Last Update 6:25 PM October 20, 2020 (UTC)

Identosphere - Organization Blog Feeds

Brought to you by Identity Woman and Infominer.
Please do support our collaboration on Patreon!!!

Tuesday, 20. October 2020

Oasis Open

Collaboration Protocol Profile and Agreement v3.0 from ebCore TC approved as a Committee Specification


WomenInIdentity

Member interview with Jacoba Sieders – listen now

In this podcast, Women in Identity Ambassador, Angelika Steinacker, interviews Jacoba Sieders on her journey from a degree in ancient languages to a career in Identity Access Management. Hear why… The post Member interview with Jacoba Sieders – listen now appeared first on Women in Identity.
https://womeninidentity.org/wp-content/uploads/2020/10/WiD-Jacoba-Sieders-interview.mp3

In this podcast, Women in Identity Ambassador, Angelika Steinacker, interviews Jacoba Sieders on her journey from a degree in ancient languages to a career in Identity Access Management. Hear why Jacoba believes that being bold, brave and creative are far more important qualities for an IAM leader than being a technical expert!

Jacoba Sieders is an independent, digital identity expert.  She has held executive positions leading IAM and KYC functions for more than 20 years at major banks in the Netherlands and then in Luxembourg at the European Investment Bank. She also lived and worked in New Delhi, India for ING Group.

She is a member of various international expert groups and think tanks, was part of the Dutch Blockchain Coalition’s SSI initiative, and is a member of the technical working group NEN/ISO.

Jacoba is Advisory Board member of ID-Next, the independent European think tank on identity, and Advisory Board member for the EU ESSIF-lab on SSI. She holds a master’s degree from Leiden University in classics (Greek,Latin, Hebrew) but retrained to become an IT professional.

She recently moved on from corporate life and now focuses on strategic advisory assignments alongside speaking engagements and teaching masterclasses.

The post Member interview with Jacoba Sieders – listen now appeared first on Women in Identity.

Monday, 19. October 2020

Decentralized Identity Foundation

KERI: For every DID, a microledger

The world of digital identifiers (DIDs) and verifiable credentials (VCs) is evolving quickly, giving much cause for optimism. Standards are starting to connect and move towards functional interoperability, governed by testable protocols. Most of this work is happening on the level of VCs. However, DIDs and their infrastructure are also starting to converge and mature as an extensible-yet-interoper

The world of digital identifiers (DIDs) and verifiable credentials (VCs) is evolving quickly, giving much cause for optimism. Standards are starting to connect and move towards functional interoperability, governed by testable protocols. Most of this work is happening on the level of VCs. However, DIDs and their infrastructure are also starting to converge and mature as an extensible-yet-interoperable technology.

Adoption by markets, standards bodies and regulators is largely contingent upon provable security and provable interoperability, so these promising developments cannot come soon enough.

The Digital Identity Foundation (DIF) is very proud to be hosting one particular research and development project that could prove pivotal in this process. It is currently a work item of DIF’s Identifiers and Discovery Working Group. However, a charter for an autonomous working group will be available for review at #IIW31 this week (20–22 October 2020) to facilitate broader participation. The project is called KERI and it is a project that could only be developed in the open, for the public good and for the widest, quickest adoption.

Photo by Fernando Santander But first, what is KERI?

KERI stands for Key Event Receipt Infrastructure. A “key event” is a discrete event in time that involves public/private keypairs, often called blockchain identities or cryptographic identities. These events can be generalized as inceptions (creations), rotations, and signing events: the three kinds of events for which KERI generates and handles receipts. In other words, key events are cryptographic events in the history of an identifier.

Importantly, everything else a decentralized identifier says, does, or refers to is not a key event. As KERI is deliberately laser-focused on key events only, we can call these other events non-KERI events. The real world consequences of a signature or rotation are out of scope and method-specific to boot. KERI is only interested in the most universal aspect of interactions between keys and cryptographic systems, i.e. the cryptography that allows drastically different DID systems to trust each other’s security guarantees.

“DID Methods exist to solve a trust issue. This does it in a different way.”
Charles Cunningham (Jolocom GmbH, Rust development lead for KERI)

Each key event produces a receipt containing only checkable signatures of key event information. Nothing more. Receipts are threaded into logs tracking the history of each identifier, which is similar to a traceable audit trail of hashes — useful for confirming but not for deducing the underlying key material. These threads are compiled into logs that are shared and replicated according to a consensus algorithm and a logic of trust thresholds that creates a fabric of shared history between nodes.

Is KERI a blockchain or a DLT? No. Does it replace blockchains? Also no.

The trust fabric created when KERI nodes share and propagate key material records might

sound redundant to the blockchains where all of today’s DID methods store their key material chronologically. To a degree, this is true: each log containing the history of one key is a “microledger,” like a blockchain with only one participant. Inception and rotation events in all of today’s DID methods are stored in a chronological distributed ledger which can be crawled to create a log of these key events by DID. So, why the redundancy? Why replicate a subset of the blockchain’s capabilities and features in a distinct blockchain-like infrastructure just for key material?

The answer is simple and manifold: blockchains enable many features outside the scope of KERI. These features bring with them complexity, diversity, scale costs, and trust issues. Within KERI’s scope, however, only some of a blockchain or distributed ledger technology’s (DLT’s) features are necessary. Total ordering and double-spend protection, for instance, are hallmarks of distributed ledgers, but hardly justify the added complexity here.

Subset of blockchain/DLT capabilities required by KERI (Dr Sam Smith, 2019)

Working backwards from a short list of security features, KERI infrastructure can be a much more performant, minimalist distributed ledger system. It is still in the family tree of blockchain, DLTs and directed acyclic graphs (DAGs), but it is closer to a sidechain or a trans-blockchain interoperability mechanism. In use cases where all that is needed is a self-certifying, widely-portable identifier, KERI can stand alone as a lightweight DID method. In combination with a traditional DID Method, KERI can increase key management options and strengthen security guarantees by raising a red flag at the first discrepancy between the two parallel and redundant systems.

As a scaling mechanism, KERI can also take away some of the traffic and complexity from the underlying blockchain. In implementations where key management and state maintenance (record keeping about keys that rotate over time) are entrusted directly to the KERI mechanism, these functions can be operated much closer to the edge and replicate after a slight delay. This might be a totally acceptable trade-off of efficiency for latency in many use cases. For example, a roundtrip write-and-wait-for-finality transaction on a global blockchain makes no sense in a low-connectivity Internet of things (IoT) use case, where double-spend is a non-issue.

KERI is both an interoperability mechanism and a standardization incentive

More importantly for the DIF, however, is another major feature of KERI: it could become the foundation of massive interoperability and portability at the infrastructure layer. What’s more, if adopted by enough major players, it could even speed up the standardization process of DIDs themselves. By offering a minimum level of security guarantees shared across all participating methods, it would simplify the security review process for both individual DID methods and for interoperable DIDs as a whole.

By abstracting out the universal, minimal set of key functions, a KERI log that spans multiple ledgers or methods is just as verifiable as one that does not. This means that anywhere

self-certifying KERI identifiers are accepted, an identifier’s history can stretch back further than the existence of KERI. Plus, that history can include so-called “portability events”, where an identifier is deactivated on one ledger and re-activated on another. Method-specific features or records might still need to be exported and imported. The core proof of control function of a DID, however, would be universalized in a way that enabled massive portability.

This same universalizing effect of sharing a security vocabulary across all participating DID methods has the added benefit of being able to guarantee certain security features in any KERI-compliant system. Since KERI also lends itself to simple compliance tests, and since KERI logs give a benchmark against which to test method-specific and blockchain-specific security, this is a small leap for each DID method and a giant leap for standardization and security engineering.

KERI’s history: from whitepaper to community incubation

So far we have been highly technical in our explanation of the project. A careful reader, however, may already have caught the community commitment implicit in phrases such as “KERI-compliant” and “participating DID methods.” KERI is only useful if the major DID methods incorporate it, or if the set of participating DID methods becomes congruous over time with the set of major DID methods.

It is, in a nutshell, a community project of alignment as much as a technological innovation: an agreement on the security model for the common core functionality shared across all DID methods, allowing much variety and extensibility to be preserved by the participating DID methods. Decentralized identifiers have been very decentralized in their design and governance from the beginning, with a high degree of extensibility and flexibility within the fiefdom of each DID method and its governance. KERI has been gathering steam for over a year as a countervailing force, potentially making all DIDs function in an end-verifiable and thus universal way.

“Investing in KERI is investing in interoperability, standardization, and cross-community security guarantees.”
Dr Sam Smith, author of the KERI whitepaper and project lead

In large part, the roots of KERI lie in debates within the World Wide Web Consortium’s (W3C’s) Decentralized Identifier Working Group. For years it has been discussing the “shalls” and “mays” that define a W3C-compliant DID method (and thus a DID system). In practical terms, this process specifies what each DID method can and must assume about other DID methods for such a decentralized and open system to make appropriate security guarantees.

KERI’s creator and the author of its whitepaper is Samuel M Smith PhD., a pioneering technologist in multiple fields, including automated reasoning, distributed systems, autonomous vehicles and blockchain protocol design. Dr. Smith has been refining and experimenting with such a cross-method mechanism since 2019, presenting at every meeting of the biannual Internet Identity Workshop. First came some core principles and requirements of a key infrastructure at IIW28, then at IIW29 a series of sessions about different aspects of a hypothetical system of witnesses that could replicate logs. For IIW30, Dr Smith brought more concrete sessions on finer points and even the roadmapping session that became the DIF working group. Along the way, he has iterated an ever-growing whitepaper describing and explaining all of this.

Now, however, Dr Smith has moved the project into the DIF under the auspices of its Identifiers and Discovery Working Group where he sits as co-chair. Asked about the decision, Dr Smith said, “DIF was a natural choice because I wanted the work to happen quickly but in the open, with participation from the greatest number of companies and innovators across various communities.”

KERI’s contributors: join us!

Foremost among DIF contributors is, of course, Dr Smith, who brings to his KERI design work more than a decade of engineering experience with scale and high-performance systems. Much of this work, focusing largely on AI and streaming/scaling projects, was done through his Python-centric consulting company Prosapien.com. He has also worked with Consensys, contributing to the Seed Quest project among others, soon to be donated to DIF.

Berlin-based Jolocom GmbH has been a major interlocutor in the early development of KERI, since before the creation of the working group at DIF. Jolocom’s Charles Cunningham is the working group’s lead Rust developer, who has written a highly interesting post about mental models of How KERI tackles the problem of trust from a developer’s point of view for the Jolocom logbook.

Representing Spherity GmbH are the working group’s lead JavaScript developer and note-taker. Spherity’s founder, Carsten Stöcker, has written a detailed piece for his company’s blog which called KERI “a more performant ledger for trusted identities.”

The Human Colossus Foundation, a Swiss-based non-profit, has been co-developing on the Rust side as well, working in parallel and providing input on the design considerations. The Human Colossus Foundation has also put substantial energy into promoting and socializing KERI in the Trust-over-IP Foundation, the MyData community and in the Sovrin community, including featuring an hour-long KERI session prominently in a half-day mini-conference it organized.

At IIW31, the KERI developers will be demonstrating their initial work to date while there is still the opportunity to get involved and determine the course of KERI as the project moves from direct mode (two-party) to witness mode (multi-party, distributed consensus). Many sessions are planned for IIW, ranging from introductions to technical discussions to use-case and requirements gathering for KERI-based ideas. Additionally there will be a live demo of the working direct-mode prototype.

Introductory reading and video materials are collected at the main DIF repository, but even if you don’t watch them in advance (or fully understand them if you do), there are many ways to get involved and make this community project stronger and more diverse.

KERI: For every DID, a microledger was originally published in Decentralized Identity Foundation on Medium, where people are continuing the conversation by highlighting and responding to this story.


Oasis Open

Invitation to comment on Service Metadata Publishing (SMP) v2.0 - ends 18 December


Trust over IP

Trust over IP Foundation Introduces a New Tool for Interoperable Digital Trust

When the ToIP Foundation launched in May 2020, our mission was to define a new model for achieving trust online—a model that breaks away from the thousands of siloed solutions... The post Trust over IP Foundation Introduces a New Tool for Interoperable Digital Trust appeared first on Trust Over IP.

When the ToIP Foundation launched in May 2020, our mission was to define a new model for achieving trust online—a model that breaks away from the thousands of siloed solutions for secure, privacy-enhancing digital identity and trust that do not work with each other. This lack of interoperability costs billions of dollars per year in complicated and time-consuming integration and hinders adoption by the very customers we are trying to serve.

Our goal is to drive adoption of a new model for digital trust based on open standard digital wallets and digital credentials that are every bit as interoperable as the physical wallets and paper or plastic credentials that we use every day—to do everything from getting on a plane to entering a hospital to signing a mortgage. As these new tools emerge as the primary mechanism for contactless identity verification, payments, and other online transactions, they will become as essential to our digital lives as browsers and email clients have become to the Web today.

As that happens, it is critical to avoid recreating the vendor-lock in and fragmentation of the “browser wars” that hindered the early days of the Web. Interoperable solutions that avoid vendor lock-in are paramount for a vibrant digital marketplace where consumers are free to choose their preferred digital wallet software from a variety of vendors and use digital credentials from any issuer as they choose.

The need for market-driven interoperability

Open standards alone do not produce interoperable market solutions—there are too many ways interoperability can still go off the rails. Testing labs are another step in the right direction—but vendors need incentives to use them, and those incentives can be scarce in a new market.

The ToIP Foundation recognized that, as our economy grows increasingly digital and collaboration tools grow steadily more powerful, there is a new path to interoperability: tapping market dynamics to drive incubation and adoption of truly interoperable solutions.

With this approach, vendors and customers voluntarily work together to develop interoperability testing requirements designed to meet explicit customer needs in the market. Vendors then satisfy those requirements by passing these interoperability tests with production-ready software.

Introducing the ToIP Interoperability Profile (TIP)

To facilitate this new approach to market-driven interoperability, the Technical Stack Working Group of the ToIP Foundation developed the ToIP Interoperability Profile (TIP). A TIP represents a specific combination of technologies that span each of the four layers of the ToIP technology stack in order to meet the requirements of a set of target customers in one or more digital trust ecosystems. 

TIPs can be designed, refined and supported by multiple vendors and customers wishing to collaborate on interoperability. A TIP typically includes the following elements critical to customer success:

Use cases capturing the specific requirements of customers in one or more digital trust ecosystems. Design principles that must be clearly defined when combining technology and business policies to formulate a solution architecture.  Documentation that clearly communicates the design, architecture, features, and benefits of a TIP to the digital trust ecosystems targeted for adoption. Best practices and implementation guidance for adoption of a TIP, including how to incorporate policies from the ToIP governance stack. Interoperability tests that enable vendors supporting the TIP to be certified for verifiable interoperability. Adoption metrics and case study references that provide quantifiable evidence of the real market impact.

TIPs harness market forces to drive convergence on interoperability

Each TIP consists of two types of components:

Fully-standardized components of the ToIP stack. These components, called ToIP Standard Specifications (TSS), are standards that have already gained Foundation-wide approval.  Custom components that are specific to a TIP. Some places in the ToIP stack do not yet have agreed-upon specifications. For these gaps, a TIP must specify how it fills the gap via an open community specification that can be implemented by any vendor or open source project.

A conceptual “lego block” picture of a complete four-layer TIP—showing how it is constructed from a combination of standard TSS components and custom TIP-specific components—is shown in the figure below.

Launching the Saturn-V TIP

The first TIP published by the ToIP Technical Stack Working Group is named for the historically significant multi-stage rocket platform, the Saturn-V. This TIP emerged from work begun at a 2019 Connect-a-Thon event held by the Hyperledger Indy community. When the ToIP Foundation was launched in May 2020, ToIP members including Commerzbank (Main-Incubator), esatus AG, Evernym, IBM, Trinsic and idRamp recognized the opportunity to coalesce their collaboration into a TIP. 

Once the ToIP Technical Stack Working Group was formed, it established the criteria for managing the lifecycle of TIP from incubation through design, demonstration, acceptance and adoption. The Saturn-V collaborators then proposed their TIP following this process and it was formally accepted as a Draft Deliverable by the Technical Stack Working Group at their 24 August 2020 meeting.

The next stage: mission-critical collaboration on interoperability testing

All the vendors participating in the Saturn-V TIP actively pair with developers from other participants to work through agreed-upon test plans. Having the Technical Stack Working Group oversee the TIP development life cycle on behalf of all participating vendors ensures a more transparent and robust joint testing project than a typical multi-vendor “plug-fest”. 

Since the technologies used for the Saturn-V TIP are Hyperledger Indy and Hyperledger Aries at layers 1-3 of the ToIP Technology Stack, the open source Aries Test suites will be used as the baseline for all test plans. Participating vendors are currently tackling the following stages of the Saturn-V Interop Test Plan One:

Self-Validation against Aries Protocol Test Suite for Aries Interop Profile v. 1.0 Peer-Validation Core Aries Interop Profile v. 1.0 (Aries RFC 302), which supports DID connections, issuing credentials, and fulfilling proofs Connectionless Proofs using the Service Decorator (Aries RFC 56), HTTP over DIDComm (Aries RFC 348).

Future missions

Once Test Plan One is complete, TIP Participants will define Saturn-V Interop Test Plan Two which intends to minimally include peer-to-peer validation for:

Core Aries Interop Profile v. 2.0 (content and scope not yet defined by community) Out-of-Band Protocol (Aries RFC 434) End-to-End testing the Aries Agent Test Harness (contributed by the Government of British Columbia)

Once these stages of interoperability testing are completed, the Technical Stack Working Group will be able to assess whether component specifications of this TIP meets the criteria to become a TSS. If so, these will be advanced to become their own Draft Deliverables for ultimate approval by the Working Group and then the ToIP Steering Committee.

Please join us

We invite you to join in development of the Saturn-V TIP and formulation of new TIPs that provide full-stack interoperability for digital trust ecosystems. If you are not yet a member of the ToIP Foundation, membership is open to anyone—individual or organization—at both free and paid membership levels. For more information, please visit the Foundation membership page.

TIP development is coordinated through the ToIP Technology Stack Working Group

To join the Technology Stack Working Group, go to https://lists.trustoverip.org/, log in with the email address of your ToIP Foundation membership, then subscribe to the mailing list.

The post Trust over IP Foundation Introduces a New Tool for Interoperable Digital Trust appeared first on Trust Over IP.


Me2B Alliance

All Aboard! Me2B Membership effective next week

Hi Friends, One week from today, the Me2B Alliance will be transitioning to a membership organization. What this means for you, as part of the Alliance community, is an opportunity to become an influential voice in the respectful technology movement.    Starting October 26, all Alliance work will be taking place in the membership portal.  To remain active in the Alliance c

Hi Friends,

One week from today, the Me2B Alliance will be transitioning to a membership organization. What this means for you, as part of the Alliance community, is an opportunity to become an influential voice in the respectful technology movement. 

 

Starting October 26, all Alliance work will be taking place in the membership portal. 

To remain active in the Alliance community, please become a member before October 26.  

 

Better yet, join today!

 

For your convenience, here’s the link on the new Me2BA.org website: https://me2ba.org/membership/

After you receive your membership login information, be sure to sign up for all the working groups you want to participate in--and don't forget ticking the box for All Members.  (We will automate this in the future.)  

Starting next week, all WG meetings will shift to a new conferencing platform, which you can view in the membership portal (members will also receive meeting invites next week and going forward).

 

We look forward to seeing you in the new membership portal very soon.

 

Lisa LeVasseur

Executive Director


FIDO Alliance

White Paper: Accepting FIDO Credentials in the Enterprise

Today, secure access to online applications and services has evolved into a framework reliant on devices, public key cryptography and biometrics to replace the shared secrets of aging passwords. Since […] The post White Paper: Accepting FIDO Credentials in the Enterprise appeared first on FIDO Alliance.

Today, secure access to online applications and services has evolved into a framework reliant on devices, public key cryptography and biometrics to replace the shared secrets of aging passwords. Since 2013, the FIDO Alliance has developed and advanced open and scalable standards to eliminate phishing and other security attacks. To introduce these improvements and to educate employees throughout corporate management and IT security, FIDO Alliance has developed a series of best practices and how-to white papers that match the Alliance’s goals with the responsibilities and titles of technology professionals. This work is dedicated to eliminating passwords and securing the simple act of logging on within all companies. 

Enterprises that accept FIDO credentials are participating in a digital credential exchange. This white paper is intended for CISOs and IT professionals who are considering deploying FIDO across their enterprise. In this paper, we provide a high-level overview of the most common digital exchange – the authentication exchange. We will examine the participants, protocols, and decisions that enterprises must make regarding the creation, management, and usage of FIDO credentials. 

The post White Paper: Accepting FIDO Credentials in the Enterprise appeared first on FIDO Alliance.

Friday, 16. October 2020

Hyperledger Foundation

Weekend Update: This Week’s Round-up of Remote Blockchain Learning Resources

Welcome to the Weekend Update. Our goal with this weekly post is to share quick updates about online education, networking and collaboration opportunities and resources for the open source enterprise... The post Weekend Update: This Week’s Round-up of Remote Blockchain Learning Resources appeared first on Hyperledger.

Welcome to the Weekend Update. Our goal with this weekly post is to share quick updates about online education, networking and collaboration opportunities and resources for the open source enterprise blockchain community. 

If you have suggestions for resources or events that we should spotlight in a future Weekend Update, let us know here using #HLWeekendUpdate. 

CoinDesk Webinar: Governance, standards and interoperability – Getting past the roadblocks to peer-to-peer financial transactions   

Whether you are eyeing retail or wholesale CBDC opportunities or are looking at digital wallets, loyalty programs or other implementations of token-based transactions, you’ve no doubt realized that the technology infrastructure is just one part of the puzzle. It’s well documented that distributed ledger technologies can deliver on the mechanics of peer-to-peer transactions. The roadblocks are creating an ecosystem with a level of transparency and security that consumers, regulators and companies trust. The closer you move to central banks and fiat currencies, the higher the barriers to buy-in and deployment.

In this panel discussion, taking place Tuesday, October 20, at 11:00 am EDT, experts on three different Hyperledger DLT platforms will address these issues and compare notes about current and future token-based solutions from around the world. Get more details here.

Hyperledger Climate Action and Accounting Special Interest Group Guest Speaker: Jürg Füssler, Climate Ledger Initiative

Dial into the Climate Action and Accounting SIG meeting to learn more about how the Climate Ledger Initiative is addressing the pressing challenge of climate change with one of the world’s most promising technological innovations: blockchain and distributed ledger technology combined with other innovative information technologies such as Internet of Things (IoT), Artificial Intelligence (AI), and the use of remote sensing.

For more information on the meeting, which is Tuesday, October 20, 2020, at 8 AM PDT, go here.

