected projects pursues its own objectives, while the NGI RIAs provide the program logic and vision, technical support, coaching and mentoring, to ensure that projects contribute towards a significant advancement of research and innovation in the NGI initiative. The focus is on advanced concepts and technologies that link to relevant use cases and that can have an impact on the market and society overall. Applications and services that innovate without a research component are not covered by this model. Varying amounts of funding. Learn more here. 🖋️ DIF Media

ECDH-1PU Implementation

DIDComm has written an explanatory article on ECDH-1PU, a key derivation process that improves mechanisms for sender authenticity verification, as well as significant performance gains and potential privacy benefits over existing ECDH-ES approaches. As it continues to be included in several implementations, it advances on the Standards Track at IETF and approaches maturity as a specification.

🎈 Events & Promotions

Connect:ID is happening IRL in Washington DC 5th & 6th of October

Juan Caballero and Kaliya Young are co-chairing a Decentralized Identity Panel

Internet Identity Workshop XXIII
October 12 - 14, 2021 | Virtual Event

You belong at IIW this Fall! You'll acquire the real-time pulse of genuinely disruptive technologies that are the foundation of today's important Internet movements. Every IIW moves topics, code, and projects downfield. Name an identity topic, and more substantial discussion and work have likely been done at IIW than any other conference!

Books

Manning - 37% off on the book "Self Sovereign Identity"!

Manning is an independent publisher of computer books and video courses for software developers, engineers, architects, system administrators, managers, and all who are professionally involved with the computer business. Use the code ssidif37 for the exclusive discount on all products for DIF members.

💼 Jobs

Members of the Decentralized Identity Foundation are looking for:

Software engineer (Remote) Product Design (Austin) Fullstack engineer (Austin)

Check out the available positions here, and don't forget to list your opportunities on our job boards to find talented candidates from DIF membership and beyond!

🔢 Metrics

Newsletter: 4.8k subscribers | 25% opening rate
Twitter: 4.75 followers | 6.3k impressions | 2.2k profile visits
Website: 20.5k unique visitors

In the last 30 days.

🆔 Join DIF!

If you would like to get involved with DIF's work, please join us and start contributing.

Can't get enough of DIF?
follow us on Twitter
join us on GitHub
subscribe on YouTube
read us on our blog
or read the archives

Got any feedback regarding the newsletter?
Please let us know - we are eager to improve.

Tuesday, 21. September 2021

Digital ID for Canadians

DIACC Inaugural Research Academia Forum: Proof of Vaccination Credentials

In support of DIACC’s five year strategy we are thrilled to host a topical series of DIACC Research and Academia Forums. DIACC’s Research and Academia…

In support of DIACC’s five year strategy we are thrilled to host a topical series of DIACC Research and Academia Forums. DIACC’s Research and Academia Forums expand the digital identity conversation beyond digital identity professionals and toward inclusivity of diverse beneficiaries of digital identity capabilities. 

Our inaugural event will focus on Proof of Vaccination Credentials in public health, identity attributes, and global contexts.
Stay tuned for more information regarding the event date and our exciting guest speakers and panelists…

Abstract: As post-secondary academic institutions prioritize the needs of the new and returning students and faculty, public health must be addressed in light of the COVID pandemic. The inevitable scramble of proof of vaccines mandates and policies is here. Academic institutions are no strangers to the need to verify the vaccination status of local and international students and yet the COVID pandemic is driving more urgency and more confusion regarding the technology and processes to validate a vaccine proof credential that may be issued locally or internationally. Technology interoperability and policy harmonization is currently a tangle of solutions and approaches. Collaboration is the key to ensuring the safest possible environment for students and faculty. 

Why Attend: This panel will share experience-based insights regarding the challenges and the opportunities to ensure safe learning and workspaces for all. Share your perspectives regarding specific use cases, opportunities, and challenges for the path forward.

Learn More: Please contact events@diacc.ca if you are interested to join this event or to collaborate with DIACC to curate a future Research and Academia Forum. 