Webinar: Unsolicited Commercial Communication (UCC) 

Hear from Rajesh Dhudda of Tech Mahindra about a Plug-n-Play solution, built on Hyperledger Fabric, to tackle the large-scale UCC (Unsolicited Commercial Communication) or spam call problem in India. The Telecom Regulatory Authority of India (TRAI) acknowledges UCC these calls are a major nuisance to telecom subscribers across the country and is a growing menace that needs to be tackled with immediate effect. Learn more details about the blockchain solution that has been successfully deployed across three major telcos in India, reaching >50% market, as well as the steps Tech Mahindra is taking towards bringing the solution to the U.S. market.

Tune on Wednesday, October 21, at 10:00 am EDT. For more information and to register, go here.

Blockchain Pulse Webcast: Blockchain State of the Union for Developers and Technical Leaders

Hyperleger’s Brian Behlendorf will be part of a discussion led by Mark Parzygnat of IBM on what developers should understand and know about blockchain. The conversation will focus on how blockchain, and specifically Hyperledger Fabric, is being used successfully in many industries. Additional speakers will include Steve O’Grady, founder of RedMonk, and Russell Schwartz, part of the Payments Product Management team at TIAA, who will share his experience creating a blockchain solution working with the IBM Blockchain platform. 

To get more information or register for the webcast, which is Wednesday, October 21, 2020, at 11:00 AM EDT, go here.

Virtual Meetups

Monday, October 19, at 22:00 UTC / 17:00 UTC -5: Hyperledger Latinoamerica hosts “Casos de Uso Empresariales con Hyperledger: IBM” (Spanish) Tuesday, October 20, at 15:30 UTC / 11:30 EDT: Hyperledger NYC hosts “Tackling the Hurdles of Enterprise Blockchain” Wednesday, October 21, at 13:30 UTC / 19:00 IST: Hyperledger Kochi hosts KochiOrgBook demo and discussion Friday, October 23, at 13:00 UTC / 15:00 CEST: Hyperledger Sweden hosts “Online Tech Study Circle”

See the full Virtual Meetup schedule here

The post Weekend Update: This Week’s Round-up of Remote Blockchain Learning Resources appeared first on Hyperledger.

Thursday, 15. October 2020

FIDO Alliance

Research Findings: Consumer Attitudes on User Authentication

The post Research Findings: Consumer Attitudes on User Authentication appeared first on FIDO Alliance.

Wednesday, 14. October 2020

FIDO Alliance

FIDO Alliance Opens Free Registration for Authenticate 2020 Conference

Virtual conference being held November 9-19 Mountain View, Calif., October 14, 2020 – The FIDO Alliance has opened registration for its inaugural Authenticate virtual conference for identity and security professionals […] The post FIDO Alliance Opens Free Registration for Authenticate 2020 Conference appeared first on FIDO Alliance.

Virtual conference being held November 9-19

Mountain View, Calif., October 14, 2020 – The FIDO Alliance has opened registration for its inaugural Authenticate virtual conference for identity and security professionals around the world. Authenticate is the first conference dedicated to who, what, why and how of user authentication – with a focus on the FIDO standards-based approach.

Authenticate is being held virtually from November 9-19, 2020. Industry professionals seeking education, tools and best practices to roll out modern authentication across web, mobile, enterprise and government applications should register for free at www.authenticatecon.com

The Authenticate agenda includes six days of jam-packed opportunities to transform attendees authentication knowledge and procedures. Authenticate is singularly focused on authentication, providing the industry with a forum to delve more deeply into the FIDO approach, hear from real-world implementers, and come away with everything they need to start the journey towards simpler, stronger authentication for their own brands and services. 

Here’s a glimpse at some of the content attendees will get from their complimentary registration:

Keynotes from the world’s greatest minds on cryptography, security and identity:  Dr. Whitfield Diffie, Co-inventor of Public Key Cryptography and Senior Advisor, Uniken Joy Chik, Corporate Vice President, Microsoft Identity Stina Ehrensvärd, CEO and founder, Yubico Mark Risher, Senior Director of Product Management, Google Andrew Shikiar, Executive Director and Chief Marketing Officer, FIDO Alliance Case studies from service and technology providers including CVS Health, EMILY’s List, Facebook, Google, IBM, Mass Mutual, Microsoft, MITRE Corporation, NTT DOCOMO, PNC Bank, and Target Policy discussions around PSD2, GDPR and eIDAS; authentication to enable better privacy for citizens; authentication from a regulator’s perspective and more Standards and technical implementation presentations focusing on FIDO for identity verification; bringing FIDO Authentication to IoT; OpenID for open banking; standards and the future of payments; account recovery; FIDO certification; attestation and more Sessions on the state of authentication, building an authentication strategy, and how FIDO fits with initiatives like W3C Web Payments, and EMVCo 3DS and SRC

See FIDO Authentication in Action in the Virtual Expo Hall

Attendees will join peers in the virtually rich and immersive expo hall that feels like they’re with colleagues in person through creatively-produced networking lounges and other interactive features that will help them make new connections and reunite with old friends. Sponsoring company booths will be a 360-degree experience, allowing them to explore content, see demos, talk live with company executives, and come away with the tools needed to implement modern authentication with FIDO inside of their organization.

Exhibiting sponsors include: signature sponsors Google, Microsoft and Yubico; platinum sponsors Feitian, HID, Identiv, NokNok, Secret Double Octopus and Strongkey; gold sponsors AuthenTrend, Aware, Daon, Duo, HYPR, RSA, SurePass and Uniken; and startup sponsors AuthAmor, Iproov and One World Identity.

Authenticate is hosted by the FIDO Alliance, the cross-industry consortia providing standards, certifications and market adoption programs to replace passwords with simpler, stronger authentication.

Register for Authenticate today! www.authenticatecon.com 

About the FIDO Alliance

The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.

The post FIDO Alliance Opens Free Registration for Authenticate 2020 Conference appeared first on FIDO Alliance.


Berkman Klein Center

Lumen — The Year in Review:

Lumen — The Year in Review September 2019-August 2020 By: Adam Holland, Andromeda Yelton, and Chris Bavitz Introduction September 2019 through the end of August 2020 marked the first year in which Lumen operated with a generous supporting grant from the Arcadia Fund. During that year, the project’s primary objectives fell within three themes: (1) technical improvements to the Lumen s
Lumen — The Year in Review September 2019-August 2020

By: Adam Holland, Andromeda Yelton, and Chris Bavitz

Introduction

September 2019 through the end of August 2020 marked the first year in which Lumen operated with a generous supporting grant from the Arcadia Fund. During that year, the project’s primary objectives fell within three themes: (1) technical improvements to the Lumen site and database; (2) expanding research opportunities, both internal and external; and (3) outreach, both to possible new notice-submitters and to the various constituencies of the Lumen user community. This post draws from Lumen’s first annual report to Arcadia and provides an overview of the project’s key activities during the past year.

To say the least, it was a complex and difficult year on a number of fronts — most notably, because of the COVID-19 pandemic that forced us into a remote work mode for much of 2020. That said, we were able to make significant progress on a number of key fronts:

Lumen’s developers and technical support team achieved a great deal, especially on the backend of the site, and also by adding new user interface features and new notice categories. Lumen had success increasing and improving external research using Lumen’s database, with database access credentials granted to 49 new researchers or research teams, ranging from college undergraduates and investigative reporters to law professors and economists. Several of these researchers produced substantive written work along with various other shorter articles and pieces. Regarding outreach, we had conversations with a range of organizations, online service providers and individuals regarding working more closely with Lumen. The Lumen team participated in a multi-stakeholder virtual workshop in June of 2020, with more topic-specific workshops planned. The onset of the pandemic put a wrench in the works in terms of hiring, but Lumen plans to bring onboard a new research fellow in the coming months.

The remainder of this overview addresses and provides more details on these main themes in the order outlined above.

(1) Technical Improvements and Progress

In addition to too many small-scale bug fixes and one-off requests to name, the Lumen developers’ activity in the first year fell into several key main categories:

Security/anti-obsolescence updates Lumen upgraded Rails (the web application framework the whole system uses) from version 4.2 to version 5.2. Lumen upgraded Ruby (the programming language in which Lumen’s site and administrative interface is built) from version 2.3 to version 2.5. Lumen upgraded various software libraries. Lumen is in the process of upgrading its native search function from ElasticSearch version 5 to ElasticSearch version 7, which is expected to significantly improve the ability of researchers and others to access notices in the database.

In combination, these upgrades and improvements improved system security and system performance, making the database notably faster for users. Additionally, the various improvements keep the site effectively modernized, which in turn allows developers to take advantage of and implement further improvements without too much work. Finally, the ongoing ElasticSearch upgrades allow Lumen administrators to more quickly and effectively redact sensitive data in Lumen’s notices (in addition to making site search functionality more powerful for users).

Overall, these technical improvements make the Lumen site easier to use by and more responsive to both its internal team and the research community. They also serve to “future-proof” the site to the extent possible, making it far more likely that Lumen will be able to continue to exist and thrive indefinitely, and making continued and sustained improvements easier to accomplish.

Improvements to the Lumen administrative interface Lumen updated rails_admin from version 1.4 to version 2. As an example of modernization making more modernization easier and possible, this upgrade was only possible because of the underlying Ruby upgrade mentioned above. Lumen added a Content Management System (CMS) to the site and migrated all the old blog posts and pages into it. The CMS will also make it much easier for the Lumen team to share out rich multimedia content on the Lumen website and write short pieces more rapidly and effectively. Some recent blog posts made using the CMS include a write-up of Lumen’s workshop on best practices in notice and takedown transparency, “Algorithmic Copyright Management: Background Audio, False Positives and De facto Censorship” and “Pandemic Misinformation Campaign Comes to Lumen.” Improvements to receiving and sharing notice data A series of improvements to the Lumen application programming interface (“API”) improved the quality of data that the database is able to accept and process, most notably with respect to URLs submitted. Some URLs are malformed when submitted, and API improvements dramatically reduced the error rate upon submission. Prompted by a series of distributed denial of service attacks on the Lumen site, Andromeda Yelton, the lead developer for Lumen, spent a great deal of time and effort putting into place, documenting, and continuing to improve on a series of changes and improvements for managing the requests for data that Lumen receives through its API, which represent a potential vulnerability for the site and database. These changes improved Lumen’s data security, made it easier for legitimate researchers to continue to use the site, and helped better allocate site and system resources. Andromeda later gave a presentation about her work at Code4Lib. Lumen added “Counterfeit” and “Placeholder” notice types. Google began accepting takedown notices referencing the presence of counterfeit goods or advertisements for them on Google sites, and in order to accommodate this new notices stream, we created a new template for such notices. Having this new type available also made it possible for the Lumen team to effectively reach out to new possible submitters, including Amazon and eBay. The “placeholder” notice is another new type that allows Lumen to accept more notice streams. Some large OSPs, like Google, receive takedown requests about which they are unable to share the details for legal reasons. Despite this, they still wish to indicate that they have received a request. In those cases, they can point their users to a “placeholder” notice that provides what details are available. User Interface

Lumen made a series of changes regarding how visitors to the site see the URLs that are part of each notice. The changes make it possible for Lumen to present notice URLs in a truncated form to casual Lumen visitors, while still granting access to complete URLs to Lumen accredited researchers. Casual Lumen users can view one notice’s full set of URLs by providing an email address. Researchers with credentials can be granted access to notices within a limited time frame, up to a maximum specific number of notices, and with or without use of the Lumen API, and can also be given the ability to generate “permanent” versions of Lumen notice URLs that are suitable for use in published works or for citation.

(2) Research Using the Lumen Database

Lumen granted research credentials to forty-nine different researchers during the year in question. These researchers range from college undergraduates who have recently become interested in copyright law or censorship, to international researchers from a wide range of countries, including Brazil, Turkey, Ukraine, France, India, Austria, Russia, Germany, and the UK, as well as EU-affiliated researchers and international NGOs such as the Committee to Protect Journalists, as well as law professors and journalists and others in the United States.

Many of the projects that these researchers are working on are still ongoing, such as Professor Eugene Volokh’s ongoing series of law journal articles about falsified court orders and online defamation law. Some of the completed research projects include:

Asher-Schapiro, Avi, Zidan, Ahmed. “India Uses Opaque Legal Process to Suppress Kashmiri Journalism, Commentary on Twitter,” Committee to Protect Journalists (blog), October 24, 2019, https://cpj.org/2019/10/india-opaque-legal-process-suppress-kashmir-twitter/. Fuller, Andrea, Grind, Kirsten, Palazzolo, Joe. “Google Hides News, Tricked by Fake Claims,” Wall Street Journal, May 15, 2020, sec. Tech, https://www.wsj.com/articles/google-dmca-copyright-claims-takedown-online-reputation-11589557001. Akdeniz Yaman, Guven, Ozan (2019). “EngelliWeb[HA4] 2019: An Iceberg of Unseen Internet Censorship in Turkey”. https://ifade.org.tr/reports/EngelliWeb_2019_Eng.pdf Hovyadinov, Sergei, Toward a More Meaningful Transparency: Examining Twitter, Google, and Facebook’s Transparency Reporting and Removal Practices in Russia (November 30, 2019). Available at SSRN: https://ssrn.com/abstract=3535671 or http://dx.doi.org/10.2139/ssrn.3535671 Srivas, Anuj. ““At ‘Government Request’, Twitter Blocks Tweet by BJP MP Tejasvi Surya,” The Wire, accessed October 8, 2020, https://thewire.in/tech/at-govt-request-twitter-blocks-hate-speech-including-tweet-of-bjp-mp-tejasvi-surya. Matias, J. N., Mou, M. E., Penney, J., & Klein, M. (2020). Do Automated Legal Threats Reduce Freedom of Expression Online? Preliminary Results from a Natural Experiment. https://osf.io/nc7e2/

There are also many shorter articles online referencing or relying on Lumen, such as this one, from the Sunday Guardian Live, or this one from TorrentFreak.

Over the summer of 2020, the Lumen team also worked closely with a Harvard Law School student research assistant to begin developing a taxonomy of takedown notices, their underlying data, and the various involved stakeholders. This draft taxonomy seeks to cast light on the range of interests and incentives that a given stakeholder in the notice and takedown (“N&TD”) ecosystem must balance with respect to whether a particular piece of information should come down and the degree to which there should be transparency regarding the request and any subsequent action taken. It is the Lumen team’s hope to soon turn this working draft into a white paper, as well as the raw material for a Lumen workshop, as well as use it to inform discussions on any statement of best practices regarding N&TD transparency.

(3) Outreach Events

The Lumen team’s original plan had been to hold a fairly intimate in-person workshop over the course of two days, as a way of initiating conversation between the various parts of Lumen’s user and research communities, and to plant the seed for more detailed and targeted workshops to come. Unfortunately, the COVID-19 pandemic got in the way of those plans, and as a result, the June workshop was held virtually. Although the Lumen team members were of course very disappointed to not be able to have the full in-depth workshop we had planned, especially the face-to-face network building and conversations, hosting a virtual event had some positive aspects. These included lower costs and the possibility of drawing more participants. The end result was that we were able to diversify and expand the initial invitee list substantially, including a wider range of interested parties, and — critically — giving the group more international representation. On that note, it meant that some foreign human rights activists who would otherwise not have been able to attend were present — including representatives of EngelliWeb, which has published a human rights report on Turkish takedowns that relies heavily on Lumen. The most recent of EngelliWeb’s reports can be found here.

Using the lessons learned from this first virtual event, and anticipating that virtual events will be the norm for the foreseeable future, Lumen has planned a series of smaller and more topically focused events for the coming fall and winter, the first few of which will be focused on learning more from current and prospective Lumen researchers.

Outreach to New Sources of Notices and Notice Data

Encouraging recipients and senders of takedown notices to share copies of those notices with Lumen has proven to be one of the biggest challenges the team has faced. Although Lumen’s name recognition has clearly improved, due in no small part to the increased publicity from outside journalism and research publications, and although those companies with whom Lumen has existing relationships are generally positive about the benefits of sharing, some institutions are still loathe to share notices and notice data. Finding ways to be more effective at turning preliminary outreach into new data-sharing arrangements will be a top priority for the Lumen team in the coming year.

General Outreach and Media Participation

In addition to the June 2020 workshop mentioned above, and their ongoing work with Lumen researchers, members of the Lumen team participated in the following activities:

Prompted by the increased attention paid to the Internet Archive after it announced its pandemic-motivated National Emergency Library, Adam Holland wrote a Medium piece examining the various points of view on the library, and urging the NEL to share any takedown notices it received with Lumen. Lumen provided some statistics on Google takedowns to TorrentFreak for an article. Lumen provided statistics on takedowns to Professor Rebecca Tushnet for her testimony to the Senate Judiciary subcommittee on the DMCA. Lumen Project Manager Adam Holland answered some questions from a cyberlaw professor about Google’s search index and robots.txt pertinent to the way in which the Florida Department of Law Enforcement (FDLE) operates its publicly-accessible database of FL residents who have been previously convicted of various sex offenses. As noted above, Andromeda Yelton gave a presentation on her work defending Lumen against a Russian botnet to Code4Lib. Adam spoke with a member of the data team of The Correspondent, a newsroom based in Amsterdam. Adam provided general commentary regarding the DMCA and United States fair use law to Daniel Laufer, a German reporter interested in how a German company, Acromax Media, may be abusing the DMCA to take down critical reporting in Albania, and was quoted in the ensuing article. · Adam spoke to a New York Times reporter to give background information about DMCA takedowns for an article about a lawsuit between two self-published Amazon authors. Adam spoke with CBS News regarding a story about Professor Volokh’s research. Adam spoke with the San Antonio Express News for a story posted online here. Additionally, members of the Lumen team provided background information regarding Lumen, the DMCA and notice & takedown generally to inquiries from journalists, activists, legislative staffers, researchers, and other interested parties.

Of special note, on December 16, 2019, Lumen project manager Adam Holland and Lumen PI Chris Bavitz made comments to the Third Meeting of the Stakeholder Dialogue on Art. 17 of the Directive on Copyright in the Digital Single Market in Brussels. Article 17 references “”Use of protected content by online content-sharing service providers.”

The presentation was well-received, and also was a boost to Lumen’s broader publicity. Lumen was invited to join a multi-stakeholder mailing list regarding ongoing Article 17 discussions, in which it continues to participate, and also made several new EU contacts, including a former member to the EU Parliament, who have kept Lumen apprised of opportunities to contribute comments or thoughts to ongoing copyright and intermediary liability-related legislative and regulatory discussions within the EU.

A copy of the remarks can be found at:

Bavitz, Chris, Holland,Adam, “Lumen Presents Comments to the Third Meeting of the Stakeholder Dialogue on Art. 17 of the Directive on Copyright in the Digital Single Market in Brussels” (December 17, 2019) https://www.lumendatabase.org/blog_entries/807

A recording of the day’s proceedings is available at:

“COPYRIGHT STAKEHOLDER DIALOGUES — Streaming Service of the European Commission,” https://webcast.ec.europa.eu/copyright-stakeholder-dialogues-16-12, (accessed October 8, 2020)

Lumen’s participation begins at approximately the 4:00:00 mark.

Other outreach efforts

The Lumen team has also had productive conversations with a variety of other activists and researchers about possible cooperative efforts, including with Carrie Goldberg, an American lawyer specializing in representing victims of so-called “revenge porn”; the “Disinfodex” project emerging from the Berkman Klein Center’s 2019–2020 Assembly Program; the Digital Public Library of America, the Reporters Committee for Freedom of the Press, Harvard’s Caselaw Access Project, and the Humboldt Institute for Internet and Society in Berlin.

Social Media Statistics

Lumen maintains a Twitter account, from which it tweets or retweets about content moderation, takedowns, censorship, academic freedoms, the “right to be forgotten” and other news related to online information. During the period from September 1, 2019 to August 31, 2020:

The account added 986 new followers, a ~25% increase The engagement rate on Lumen’s tweets and retweets went up each quarter, from 0.9% in the first to 2.0 % in the fourth. Lumen’s tweets received 1.41 million total impressions, and an average of between 20 and 25 link clicks per day. Lumen’s top mention in terms of engagements (an order of magnitude greater than typical) was when a CNN reporter mentioned Lumen in a tweet referencing a takedown notice sent regarding Donald Trump’s account. Data and Material Produced

During this year, the Lumen database added ~2.6 million more notices, referencing many millions of URLs, involving approximately fifty-eight thousand separate entities. As mentioned above in the technical improvements sections, we put into place our planned changes for displaying URLs in a truncated form to casual Lumen visitors, while granting access to full notices with complete URLs to researchers requesting access. We were and are gratified to have received relatively few complaints from users regarding the change, and none from active researchers. Current policy is to grant a single request per email address to view a notice. Lumen has consistently averaged approximately one thousand such requests per day, but may revisit and revise the bounds of that policy in the coming year.

During the time period from September 1, 2019 to September 1, 2020, Lumen received almost six hundred thousand unique visitors, who visited Lumen close to fourteen million times, viewing over nineteen million unique Lumen website pages. These traffic numbers represent an approximately 50% increase in activity from the previous year, which the Lumen team attributes to both more research activity and greater use of the site by the public at large.

The most visited Lumen URL was http://lumendatabase.org/notices/9415, which is a Google placeholder notice for search results that contain URLs reported as illegal under German youth protection laws. There is no way to be certain as to why this notice is visited often, but it may be that this notice’s popularity is a rough proxy for the number of such removals by Google in Germany and the number of searches the internet-using German public performs for the underlying material. Or, it could be the relative novelty of the new laws is driving interest. The second most visited Lumen page, close behind first in terms of total visits, was Lumen’s own search page.

Conclusion

In the year to come, the Lumen team looks forward to continued progress on all fronts, from expanding the scope, scale and impact of research done with Lumen’s data and gathering new sources of takedown notice data, to improving the Lumen user experience and adding new members to the Lumen team, There will be more events, whether virtual or in person, more publications, and more opportunities to get involved.

Lumen — The Year in Review: was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.

Tuesday, 13. October 2020

Oasis Open

Four new Project Specifications approved by the #OSLC Open Project


eSSIF-Lab

Meet the eSSIF-Lab’s ecosystem: the Infrastructure Development Instrument first winners

eSSIF-Lab has already kicked-off the programme for the 7 proposals selected, out of the 36 that were submitted before the first deadline of the Infrastructure-oriented Open Call, to contribute with open source technical enhancements and extensions of the SSI Framework of the project. These are:

BRIDGE by SICPA Spain S.L.U. BRIDGE for ledger-agnostic interoperable issuance and verification of W3C verifiable credentials. Capability Based Authorization System by Jolocom A capabilities-based authorization system, utilizing DIDs, Verifiable Credentials, Verifiable Presentations, etc. eSSIF- TRAIN by Fraunhofer-Gesellschaft Trust Management Infrastructure Component. Evernym Open Sourcing Project by Evernym UK Open sourcing Evernym’s credential exchange platform. Self-Sovereign IDentity Online by UBICUA Online password less authentication based on SSI and FIDO2. SSI eIDAS Bridge by Validated ID, S.L. An eIDAS bridge, which is a component that proposes to enhance the legal certainty of any class of verifiable credentials. Verifiable Credential Authority by NYM Srl A DLT/blockchain independent platform to Issue and Verify certified attributes and claims, under different formats, and for any SSI system.

The Infrastructure Development Instrument will support these innovators to provide scalable and interoperable open source SSI components for eSSIF-Lab Framework with up to € 155,000 funding.

Selected companies under this instrument will have the opportunity to take part in a very active and collaborative ecosystem with other eSSIF-Lab participants to:

improve framework’s vision, architecture, specifications etc. ensure interoperability (at the technical and process levels) and address each other’s issues jointly. Would you like to join them?

Infrastructure-oriented Open Call is still admitting applications (the next deadline is on 4th January 2021)

Apply NOW!

Follow the updates of this initial batch of winners, about the current open call and about the next deadline (on June 2021) in the eSSIF-Lab space of the NGI Online Community!


Meet the eSSIF-Lab’s ecosystem: the 1st Business-oriented Programme participants

After a tough competition among interesting proposals and 2 days of intense on-line Hackathon, eSSIF-Lab has selected 15 best projects out of the 19 who succeed in the open call to join the 2nd stage of its First Business-oriented Programme:

CommercioKYC by  Commerc.io Easy KYC with Self-Sovereign Identity. Universal DID SaaS by Danube Tech Building a hosted service that allows developers to easily work with Decentralized Identifiers (DIDs), without having to set up their own infrastructure. SSI-enabled “Contractual Event” Passport by Domi Labs Enabling businesses to integrate SSI into their contractual record management processes. e-Origin Wallet by e-Origin Digital wallet of verifiable credentials for the products’ origin. Gataca Connect by Gataca España Trusted Single Sign On for a human-centric Internet. SSI4DTM by JoinYourBit Self-Sovereign Identity for Digital Transaction Management: a Digital Transaction Management platform to execute any cross-border transactions: NDAs, contracts, bids, etc. Universal Backup Service (UBS) for SSI Agents by Jolocom A vendor-neutral, plug-and-play component for equipping SSI Agents with a service to generate interoperable backups of end user data. SSI-as-a-Service by Netis Simplifying SSI integration and adoption. Gaya by NYM srl Supports public notaries to remotely incorporate Limited Liability Company, providing all the tools they need to apply digital transformation to their business. NYM Credentials for Self-Sovereign Identity by Nym Technologies A bulletin-board and search system for privacy-enhanced services Digital ID and signatures by Off-Blocks Onboarding businesses and organizations in a self-sovereign world through user-friendly and low-cost control over trusted digital identities, verified credentials and digital signatures. IRIS – Discourse Community Credentials by Resonate Beyond Streaming A Discourse plugin that allows SIOP OIDC login and community-friendly transparent recognition, award and governance of verifiable credentials as user-friendly ‘badges’. Dynamic Data Sharing Hub with Consent Flow by The Human Colossus Foundation Brings SSI benefits to the wider economy by enabling a privacy preserving full data life cycle including consent. Trusted Digital Assistant – a data operator solution by unikk.me Bringing the fundamental right to an autonomous identity to every person by enabling trusted parties to act as a ‘trusted digital assistant’ in catering. User-friendly Management Interface for Verifier Policies by Verifiable Credentials Verifiable credentials for reviewers of scientific publishing and research funding proposals.

The 8-month Business-oriented Programme offers business and technical support to integrate SSI technology with market propositions and it’s structured in 3 competitive stages (only the best performing projects in each phase are entering the next).

The initial stage, which expanded for the first month, was intended for the teams to work in the Proof of concept of their projects and to start building their business case. They both presented the outcomes of their work during business pitches and technology demonstrations in the online Hackathon which took part on September 16th and 17th. All the 19 projects who took part in this first stage, including those by Filancore, Wellbeing cart, MyData Global and Spherity, will receive € 15,000 funding to reward their efforts.

During the second stage, which already is ongoing, the 15 selected teams will work during the next 5 months on their developments to create a mock-up and a Prototype and on their business models and will cooperate among them to create a real ecosystem ensuring interoperability and scalability. Funding linked to the participation in this stage is € 50,000.

Only the best-in-class teams from those will reach the third stage and focus on testing their MVPs and defining Business models to get a final funding of € 41,000.

Are you curious about which ones will be those completing the programme?

Follow up the course of the programme at eSSIF-Lab space in NGI Community and join us in congratulating all the participating teams on their development efforts so far!

Join NOW!

Last but not least, 2nd Business-oriented Call is expected to launch in late spring 2021, and it will be open to SMEs and startups developing commercial SSI-based applications and services with focus in the verticals of HealthTech, eGovernment, Education or competing in the generic track of Open Disruptive Innovation. Follow the updates in NGI Online Community!


Me2B Alliance

Global Privacy Control -> W3C work

Hi friends, If you're interested in getting involved in the Global Privacy Control Spec, you can join the W3C Privacy CG https://www.w3.org/community/privacycg/, and participate in the GPC discussion here:  https://github.com/privacycg/proposals/issues/10  I sent my concerns to the Certification WG last week so won't repeat them all here.  My main problem with t
Hi friends,

If you're interested in getting involved in the Global Privacy Control Spec, you can join the W3C Privacy CG https://www.w3.org/community/privacycg/, and participate in the GPC discussion here:  https://github.com/privacycg/proposals/issues/10 

I sent my concerns to the Certification WG last week so won't repeat them all here. 

My main problem with the spec is that it is functionally an opt out--meaning that the individual must take an action to deliberately opt out of selling data.  Once again, the burden is put on the individual.

A central thesis in CCPA and the folks drafting the spec seems to be that "Privacy by default is great but has even more legal teeth with this preference chosen explicitly." [quote from issue in github by Henry Lou]

Richard and I discussed this a bit earlier in the year, and I'm still confused about the legal foundation for this assertion, and why it's being framed like this.  Wouldn't Privacy by default be kinder, and more respectful? Better? 

In any case, I highly encourage you to get involved directly in the work.  (Because there's a lot of interesting stuff happening in the Privacy CG.)

Lisa





Monday, 12. October 2020

Decentralized Identity Foundation

Drilling down: Open Standards

What standards are and what it means to make them openly In our last post in the series, we drilled down into a granular definition of “open-source” development and the thinking that goes into a choice of license. In this post, we drill down into what “standards” are, and the characteristics of an “open process” for developing standards. Supporting these open standards is where the bulk of D

What standards are and what it means to make them openly

In our last post in the series, we drilled down into a granular definition of “open-source” development and the thinking that goes into a choice of license. In this post, we drill down into what “standards” are, and the characteristics of an “open process” for developing standards. Supporting these open standards is where the bulk of DIF’s efforts and resources are focused. In the next post in the series, we will turn to how open source and open standards work together to create new business models and strategies with real-world consequences for cooperation, “coöpetition,” and healthy markets.

Photo by Jim Quenzer

It is worth noting up front that the term standard has two slightly different usages. One is related to quality assurance or business process compliance — think of marketing that references “the highest standards of _____ ”. This refers to specifications and metrics used to grade outputs in a regulated industry or sector, like “Grade A Beef”. These are set and enforced by some combination of regulators, private-sector auditors and industry associations. Outside of software, this is usually what people refer to by “standardization:” and a specialist in any industry can wax eloquent on the politics and the consequences of decisions by standards bodies fixing those specifications and metrics.

In software and other IP-driven industries like medicine or engineering, standards have more to do with control and portability of data, enforcing measurable compatibility with the products of others. A common metaphor for this kind of standardization is the width or “gauge” of railway tracks — how far apart the rails are is a somewhat arbitrary decision but if they are different between two countries or regions they will have completely distinct rail systems. Software standards work much the same way, and for this reason standardization is often a prerequisite of procurements from government or substantial investments in the private sector. No one wants to invest in locomotives if all the places they want to take it… use different rails.

In the software world, as in the world of trains, standards define a given market for products and services. Compliance tests make objective (and far less controversial) the question of whether or not a given product meets a given set of requirements. Explicitly-defined, testable protocols make products provably swappable and/or interoperable. Open standards processes try to define those tests and protocols in the open, with input from initial and future contenders in that market, speeding up the timeline to legitimacy by incorporating major players and incorporating widely-sourced input.

Standards processes, as inherited from tangible industries

One way to explain standards processes is to begin with some examples in the physical world, which we learned about as matters of fact in our education. These evolved to support the creation of precise manufacturing methods and to support more seamless commerce, giving stability and safety to commodity markets. Weights and measures are classic standards that support for both: after all, there is nothing natural about our units of measure or currencies, as anyone who’s used both metric and non-metric measures knows all too well. How long is something? How heavy is something? How much liquid is in a gallon or liter?

Standardizing these kinds of measures was a quantum leap for commerce and mercantilism: it gave everyone a common reference point and enabled accounting systems (and “ledgers”) of vastly wider scope and simplicity. The fact that standards have been decided at the international level means it can happen on a global scale. The metric system, for example, is defined by the International Bureau of Weights and Measures, an international standards development organization (SDO). There is little debate in 2020 about what a gram is (it’s the weight of one milli-liter of water), but things like tolerance or accuracy in weighing and marking system is still an ongoing matter of debate and specification carried out there.

Another physical world standard is the shipping container. A whole global infrastructure has been built around this standard-sized container that allows it to be put on truck beds, shipped on train cars and put in ships that go around the world. It also means if you can fit whatever your thing is inside that box it can get to almost anywhere in the world because there is a standards based infrastructure that can handle it. Massive economies of scale (which have terraformed geopolitics by enabling high-throughput, high-efficiency global trade networks) are unlocked by this kind of standard, which enables the movement of containers (in most cases with no knowledge, or no direct knowledge, of what is inside them) to become a kind of commodity whose price stabilizes and steadies far-flung trade. The analogy to the “packets” or “data points” of modern information technology has been a mainstay of thinking about software business models for decades, and W3C Verifiable Credentials are no exception.

Similar standards also govern the electricity coming out of the walls in our houses, which has become so reliable and ubiquitous over the last century that few people outside of the relevant industries think much about it, or how dangerous it would be if standards were loosened. The “amount” (load and speed) of electricity, as well as the physical form factor of plugs, wiring, and circuit boards are all standardized at the national or regional level. This creates regional economies of scale in both the delivery of energy as a resource and in the manufacturing of electricity-powered products. Indeed, much of software engineering as an academic discipline and a labor market, as well as many standards around data and their governing standards bodies, evolved out of the electrical and communications infrastructure that preceded the advent of modern software.

Standards processes, for bits and bytes

Digital technology also needs explicit and testable standards, deliberated by specialists and engineers in a transparent process for the common good and for the stability of huge systems of capital and human effort. As the internet has evolved, the bulk of this effort has focused on the definition of common protocols that allow information to be exchanged by different computer systems, potentially written in very different languages and operating across very different topographies, with very different inputs and automations and governance structures.

The protocols that make up the modern internet were originally created by the group that began building the ARPA network. In 1986 the Internet Engineering Task Force (IETF) formed and it is still the steward of many key protocols that form the basis of much of the internet, particularly around security and load-balancing at massive, infrastructure scale. The Worldwide Web Consortium (W3C) was formed in 1994 and works to develop the software standards for the World Wide Web’s core technologies: browsers and servers.

One example we all use every day is E-mail, or as it was once known, “electronic mail”. How addressing and discovery can work, the limits and parameters of a universally-recognizable address, etc are all written up in authoritative specification documents. Colloquially, these documents are often referred to as “the standard,” or “the RFCs” (“Request[s] for Comment” referring to the collective editorial process by which standards are written). Email is typical, however, in that a patchwork of multiple interlocking protocols are actually required to send and receive emails.

Although this list of protocols needs to move slowly to give the end-consumer stability and assurance, the list is actually in a state of permanent minor flux, as individual protocols are iterated and upgrades, support for older versions fades away, and now protocols are added that take advantage of security or performance enhancements reaching critical mass elsewhere. For decades, the dominant protocols in email have been Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP), and underlying handshake/transport protocols like Transport Layer Security (TLS). As you can see clicking any of these links, the “standard” (current best practices and specifications) are compromised of a patchwork of iterating and component specifications with a more narrow scope, allowing for a kind of modular and incremental evolution allowing markets and applications to phase components and subsystems in and out over time without interruptions to service or sudden changes in user experience.

Another example we use every day is “web standards,” i.e., HTML, HTTP and CSS. These protocols are the standards that let any web server present information according to prescriptive formats which will be displayed in roughly the same way by any compliant web browser. Here, as in weights and measures, or electricity, there are always slippages and margins for error, though, as any front-end developer can tell you) This enables a diversity of web servers and a diversity of browsers. There are of course open source examples of each (Apache Server and Firefox Browsers being two examples) but there are also proprietary versions of them as well.

To many observers, the degree of openness in the codebase matters less than the diversity and complexity of organizations involved in the governance of the protocols: in this regard, control of “browser standards” might be endangered by increasing market power on the part of browser vendors owned by private entities that also have outsized and direct control over operating systems and app store platforms, upon which any competing browser would depend directly. Neither open source nor open standards are a guarantee of a healthy and open market, although both generally contribute to that end.

Standards and Proto-standards

Standards development is generally a slow process taking years, driven by a balance between (rough) consensus between stakeholders refining and iterating requirements and running code against which these requirements can be measured or considered. Depending on the context, stakeholders can include vendors or commercial actors, regulators, consumer advocacy groups, affected industries, and/or individuals. The terms “running” and “code” both cover a lot of territory, but it would be impossible to arrive at a standard without at least two independent, functioning pieces of code that have been tested, audited, and hardened, ideally by some deployment at scale.

In some cases, this is where an open standards process begins: two maximally independent implementations decide to cooperate for greater adoption and maturity, and seek out a venue for the relevant stakeholders to debate the merits and trade-offs of their current codebases and future variations or possibilities. Different standards bodies can be more or less public in their processes, more or less transparent in their results, and more or less complex in their rules of engagement: indeed, some operate according to a rulebook as complex as that of a parliament, and a style guide as exacting as an academic institution.

For the most open of standards, however, it is possible to work in the open, deliberatively and transparently, long before this “first” step. Working in an industry group, trade association, or other neutral venue can speed up the work towards a standards by front-loading the collaboration, peer-review, market-testing, and process legitimacy needed to get an idea ready for the market and standardization sooner. These “pre-standards” venues are like containers where all those participating have signed an IPR agreement up front that means their work is unencumbered by patents or royalties and safe from being front-run or patent-trolled.

The products of these pre-standards processes are often called “pre-standard specifications” or “proto-standards” (if they are more ambitious and protocol-shaped). Groups that develop proto-standards often have explicitly-defined processes for how to publish a proto-standard, as well as when and how to hand off a sufficiently matured proto-standard to an SDO process for more formal and authoritative standardization.

We should not overstate the distinction between standards and pre-standards, however: there are many shares of grey in between. “Standards-track” and “non-standards-track” specifications alike can be more mature or legitimate depending on the parties involved, the pertinent SDOs (or lack thereof), and of course the process used to create them. For this reason, work items and working groups at the DIF avail themselves of multiple procedural options and tailor their processes to the context, which is why “scoping” and “chartering” processes can take months to hammer out between organizations and their legal departments. This is also specifications developed at DIF without being further hardened in a more formal standards body can sometimes be called “standards,” in the sense that they are adopted in the industry and function as standards. How the market and the relevant industries treat, and trust, and rely on a specification is the ultimate judge of when it can be called the authoritative text for a standard process or procedure!

In our next drill-down, we’ll go into more detail on DIF’s processes, how you can get involved, and what decisions go into assuming an active role in a working group or work item.

Drilling down: Open Standards was originally published in Decentralized Identity Foundation on Medium, where people are continuing the conversation by highlighting and responding to this story.

Saturday, 10. October 2020

FIDO Alliance

The Next Web: Inside FIDO Alliance’s vision of a future free of passwords

The Next Web (TNW) talks to Andrew Shikiar, executive director and chief marketing officer of the FIDO Alliance, and its partner and hardware security key maker Yubico, about authentication without passwords […] The post The Next Web: Inside FIDO Alliance’s vision of a future free of passwords appeared first on FIDO Alliance.

The Next Web (TNW) talks to Andrew Shikiar, executive director and chief marketing officer of the FIDO Alliance, and its partner and hardware security key maker Yubico, about authentication without passwords through the FIDO2 standard. But before TNW looks at what companies are doing to allow users to login to services in different ways, they take a look at what FIDO2 is and how it works.

The post The Next Web: Inside FIDO Alliance’s vision of a future free of passwords appeared first on FIDO Alliance.


Deploying FIDO in Japan: An Interview with SBI Sumishin Net Bank

SBI Sumishin Net Bank is an Internet-focused bank jointly established in 2007 by SBI Holdings and Sumitomo Mitsui Trust Bank. In keeping with their aim to be recognized for innovation, […] The post Deploying FIDO in Japan: An Interview with SBI Sumishin Net Bank appeared first on FIDO Alliance.

SBI Sumishin Net Bank is an Internet-focused bank jointly established in 2007 by SBI Holdings and Sumitomo Mitsui Trust Bank. In keeping with their aim to be recognized for innovation, the bank deployed FIDO Authentication in July 2020. We had an interview with the bank about the details of their deployment.

Q. Describe your service and how it’s using FIDO Authentication.

We have incorporated  FIDO-compliant authentication into our  existing “SBI Sumishin Net Bank” mobile application. Now, a single application is available to provide both banking and authentication functions to our customers. This eliminates the need for our customers to enter passwords and verification codes for each transaction. Instead, they can simply log in to the SBI Sumishin Net Bank App with biometric authentication. Even when transactions are made from a PC or other non-mobile application environments, the application will confirm and approve the transaction details before they are executed, preventing unauthorized transfers. Furthermore, when using the login approval function, only the registered smartphone can remove any control, which prevents unauthorized logins.

Q. What FIDO specification(s) did you implement? 

We have deployed a solution based on FIDO UAF, which uses biometrics (fingerprint and facial recognition) and PIN as the authentication methods.

Q. What other approaches did you consider before choosing FIDO? 

We looked at continuing with the existing smartphone application “Smart Authentication,” which is a separate application the customer would have to authenticate logins and bank transactions. However, we saw it as difficult to operate two applications separately and saw it as a burden for our customers to have to use two separate applications just to bank with us.

Q. Why did you choose FIDO authentication over other options? What did you identify as advantages of implementing FIDO?

Although there are various types of authentication methods available, the fact that FIDO Authentication is a global standard developed by a global consortium FIDO Alliance, and that we have seen is increasingly being deployed in Japan and globally – were two factors that made it very appealing to us. 

Q. Why did you decide on a standards-based approach? 

There are two main reasons why we chose to take a FIDO standards-based approach.

First, FIDO Authentication provides stronger security. FIDO Authentication enables safe exchange of authentication results over the network, and the credential is stored only on the device that performs the authentication (in our case, the smartphone) and does not need to be transmitted over the network or stored on the server side. 

Second, FIDO improves convenience for our customers. By incorporating authentication into our existing banking app, we are making it possible to complete both banking and authentication functions in a single app, enabling smooth transactions without having to enter passwords or other information.

Q. What steps were involved in your roll out of FIDO Authentication? Did you work with a partner? 

We implemented the FIDO-compliant “SaAT Pokepass Authentication Service” provided by Net Move Corporation (“Net Move”), a wholly owned subsidiary of SBI Sumishin Net Bank. The new authentication function “Smart Authentication NEO” was deployed by incorporating the client SDK for this service into the bank application.

Q. What other data points can you share that show the impact FIDO authentication has had?

On July 31, 2020, we launched a new authentication feature, “Smart Authentication NEO.” On the quantitative side, the number of new registered customers has reached approximately 100,000 in just three weeks since its launch, and we expect this number to increase further in the future.

On the qualitative side, many customers have commented on the convenience of being able to use a single app for both banking and authentication functions.

Q. What advice would you give to other organizations considering rolling out FIDO authentication? 

Again, our company’s FIDO authentication uses Net Move’s “SaAT Pokepass Authentication Service.” By collaborating with Net Move, we were able to deployed the new authentication function “Smart Authentication NEO” in a short period of time.

In addition to FIDO authentication, Net Move already has an installed at more than 100 financial institutions, including “SaAT Netizen,” an anti-fraudulent remittance service, and we believe that Net Move can help to solve these issues.

Q. What role do you see FIDO Authentication playing for your company in the future?

The “Smart Authentication” service will be discontinued after January 2021, and we will move exclusively to the FIDO-enabled “Smart Authentication Neo” app. We see moving to the FIDO-enabled app  as the key authentication function will further allow us to provide secure and convenient experiences for our customers.

Q. If you are able, please provide a quote from an executive regarding this deployment and the impact FIDO has had for your organization.

Quote from the project manager of SBI Sumishin Net Bank:

“Our goal is to revolutionize financial services and make society more comfortable and convenient by utilizing the most advanced technology with a customer-centric approach. Security is an extremely important factor in achieving this goal, and we believe that the introduction of FIDO will make a significant contribution.”

The post Deploying FIDO in Japan: An Interview with SBI Sumishin Net Bank appeared first on FIDO Alliance.

Friday, 09. October 2020

Hyperledger Foundation

Weekend Update: This Week’s Round-up of Remote Blockchain Learning Resources

Welcome to the Weekend Update. Our goal with this weekly post is to share quick updates about online education, networking and collaboration opportunities and resources for the open source enterprise... The post Weekend Update: This Week’s Round-up of Remote Blockchain Learning Resources appeared first on Hyperledger.

Welcome to the Weekend Update. Our goal with this weekly post is to share quick updates about online education, networking and collaboration opportunities and resources for the open source enterprise blockchain community. 

If you have suggestions for resources or events that we should spotlight in a future Weekend Update, let us know here using #HLWeekendUpdate. 

Webinar: Optimizing supplier onboarding assessment processes through SSI

In this presentation, Luigi Riva, head of product for Swisscom Blockchain, will show a solution for supplier assessment and onboarding. This process can be optimized using Self-Sovereign Identity capabilities. In the course of supplier assessment processes, suppliers need to disclose their audits, policies and operative processes, so that their customers are capable to analyze and assess the supplier risk through a validation of the supplier compliance data. Through the standardization of supplier onboarding processes and using SSI, the Swisscom solution allows suppliers to transport data and their customers can easily validate and trust the authenticity of it.

Tune on Wednesday, October 14, at 10:00 am EDT. For more information and to register, go here.

Hyperledger Identity Working Group guest speaker: Lal Chandran from iGrant.io on MyData operators

This talk will be an explanation of MyData operators, which are actors that provide infrastructure for human-centric personal data management and governance. There were 16 organisations awarded the inaugural status of a MyData operator, including iGrant.io. The MyData Operator 2020 Award recognises operators of human-centric infrastructure for personal data management and sharing. 

The meeting is on Wednesday, October 14, at 12 noon EDT (16:00 UTC). Find more details here.

Hyperledger Developer Newsletter

Hyperledger now has a technical newsletter aimed at developers and engineers. To get the latest on Hyperledger project updates, features and milestones, sign up here.