DIF Blog

ECDH-1PU Implementation

This article explains the ECDH-1PU key exchange protocol and why it is pivotal for the emerging DIDComm protocol.

Submitted by SecureKeys' Baha Shaaban, edited by DIF's Chris Kelly.

In short, ECDH-1PU is a key derivation process that allows for sender authenticity and enables a “Perfect Forward Secrecy” mechanism, in addition to significant performance gains over JWS message nested in a JWE envelope, as used by existign ECDH-ES aproaches. This article walks through how ECDH-ES works step by step, showing how it achieves sender identity authentication using nested messages (JWS in JWE), and finally showing how ECDH-1PU is a better choice for authenticating the sender. This helps maintain the use of a single JWE message (without JWS) to meet the need for constrained agents (such as IOT devices) by reducing their communication footprint.

Photo by Mathyas Kurmann on Unsplash

Elliptic-curve Diffie–Hellman (ECDH) is a protocol that allows two parties to establish a secure and private channel over an insecure and observed network, and forms the basis for the secure encryption on many popular messaging apps, including Facebook Messenger, Whatsapp, Signal and Skype… as well as DIDComm V1, which is being superseded by a more broadly interoperable V2. So-called “Diffie-Hellman” key exchanges ensure that messages sent over the channel they create can only be correctly interpreted by the sender and intended recipient, regardless of eavesdropping or security breaches on the communications channel.

As described in the Message Encryption section of the DIDComm v2 specification, the DIDComm protocol for transmitting Decentralized IDentifiers (DIDs) requires protecting a message using either Anonymous Encryption (aka `Anoncrypt`) or Sender Authenticated Encryption (aka `Authcrypt`). Either of these methods take different inputs and create a secure channel between two or more parties.

In the “AnonCrypt” handshake, there is no pre-existing “sender key” involved and it is intended for only the recipients of the message. This mechanism requires encryption with a Content Encryption Key (a “cek”) being wrapped with a key agreement mechanism using `ECDH-ES` for each recipient. DIDComm uses this “key-wrapping mode” with ECDH-ES to ensure only the intended recipients can decrypt the final message. The benefit of using `ECDH-ES` is that it's widely used and available in many crypto libraries for most modern languages. Building JWE envelopes using this type of encryption should be relatively easy using existing JOSE libraries in your preferred language.

“AuthCrypt'', however, requires a pre-existing (and published/discoverable) sender key to encrypt the message for the sender, and against which the sender can be authenticated. This encryption mechanism uses the ECDH-1PU specification from IETF, the main topic of this article. As a growing number of independent implementations get announced, 1PU advances on the Standards Track at IETF and achieves maturity as a specification; for this reason, we are offering this educational resource so that understanding of its mechanisms can grow as well.

The all-important “Z” in ECDH-ES, first step in understanding ECDH-1PU

To understand how ECDH-1PU is significant, knowledge about the internals of ECDH-ES is required. ECDH-ES key agreement requires the sender to execute the following steps for each recipient to derive the key used to wrap the `cek`:

1. Generate an ephemeral key (aka `epk`).

2. Build `apu`, the producer (sender) identity. For Anoncrypt, this will represent the X value of `epk`, base64URL-encoded.

3. Build `apv`, the receiver (recipient) identity. It can optionally contain the recipient `kid`, base64URL-encoded.

4. Compute `Z`: the key derivation process output of ECDH for each recipient using the above values with the **private** `epk` key and the recipient’s **public** key on the sender side. An example is found in appendix C of the IETF RFC7518. On their end, the recipient will get the **public** `epk` and therefore does the same computation with their own **private** key.

5. Finally, the computed derived key is used to wrap the `cek`, the symmetric key used to encrypt/decrypt the payload content (the `ciphertext` section) of the JWE envelope .

So, to be clear, ECDH-ES takes as mandatory inputs an ephemeral key generated by the sender and the recipient's public key (a static long-lived key) to compute the key derivation `Z`; for this reason, the ES notation means Ephemeral-Static in ECDH-ES. This derivation fits neatly the requirement to protect messages for recipients without revealing the sender's identity (ie: no static sender key is used in the key derivation process when the recipient derives `Z`).