Virtual Meetups

Saturday, October 10, at 16:00 UTC / 16:00 GMT: Hyperledger Senegal hosts “ASK US anything about Blockchains” (French) Tuesday, October 13, at 16:00 UTC / 18:00 CET: Hyperledger Vienna hosts “Identitäts-Blockchains für digitale Identitäten” (German) Thursday, October 15, at 16:00 UTC / 12:00 EDT: Hyperledger Washington DC hosts “Simplify Deployment of Production-grade Blockchain Networks Using Blockchain Automation Framework (BAF)” Thursday, October 15, at 16:00 UTC / 12:00 EDT: Hyperledger Boston hosts “Deploy and manage Hyperledger Fabric networks and applications with consortia.io”

See the full Virtual Meetup schedule here

The post Weekend Update: This Week’s Round-up of Remote Blockchain Learning Resources appeared first on Hyperledger.


FIDO Alliance

2020 FIDO Seoul Virtual Seminar: Day 2

Day 2 of FIDO Seoul Virtual Seminar. Event in Korean language with English subtitles. Agenda: PASS ID/Authentication (PASS Authenticator, QR Code Access Control – Ki-Eun Shin, SK Telecom Online Security […] The post 2020 FIDO Seoul Virtual Seminar: Day 2 appeared first on FIDO Alliance.

Day 2 of FIDO Seoul Virtual Seminar. Event in Korean language with English subtitles.

Agenda:

PASS ID/Authentication (PASS Authenticator, QR Code Access Control –
Ki-Eun Shin, SK TelecomOnline Security Threats Imposed to Remote Workers due to Global Pandemic –
Yousuk Han, AirCuveQuick FIDO Implementation Guide for Developers –
Dongho Kim, Samsung SDSReplacing Passwords with Biometric Authentication –
Jaehyung Lee, OctatcoFIDO Certification Program Guide –
Jaebum Lee, TTAMobile eID and Beyond –
Jongsu Kim, Samsung ElectronicsCOVID-19 Causing Cyber Threats to Telecommuters –
Youngsuk Hong, TrustKey

The post 2020 FIDO Seoul Virtual Seminar: Day 2 appeared first on FIDO Alliance.


2020 FIDO Seoul Virtual Seminar: Day 1

Day 1 of FIDO Seoul Virtual Seminar. Event in Korean language with English subtitles. Agenda: Welcome & Opening Remarks – Andrew Shikiar, FIDO Alliance Executive Director & CMO– Dr. Daniel […] The post 2020 FIDO Seoul Virtual Seminar: Day 1 appeared first on FIDO Alliance.

Day 1 of FIDO Seoul Virtual Seminar. Event in Korean language with English subtitles.

Agenda:

Welcome & Opening Remarks –
Andrew Shikiar, FIDO Alliance Executive Director & CMO– Dr. Daniel Ahn, FIDO Alliance Korea Working Group ChairFIDO Alliance Update –
Joon Hyuk Lee, FIDO Alliance APAC Market Development DirectorDigital Signature Act Amendments & FIDO Protocol –
Dr. Heung Youl Youm, Professor at Soonchunghyang UniversityJourney of 2020 FIDO Hackathon2020 FIDO Hackathon –
Goodbye Password Challenge Final Presentation – [Bronze Award] AWS – FIDO Based Wireless Router Management Solution2020 FIDO Hackathon –
Goodbye Password Challenge Final Presentation – [Bronze Award] Fingerprint 486 – FIDO Based Secure Document Sharing System2020 FIDO Hackathon –
Goodbye Password Challenge Final Presentation – [Silver Award] Dr. Who – DID & FIDO Based Smart Health Insurance & Identification System2020 FIDO Hackathon –
Goodbye Password Challenge Final Presentation – [Silver Award] Protect Homes – FIDO Based IoT Smart Home Solution2020 FIDO Hackathon –
Goodbye Password Challenge Final Presentation – [Gold Award] Moses’ Miracle – FIDO Based Entry Control System

The post 2020 FIDO Seoul Virtual Seminar: Day 1 appeared first on FIDO Alliance.


Me2B Alliance

All Aboard! Me2B Alliance Membership Countdown

Two weeks from today, the Me2B Alliance will be transitioning to a membership organization. What this means for you, as part of the Alliance community, is an opportunity to become an influential voice in the respectful technology movement.    Starting October 22, all Alliance work will be taking place in the membership portal.  To remain active in the Alliance community, ple

Two weeks from today, the Me2B Alliance will be transitioning to a membership organization. What this means for you, as part of the Alliance community, is an opportunity to become an influential voice in the respectful technology movement. 

 

Starting October 22, all Alliance work will be taking place in the membership portal. 

To remain active in the Alliance community, please become a member before October 22.  

 

Better yet, join today!

 

For your convenience, here’s the link on the new Me2BA.org website: https://me2ba.org/membership/

 

We look forward to seeing you very soon.

 

Lisa LeVasseur

Executive Director

 


Kantara Initiative

Kantara to Assess GSA Login Service’s Compliance With NIST Digital ID Guidelines

The General Services Administration has selected Kantara Initiative to perform third-party evaluation of the federal government’s unified login service against digital identity protection standards set forth by the National Institute of Standards and Technology. Kantara said Wednesday it will assess whether the login.gov portal operates in accordance with NIST Special Publication 800-63-3 provision

The General Services Administration has selected Kantara Initiative to perform third-party evaluation of the federal government’s unified login service against digital identity protection standards set forth by the National Institute of Standards and Technology.

Kantara said Wednesday it will assess whether the login.gov portal operates in accordance with NIST Special Publication 800-63-3 provisions for user identity proofing and authentication.


Kantara and SAFE Identity to support each other’s digital identity Trust Marks

GSA seeks Kantara certification for NIST standard. Trust Framework Providers SAFE Identity and Kantara Initiative have reached a reciprocal agreement to consolidate digital identity assessments, each endorsing and supporting the other’s public key infrastructure (PKI) and non-PKI domain Trust Frameworks, along with their certified identity providers. The collaboration simplifies digital identi

GSA seeks Kantara certification for NIST standard.

Trust Framework Providers SAFE Identity and Kantara Initiative have reached a reciprocal agreement to consolidate digital identity assessments, each endorsing and supporting the other’s public key infrastructure (PKI) and non-PKI domain Trust Frameworks, along with their certified identity providers.

The collaboration simplifies digital identity assessment and Trust Mark processes for companies in healthcare, financial services and other sectors to reduce organizational risk.

Thursday, 08. October 2020

Hyperledger Foundation

How Hyperledger Fabric is impacting the Telco, Media and Entertainment industry

The rise of blockchain Blockchain is already a reality in the Telecommunication, Media and Entertainment (TME) industry. In fact, many companies, both established and start-ups, have implemented blockchain-based solutions to... The post How Hyperledger Fabric is impacting the Telco, Media and Entertainment industry appeared first on Hyperledger.

The rise of blockchain

Blockchain is already a reality in the Telecommunication, Media and Entertainment (TME) industry. In fact, many companies, both established and start-ups, have implemented blockchain-based solutions to automize, digitize and re-invent some of their processes.

Like other industries, TME is characterized by the lack of visibility, transparency and auditability of some of its processes, making asset transactions less efficient, thus generating both extra costs and revenue leakage. In telecommunication, a good example of such a process is wholesale voice settlements. Carriers around the world exchange large amounts of money for interconnection costs, but there are no industry standards to ensure consistency and transparency. Each report is subject to dispute and reconciliation. In the media industry, we all know how difficult it is for artists and music labels to track the revenues that are due to them from streaming and video platforms.

Hyperledger helps in bringing efficiency to TME operations

The stakeholders in the TME industry are pioneers in the application of blockchain to solve some of the critical industry issues. In particular, they recognize that a platform designed for the enterprise like Hyperledger Fabric provides tangible value-adds such as  privacy, transparency, trust and security. Leveraging these key characteristics, telco and media companies have started building consortia and projects to validate the value of the technology. These consortia can be categorized into three categories: operations-focused, customer experience and full revenue generating ecosystems.

In the first category, companies collaborate to improve back end processes that take place between them, with the goal of eliminating redundant costs and activities. This helps improve productivity and efficiency in the value chain. In a nutshell, this is an efficiency play. Some processes touch all players in the industry. Examples include roaming settlements for telecommunications or digital advertising supply chains for the media industry. (Recently, Syniverse and IBM went live with the first blockchain-based roaming solution compliant with the new GSMA billing standard.) Alternatively, some processes may interest only a major player and its closest suppliers. 

Reinventing customer experience with Hyperledger 

The second category, customer experience-focused consortia, revolves around improving the engagement of the customer rather than the efficiency of the processes. The main financial goal is not cost cutting but revenue generation, either through new services or new business models.

In this context, the sky is the limit: use cases are several and very different. When the goal is to provide a better customer experience, Hyperledger technologies can be used to improve customer engagement and make client-facing activities easier and less redundant. For example: IBM uses Hyperledger Fabric to simplify the dispute resolution process for commercial financing. Fabric is also used to automatically enforce warranties or reduce the time needed to port your mobile number from one carrier to another, thus improving the customer experience. 

On the other side, blockchain can be used to create new services for telecommunication and media companies. For decades, telcos have harbored an ambition to get into the mobile payment business. Now, with blockchain, they have an easy and secure way to implement digital wallets, create tokens and exchange them in their own network or with other networks. The same can apply to the gaming industry, where the concept of credits and digital token has been popular in the last few years but was hard to monetize.

Carriers can also now provide digital identity services. Blockchain is the ideal platform for creating a trusted identity, and carriers are in the perfect position to enable subscribers with digital identity and to develop an ecosystem of applications. IBM’s Verify Credentials creates a decentralized approach to identity management – enabled by blockchain – building on top of open standards in combination with Decentralized Identity Foundation (DIF), World Wide Web Consortium (W3C) and other standards groups

Hyperledger Fabric is the foundation of new industry ecosystems

Finally, the third category, the ecosystems, comprises consortia that cover the entire industry. Consortia turn into ecosystems over time, when an initial application becomes an industry-wide platform, setting the standards for the whole industry and allowing for flexible, modular and open participation, in a “network of networks” fashion. The founder of the ecosystem can extract high value from the platform and become a winner.

The application of Hyperledger Fabric in the TME industry has not achieved the level of maturity necessary for the establishment of a real ecosystem, but a few companies and industry organizations are already laying the foundations for the future ecosystems.

There are several organizations that are creating consortia and implementing blockchain networks.

Companies that interact frequently are getting together to form small groups of three  or four participants to streamline existing processes. They can either be telecom carriers that need to facilitate settlements among themselves or music streaming services that want to remunerate music labels faster and more accurately. Regulators are playing a big role: in India, the local telecom regulatory agency (TRAI) mandated the use of blockchain to prevent unsolicited commercial communication. Indian mobile subscribers can opt out of telemarketing calls and a blockchain distributed ledger will manage this information for carriers, content providers and the regulators.  IBM is working with TRAI and Bharti Airtel on the commercial deployment that will initially help the operator curb unwanted calls and messages from advertisers. It will also help the operator in Mobile Number Portability, interconnect settlements, supply chain streamlining and content partner settlement. The European Union, through the Horizon 2020 fund, is financing several blockchain projects to improve the way information and infrastructure is shared within telecom companies. Service providers are very active organizations that are leveraging their neutrality to build industry-wide ecosystems. They can be either established platform providers that already serve the majority of their market or new start-ups trying to disrupt the competition. In the first case, service providers are improving their value proposition through blockchain. In the second case, start-ups are rethinking the way the industry works. Finally, industry standard organizations are gathering their members to define how blockchain can transform their industry. This is happening both in telco and media. In telco, organizations such as the GSMA, TWI GLF and the Bridge Alliance are advocating for blockchain with the goal of establishing common standards for the most immediate blockchain use cases (e.g., wholesale and roaming settlements). In the media space, AdLedger is leveraging blockchain to re-shape the digital advertising industry.

2020 is going to be a KEY year for blockchain in the TME industry: we are going to see the outcome of the work done in the last couple years and the move to production of many consortia.

Cover image by pisauikan from Pixabay

The post How Hyperledger Fabric is impacting the Telco, Media and Entertainment industry appeared first on Hyperledger.


Kantara Initiative

Login.gov to be third-party assessed against NIST’s digital identity guidelines

The General Services Administration wants to build trust in Login.gov‘s ability to verify users’ identities for any agency using the service, so it’s having the technology assessed by a third party. Kantara Initiative will assess the conformity of Login.gov’s identity proofing and authentication with the National Institute of Standards and Technology‘s Special Publication (SP) 8

The General Services Administration wants to build trust in Login.gov‘s ability to verify users’ identities for any agency using the service, so it’s having the technology assessed by a third party.

Kantara Initiative will assess the conformity of Login.gov’s identity proofing and authentication with the National Institute of Standards and Technology‘s Special Publication (SP) 800-63-3, the government’s digital identity guidelines.


One World Identity

Nationalism & Its Threat to Digital Identity: Part 4

This is the fourth and final piece in our series focused on nationalism and its threat to digital identity. If you missed it, read the first three parts (1,2,3), now for the full story.   #ICYMI   This series was initiated after the E.U. announced it had revoked the Privacy Shield, a transatlantic agreement that … Nationalism & Its Threat to Digital Identity: Part 4 Read More »

This is the fourth and final piece in our series focused on nationalism and its threat to digital identity. If you missed it, read the first three parts (1,2,3), now for the full story.

 

#ICYMI

 

This series was initiated after the E.U. announced it had revoked the Privacy Shield, a transatlantic agreement that enabled the legal transfer of data between itself and the United States (U.S.). Since that ruling, we have also seen the Swiss Data Protection Authority conclude the EU-U.S. Swiss Privacy Shield was no longer a valid method of transferring personal data between the two countries.

 

This news, and subsequent follow-up, sparked our OWI team to take a step and ask ourselves if there was a broader trend around the rise of nationalism, both political and economical, and its role in disrupting international data sharing agreements. For digital identity enthusiasts like ourselves, we acknowledge that international cooperation and data sharing are essential pillars in furthering inclusive digital identity infrastructures and preventing bad actors from causing undue harm. 

 

This series intends to capture what the roles and positions of the major economies — the E.U., China, and the U.S. — are in the data economy, and illustrate why the current trend towards centralization is counterintuitive to more effective digital identity strategies. In this finale, we will look at how the U.S.’s inability to lead the international community towards a unilateral digital economy infrastructure — by prioritizing companies’ free will over individual rights over its people — indirectly stifles the possibility for interoperable and secure digital identities.

 

Additionally, we will examine how, while the CCPA can be seen as a bellwether for future U.S. data privacy policy, it is still insufficient in governing how U.S. companies handle and process personal data. This position stands in stark contrast with countries abroad, who recognize data privacy as a global concern and who take concerted action to prioritize individual privacy protection and develop robust digital identity frameworks. Moreover, these issues are compounded by the fact that the U.S. has taken drastic steps over the past few years to remove themselves from several high-profile trade and political agreements. 

 

This retrenchment from the national community has forced countries to implement new mandates or remove existing agreements targeted at U.S. technology companies operating abroad. We believe the rise of nationalistic policies is hurting cooperative approaches to interoperable and inclusive digital identity frameworks. To that end, we will conclude with alternative methods forward and offer some examples of companies pursuing digital identity systems that do not necessitate centralized authorities.

 

The Influence of CCPA

 

At the time of writing, October 1st, 2020, the U.S. does not have a central federal level privacy law. Data privacy is instead under the purview of several industry-specific laws (e.g., HIPAA, U.S. Privacy Act, Children’s Online Privacy Protection Act (COPPA), etc.) and championed by several privacy-forward states, most notably California with the California Consumer Data Privacy Act (CCPA), in addition to Maine and Nevada.  

 

California’s economic size, political influence, and role as the de facto technology hub of the U.S. have made CCPA a global conversation topic. And it serves as the closest example of what we could expect a federal mandate to reflect. CCPA’s scope and territorial reach are more limited than the GDPR. Additionally, the extent of the Act is restricted to two main categories. 

 

The first applies to for-profit businesses operating in California. A business must collect California citizens’ data and determine the purpose and means of their personal data, meaning that they slice and dice it for commercial purposes. Additionally, the law has specific qualifications for these businesses. They must:

 

Have at least $25 million in annual gross revenue Buy/sell or received the personal information of at least 50,000 California consumers, households or devices annually 50 percent of your annual revenue comes from selling California consumers’ personal data

 

This data privacy law continues to be contested by several big tech companies in the United States, contending that they are selling access to data instead of selling data. 

 

The second category encompasses entities that control or are controlled by an entity that meets the first set of criteria or shares common branding with the parent entity. This makes the CCPA targeted as companies are in the personal data business.

 

Users as End-Products 

 

The lack of a federally-administered data privacy law or of any unified governance over the private-sector’s collection and use of personal data has allowed companies to act at their discretion. This freedom to optimize the user’s experience while maintaining a free business model has made the user the end-product. However, these same business practices are not being received well in countries abroad, creating mounting geopolitical tensions that manifest themselves in events such as the revoking of the Privacy Shield. 

 

Countries abroad recognize that their citizens’ personal privacy is being infringed upon for a foreign entity’s monetary benefit. Moreover, countries have legislation maintaining that personal data privacy is an individual human right (e.g., GDPR), and U.S. companies are not abiding by that principle. It would be the equivalent of parents not teaching their children any concept of right and wrong, and during a playdate, the friend’s parents having to ask the poorly-acting child to leave their home before they can learn not to smash their face with spaghetti. 

 

The U.S. should acknowledge its failure to implement legislation that prioritizes individuals’ rights over company profits; doing so would promote free trade in the digital economy. It is important to note that data privacy issues are not the only issue eroding global cooperation. Not only is the U.S. ineffectively governing private sector companies, but it is also actively reducing the number of formal partnership agreements with allies and trade partners. Over the last several years, the United States has pulled away from several high-profile international agreements, including but not limited to the Paris Accords, JCPOA, Open Skies agreement, the U.N. Human Rights Council, and the Trans-Pacific Partnership. The reluctance for furthering international partnerships is forcing other countries to implement legislation, particularly around data privacy, that keeps U.S. companies accountable.

 

Moreover, the retrenchment from global cooperation around technology and data interoperability is closing the window on a possible future where governments successfully coordinate a standardized approach to digital identity. 

 

The Path Forward  

 

There are 1.1 billion people in the world without access to a digital identity – and even more people lack a mechanism to transfer or port their digital footprint with themselves outside of their native country. This lack of basic identification and interoperability systems perpetuate ongoing barriers for individuals to access goods and services. Digital identity experts, such as the UNDP, argue that the key to solving these issues is ongoing international cooperation and dedicating resources to establish standards for individuals to receive a universally recognized digital identifier. In addition to the lack of U.S. federal standards and frameworks, the rise of nationalism reduces the likelihood of these initiatives gaining meaningful traction.

 

Thankfully, there are potential paths forward. There are members of the digital identity community who are working tirelessly to promote alternative systems. Of the initiatives underway, a decentralized identity is a popular option that does not require participation from authoritative sources to maintain digital identities for individuals (e.g., SovrinDIFSecureKeyW3C). These systems commonly leverage distributed ledger technology to distribute identity data for users to readily access their sovereignty and leisure. And on the government front, there is still hope. We encourage members of the digital identity, big data, technology, and data privacy communities to keep raising awareness of these issues and garner the attention of more government officials worldwide to the consequences being inflicted on billions of people. Global problems can only be solved together.

The post Nationalism & Its Threat to Digital Identity: Part 4 appeared first on One World Identity.

Wednesday, 07. October 2020

Kantara Initiative

SAFE Identity and Kantara Partner to Expand Trust Frameworks

SAFE Identity and Kantara Initiative, the two worldwide acknowledged Trust Framework Providers, are focusing on extending digital identity trust and security. The companies have announced a reciprocal agreement to endorse and support each other’s Trust Frameworks, which is used for Public Key Infrastructure (PKI) and non-PKI domains together with their certified identity providers.

SAFE Identity and Kantara Initiative, the two worldwide acknowledged Trust Framework Providers, are focusing on extending digital identity trust and security. The companies have announced a reciprocal agreement to endorse and support each other’s Trust Frameworks, which is used for Public Key Infrastructure (PKI) and non-PKI domains together with their certified identity providers.


Kantara Initiative Welcomes the General Services Administration

Kantara to Provide Its NIST SP 800-63-3 Conformity Assessment For Identity Proofing & Authentication WAKEFIELD, Mass., USA – October 7, 2020 — Kantara Initiative announced today that the United States General Services Administration (GSA) is joining Kantara and plans to put its Login.gov service through the Kantara assurance and approval program based on third-party assessment […]

Kantara to Provide Its NIST SP 800-63-3 Conformity Assessment For Identity Proofing & Authentication

WAKEFIELD, Mass., USA – October 7, 2020 — Kantara Initiative announced today that the United States General Services Administration (GSA) is joining Kantara and plans to put its Login.gov service through the Kantara assurance and approval program based on third-party assessment against the requirements detailed in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63-3 Digital Identity Guidelines.

“NIST SP 800-63-3 is focused on modernizing the policy in keeping with rising threat levels for identity proofing, verification and authentication whilst also improving privacy in the overall digital user experience,” said Colin Wallis, Executive Director, Kantara Initiative.  “Kantara has developed assessment criteria against each of 63-3’s normative requirements to drive consistency in assessments of applicable credential service providers (CSPs) done by Kantara 3rd party accredited assessors. Consistency in assessments drives long term integrity in Kantara’s Trust Framework and Trust Marks internationally, thereby building trust and confidence for all stakeholders in the wider digital economy.”

With the GSA’s oversight, Login.gov provides simple, secure, private access to participating US government digital services online.  A single privacy-aware login.gov account can sign-in to multiple government agencies making managing federal benefits, services and applications easier and more secure for the public. Login.gov is used by over 60 applications at 17 agencies including the Department of Defense, Department of Homeland Security, Department of Energy and the Executive Office of the President. To date, over 25 million people have signed up to use login.gov.

Kantara is one of the leading global consortiums improving trustworthy use of identity and personal data through innovation, standardization and good practice. It provides third party assessment against the NIST SP 800-63-3 for identity proofing and authentication. US Government agencies are required to follow NIST guidelines and independent, external assessment is acknowledged as best practice to demonstrate NIST standards compliance.

Kantara was authorized as a US Government Trust Framework provider to the GSA’s then FICAM Trust Framework Solutions (TFS) program in 2011 and works with governments and standards-bodies internationally to align its Trust Mark program for multi-jurisdictional adoption. Kantara is one of the premier Trust Framework Providers aligned with the US National Strategy for Trusted Identities in Cyberspace (NSTIC) program as well as similar initiatives outside the US.

NIST SP 800-63-3

NIST SP 800-63-3 is the set of prevailing digital identity guidelines to which US Federal agencies implementing identity verification and authentication must comply. It also serves as a widely-recognized benchmark for any organization or business wishing to implement identity verification and authentication services, both internationally as well as within the US.

About Kantara Initiative Trust Framework

Kantara Initiative’s Trust Framework Operations and Identity Assurance program is the industry leading program that accredits Assessors and approves Credential Service Providers (CSPs).  The program offers three Classes of Approval that enable CSPs to seek approval of their Identity and Credential Management Services as meeting NIST 800-63 rev.3 requirements. By design, Kantara’s IAF can be applied to a range of standards-derived schemes and classes of approval to verify an organization’s conformance, including NIST SP 800-63-3.

About Kantara Initiative

The Kantara Initiative is one of the leading global consortiums improving trustworthy use of digital identity and personal data through innovation, standardization and good practice. Kantara provides real-world innovation through its development of specifications, applied R&D and conformity assessment programs for the digital identity and personal data ecosystems. More information is available at https://kantarainitiative.org/.

Follow Kantara Initiative on Twitter — @KantaraNews

For further information:

Bob Olson, Virtual, Inc.
+1.781.876.8839
rolson@virtualinc.com

Tuesday, 06. October 2020

FIDO Alliance

Mobile ID World: CISA Encourages Use of FIDO Authentication to Ensure Election Security

The US Cybersecurity and Infrastructure Security Agency (CISA) is promoting the use of FIDO authentication technology to help guard against cyberattacks during the upcoming US election. The organization is particularly concerned with […] The post Mobile ID World: CISA Encourages Use of FIDO Authentication to Ensure Election Security appeared first on FIDO Alliance.

The US Cybersecurity and Infrastructure Security Agency (CISA) is promoting the use of FIDO authentication technology to help guard against cyberattacks during the upcoming US election. The organization is particularly concerned with phishing, noting that such methods are deployed in 78 percent of cyber-espionage incidents. Read the article.

The post Mobile ID World: CISA Encourages Use of FIDO Authentication to Ensure Election Security appeared first on FIDO Alliance.


ConnectSafely Webinar: Are Passwords Really Protecting Us?

ConnectSafely spoke with online security expert Andrew Shikiar, Executive Director & Chief Marketing Officer of FIDO Alliance about phishing, vishing, social engineering, and what’s wrong with passwords. “Simply put, passwords […] The post ConnectSafely Webinar: Are Passwords Really Protecting Us? appeared first on FIDO Alliance.

ConnectSafely spoke with online security expert Andrew Shikiar, Executive Director & Chief Marketing Officer of FIDO Alliance about phishing, vishing, social engineering, and what’s wrong with passwords. “Simply put, passwords aren’t up to the task,” Shikiar says. “They’re not good for what we’re doing today, where everything is online.” Listen to the webinar recording.

The post ConnectSafely Webinar: Are Passwords Really Protecting Us? appeared first on FIDO Alliance.


MyData

6 reasons why YOU should Run for MyData Global Leadership positions in the elections for 2021

  Get ready for the most exciting elections of November 2020! MyData Global is an award-winning international nonprofit based in Finland. MyData Global’s mission is to empower individuals to self-determination regarding their personal data.  Our association is politically non-aligned and emphatically collaborative, not antagonistic, by nature. We approach the complex set of issues around

  Get ready for the most exciting elections of November 2020! MyData Global is an award-winning international nonprofit based in Finland. MyData Global’s mission is to empower individuals to self-determination regarding their personal data.  Our association is politically non-aligned and emphatically collaborative, not antagonistic, by nature. We approach the complex set of issues around personal...

Read More

The post 6 reasons why YOU should Run for MyData Global Leadership positions in the elections for 2021 appeared first on MyData.org.

Monday, 05. October 2020

Hyperledger Foundation

Developer Showcase Series: Sushma Varadaiah, Coding Bootcamps

Back to our Developer Showcase Series to learn what developers in the real world are doing with Hyperledger technologies. Next up is Sushma Varadaiah from Coding Bootcamps. What advice would... The post Developer Showcase Series: Sushma Varadaiah, Coding Bootcamps appeared first on Hyperledger.

Back to our Developer Showcase Series to learn what developers in the real world are doing with Hyperledger technologies. Next up is Sushma Varadaiah from Coding Bootcamps.

What advice would you offer other technologists or developers interested in getting started working on blockchain?

I personally feel that it’s the right time to get into blockchain as it holds a lot of potential in the very near future. Blockchain will be the way that we are going to establish trust and transparency in the world as we move forward. Along with other technologies like Artificial Intelligence and Internet of Things, the use of blockchain multiply.

Give a bit of background on what you’re working on, and let us know what was it that made you want to get into blockchain?

I have 6+ years of experience as a software developer. I am currently working on blockchain systems (Ethereum and Hyperledger Fabric). I got into blockchain because I studied cryptography and security while getting a Master degree in Computer Science and Information Security. It was easy for me to pick up blockchain’s underlying technologies because of my Master’s studies. I recognized the technology’s potential and got into blockchain.

What project in Hyperledger are you working on? Any new developments to share? Can you sum up your experience with Hyperledger?

I am working on Hyperledger Fabric. My journey with Hyperledger Fabric started when I got my first blockchain certification from the Linux Foundation followed by a Master’s degree certification in blockchain from International Institute of Information Technology Bangalore. I have developed Hyperledger Fabric Proofs of Concept for a range of use cases including  pharmaceutical drug supply chain, certificate verification and property registration network. You can find source code for all these in my GitHub page.

What are the main differences between teaching Hyperledger to students and developing Hyperledger applications?

While teaching at Coding Bootcamps, the main challenge is to explain blockchain concepts to a student who is new to the technology. Troubleshooting the issues that are faced by students who are learning to develop blockchain applications is a very rewarding feeling. On the other hand, developing Hyperledger applications for a business involves different complexities like deploying and scaling the application according to user growth.

What do you think is most important for Hyperledger to focus on in the next year?

Devtools for easy smart contract development and deployment.

As Hyperledger’s incubated projects start maturing and hit 1.0s and beyond, what are the most interesting technologies, apps, or use cases coming out as a result from your perspective?

I personally feel Hyperledger Fabric has a lot of potential to bring transparency to supply chain management use cases. 

What’s the one issue or problem you hope blockchain can solve?

Increasing transparency and trust among users.

Where do you hope to see Hyperledger and/or blockchain in five years?

I hope to see applications moving towards decentralization and industry maturing towards adoption of blockchain with other technologies like Artificial Intelligence and the Internet of Things.

What is the best piece of developer advice you’ve ever received?

Never stop learning.

What technology could you not live without?

Internet!

The post Developer Showcase Series: Sushma Varadaiah, Coding Bootcamps appeared first on Hyperledger.


Me2B Alliance

Me2B Alliance Monthly Call - Mon, 10/05/2020 8:00am-9:00am

Reminder: Me2B Alliance Monthly Call When: Monday, 5 October 2020, 8:00am to 9:00am, (GMT-07:00) America/Los Angeles View Event Organizer: Megan Bekolay Description: Lisa LeVasseur is inviting you to a scheduled Zoom meeting.   Topic: Me2B Alliance Time: Mar 2, 2020 08:00 AM Pacific Time (US and Canada)         Every month on

Reminder: Me2B Alliance Monthly Call

When: Monday, 5 October 2020, 8:00am to 9:00am, (GMT-07:00) America/Los Angeles

View Event

Organizer: Megan Bekolay

Description:

Lisa LeVasseur is inviting you to a scheduled Zoom meeting.   Topic: Me2B Alliance Time: Mar 2, 2020 08:00 AM Pacific Time (US and Canada)         Every month on the First Mon, until Aug 3, 2020, 6 occurrence(s)         Mar 2, 2020 08:00 AM         Apr 6, 2020 08:00 AM         May 4, 2020 08:00 AM         Jun 1, 2020 08:00 AM         Jul 6, 2020 08:00 AM         Aug 3, 2020 08:00 AM Please download and import the following iCalendar (.ics) files to your calendar system. Monthly: https://zoom.us/meeting/vpMoce6qqDkph3jl_ajkRgY0KikqhW7ZHQ/ics?icsToken=98tyKuqvqz0tGNKXs1_Hf6kqE9r8b9_qknkdoK9inRXuMSdqMij_PfNKBeVFOOmB   Join Zoom Meeting https://zoom.us/j/375672623   Meeting ID: 375 672 623   One tap mobile +16699006833,,375672623# US (San Jose) +14086380968,,375672623# US (San Jose)   Dial by your location         +1 669 900 6833 US (San Jose)         +1 408 638 0968 US (San Jose)         +1 646 876 9923 US (New York) Meeting ID: 375 672 623 Find your local number: https://zoom.us/u/acUTI5Weo  


Re: Reminder: Me2B Full Alliance meeting tomorrow morning at 8am PDT

Just ran across this: https://www.datapolicytrust.com/ Might be interesting. Doc
Just ran across this: https://www.datapolicytrust.com/
Might be interesting.
Doc

Sunday, 04. October 2020

Me2B Alliance

Reminder: Me2B Full Alliance meeting tomorrow morning at 8am PDT

Hi friends,   Please join me tomorrow for our bi-monthly full alliance call at 8am PDT where I’ll share exciting news about our transition to membership.   Join Zoom Meeting https://zoom.us/j/375672623   Meeting ID: 375 672 623   One tap mobile +16699006833,,375672623# US (San Jose) +14086380968,,375672623# US (San Jose)   Dial by your location    

Hi friends,

 

Please join me tomorrow for our bi-monthly full alliance call at 8am PDT where I’ll share exciting news about our transition to membership.

 

Join Zoom Meeting

https://zoom.us/j/375672623

 

Meeting ID: 375 672 623

 

One tap mobile

+16699006833,,375672623# US (San Jose)

+14086380968,,375672623# US (San Jose)

 

Dial by your location

        +1 669 900 6833 US (San Jose)

        +1 408 638 0968 US (San Jose)

        +1 646 876 9923 US (New York)

Meeting ID: 375 672 623

Find your local number: https://zoom.us/u/acUTI5Weo

 


Decentralized Identity Foundation

Drilling down: Open Source

A crash-course in the complex world of variously-open software licensing The ostensibly binary distinction between “open” and “closed” software gets bandied about in many contexts, often in a dangerously simplified form, as though there were only two, mutually-exclusive options. It can also be extended to standards in an imprecise or oversimplified way. Sometimes people refer to groups like DIF “

A crash-course in the complex world of variously-open software licensing

The ostensibly binary distinction between “open” and “closed” software gets bandied about in many contexts, often in a dangerously simplified form, as though there were only two, mutually-exclusive options. It can also be extended to standards in an imprecise or oversimplified way. Sometimes people refer to groups like DIF “working on open-source standards,” but speaking precise, no such thing exists!

Only software code can be open-source, since after all, “source” is short for “source code” (pre-compiled software). Standards, whether open or not, are not code — instead, they are functional definitions and specifications that define and specify protocols that one application (or code base) uses to talk to another (or code base). Each standard can be understood as a benchmark for testing specific implementations, dividing existing and future codebases into those fully, partly, or non-compliant with its requirements.

“Lean Startup workshop” in Amsterdam, by Daria Nepriakhina

Code, whether open-source or not, can implement or “build to” a pre-existing standard, which can be developed in a variously open or closed manner; there is no inherent link or dependency between the openness or rigor of the two processes. Similarly, a standard can be “written around” one or more existing implementations, in such a way that the existing code is definitively compliant with the resulting standard tailored to it. This latter operation is an important function in open-source communities, in that it invites future developers to make new code that will be interchangeable or interoperable with that precedent. Even if that pre-existing code is closed, the resulting standard can be of great use to open-source development, particularly if the process used to write it was also “open” and participated in by the designers and implementers of that closed-source precedent.

In this series of three brief explanatory posts, we’ll first explain open-source development as a process rather than defining it by its results. In the next post, we will explain the characteristics and optionalities of an “open process” for developing standards. Supporting these open standards is where the bulk of DIF’s efforts and resources are focused. Lastly, we will turn to how open source and open standards work together to create new business models and strategies with real-world consequences for cooperation, “coöpetition,” and healthy markets.

Source Code and Intellectual Property Law

At their lowest level, computers are just machines that exercise millions of structured computations every second. They take inputs, perform computation, and produce outputs.

(public domain)

These computations can be combined into complex structures of data and decision-making called “programs” that interface with humans to make useful and meaningful outputs. At the lowest level, these computations still look like oceans of 1s and 0s to the untrained eye, but decades of refinement of operating systems, programming languages, scripting languages, and other abstractions make it easy for engineers to deal only with “source code” as a kind of human-readable abstraction at higher levels. This is “compiled” into more efficient, machine-readable “binaries” (ones and zeros) that can be deployed to standardized hardware in the real world where it is “run” (live software is often referred to as “runtime”).

by Chris Szalwinski from The C Program is licensed under a Creative Commons Attribution 2.5 Canada License.

Because it is human-readable and because licenses apply to compiled binaries and functional software in specific jurisdictions, the software industry has largely applied practices analogous to academic “peer review” for sharing and critiquing core pieces of source code. This complicates the open/closed distinction further, since a closed-source project and a licensed binary might still offer key components up for review through github or other channels traditionally used for open development. Furthermore, the many gradients between complete “open” or “closed” software depends on the ownership and licensing of a given piece of software, which can evolve over time or differ in its enforceability across jurisdictions. Like all legal matters, mileage may vary and always consult a licensed expert!

A thumbnail history of licensing

There is a range of different licensing regimes for source code. Among open-source licenses, different functions can be enabled or facilitated independently of one another: external review, attribution, innovation, maintenance, and even revenue-sharing and other conditions on business practices.

Proprietary code bases are released under closed-source licenses, which are optimized for secrecy, exclusivity, and/or sale of the results through licensing-based revenue models. For decades, this was how Microsoft licensed not only its proprietary stand-alone software, but even the bulk of the Windows operating system. The licensing landscape is much more diverse today, but before the 1990s very little commercial software was developed in the open or had its source code published after the fact.

The culture of academia is one of sharing and publishing intellectual work for peers to see and review — open peer-review is as central in academic computer science as it is in the hard sciences. The internet was originally imagined, architected, prototyped, and built by academics, and tinkerers, primarily supported by military and government funding. These three cultures (the military, academia, and independent “hacker”/tinkerer types) formed the basis of internet culture. A fourth culture was added later when the general public’s access to the internet evolved into a massive commercial industry in the early 1990s.

For our purposes here, we can limit ourselves to the fairly direct link, sometimes biographical, between the anomalous, non-commercial origins of the internet and the development of the open-source movement within the software industry. One “origin myth” that exemplifies this link is the story of a young Richard Stallman, then working in an early Artificial Intelligence lab at the Massachusetts Institute of Technology, who wanted to customize some printer software for an expensive new printer shared across all the floors of a busy research building. To do so, he needed to get the source code from the manufacturer, which he had done to customize the previous “workhorse” printer in the same building.

The manufacturer of the new model, however, surprised Stallman by refusing to hand over the code on grounds of licensing and intellectual property rights. Stallman, to whom the motto “software wants to be free” is often misattributed, often credits the incident for his deeply-held belief that the end-users of software have a right to modify and participate in the software they use, whether they paid directly for it or benefited from the procurements of governments. To this day, the details and boundaries of this right are still being debated, not only in open-source requirements for government procurements, but also in “right to repair” laws that extend these rights into the domain of hardware and the physical (and 3D-printed) world.

Varying degrees of “Software Freedom”

Stallman went on to found the Free Software Foundation and play a pivotal role in the elaboration of an open-source (and “free open source”) movement. He also created the first GNU Public Licence (GPL), still a major and influential family of licenses. All versions of the GPL have within them some version of these 4 essential “freedoms”:

The freedom to run the program as you wish, for any purpose (“freedom 0”).
The freedom to study how the program works, and change it so it does your computing as you wish (“freedom 1”). Access to the source code is a precondition for this.
The freedom to redistribute copies so you can help others (“freedom 2”).
The freedom to distribute copies of your modified versions to others (“freedom 3”). By doing this, you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

Honoring these four freedoms textually and fully can make it very hard to sell software commercially for many reasons, salient among them that freely-available source code in a major language is trivial to compile into functioning binaries; commercial or “closed” software is generally sold as compiled binaries, keeping the source code secret.

Furthermore, many early open-source licenses like GPL explicitly forbid so-called “enclosure” of the code, i.e., incorporating pieces or subsets of the licensed code into a new, close-source product. Anti-enclosure licensing is often referred to as “copyleft” (because it prohibits future copyrighting!) or “viral licensing,” since it cannot be mixed and matched with other licensing without overriding more restrictive licensing. This severely limits commercial potential of “forks” or derived variants. The entire Linux family of operating systems are licensed this way, which keeps Linux development squarely in the camp of maximally-open development throughout.

Over the course of the 1980s and 1990s, the open-source movement grew and at some point the software industry could not afford to ignore it, even if directly participating with licenses like GPL was not feasible for most companies of any size. This period saw the first “compromise-licenses” and hybrid open/closed business-models evolve around them. Many of the licenses still popular today date to these early experiments. For instance, the license originally created for the University of California, Berkeley’s fork of Unix, and still known today as the Berkeley Software Development (BSD) license, is one such “commercially lenient” open-source licenses. These licenses allow developers to take code that was originally open, make significant changes to modified versions of it, and license or even sell those under more classically commercial licenses.

Similarly, more lenient variants of the Apache and MIT licenses date to this period as well. It is worth noting that Apache web servers were one of the first open-source pieces of software that replaced a dominant commercial product. Apache web server software reaching a dominant position in the previously closed-license, commercial niche was a watershed moment for open-source software.

Apache is often held up, alongside Linux, as an example of where open-source software optimizes for standardization and safety of mission-critical infrastructure, largely due to the thorough and ongoing auditing and maintenance enabled by its core components being completely open to review, testing, and improvement proposals. Conversely, however, some historians of software development point out that allowing enclosure to the degree that Apache licenses do can lead to simultaneous or “parallel” development of various (partially closed-source) forks to evolve in tandem according to various divergent business agendas. Over time, this can splinter development, wicking off talent, attention, and manpower into closed development and creating a major coordination problem for the open-source “parent” of the family tree. In the most severe cases, this can greatly diminish and forfeit the standardization and security gains that made sharing an open-source parent so desirable in the first place.

Today and Tomorrow

Today, cloud-based business models and Software-as-a-Service have revived and expanded the toolkit for closed-source development, and in turn breathed new life into the debate about how hybrid models could make open-source infrastructure sustainable by revenue shares from closed-source products that depend on it. Similarly, the so called “cloud loophole” in older GPL licenses, whereby software could be run but not “distributed,” was closed by the newer Affero GPL that applies to cloud environments.

Another interesting frontier in the evolving licensing landscape is being opened up in recent years by distributing computing and distributed ledgers. One key assumption of traditional licensing is that software runs on a finite set of distinct pieces of hardware, with ownership and liability that follow straightforwardly from there. Distributed computing, however, where computation work is spread out over a more diffuse and indeterminate numbers of computers, which might have limited or no insight into the “big picture” of the software they are running, muddy the waters even further than traditional cloud environment. On the radically open side of the spectrum, the distributed-computing ecosystem project HoloChain has innovated the Cryptographic Autonomy Licence to empower users (and the software running in their name) by protecting them with encryption.

New forms of “confidential computing” and encrypted, self-sovereign networking take this even further, making the boundaries of software and runtime environments similarly porous. Attempts at licensing for these new topographies have been controversial at times, but they are also an important precedent and context for work happening in the DIF, such as that of the Secure Data Storage working group.

There are even more radical experiments and movements happening in the open-licensing problem space, which would restrict usage not [only] according to commercial terms or enclosure, but according to non-monetary and non-licensing rubrics as well. For instance, the “ICE breaker” project has brought more attention to the movement to license software according to so-called “ethical licenses.” These restrict derivative use anywhere it can be proven to support of human rights violations, such as in military applications or for “predictive policing” and other use-cases that run afoul of international authorities on human rights and discrimination. The provisions or triggers for such licensing might be as hard to enforce as international human rights law (i.e., very hard), but it sends a signal that specifications and standards from other disciplines such as human rights law and ethical philosophy might someday find their place among the commercial and attribution clauses in open-source licenses.

Further reading

All code developed under the DIF umbrella is strictly open source, and while DIF accepts donations of previously-closed source code, it is expected that all ongoing iterations of them will take place in the open. The original vision for DIF as a project within the Joint Development Foundation was to host code development, and it has since expanded to include co-developed pre-standards specifications and other educational and non-technical materials as well. Take a spin through our github repositories if you’d like to see an overview of historical and ongoing projects.

In this quick overview, we have only scratched the surface, though, and we encourage anyone working in the open software space to educate themselves further. The Open Source Initiative holds the trademark on the phrase “open source” and maintains a very helpful list of licenses that it has decided are fully conformant with its principles. The list of approved licenses that they maintain is a great place to start if you are researching the licensing landscape, and they also hold events and offer a substantial offering of educational materials.

In our next installment, we’ll turn to Open Standards and the work of the Decentralized Identity Foundation.

Drilling down: Open Source was originally published in Decentralized Identity Foundation on Medium, where people are continuing the conversation by highlighting and responding to this story.

Friday, 02. October 2020

Hyperledger Foundation

Weekend Update: This Week’s Round-up of Remote Blockchain Learning Resources

Welcome to the Weekend Update. Our goal with this weekly post is to share quick updates about online education, networking and collaboration opportunities and resources for the open source enterprise... The post Weekend Update: This Week’s Round-up of Remote Blockchain Learning Resources appeared first on Hyperledger.

Welcome to the Weekend Update. Our goal with this weekly post is to share quick updates about online education, networking and collaboration opportunities and resources for the open source enterprise blockchain community. 

If you have suggestions for resources or events that we should spotlight in a future Weekend Update, let us know here using #HLWeekendUpdate. 

Webinar: Tackling Scalability and Moving into Production

While DLTs are no longer a mystery to most enterprises, we still have not yet figured out how to build and scale production grade projects. It is easy to build a POC, but moving to the real world with real customers is a whole different issue. Moreover, the young age of the DLT space shows in lack of tooling. In this webinar, experts from Simbachain will explain how to use SIMBA, a smart contract as a service and blockchain innovation platform to rapidly design, build and scale production DLT applications using Hyperledger Fabric. The centerpiece of the presentation will be a live demo.

Tune on Wednesday, October 7, at 10:00 am EDT. For more information and to register, go here.

Case Study: American Association of Insurance Services’ regulatory data solution, openIDL  

Learn more about how AAIS aligned insurers and regulators with the Hyperledger Fabric-based openIDL data reporting network in this new case study.

Virtual Meetups

Saturday, October 3, at 13:00 UTC / 15:00 CEST: Hyperledger Sweden hosts “Online Certification Study Circle” Saturday, October 10, at 12:00 UTC / 12:00 GMT: Hyperledger Senegal hosts “ASK US anything about Blockchains” (French)

See the full Virtual Meetup schedule here

The post Weekend Update: This Week’s Round-up of Remote Blockchain Learning Resources appeared first on Hyperledger.


Covid Credentials Inititative

The COVID-19 Credentials Initiative (CCI):

Bringing emerging privacy-preserving technology to a public health crisis Kaliya Young, Identity Woman, Co-Founder of the Internet Identity Workshop; Lucy Yang, Co-Chair of the COVID-19 Credentials Initiative Photo from Unsplash We submitted this position statement to the “Privacy & Pandemics Workshop: Responsible Uses of Technology and Health Data During Times of Crisis — An Intern

Bringing emerging privacy-preserving technology to a public health crisis

Kaliya Young, Identity Woman, Co-Founder of the Internet Identity Workshop; Lucy Yang, Co-Chair of the COVID-19 Credentials Initiative

Photo from Unsplash

We submitted this position statement to the “Privacy & Pandemics Workshop: Responsible Uses of Technology and Health Data During Times of Crisis — An International Tech and Data Conference” by the Future of Privacy Forum. The aim is to, from two participants’ point of view, share an abbreviated case study of CCI and to highlight key challenges that arose in our efforts to responsibly use new privacy-preserving technologies to mitigate the spread of COVID-19. We wanted to share our submission with the CCI community and the public in the hope to invite some further discussions.