Key derivation beyond ECDH-ES to enable AuthCrypt

In the previous section, key derivation using an ephemeral key does not reveal who sent the message. This is useful for messages requiring anonymity of the author, e.g. a router agent receiving a message does not need to authenticate the sender in any way; its only purpose is to route the message to an end recipient. For this router agent, passing along Anoncrypt messages is acceptable.

In most cases, an end recipient requires authenticating the original sender. This means recipients will need to hold the sender's public key prior to receiving their messages in order to authenticate them. Since ECDH-ES does not involve the sender key, the only way to authenticate a sender is to nest a JWS in a JWE message which is “heavier”  than a plain JWE-only message, i.e., more complex (i.e. expensive) to process and route.

Another, newer, option would be to use a new key derivation process that involves the sender's key. ECDH-1PU was introduced for this specific purpose; it uses the sender's static key in the key derivation process. The following section is dedicated to this process.

The Advantages of using ECDH-1PU (adapted from the DIDComm v2 Introduction)

The advantages of public key authenticated encryption with ECDH-1PU
compared to using nested, signed-then-encrypted documents include:

Size and Efficiency

The resulting message size is more compact, as an additional layer of headers and base64url-encoding is avoided.  A 500-byte payload when encrypted and authenticated with ECDH-1PU (with P-256 keys and "A256GCM" Content Encryption Method) results in a 1087-byte JWE in Compact Encoding.  An equivalent, nested-then-signed-then-encrypted JOSE message using the same keys and encryption method is 1489 bytes (37% larger).

In both cases, though, the same cryptographics primitives achieve the same levels of confidentiality and authenticity, so these savings in code size, so crucial for constrained environments, come at no cost to privacy and security outcomes.

Increased Security

The generic composition of signatures and public key encryption involves a number of subtle details that are essential to security (namely, to the traits of Public Key Authenticated Encryption or PKAE). Providing a dedicated algorithm for public key authenticated encryption reduces complexity for users of JOSE libraries, which lowers the incidence of human error and design flaws with cybersecurity implications.

Flexibility

ECDH-1PU provides only authenticity and not the stronger security properties of non-repudiation or third-party verifiability. This can be an advantage in applications where privacy, anonymity, or plausible deniability are goals.

ECDH-1PU for sender authentication

Similar to ECDH-ES, the 1PU process executes key derivation to compute a Z but has 2 computations rather than 1, with the final result being formed by concatenating both as described here (Adapted from the Key Derivation section of RFC7518):

1. The first is called `Ze`, which is the exact same key derivation as ECDH-ES using a private encryption provider key (`epk`) and the public recipient key on the sender side. (The recipient side will involve the public `epk` and the private recipient key).

2. The second is called `Zs`; in this second computation, we use the sender's static (long-lived) key instead of `epk`. So on the sender side we derive `Zs` by using the sender's private key and the recipient's public key. (The recipient side will use the sender's public key and the recipient's private key on their end).

The final `Z` is the concatenation of `Ze` and `Zs` which is then used in the key-wrapping, analogously to ECDH-ES.

There are special considerations in the process to protect against sender impersonation as described in Section 2.1 of the draft:

In Key Agreement with Key Wrapping mode, the JWE Authentication Tag is included in the input to the Key Derivation Function as described in section Section 2.3.  This ensures that the content of the JWE was produced by the original sender and not by another recipient, as described in the Key Management Algorithms Section of the RFC. Key Agreement with Key Wrapping mode MUST only be used with content encryption algorithms that are compactly committing AEADs as described in the Authenticated Encryption with Associated Data (AEAD) specification. The AES_CBC_HMAC_SHA2 algorithms described in section 5.2 of RFC7518 are compactly committing and can be used with ECDH-1PU in Key Agreement with Key Wrapping mode. Other content encryption algorithms MUST be rejected. In Direct Key Agreement mode, any JWE content encryption algorithm MAY be used. This mode is NOT supported in DIDComm V2.