So what is this emerging technology that is just coming to market with very early adopters and innovators leading the way (including the US government, the government of British Columbia, etc.)? It is called Verifiable Credentials (VC or VCs), a data format standard developed and published by the W3C last year. It is a universal data format for one entity (person, organization or thing) to assert something about another entity. The issuer packages up the credential and cryptographically signs it to seal the data it contains. It passes this to the subject, or holder, so that the subject can share it with the receiver of the credential, the verifier. At that point, the receiver is able to use cryptography to check the seal and the validity of the issuer. VCs are privacy-preserving because the issuer (identity provider) and verifier (relying party) do not form a technical/federated link with each other. The information does not pass directly.

This technology gives people the ability to collect and manage digital credentials — similar to the cards we find in our physical wallets — in digital wallets. These digital credentials act like paper credentials because individuals do not need to have the verifier directly connect to the issuer. Why is this new? Until now, to have provable information exchanged online, the issuer and verifier would need to directly “federate” to exchange information about the data subject.

Immunology is a complex science, but simplified basics about how it works with some viruses are known. It was based on these simple understandings that possibilities for how VCs might be used by people and institutions to better manage risk began to be explored. One obvious use case was the ability to issue VCs that reflect some type of COVID-19 status, a proof that one:

Tests positive for antibodies and therefore not infected/or vulnerable to being infected. Has recently tested negative and therefore the risk of being infected is low and that one could go to work, travel or visit a facility with vulnerable populations. Has received a vaccine for COVID-19 and therefore safe to travel or access a large in-person event.

Some of these use cases as articulated are not new (e.g. the Yellow Card); it’s just new to digitize them. It makes sense to consider how this simple paper-based technology can be updated to digital. However, the mild hysteria raised about doing things today done on paper via digital means that concerns were triggered without fully understanding or exploring how to use the technology. Some individuals were so concerned that they resigned from organizations whose leadership floated these ideas.

COVID-19 status is currently shared in two forms: 1) with the patient via a phone call or text message from the doctor or testing site or 2) in a patient medical record. Neither of these solutions provides a clear way for the subject to prove results to an entity that wants to know this information (e.g. an airline). VCs offer a new innovative format that provides people with information about their COVID-19 status that is under their control and verifiable by a relying party.

The VC approach is in strong contrast to the CommonPass effort, led by a Rockefeller-Foundation-backed nonprofit, that co-arose in the same time frame. The leadership at CommonPass is connected to the conventional medical records world and proposed the creation of a global system where patient medical records in some yet-to-be-determined way would be shared with a centralized decision engine that CommonPass would run globally. They held several global meetings with hundreds of people, including government leaders attending to build momentum for their proposed solution. There are also scores of siloed proprietary solutions popping up to solve these data-sharing challenges. For example, CLEAR is offering a biometric data sharing solution. In a public health crisis, these non-interoperable solutions are only good when only one of them is widely adopted, which doesn’t seem to be the case.

The community that formed around CCI was mostly made up of small, early-stage startups who were already implementing VCs for other use cases and decided to collaborate on exploring COVID-19 use cases. This makeup of the community means that it is not connected to global elites, governments, health departments or healthcare institutions. One exception to this is a startup that had political connections and worked with a California State Legislator to have the bill AB2004 proposed, which opened up a committee to study the use of VCs for COVID-19 medical test results. The bill just passed the Senate and is now waiting to be signed by the governor to become a law. However, the Electronic Frontier Foundation has repeatedly voiced its opposition [1] [2].

CCI has struggled to “raise voice” and be “heard” by the powers that make decisions. The experience of this group raises questions:

How can emerging technology be “seen” by actors (governments, public health officials, airlines, workplaces) in the marketplace looking for solutions? Which technologists are listened to by policymakers? How are these actors making decisions about the claims these technologists are making? How can networks of potential issuers of COVID-19 status credentials be spun up in such a way that the credentials issued are seen as valid by verifiers (airlines, etc.)? This set of challenges around the technology are not technical as much as they are about process and accountability systems. How can existing norms of information sharing about people that are paper-based today be translated into a digital form in ways that make themselves and those concerned about human rights implications comfortable with the technical deployment? How can a new privacy-preserving technology based on open standards be used for public health crises or any other time-sensitive occasions when its deployment and adoption require a lot of coordination, collaboration and communication? How can these things be facilitated by funders seeking to make a difference?

We hope to hear your thoughts on the raised questions.

Thursday, 01. October 2020

One World Identity

State of Identity Rewind: September

As the seasons change, each week on State of Identity, we’re watching the trends in identity transition as well, especially as COVID-19 has accelerated the importance of these solutions across business landscapes. While it’s no surprise COVID unmasked itself in each episode, each guest moved past “what’s the impact” and rather dove into “what’s next” … State of Identity Rewind: September Read

As the seasons change, each week on State of Identity, we’re watching the trends in identity transition as well, especially as COVID-19 has accelerated the importance of these solutions across business landscapes. While it’s no surprise COVID unmasked itself in each episode, each guest moved past “what’s the impact” and rather dove into “what’s next” for businesses and users in the new normal.

 

We kicked off the month welcoming Jimmy Williams, Accelitas National Sales Manager at Accelitas, for a conversation centered around alternative data pertaining to access to financial services. The ways we access financial services, lending, credit, or otherwise have changed, and how to leverage alternative data for inclusion. How is Accelitas doing it?

“What we’ve found to be incredibly successful is consumer behavior, both at the physical point of sale as well as the virtual point of sale…because not only is it a reflection of that consumer’s spending, potential fraud, things like that, but also it’s a proxy for things like employment or payback behavior.” Tune in to learn how this data is opening up access to financial services, especially when physical documentation isn’t as accessible, and how this can be the future of establishing trust.

 

Following, Christina Luttrell, Chief Operating Officer of IDology, sat down with Cameron D’Ambrosi (virtually, of course) to not just discuss the ongoing impact of COVID-19 on the customer experience across industries. The conversation begins noting how they have seen a massive spike in not only the number of fraud cases but a shift in the ways they fraudsters are executing.

“You know, the creativity isn’t quite there… it’s a lot of the old same old things that we’ve seen in the past. It’s just that it’s so much more. And it’s impacting demographics that normally wouldn’t be transacting digitally.”

And while fraudsters will always be around, looking for ways to cause harm, this posed a broader conversation on successful, frictionless onboarding as companies see a rapid spike in users.

 

The conversation on fraud led us to wonder, is this spike an unprecedented event, like the pandemic itself? We continued the discussion with Socure Senior Counsel & Privacy Lead Annie Bai, exploring why an uptick in identity fraud usually follows economic downturns, honing in on what kind of security and experiences customers expect, and how businesses – especially the financial sector – can meet them.

 

“A critical challenge that I think we need to face as an industry is can we balance these mandates of providing high levels of assurance and high levels of customer experience, with low friction, but also respecting the needs that these digital identities have with regard to inclusion?” Annie believes yes, emphasizing the importance of partnerships, alternative data, and more.

 

Finally, we rounded out the month by welcoming Yoti Commercial Director Gareth Narinesingh and Synectics Solutions Head of Presales Chris Lewis, following the launch of Project Endeavor, a pilot program to revolutionize electronic digital onboarding, identity verification, and risk assessment for the financial services sector in the United Kingdom. While they’re making significant strides with this new venture, the guests closed out in making some future-focused predictions, spanning from the adoption of digital identity, to open banking, to the lasting impact of COVID-19.

“You’ve then got a global model, which is going to change the way that we engage digitally. But I think it’s probably not in the long term future. I think it’s medium-term future. And I think that schemes like Endeavor and many others like it are going to be big pioneers moving in that direction.”

 

We’re keen to see the impact Endeavor has, and if their predictions come to fruition. And while each of our guests left us with great food for thought, each took a future-focused look at the potential impacts of today’s landscape and how we can create a safer, more secure, and more inclusive world. What will the next month bring across the identity ecosystem? You’ll have to tune in each Thursday to find out! Check back each week or subscribe on Spotify now.

 

Featured Episodes

 

Accelitas: Reimagining Financial Access

Guest: Accelitas National Sales Manager Jimmy Williams

Listen Now

 

 

 

 

IDology: Multi-Layered Identity Verification

Guest: IDology Chief Operating Officer Christina Luttrell

Listen Now

 

 

 

 

Socure: Fighting the Uptick in Identity Fraud

Guest: Socure Senior Counsel & Privacy Lead Annie Bai

Listen Now

 

 

 

 

Yoti + Synectics Solutions Launch Project Endeavor

Guests: Yoti Commercial Director Gareth Narinesingh 

Synectics Solutions Head of Presales Chris Lewis 

Listen Now

The post State of Identity Rewind: September appeared first on One World Identity.


r@w blog

#FollowTheMedium

Zeenab Aneez & Neha Mujumdar Session It was media theorist Marshall McLuhan who popularised the phrase ‘the medium is the message’; to him, different kinds of media engage the senses in different ways, affecting how we process it and engage with its contents. Before situating research in the digital space, it is important to ask ourselves: what is the nature of the medium are we dealing
Zeenab Aneez & Neha Mujumdar Session

It was media theorist Marshall McLuhan who popularised the phrase ‘the medium is the message’; to him, different kinds of media engage the senses in different ways, affecting how we process it and engage with its contents. Before situating research in the digital space, it is important to ask ourselves: what is the nature of the medium are we dealing with here? How do people interact with it? What are the opportunities it provides and the risks it poses? How can we study new digital objects, such as online-first news outlets, podcasts, etc in a way that recognises the medium’s newness?

The proposed session is an exploration of a methodology that is informed and defined by specific characteristics of the medium, with a special focus on digital news and journalism in India. Through this, it seeks to tackle the first of the four key focus areas of the conference: How do we conceptualise, as an intellectual and political task, the mediation and transformation of social, cultural, political, and economic processes, forces, and sites through internet and digital media technologies in contemporary India?

Keeping this key question in mind, we ask: how can digital methods research contribute to the study of news and journalism in the digital space? How can we use digital objects such as tags, Likes, and Comments to understand how user feedback works in the new information economy? What can the interface of a news creation platform tell us about the changing roles of Indian journalists in today’s media environment? How can we formulate a methodology for studying the metamorphosis of a news story by using Twitter and what skills are required to gather and process information for research of this nature?

In order to inform our responses to such questions, we borrow from Richard Rogers’ adage ‘Follow the medium’ (Rogers 2013), which argues that “natively digital”(Ibid. 19) objects like tags, links, Likes or Comments, which originate in digital networks, cannot be fully understood with methods, such as, say content analysis; an example of a non-digital method that does not recognise its digital nature. The proposed session will make use of the general philosophy embodied by Rogers’ approach and urge participants to acknowledge the specific properties of the Internet as a medium and look at news and journalism as part of the larger media ecology of the web. This calls for the use of new methods that are digital in nature; the discussion on contemporary news should expand from how the news industry is coping with the digital transition, to how we can better understand the specific elements of this transition and use this understanding to reflect upon the changing nature of journalism and news itself.

In order to channel the discussion, the session proposes using the framework from one particular field of digital research: platform studies. With the advent of Web 2.0 and the emergence of the ‘web as platform’ (O’Reilly 2007) and the strengthening relationship between the news industry and social media platforms(‘Reuters Institute Digital News Report’ 2015), traditional as well as digital-born news sites are increasingly adopting a platform model. Therefore, platform studies makes for a fitting framework within which to understand the workings of these platforms, their technological and formal structures, and the specific ways in which they allow users to interact with news content.

Plan

The session will begin with a brief introduction to digital methods (Rogers 2013) and the field of ‘platform studies’ (Bogost and Montfort 2009; Gillespie 2010; Dijck 2013), which will serve as a loose framework through which to study existing news platforms as well as perform analyses on social media platforms as sites for news and journalism. This will be supplemented by the works of Anne Helmond (2015) and Tarleton Gillespie (2010).

Following this, participants will be divided into groups of four-six, with each group anchored by a volunteer, with added support from the two co-leaders. They will then be given the task of formulating a research question that makes use of one or more of the digital methods presented and are also required to frame a methodology that makes allowances for the particularities of the Indian news environment. The session will conclude with a brief discussion based on their findings.

The goal of the workshop will be to explore how digital methods can be aligned with current concerns about news and journalism in India, and open up avenues for research that acknowledges that online news occupies a space that includes natively digital objects and information architectures and hence demands research methods specific to this environment. The workshop also aims at reflecting on potential collaborations between researchers in media studies, data scientists and technologists in developing a comprehensive methodology using which to study digital media in India.

Readings

Gillespie, Tarleton. “The Politics of ‘Platforms’.” New Media & Society 12, no. 3 (2010): 347–364.

Rogers, Richard. “The End of the Virtual: Digital Methods,” Digital Methods. MIT press, 2013: 19–38.

Van Dijck, José. “Disassembling Platforms, Reassembling Sociality,” The Culture of Connectivity: A Critical History of Social Media. Oxford University Press, 2013: 24–44

References

Anderson, Christopher W. “Towards a Sociology of Computational and Algorithmic Journalism.” New Media & Society, 15, no. 7 (2013): 1005–1021.

Bogost, Ian, and Nick Montfort. 2009. “Platform Studies: Frequently Questioned Answers.” Digital Arts and Culture 2009 https://escholarship.org/uc/item/01r0k9br.pdf.

Helmond, Anne. 2015. Presentation by Anne Helmond — Becoming Data Point. Panel. Transmediale. https://www.youtube.com/watch?v=smXLCAGafqs

Lovink, Geert. 2008. Zero Comments: Blogging and Critical Internet Culture. New York: Routledge.

O’Reilly, Tim. 2007. ‘What Is Web 2.0: Design Patterns and Business Models for the Next Generation of Software’. SSRN Scholarly Paper ID 1008839. Rochester, NY: Social Science Research Network. http://papers.ssrn.com/abstract=1008839.

Procter, Rob, Farida Vis, and Alex Voss. “Reading the Riots on Twitter: Methodological Innovation for the Analysis of Big Data.” International Journal of Social Research Methodology, 16, no. 3 (2013): 197–214.

Reuters Institute Digital News Report. 2015. Oxford, England: Reuters Institute for the study of Journalism, Oxford University. https://reutersinstitute.politics.ox.ac.uk/sites/default/files/Reuters%20Institute%20Digital%20News%20Report%202015_Full%20Report.pdf

Rogers, Richard. Digital Methods. MIT press, 2013.

Audio Recording of the Session

IRC 2016: Day 3 #Follow The Medium : Researchers at Work (RAW) : Free Download, Borrow, and Streaming : Internet Archive

Session Team

Zeenab Aneez is an independent journalist and researcher in the field of digital media and culture. Her interests include digital publishing practices, new media journalism, media ecologies, digital labour and social media alternatives. She was previously a reporter at The Hindu, Hyderabad.

Neha Mujumdar is an independent editorial consultant based in Bangalore. Her writing has appeared in The Hindu and Time Out.

Note: This session was part of the first Internet Researchers’ Conference 2016 (IRC16) , organised in collaboration with the Centre for Political Studies (CPS), at the Jawaharlal Nehru University, Delhi, on February 26–28, 2016. The event was supported by the CSCS Digital Innovation Fund (CDIF).

#FollowTheMedium was originally published in r@w blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Wednesday, 30. September 2020

One World Identity

KNOW Identity Digital Forum Recap: The Alternative Data Revolution in Banking

On September 22nd, the KNOW Identity Digital Forum took a look into the growing ways that alternative data can expand services to new customer groups as well as combat fraudulent attempts worldwide. We gathered experts in the financial services and digital identity industries to discuss inclusion and security balances in our current banking systems.   … KNOW Identity Digital Forum Recap:

On September 22nd, the KNOW Identity Digital Forum took a look into the growing ways that alternative data can expand services to new customer groups as well as combat fraudulent attempts worldwide. We gathered experts in the financial services and digital identity industries to discuss inclusion and security balances in our current banking systems.

 

Each session was jam-packed with unprecedented insights, but a few standout takeaways included:

Fraud rates have accelerated in 2020 with more and more transactions happening online as a result of COVID-19. However, regulation is still slow to catch up to or empower technologies to ward off bad actors’ tactics. Openness and data sharing across governmental bodies and private institutions are going to be critical to expanding service offerings to new customer groups, such as immigrants and previously thin-file consumers. Data collected from mobile devices can also help level the playing field for previously un- or underbanked consumers. 

 

Combating Synthetic Identity Fraud 

 

In the first session, Ghost in the Machine: Combating Synthetic Identity Fraud, in partnership with Acuant, tackled the ever-moving target of synthetic identities. Even difficult to define, these data mashups present unique threats for companies verifying relationships between user and data attributes. In 2020, the SSA in the U.S. will be rolling out its Electronic Consent Based SSN Verification Service (eCBSV), but is this the end-all solution to stop synthetics? Jose Caldera (Chief Product Officer at Acuant), Lauren Day (Compliance and Risk Manager at Binance.US) and Chuck Christofilis (Chief Compliance Officer at CoinZoom) discuss how businesses better detect and remove synthetic identities as fraudsters adapt their strategies.

 

OWI: One solution that has come to the fore on the synthetic identity fraud front is the eCBSV that has begun to be rolled out by the Social Security Administration to allow for verification of SSN and the tying a user-submitted social to the actual issuing database. Is this a magic bullet that can end synthetic identity fraud as we know it, or do we need to continue pushing ahead in terms of identifying ways as an industry to combat synthetic fraud?  

 

Acuant: I think that thinking of any solution as a silver bullet is probably not the right way of thinking. It is the components that make that solution, they are not necessarily available to every application where identity fraud or synthetic identity fraud is present. Certainly those applications that rely on the data and the data attributes are going to benefit from it. No question about that. But then you have to deal with the consent issue. I think a lot of other practitioners may be put off by the fact that you need to get consent from your end customer to let the Social Security Administration give you permission to access that data. 

 

Other countries have similar solutions, but one of the issues that they have had is that one to one relationship. It is unclear whether those databases actually maintain that relationship between the security number and the entity of the person. It is unclear whether within the database itself, there might be multiple identities associated with the same person. So that is one to end or one to one relationship has been a problem in other countries with similar solutions.

 

OWI: What are we seeing in the current fraud landscape from the bad actors? Is synthetic fraud accelerating in 2020? Does this remain as one of the favored fraud vectors?

 

Binance.US: As we move online, more and more, our transactions move online. Companies move online and we’re just going to see more and more of these fraudsters trying to get around certain controls. We’ve definitely seen an increase. On top of not only synthetic fraud, we’ve also seen a lot of classic scams that essentially trick people into giving away certain elements of their personal identity.

 

OWI: Data offers greater visibility into quantifying synthetic fraud, and potentially being able to strengthen the models being used to predict or identify current parts of the portfolio or applicants who are believed to be synthetic fraudsters. What are some of those techniques that we’re seeing success with? And what are some of those new types of data that we are leveraging successfully in this fight against synthetic fraud?

 

CoinZoom: We’ve seen [success] specifically in potential elder abuse cases where someone is using the same device. That’s a data point. And it’s information that just a few years ago was unthinkable. Now we’re able to prevent a lot of what could potentially be elder abuse when we just see people trying to set up accounts with different people on the same device.

 

OWI: Do you foresee any challenges from the device data from a regulatory standpoint that is often a strong indicator of fraud? What are you seeing in terms of the evolving landscape, in terms of what we have access to to help make these fraud decisions?

 

Acuant: Just a couple of years ago was when FinCEN allowed that the collection and the reporting of data had to do with devices and IP as part of the source. I think from the regulatory standpoint, there is now a recognition of the detailed aspects of those transactions.

 

So how are they used for prevention? I think, regulatory-wise, it is being accepted as those reportings have more information about the detailed components of those transactions. By FinCEN adding this data to their [reports], it seems to be a recognition that this data is relevant and it’s important–it’s reliable to do analysis on.

 

The Alternative Data Revolution

 

Shifting gears from fighting fraud to expanding services, OWI next welcomed Robin Weiss (Sr. Technology Advisor at Fidelity Investments), Schan Duff (VP of Strategy at Kiva), and Steve Polsky (Founder and CEO at Juvo) to the virtual stage for The Alternative Data Revolution: Fast Forward to Today’s Inclusive Lending Through Big Data & AI. Weiss moderated the discussion on how each company has utilized mobile data and other digital touch-points to build alternative credit files for the previously un- and underbanked and what we have learned through grappling with the repercussions of the COVID pandemic.

 

Fidelity: How are you each using alternative data sources to broaden financial service access through your work?

 

Juvo: What we are trying to do is using the ubiquity of mobile phones and cloud computing to build what we call a financial identity, to establish who is thought of as credit worthiness, but with a broader perspective that their financial identity starts with their everyday usage of their mobile phone.

 

That gives us a macro ability to impact a large portion of populations in the countries that we serve. We can then turn this around and create a feed to financial service providers. A data feed that effectively bridges the gap between financial services providers who don’t have information on a group of consumers and a group of consumers who are unable to access financial service to close this gap through a new source of data.

 

Kiva: The thesis behind all of our work is that unbanked borrowers are not riskier borrowers. They’re not inherently uncredible. They’ve just been denied the opportunity and access to the formal financial system.

 

In Q2 2020, the United States in the height of the COVID pandemic, default rates on credit cards were somewhere near 3.8 percent or 4 percent. Over our time at Kiva, our default rates across those 90 countries, including conflict zones, is about 3.6 percent. This is lending to populations who aren’t included in credit bureaus, who don’t have bank accounts and don’t have access to formal financial services. So that experience proves to us that, in the words of William Gibson, the world is awash in credit data. In financial transaction data, it’s just not evenly distributed. 

 

Fidelity: Inherent in both of your models is the fact that they are dependent on government-issued foundational identities that clearly vary from geography to geography. Can these or should they be replaced by a constellation of non-foundational identities? In other words, alternative data points to arrive at a high assurance I.D.

 

Juvo: There’s essentially three parts that need to come together to provide someone financial services. One, you need an anchor: you need the government to step up and provide a system of identities, something you can tie into. Two, we need some form of biometrics. It’s not NSA always biometrics; that person needs to prove they are who they say they are just to eliminate fraud. Then the third piece is that we need to know that the person qualifies for the particular service they might be offered. To me, stitching these three things together is the key thing to enable someone to get access to a financial service. Juvo’s focus is on the last piece: understanding qualification and giving like a whole new group of people the ability to establish qualification.

 

Kiva: Our view at Kiva is that there will always be a role for a centralized identity issuer and that in some ways is going to be the most easy way to compliantly onboard an individual into regulated financial institutions.