The requirement to include the JWE Authentication Tag in the input to the Key Derivation Function implies an adjustment to the order of operations performed during JWE Message Encryption described in section 5.1 of [RFC7516].  Steps 3-8 are deferred until after step15, using the randomly generated CEK from step 2 for encryption of the message content.

To sum up, these considerations require:

1. The use of the `AES_CBC_HMAC_SHA` family of content encryption algorithms to encrypt the payload. Currently, JWE supports the following three algorithms in this family:

1. A128CBC-HS256

2. A192CBC-HS384

3. A256CBC-HS512

Note, however, that the DIDComm v2 specification constrains payload encryption options to minimize interoperability issues across implementations, so only the third-listed encryption algorithm, A256CBC-HS512, should be used for DIDComm v2 purposes.

2. Encrypt the payload prior to wrapping `cek` with the derived `Z`. The output is labelled `ciphertext` and `tag`

3. Use the resulting `tag` from the previous step as the value `len(tag)`+`tag` set in `cctag` in the key derivations of `Ze` and `Zs`.

Additionally, the `skid` protected header is also introduced as a `kid` (key ID) to reference the sender key. This will help recipients resolve the key behind `skid` and execute the ECDH-1PU process explained in the previous section.

For the sake of consistency, `apu` and `apv` must be set to the values mentioned in section 5.8 of the DIDComm Messaging protocol to further restrain and protect the message.

Conclusion


ECDH-1PU is a public-key derivation process that allows for sender authentication and offers not only increased security, but also performance gains as mentioned above, especially when compared to a JWS message nested in a JWE envelope. This article walked through the implementation of ECDH-ES, showing how it achieves sender identity authentication using nested messages (JWS in JWE), and finally showing how ECDH-1PU is a better choice for authenticating the sender. This helps maintain the use of a single JWE message (without JWS) to meet the need for constrained agents (such as IOT devices) by reducing their communication footprint, as well as making it suitable where anonymity and privacy are of particular concern.

To find out more about joining the DIDComm Working Group at DIF, visit their page here, or follow their work on GitHub here.




GS1

3.8 Mudança de Contato

Uma alteração nas informações de contato refere-se a atualizações de detalhes sobre como se comunicar com uma entidade/local. Alterações nas informações de contato associadas a uma entidade ou localização não exigem a alocação de um novo GLN. ■ Mudança nos detalhes de contato da entidade legal □ Mesmo GLN: Quando os detalhes de contato da entidade jurídica (endereço de visita, en

Uma alteração nas informações de contato refere-se a atualizações de detalhes sobre como se comunicar com uma entidade/local.

Alterações nas informações de contato associadas a uma entidade ou localização não exigem a alocação de um novo GLN.

■ Mudança nos detalhes de contato da entidade legal

□ Mesmo GLN: Quando os detalhes de contato da entidade jurídica (endereço de visita, endereço postal, número de telefone, endereço de e-mail, etc.) mudam.

- Exemplo: Alteração do endereço de e-mail da sede da empresa

■ Alteração dos detalhes de contato da função

□ Mesmo GLN: Quando os detalhes de contato da função mudam

- Exemplo: O indivíduo dentro do departamento de contabilidade que atuou como ponto de contato principal para facturação/faturamento deixou a empresa, portanto, todos os detalhes de contato associados foram atualizados

- Exemplo: Alterar o número de telefone do contato de emergência para as instalações/manutenção

- Exemplo: Um e-mail que suporta o sistema identificado pelo GLN é adicionado

Princípios orientadores relevantes: Embora muitas situações envolvendo mudanças de contato não afetem os princípios orientadores, certos cenários podem. Consulte a seção 1.1 para obter mais detalhes.


3.7 Mudança financeira

As alterações financeiras referem-se a atualizações de informações necessárias para processar pagamentos entre entidades comerciais. Alterações nas informações financeiras associadas a uma entidade ou localização não requerem a atribuição de um novo GLN. ■ Mudança no número de identificação fiscal da entidade jurídica □ Mesmo GLN: quando o número de identificação fiscal da entida