 

FATF, the Financial Action Task Force, which is the intergovernmental body that thinks about things like MLSE, a key compliance, has issued some really interesting guidance in the last year on the use of digital identities for compliant onboarding. Yet they leave the door open for what we’re thinking about risk-based approaches to this question. They haven’t gone as far as to say official identity is not required or is not recommended for financial sector onboarding…but I do think that it’s possible technologically to prove with a high level of assurance who a person is without reliance on an official identity. I think we’re still a little ways away from having regulators fully embrace that concept but I think it’s a conversation that if we’re serious about financial inclusion, we should be having.

 

Identity & Immigrant Banking

 

For the final session of the day, OWI was joined by Alka Gupta (Co-Founder and Board Director of GlobaliD) to discuss how growing non-citizen or new citizen populations are able to access financial services in Coming to America: Immigrant Banking in the U.S. The conversation identified some of the current gaps and possible solutions in providing user-friendly services to these communities.

 

GlobaliD: For context…51 percent of [U.S.] foreign-born non-citizens are either unbanked or underbanked. Of those that are banking, 80+ percent of the immigrants are with one of five financial institutions, which means about 18 percent of them are spread across 60-70 other smaller banks or credit unions, with none of them making up more than 2 percent. Why is this happening? How do we help? What does this next chapter look like?

 

The challenges are three-fold. Banking has historically accepted limited forms of identity. Identity more traditionally is a driver’s license and Social Security, which many immigrants may not have. So how do we open that aperture? And many have, since government-issued I.D. vary from country to country. Banks have expanded the list, whether it’s the individual taxpayer numbers, passports, consular I.D., etc.. That’s a huge area. There is also fear. There’s just a fear of even walking into the bank. So how do we provide culturally-specific guidelines? And lastly is minimizing fees or not maximizing those types of schemes. This is frankly not true just with financial services, but also with international calling and other type of infrastructure needs.

 

OWI: Where do we see the solutions coming into play? What role do we see governments playing? What role do we see nongovernmental organizations playing and what role do we see private sector players playing in solving this challenge? And where do you see the most progress being made in the near-term future?

 

GlobaliD: I think there’s been some progress whether it’s startups or neo-banks looking to address some of the issues we’ve talked about, there are immigrant banking focused startups. So there is a cottage industry around migrant banking, migrant tech, but we need to step back and talk about the larger ecosystem. I do believe that the more meaningful improvements are going to happen, not just from a technology perspective. In fact, I might argue that this is not about the technology. This is about the silos coming down. We do see the world opening up more and more, but at the same time, sometimes we see more and more walls going up, given the times that we’re in. I think that much of the advancement is going to need to come from…cooperation and openness, open access to data and silos coming down. 

 

I also think it’s about there being more user control and portability of that data and that information. Users need to control their data. Institutions need to respect the portability of data. And those that don’t know how to either keep data secure or store cetera are better off in focusing on their core competencies and allowing more of these horizontal plays. Whether it’s the identity, the chat, the calling, et cetera, to be to be frankly, you know, built within a horizontal stack that can be leveraged across whether it’s financial services or others. I think we’re at a time where we would be all well-served to consider how it is that the user is experiencing the data, the frustrations, the frictions. We would be better served really thinking about is that just neat and cool? Or if I were a user, would I actually engage? Would I trust it? I really think that’s what this next chapter is about and why I am so passionate about this space.

 

What’s Next?

 

There’s always more to dive into (we recommend you secure your seat at our next digital event now,) and we’re looking forward to seeing how the industry drives further inclusion in financial services through this data. Take a moment to catch up on the sessions from this event or other KNOW Identity Digital Forums you may have missed!

The post KNOW Identity Digital Forum Recap: The Alternative Data Revolution in Banking appeared first on One World Identity.


WomenInIdentity

Member interview with CYNAM Director, Madeline Howard

We sat down with CYNAM Director, Madeline Howard, to find out what makes this ‘woman in identity’ tick…. Question 1: What do you do and what gets you out of… The post Member interview with CYNAM Director, Madeline Howard appeared first on Women in Identity.

We sat down with CYNAM Director, Madeline Howard, to find out what makes this ‘woman in identity’ tick….

Question 1: What do you do and what gets you out of bed in the morning?

I’m delighted to wear a few different hats! My day job is the Socio-Technical Engagement Manager at Cygenta, where I work on the human side of cyber security. I particularly focus on awareness, behaviour and cultural change. I love my field of work as I constantly feel as though I’m making a positive difference to help people and organisations to live more secure lives.

Cygenta also supports me as an i100 for the National Cyber Security Center and their CyberFirst Schools programme. I dedicate one day a week to this – and I absolutely LOVE this part of my job.

Here, I get to work with amazing international, national and local companies to inspire, excite and enthuse the next generation about computer science and cyber security. It’s so rewarding to make a difference to the futures of young people while also supporting the industry talent pipeline.

Finally in my spare time, I’m a Director of Cyber Cheltenham, CyNam. It is a real privilege to be a Director of the UK’s largest cyber cluster and support the development of the local ecosystem.

So what gets me out of bed in the morning? Well I’m passionate about making a positive difference. Whether that is in improving organisations and individuals cyber security awareness, exciting the next generation about their future opportunities or developing the incredible cyber security ecosystem we have, I always want to make a positive impact.

Question 2: How did you get to where you are today?

It was not exactly a ‘traditional’ route! I studied Geography at Newcastle University and really didn’t know what I wanted to do. Well that’s a lie, I knew my dream job was to be a weather girl… still true! When I finished university, I started in a role within cyber security working in business development. In months I knew I’d found my niche! I loved the pace at which this sector moves and it’s great to be constantly learning about how we engage with technology.

I was keen to pursue a career, raising awareness about cyber security. At Cygenta, I am extremely lucky enough to work for – and be mentored by – Dr Jessica Barker. One thing I recognise is that I’ve always been really lucky to have lots of fantastic people to turn to for advice and guidance and support when I’ve had to make tough decisions during my career.

Question 3: What is the most important lesson you have learned along the way?

The biggest lesson I’ve learned is to go with your gut, ALWAYS.

I’ve had lots of great opportunities but I nearly turned down some of these simply because I over-thought things. Sometimes things can feel like a risk but if it feels right in your gut it normally is . And, if it doesn’t work out, you’ll still have learned so much simply by learning to take a risk – it’ll all help to shape the future you.

Question 4: What’s your advice to CEOs in the identity space?

STOP: Thinking that your employees are your ‘human firewall’ against cyber attacks and incidents. The human firewall suggests your employees should prevent attacks and incidents. When it comes to cyber attacks, you can’t prevent every incident, and so this is a totally unrealistic ask on individuals. It also doesn’t prepare people for what to do when something does go wrong.

START: Developing individuals as ‘Human Sensors’. The concept of human sensors suggests that individuals know how to detect and respond to incidents. They understand the indicators of compromise and feel empowered to approach the correct individuals or platforms to report incidents. This ultimately minimises the fear, uncertainty and doubt (FUD) they may have when they think an incident has occurred.

CONTINUE: Investing in cyber security – not just the technology but talent development and people skills. Ensure your employees feel confident and empowered to positively engage with cyber security to improve your response and resilience capabilities.

Question 5: In one sentence, why does diversity matter to you?

In all aspects of life, diversity is the enabler for growth, innovation, collaboration and positive change.

Question 6: What book/film/piece of art would you recommend to your fellow members? Why?

“The Go-Giver”.

It really resonated with me. In short, it suggests we shouldn’t do things because we expect something in return but because we just want to help. It is a fantastic ethos to live by – it’ll empower you to become the best version of yourself!

Question 7: What advice would you give to the teenage ‘you’?

Care less about what people think of you.

It’s not ‘uncool’ to want to achieve.

Go with your gut and everything will work out.

And, finally, accept that you can’t be in control of everything.

I tell myself everyday ‘I wonder if the stars will align?’. If something works out, the stars have aligned. I don’t know anything about the stars but sometimes when things work out, it’s nice to visualise the stars aligning and shining for you.

Question 8: Where can we find you on social media / the Web?

Twitter @Madzzhoward

Linkedin Madeline Howard

The post Member interview with CYNAM Director, Madeline Howard appeared first on Women in Identity.


Kantara Initiative

SAFE Identity and Kantara Initiative Announce Collaboration to Expand Trust Frameworks for PKI and Non-PKI Identity Providers

SAFE Identity and Kantara Initiative, two globally acknowledged Trust Framework Providers focused on expanding digital identity trust and security, announced a reciprocal agreement to endorse and support each other’s Trust Frameworks for Public Key Infrastructure (PKI) and non-PKI domains together with their certified identity providers.

SAFE Identity and Kantara Initiative, two globally acknowledged Trust Framework Providers focused on expanding digital identity trust and security, announced a reciprocal agreement to endorse and support each other’s Trust Frameworks for Public Key Infrastructure (PKI) and non-PKI domains together with their certified identity providers.

Tuesday, 29. September 2020

OpenID

The OpenID Foundation and the UK Open Banking Implementation Entity Hosting a Workshop Focused on Financial-grade API (FAPI) and Third Party Providers (TPPs)

View the workshop recording in its entirety here. The OpenID Foundation (OIDF) and our development partner, the UK Open Banking Implementation Entity (OBIE), continue our collaboration in outreach to the fintech community via workshops in hosting another workshop on Tuesday, October 13, 2020 at 1pm UTC. This next event builds on a prior joint workshop […] The post The OpenID Foundation and the U
View the workshop recording in its entirety here.

The OpenID Foundation (OIDF) and our development partner, the UK Open Banking Implementation Entity (OBIE), continue our collaboration in outreach to the fintech community via workshops in hosting another workshop on Tuesday, October 13, 2020 at 1pm UTC. This next event builds on a prior joint workshop in focusing on helping third party providers (TPPs) develop a detailed understanding of the OpenID Foundation’s Financial-grade API (FAPI) profile.

Workshop goals:

To demonstrate tools which help TPPs build and test their own FAPI compliant apps To show TPPs how to identify and raise issues with banks To thereby speed up the overall resolution of issues and growth of a healthy open banking ecosystem

Workshop target audience:

OIDF members and community participants OBIE members Fintech architects, developers and testers All TPPs enrolled with OBIE (including TSPs, Vendors and ASPSPs acting as TPPs)

Workshop agenda:

Introduction: Chris Michael (OBIE) & Dave Tonge (OIDF & Moneyhub) – 5 min. Overview of FAPI Profile (including key differences between OB profile and FAPI): Freddi Gyara (OBIE) & Joseph Heenan (OIDF & FinTechLabs) – 15 min. What to Expect as a TPP Connecting to a FAPI Compliant Bank API (demo using Ozone bank): Freddi Gyara (OBIE) – 15 min. How to Check if a Bank is FAPI Compliant (demo using the FAPI conformance suite): Joseph Heenan (OIDF & FinTechLabs) – 15 min. How to Identify and Raise Issues with a Bank (best way to raise tickets with OB service desk): Gary Sharples (OBIE) – 10 min. Other Tests a TPP Can Perform (overview/demo of RP tests): Joseph Heenan (OIDF & FinTechLabs) – 15 min. Recap & Q&A Session: All participants – 15 min.

 

The post The OpenID Foundation and the UK Open Banking Implementation Entity Hosting a Workshop Focused on Financial-grade API (FAPI) and Third Party Providers (TPPs) first appeared on OpenID.


Kantara Initiative

SAFE Identity and Kantara Initiative Announce Collaboration

SAFE Identity and Kantara Initiative announced a reciprocal agreement to endorse and support each other’s Trust Frameworks for Public Key Infrastructure (PKI) and non-PKI domains together with their certified identity providers. Kantara and SAFE Identity are dedicated to trusted digital identity management services and solutions, but they focus on different yet complementary assurance aspects and [

SAFE Identity and Kantara Initiative announced a reciprocal agreement to endorse and support each other’s Trust Frameworks for Public Key Infrastructure (PKI) and non-PKI domains together with their certified identity providers.

Kantara and SAFE Identity are dedicated to trusted digital identity management services and solutions, but they focus on different yet complementary assurance aspects and technologies. Kantara’s efforts are typically directed towards de jure standards conformity assessment, standardization, and non-PKI innovation that apply across multiple technologies. SAFE’s focus is expanding and standardizing the use of PKI-based credentials employed for identity, confidentiality and data integrity.


SAFE Identity and Kantara Initiative Announce Collaboration to Expand Trust Frameworks for PKI and Non-PKI Identity Providers

RESTON, Va. and WAKEFIELD, Mass., Sept. 29, 2020 (GLOBE NEWSWIRE) — SAFE Identity and Kantara Initiative, two globally acknowledged Trust Framework Providers focused on expanding digital identity trust and security, announced today a reciprocal agreement to endorse and support each other’s Trust Frameworks for Public Key Infrastructure (PKI) and non-PKI domains together with their certified […]

RESTON, Va. and WAKEFIELD, Mass., Sept. 29, 2020 (GLOBE NEWSWIRE) — SAFE Identity and Kantara Initiative, two globally acknowledged Trust Framework Providers focused on expanding digital identity trust and security, announced today a reciprocal agreement to endorse and support each other’s Trust Frameworks for Public Key Infrastructure (PKI) and non-PKI domains together with their certified identity providers. This collaboration is significant because it will consolidate the digital identity assessment and Trust Mark process for companies in healthcare, financial services and other sectors, helping to reduce risk for organizations who rely on the SAFE and Kantara Trust Frameworks.


SAFE Identity and Kantara Initiative Announce Collaboration to Expand Trust Frameworks for PKI and Non-PKI Identity Providers

RESTON, Va. and WAKEFIELD, Mass., Sept. 29, 2020 (GLOBE NEWSWIRE) — SAFE Identity and Kantara Initiative, two globally acknowledged Trust Framework Providers focused on expanding digital identity trust and security, announced today a reciprocal agreement to endorse and support each other’s Trust Frameworks for Public Key Infrastructure (PKI) and non-PKI domains together with their certified […]

RESTON, Va. and WAKEFIELD, Mass., Sept. 29, 2020 (GLOBE NEWSWIRE) — SAFE Identity and Kantara Initiative, two globally acknowledged Trust Framework Providers focused on expanding digital identity trust and security, announced today a reciprocal agreement to endorse and support each other’s Trust Frameworks for Public Key Infrastructure (PKI) and non-PKI domains together with their certified identity providers.


SAFE Identity and Kantara Initiative Announce Collaboration to Expand Trust Frameworks for PKI …

RESTON, Va. and WAKEFIELD, Mass., Sept. 29, 2020 (GLOBE NEWSWIRE) — SAFE Identity and Kantara Initiative, two globally acknowledged Trust Framework Providers focused on expanding digital identity trust and security, announced today a reciprocal agreement to endorse and support each other’s Trust Frameworks for Public Key Infrastructure (PKI) and non-PKI domains together with their certified […]

RESTON, Va. and WAKEFIELD, Mass., Sept. 29, 2020 (GLOBE NEWSWIRE) — SAFE Identity and Kantara Initiative, two globally acknowledged Trust Framework Providers focused on expanding digital identity trust and security, announced today a reciprocal agreement to endorse and support each other’s Trust Frameworks for Public Key Infrastructure (PKI) and non-PKI domains together with their certified identity providers.


Hyperledger Foundation

How AAIS Aligned Insurers and Regulators with the Hyperledger Fabric-Based openIDL Data Reporting Network

Since 1980, the United States has suffered more than 250 extreme weather disasters causing more than $1 billion damage each. Every time a natural catastrophe strikes, state regulators quickly ask... The post How AAIS Aligned Insurers and Regulators with the Hyperledger Fabric-Based openIDL Data Reporting Network appeared first on Hyperledger.

Since 1980, the United States has suffered more than 250 extreme weather disasters causing more than $1 billion damage each. Every time a natural catastrophe strikes, state regulators quickly ask insurance carriers to send them data about the affected properties. This data helps regulators model risk, monitor market activity, protect consumers, and plan for future emergencies.

These ad-hoc reports come on top of routine quarterly and annual statistics that insurance carriers must provide to regulators. But the reporting process was flawed. Insurers could barely keep up with the requests for data, in various formats and often with short deadlines, coming in from 50 different state regulators. 

As a national, not-for-profit member association that gathers, aggregates and anonymizes data from its property and casualty (P&C) insurance industry members to inform legislative policy, Chicago-based American Association of Insurance Services (AAIS) saw the reporting problems first hand. In fact, everyone in the industry saw the need for a more resilient and efficient resource: a system that would yield data to inform policymakers and also help carriers operate efficiently and the platform to compete and innovate in the marketplace.

AAIS invited carriers and regulators to brainstorm a solution they could build and deploy to address the industry’s data problem. As discussions progressed, the group raised the idea of using blockchain. And, to address the cost concerns, using open source software. By starting with an existing open source framework, AAIS wouldn’t have to code a blockchain platform from scratch. The team could get on with building the higher-level components and interfaces for their system, which they named the Open Insurance Data Link (openIDL).

That led to the choice of Hyperledger Fabric. After AAIS picked a blockchain platform, it needed a development partner with all the skills and resources to bring openIDL to life. The team decided to partner with IBM because of the organization’s track record with Hyperledger Fabric and their expert team. With shared philosophies that included design thinking and agile development, AAIS and IBM developed and tested a prototype in record time. With the first prototype, they were able to test five million records in less than 90 days.

In 2018, openIDL went into production as the first blockchain network connecting data across the American insurance industry. Insurers have the option to manage their own node or use the multi-tenant environment managed by AAIS. And, to help insurers spin up their own nodes, IBM created openIDL in a Box: a managed service offering everything an insurer needs to join the blockchain network.

Hyperledger worked with AAIS to document key steps in engaging stakeholders in planning openIDL and building a network that ensures data privacy for insurers and reporting for regulators. Read the full case study here for more on the design process, solution architecture and next steps for openIDL.

The post How AAIS Aligned Insurers and Regulators with the Hyperledger Fabric-Based openIDL Data Reporting Network appeared first on Hyperledger.


FIDO Alliance

Technical Note: FIDO Authentication and EMV 3-D Secure – Using FIDO for Payment Authentication

The FIDO Alliance defines standards that enable strong consumer authentication and seeks to use those standards to improve security on the internet. EMV 3-D Secure (EMV 3DS) is a payment […] The post Technical Note: FIDO Authentication and EMV 3-D Secure – Using FIDO for Payment Authentication appeared first on FIDO Alliance.

The FIDO Alliance defines standards that enable strong consumer authentication and seeks to use those standards to improve security on the internet. EMV 3-D Secure (EMV 3DS) is a payment industry standard for performing consumer verification and authentication within the context of online payments via credit cards. EMV 3DS also standardizes payment transaction information which is sent from a merchant to the issuing bank and includes data about the cardholder account, payment environment, and actions taken during payment. Using this data, the card issuing bank or a party operating on their behalf can perform transaction risk assessment and minimize the need to apply unnecessary friction to a payment transaction when it is deemed low risk. This is also known as “frictionless authentication” within the EMV 3DS standard. 

This document focuses on the role of the merchant as the FIDO or WebAuthn relying party and defines the methods for the merchant to leverage EMV 3DS as the conduit to report FIDO Authentication Data to the issuing bank. This data, along with the other transaction details sent using EMV 3DS messaging via the 3DS Authentication Request message, can help ensure minimized friction through risk-based authentication at the time of online payment. Although the resultant assurance level is reduced using this method, as opposed to an issuer-managed credential, and it will need to be viewed within the context of the entire EMV 3DS message, it can provide an approach that can be more easily deployed at scale than issuer-managed FIDO Authentication methods. 

The post Technical Note: FIDO Authentication and EMV 3-D Secure – Using FIDO for Payment Authentication appeared first on FIDO Alliance.


Decentralized Identity Foundation

Understanding DIDComm

A cross-community effort to standardize on common, DID-anchored capabilities If you are reading this, you probably know already what Decentralized Identifiers (DID) are: they are “identifiers” or addresses which can be queried to return some information about the subject represented. The addresses take the form of a long, opaque “string” (a long block of letters and numbers, in this case of a fix

A cross-community effort to standardize on common, DID-anchored capabilities

If you are reading this, you probably know already what Decentralized Identifiers (DID) are: they are “identifiers” or addresses which can be queried to return some information about the subject represented. The addresses take the form of a long, opaque “string” (a long block of letters and numbers, in this case of a fixed length), and the DID “documents” that get returned when they are queried contain some cryptographic key material and, depending on the particularities of the returning system, maybe a few other pieces of information or addresses.

Identity systems have traditionally been largely hierarchical, focusing on asymmetrical or vertical relationships. The most open system that allows horizontal communications between users in different systems is email, and even there, user-to-user communications are mediated by servers, which banlist each other based on a federated reputation system. DIDCommunications (DIDComm), on the other hand, is a set of tools to allow horizontal (or at least, power-neutral) and bidirectional channels of communication between two entities that know each other’s DIDs and nothing else. It resembles today’s end-to-end encryption systems like Signal, Telegram, and Whatsapp more than it resembles traditional email.

How DIDComm works

DIDComm is a cross-community standard that creates libraries and design patterns for two or more DID-controlling entities from diverse DID-based systems to communicate directly with one another. It creates a secure communication channel between software controlled by each of these entities, which can be people, organizations or things. This constitutes an “authenticated channel,” in that control of a given DID’s private keys is, barring a failure of design or operational security, proof of authenticity of the party represented by that DID.

This architecture is powerful because it provides a way to do mutual authentication between any two parties. Right now many systems of messaging and communication on the open web don’t provide for mutual authentication with cryptography; they ask individuals to authenticate to sites or businesses (nowadays mostly with single-sign on integrations, i.e. “log in with your XXX account” buttons), and these businesses vouch for and secure the end-user. In exchange, businesses get valuable insight into the communications or commercial activity they facilitate — insights they often sell to third parties.

Furthermore, while the onus is on individuals to authenticate themselves to these enabling institutions and middlemen, the business themselves do little to authenticate themselves reciprocally. Over time, the “lock icon” next to URLs in modern browsers has come to be a useful norm (and users have been habituated to reacting suspiciously to any website which cannot provide on). However, phishing attacks, where intercepted or falsified communications lead users to malicious websites impersonating ones they trust, continue to be a major attack vector for fraud and identity theft. By supporting mutual authentication, a more uniform and democratic protocol is established for secure communications, which raises the bar for user expectations for security assurances from institutions and websites.

A Quick History of DIDComm and the Aries Protocols

DIDComm was first developed within an international and collaborative open source co-development project called Aries (hosted at Hyperledger) and under a IPR regime designed to cover software but not specifications. Aries was spun out of the earlier Hyperledger Indy project, to both iterate, expand, and make more blockchain-agnostic the codebase and tooling created earlier for the identity blockchain Indy. In the same process, Hyperledger Ursa was also created to advance the underlying cryptographic elements independently of the blockchain and the identity systems relying on it. The Indy project continues evolving as well, from a single blockchain to a family of interoperable ones.

The name “DIDComm” and version 1 of its libraries and designs evolved in this context: it adapted the Indy-specific horizontal communications libraries to a more agnostic Aries context and iterated them to be more configurable for new contexts and implementations. At some point, however, it became clear that further interoperability would be best served not by writing specifications based on existing Aries implementations, but by a more “green-field”, specification-first design process with interlocutors from further afield. This work came to be co-sponsored by DIF and Hyperledger partly to engage these outside interlocutors, and partly because the IPR protections of DIF were more appropriate to a specification-first open-standards process. The charter of the DIDComm working group at DIF .

Source: CHAPI101/DIDComm101 joint session at #IIW30 The Future of DIDComm

Since the chartering process began in September of 2019 at the post-IIW DIF Face to Face, the work of designing a new core for DIDComm and thinking through new features and structure has proceeded at a steady clip. The implementations and details are still being hammered out in some places, but the feature set is stable. The benefits of the new protocol will include:

Mutual authentication Robust, email-like threading support for relying messaging systems (including error-handling and other machine-readable messaging systems) Support for new security and transport primitives like the JWM envelope Asynchronous by default, but with synchronous communication modes also supported Offline support so that two agents who are not online can exchange information via bluetooth or QR Code Easy to support with a web server (among many other topographies) Many of the positive qualities of the earlier SOAP protocol, include message format standards, routing, transport agnostic support, and subprotocols.

This effort has the direct support and participation of many core members of the Aries community. It is within the plans of the Aries community to migrate to DIDComm V2 as it becomes ready for use and tested. In both existing DIDComms (many of which are already in production), protocols relying on a DIDComm-encrypted channel for authentication or communications functions will be moved over. The relationship between DIDComm and these relying “subprotocols” is quite similar to the relationship between HTTP and the APIs created on top of HTTP — an upgrade to the underlying security or feature set will not affect the relying applications that just need a secure channel.

There is some consternation about the use of the term “DIDComm Protocols” to describe the various different types of exchange or transactions that could be built on a DIDComm foundation. Regardless of whether one chooses to call them “protocols” or something else, a cross-community standard will be crucial to co-developing broadly interoperable capabilities and common libraries on the basis of secure, authenticated DIDComm channels. Some examples of what these would include:

Secure user messaging or even chat-like instant messaging Issuing a credential Presenting a credential or an identity proof Interactions with IOT systems or even directly with specific, authenticated devices Payment coordination Getting involved

A good place to jump in would be this video recorded by DIDComm WG Chair Sam Curren at the June DIF Face-to-face meeting:

With this background, a read through the charter, the mailing list archives, the github repository, or the Slack channel of the DIDComm working group at DIF will make a lot more sense; as will DIDComm sessions at the new IIW and F2F meetings.

Understanding DIDComm was originally published in Decentralized Identity Foundation on Medium, where people are continuing the conversation by highlighting and responding to this story.


DIF at #IIW31

Whether, why, and how to attend the biannual conference along with DIF The Internet Identity Workshop is an interactive “un-conference” that has convened various kinds of researchers, identity technology companies, and thinkers since 2005. It brings together a wide swath of people working towards great control of the digital representations of themselves, incorporating theoretical, market-bu

Whether, why, and how to attend the biannual conference along with DIF

The Internet Identity Workshop is an interactive “un-conference” that has convened various kinds of researchers, identity technology companies, and thinkers since 2005. It brings together a wide swath of people working towards great control of the digital representations of themselves, incorporating theoretical, market-building, research, and policy-oriented projects. This coming month, the 31st edition will be held entirely only on the Qiqochat platform, like the 30th edition before it.

The Storied History of IIW

Kaliya Young, Doc Searls and Phil Windley founded the conference in 2005. At the time, all three were active in a group known as “the Identity Gang”. They had been discussing identity technology concepts in detail on a mailing list since meeting each other at Digital Identity World in the fall of 2004; after a year of passionate discussions, there came a point where an in-person meeting felt necessary. The first meeting was in Berkeley, California, and ever since it has been hosted at the Computer History Museum in Mountain View, California. It has moved online-only since the Covid-19 pandemic began in early 2020.

In 2005, many in the community were blogging and writing about identity and related themes. Some had made broad and widely acclaimed pronouncements like Kim Cameron, most known in this regard for his essay, The Seven Laws of Identity. One early collaboration within the community was a Lexicon that has aged well. Many were also writing code and founding projects to realize their various visions. At the first IIW, eight different projects gave structured presentations on the first day, while the second day was devoted to a more open-ended and collaborative synthesis, facilitated by Kaliya Young using Open Space Technology.

At that first event, several of the projects focused on using URLs as identifiers for individuals, who could authenticate against these as they moved around the early Web 2.0, commenting on different sites. Conversations at the event were formative on the OpenID protocols and the OpenID Foundation. Since then, many different protocols have been conceived and/or nested at the conference, including OAuth, OpenID Connect, SCIM, Information Cards, XRI, XDI, Web Finger, Salmon, and PubSubHubbub, among others.

The event attracts people from all over the world and continues to be the “biggest tent” for collaboration and ideation across the various user-centric identity spheres and communities, particularly for what is now called “decentralized identity” or “self-sovereign identity”. You can see the book of proceedings from most of the IIWs for the last 15 years, refined and edited in the month after each organic and self-organizing event.

The Decentralized Identity Foundation at IIW

IIW has always been a neutral venue where diverse groups across the community focused on the decentralized identity, that often work in parallel between IIWs, come together to report out and understand each other’s projects. Furthermore, many attendees come from established sectors of the software industry, such as Enterprise Identity and Access Management (EIAM), Cybersecurity, or Customer Identity and Access Management (CIAM). This creates a healthy mix of specialists, professionals, activists, and novices, balancing the “bikeshedding” of technology specifics with societal conversations and industry-wide trends and roadmaps. The open culture of DIF and its commitment to integrations with today’s identity technologies thrive in this environment, and many key DIF collaborations have begun or successfully recruited new participants at IIW.

Anyone who attends from any of the myriad organizations in the space can put agenda/discussion topics forward, which also makes it a very generative place for researchers, innovators, and market-watchers. Many of the DIF working groups present their latest work at the event for technical or business review, and it is a key venue for soliciting insightful feedback from related organizations and industry stakeholders. Sometimes projects in early stages of development, specification, or scoping even do requirements gathering or technical sanity-checks at the event.

Historically, the DIF has hosted a one-day face-to-face meeting immediately before or after the IIW conference proper to take advantage of the geographic co-location of so many key players. This time around, however, DIF is experimenting with a more spaced-out approach to allow for a period of processing of the IIW sessions to allow for a more complementary role 5 or 6 weeks after the fact. Stay tuned for more details about design or development sprints to take place bookended by the two events.

Hot Topics across #IIW30 and #IIW31

At the last IIW, DIF working groups put forward these sessions:

The internal governance group shared its new Code of Conduct and the Glossary Group also gave a presentation on its methodology and results There were four different sessions presenting and gathering feedback on four different aspects of the KERI project. Similarly, there were multiple presentations on the BBS+ signature suite at the heart of both the Aries AnonCreds2 system for verifiable presentations and a novel JSON-LD-based system, development of which continues to be lead by Mattr Global. The DIDComm WG gave a progress report, which was particularly important to many stakeholders in the Aries community not involved in the autonomous research & development project. A separate session was held on the JSON Web Messaging (JWM) proposal that the DIDComm WG submitted to the IETF. Similarly, there was a well-attended joint progress report on the SideTree Protocol / Element DID and Friends , as well as an update from the XYZ project to iterate the OAuth protocol. A breakthrough panel (which was recorded — see previous link) explored the potential interaction or combination of the complementary browser-based CHAPI communications/transport protocol and the more browser-independent work of the DIDComm WG Frameworks and ecosystem maps were presented by the new Trust-over-IP foundation, the Operators project of MyData Global; certification programs were announced and outlined by the Me2B Alliance and the ID2020 project. For a more detailed overview of highlights, see Juan Caballero’s detailed recap for the company blog of DIF member organization, Spherity GmbH For the complete, edited notes from all sessions, see the Proceedings Book (sponsored by DIF member organization, Jolocom GmbH) Heading into the 31st IIW, we can expect significant interest and attendance at sessions on these topics: A progress report on the alignment of the browser-native Presentation Exchange DIF specification and the relevant Aries RFCs and libraries Moving KERI from prototype to actual implementations (and integrations!), as well as Drummond Reed’s less-technical introduction entitled “KERI for Mere Mortals” Cross-method interoperability and portability, within and beyond Indy networks (which are proliferating quickly in Europe!) Test Suites and a process to incentivize (or even fund?) revisions of major specifications to include more explicit test vectors Lessons from the mid-2020 DID-Core sprint and PING W3C Security Review Updates on OIDC-DID bridging work, OAuth & GNAP, and fast-moving regulatory changes in Europe and North America Making your IIW plan

DIF has had great success presenting work at IIW — and increasingly, it is becoming an important aspect of our educational and outreach efforts to post recordings of these presentations on our youtube channel. We’re hoping this tradition will build more momentum at the upcoming IIW!

The event is a great opportunity for those who are already very active in the community working on standards and code related to decentralized identity. It is also a great opportunity for those who are very new to get up to speed quickly via what language professors call “deep immersion.” It is very welcoming and friendly, and since each session includes experts from different fields, there are few assumptions and much level-setting. DIF leadership attends the event and encourages its membership to actively participate.

For those already planning to attend, please note that a skeletal structure is already posted. The most important sessions to attend are each day’s “agenda creation” sessions; the “demo hour” sessions for live demos of new products and prototypes, and the “closing circle” readouts from each day’s events are close seconds. Cordoning off those timeslots in your calendar weeks in advance is highly recommended, as a way of keeping those timeslots free of conflicts in your home time zone!

DIF at #IIW31 was originally published in Decentralized Identity Foundation on Medium, where people are continuing the conversation by highlighting and responding to this story.

Monday, 28. September 2020

Hyperledger Foundation

#HyperledgerFinTech: A sampling of production applications using Hyperledger technologies in the finance market

The financial services market has long turned to technology to address a range of back-end challenges and enhance customer-facing services. Blockchain is increasingly becoming a go-to technology for advancing many... The post #HyperledgerFinTech: A sampling of production applications using Hyperledger technologies in the finance market appeared first on Hyperledger.

The financial services market has long turned to technology to address a range of back-end challenges and enhance customer-facing services. Blockchain is increasingly becoming a go-to technology for advancing many different financial systems and solutions with different Hyperledger platforms serving as the core for an array of applications now in production. 

Read on for just a sampling #HyperledgerFinTech solutions, built using a mix of Hyperledger technologies:

Bakong

Sponsored by the National Bank of Cambodia, the country’s central bank, Bakong is the first retail payments system in the world using blockchain technology. Built on Hyperledger Iroha, Bakong delivers value for customers, merchants and banks. Individuals can now transfer money and buy from merchants with a simple smartphone app. Merchants gain a fast, cashless, and secure payments system. And banks can do interbank transfers at much lower cost.

Bakong was developed by Soramitsu and, after a soft launch in 2019, is now expanding with 16 financial institutions using the system and more expected to join in the near future. The project was also designed to promote financial inclusion for the country’s large number of unbanked citizens. Any citizen of the country can open a Bakong account, even if they don’t have a traditional bank account. The more than 500 merchants that accept Bakong can be viewed in a map inside the app. 

daura 

Built atop the private Swiss Trust Chain run by Swisscom and Swiss Post and powered by Hyperledger Fabric, daura is a digital share platform for financing and investing in Swiss SMEs. With daura, the share register is easily digitized and capital increases are carried out quickly and inexpensively at the push of a button. Shares can be split into any number of small lots and the share register is always digitally maintained, complete and up-to-date. With daura, companies have also transitioned virtual Annual General Meetings as a response to COVID-19 with authorization and access are granted directly via the blockchain. 

ioCash

ioBuilders is a blockchain technology company focused on building regulated fintech and enterprise solutions based on distributed ledger technology to help businesses succeed in their blockchain adoption. The company offers professional services, including technical, business and regulatory, and develops its own product line. ioBuilders has been one of the first adopters and advocates of Hyperledger Besu, providing essential feedback to improve its enterprise requirements capabilities. 

ioCash, one of ioBuilder’s core products, is a fintech platform enabling the use of regulated fiat money on blockchain networks, making it programmable with smart contracts and able to interact with other blockchain use cases. ioCash’s platform operates under an electronic money licence, providing accounts (with or without IBAN) and complex payments functionalities through API and smart contracts connectivity. ioCash is also available as a technology license for financial institutions that hold banking or electronic money licences and are aiming to add the benefits of blockchain into their payment systems. 

Memberpass

CULedger, a credit union service organization (CUSO) that began when a group of credit unions came together in 2016 as a direct response to the increasing threat of fraud, set out to bring a decentralized identity solution product for credit unions to market. The result was MemberPass, a permanent, portable digital identity credential for credit union members.

Built in partnership with Evernym and using Hyperledger Indy, Memberpass replaces vulnerable authentication processes such as common knowledge-based questions. Now credit unions are able to issue a digital credential to members, giving them a hassle-free way to control and prove their identity quickly and easily while protecting their personal information.  

Verified.Me 

Verified.Me offers a secure and convenient way to help Canadians verify their identities.

Verified.Me is a service offered by SecureKey Technologies Inc. The Verified.Me service was developed in cooperation with seven of Canada’s major financial institutions – BMO, CIBC, Desjardins, National Bank of Canada, RBC, Scotiabank and TD. The Verified.Me network continues to evolve adding new identity providers and service providers to make your life easier.

Verified.Me is built on top of the IBM Blockchain Platform which is based on Linux Foundation’s open source Hyperledger Fabric v1.2, and will be interoperable with Hyperledger Indy projects. 

Users of the Verified.Me mobile app or web browser experience are able to get a free credit score with Equifax, register with Sun Life, verify their identity when registering for Dynacare Plus, an online and mobile service that lets users manage their health remotely, and more.

Join the conversation about solutions and applications in the financial service market with #HyperledgerFinTech this month on social channels. Or get involved with the Capital Markets or Trade Finance Special Interest Groups.

If you are interested in peer-to-peer transactions, mark your calendar for a webinar hosted by CoinDesk at 11:00 am ET on October 20th. A panel of experts on different Hyperledger platforms will be discussing “Governance, standards and interoperability: Getting past the roadblocks to peer-to-peer financial transactions.” Go here to find out more.

The post #HyperledgerFinTech: A sampling of production applications using Hyperledger technologies in the finance market appeared first on Hyperledger.

Saturday, 26. September 2020

Me2B Alliance

Re: Welcome New Board Member Sheryl Wilkerson

Welcome, Sheryl.  Get Outlook for iOS
Welcome, Sheryl. 
Get Outlook for iOS

Re: Welcome New Board Member Sheryl Wilkerson

Thank you. I appreciate the welcome and look forward to working with you. Regards, Sheryl  M:703.855.1208
Thank you. I appreciate the welcome and look forward to working with you.

Regards, Sheryl 
M:703.855.1208

Re: Welcome New Board Member Sheryl Wilkerson

Welcome onboard Sheryl. Iain
Welcome onboard Sheryl.
Iain

Friday, 25. September 2020

Me2B Alliance

Welcome New Board Member Sheryl Wilkerson

Dear Community,   I’m delighted to announce the addition of a new Board Member to the Me2B Alliance, Sheryl Wilkerson.  Thought we’d let Sheryl introduce herself in her own words (below).    Welcome aboard, Sheryl!   "Personal data is one our most valuable assets and plays an increasingly important role in our economy and connected lives.  I've spent m

Dear Community,

 

I’m delighted to announce the addition of a new Board Member to the Me2B Alliance, Sheryl Wilkerson.  Thought we’d let Sheryl introduce herself in her own words (below). 

 

Welcome aboard, Sheryl!

 

"Personal data is one our most valuable assets and plays an increasingly important role in our economy and connected lives.  I've spent most of my career advocating for companies that develop and deploy innovative technologies that improve quality of life for people.  I believe in access to technology for all, but also the right to privacy, consent, transparency, good stewardship practices, and accountability in how my personal data and information is managed.  I know first-hand the devastating impact that privacy failures and intentional breaches can have on your life. 

As a lawyer, I am excited about public policy and efforts underway to establish more fulsome data protections.  As an entrepreneur, I've seen how technology can harvest data to democratize opportunity and level the playing field for underserved segments of society.  As a public servant, I understand the need to protect the public interest while enabling business growth and prudent use of data. As a private employee, I understand the immense responsibility companies have to ensure the fair provisioning of e-commerce services. 

I'm pleased to serve on the Board of the Me2B Alliance which is working with some of the most committed experts and knowledgeable thought leaders to develop standards for respectful technology that will create a fair and balanced future for those who use it."

 


Hyperledger Foundation

Weekend Update: This Week’s Round-up of Remote Blockchain Learning Resources

Welcome to the Weekend Update. Our goal with this weekly post is to share quick updates about online education, networking and collaboration opportunities and resources for the open source enterprise... The post Weekend Update: This Week’s Round-up of Remote Blockchain Learning Resources appeared first on Hyperledger.

Welcome to the Weekend Update. Our goal with this weekly post is to share quick updates about online education, networking and collaboration opportunities and resources for the open source enterprise blockchain community. 

If you have suggestions for resources or events that we should spotlight in a future Weekend Update, let us know here using #HLWeekendUpdate. 

Blockchain for Social Impact And Sustainability Virtual Conference

During this virtual conference, hear from a line-up of experts about how they are using  innovative technologies and, especially blockchain, to implement processes, activities, and business practices that advance the principles of sustainability and consequent social impact.  

The conference kicks off on Wednesday, September 30, at 9 a.m. EDT. Go here to get more details. 

Webinar: Umbra – Challenges with Hyperledger Fabric simulation and debugging of applications

This webinar showcases Umbra, an emulation tool for Hyperledger blockchains. Raphael Vincente Rosa will introduce attendees to Umbra and help them get familiar with installing Umbra and getting their first Fabric network up and running. Learn how to do simple examinations of the network layout and packet flows and some simple debugging to confirm that the network is running. There will also be explanations of how to use Umbra’s network fuzzing features and how to scale to multiple servers. Additionally, there will be a discussion of this year’s Umbra-related Hyperledger mentorship projects.

Tune on Wednesday, September 30, at 10:00 am EDT. For more information and to register, go here.

Case Study: LedgerDomain’s solution for the pharmaceutical supply chain

Learn more about how LedgerDomain’s Hyperledger Fabric-based BRUINchain improves tracking and tracing of prescription drugs in this new case study.

Virtual Meetups

Saturday, September 26, at 13:00 UTC / 15:00 CEST: Hyperledger Sweden hosts “Online Certification Study Circle” Saturday, September 26, at 10:00 UTC / 13:00 GMT +3: Hyperledger Riyadh hosts “Blockchain كيفية تحديد الحاجة إلى شبكة البلوك شين” (Arabic) Wednesday, September 30, at 22:00 UTC / 17:00 CDT: Hyperledger Latinoamerica hosts “Blockchain en el Cambio Climático y el Mercado de Energía” (Spanish) Wednesday, September 30, at 9:30 UTC / 18:30 JST: 9月30日 オンライン開催 Hyperledger Tokyo Meetup (Japanese) Friday, October 2, at 17:00 UTC / 11:00 MDT: Hyperledger Denver hosts “Can The Public Sector Benefit From Blockchain?”

See the full Virtual Meetup schedule here

The post Weekend Update: This Week’s Round-up of Remote Blockchain Learning Resources appeared first on Hyperledger.


One World Identity

Mr. Worldwide: Friday Dealbook for 9/24/2020

This week’s deals demonstrate the global reach of digital identity. UK-based Ripjar raised $3.57 million for its AML detection platform; Acesso Digital, headquartered in Brazil, brought in $108 million for its facial recognition technology; and Chime, out of Silicon Valley, raised an incredible $485 million for its neobanking service. Rapid digitization, mobile adoption, growing fraud … Mr. Wo

This week’s deals demonstrate the global reach of digital identity. UK-based Ripjar raised $3.57 million for its AML detection platform; Acesso Digital, headquartered in Brazil, brought in $108 million for its facial recognition technology; and Chime, out of Silicon Valley, raised an incredible $485 million for its neobanking service. Rapid digitization, mobile adoption, growing fraud rates are driving the need for digital identity in all reaches of the world.

 

Ripjar \ ripjar.com \ Founded in 2012

Developer of a strategic intelligence platform designed to analyse real-time information. The company’s next-generation platform combines deep learning technology, advanced analytics and global data collection to tackle analytic problems for real-time threat intelligence, anti-money laundering and insider threat enabling organizations, brands and agencies to analyze and visualize real-time information from bulk of structured and unstructured data.

The company raised $3.57 million (GBP 28 million) of Series B venture funding in a deal led by Long Ridge Equity Partners on September 24, 2020, putting the company’s pre-money valuation at $91.8 million (GBP 72 million). Winton Ventures and Accenture Ventures also participated in the round. The funds will be used to accelerate new product development and facilitate the expansion of Ripjar’s ground-breaking data intelligence platform, Labyrinth; expand its sales and marketing presence in Asia, North America, and Europe; and grow its employee base to support current and future clients.

 

Acesso Digital \ acessodigital.com \ Founded in 2007

 

Developer of facial recognition and identification technology created to solve security loopholes in companies. The company’s technology facilitates people’s relationships with companies and solves major challenges such as anti-fraud facial biometrics and the digital admission of employees, allowing companies to mitigate risk for fraud and identity theft with ease.

 

The company raised $108 million (BRL 580 million) of venture funding in a deal co-led by SoftBank Group and General Atlantic on September 21, 2020, putting the company’s pre-money valuation at BRL 620 million. Other undisclosed investors also participated in this round. The funds will be used to expand the business, including via acquisitions.

 

Chime \ chime.com \ Founded in 2012

 

Developer of a mobile platform designed to offer banking services on the go. The company’s platform sets aside a predetermined amount of money in savings after a transaction and the company earns revenue from transaction fees paid by the merchant aligning company incentives, thereby enabling users to avoid fees, save money, and lead healthier financial lives.

 

The company raised $485 million of Series F venture funding from Access Technology Ventures, Dragoneer Investment Group and General Atlantic on September 18, 2020, putting the company’s pre-money valuation at $14.02 billion. DST Global, Coatue Management, ICONIQ Capital, Whale Rock Capital Management, and Tiger Global Management also participated in the round.

 

Investor Highlight

 

ICONIQ Capital \ iconiqcapital.com \ Founded in 2011

 

Founded in 2011, Iconiq Capital is a multi-family office investment firm based in San Francisco, California. The firm seeks to invest in the information technology, retail, and media sectors.

 

Active Portfolio – 63

Investments (TTM) – 25

Med. Round Amount – $85.00M

Med. Valuation – $850.00M

# of Exits – 25

The post Mr. Worldwide: Friday Dealbook for 9/24/2020 appeared first on One World Identity.


MyData

Putting MyData Principles into action: An introduction to the MyData Design Toolkit

Over the last years, the global community of MyData has been developing an approach aimed at strengthening digital human rights while opening new opportunities for businesses to develop innovative new services based on personal data and mutual trust. MyData Design was established in September 2019 to advance the design culture and practices within the MyData... Read More The post Putting My

Over the last years, the global community of MyData has been developing an approach aimed at strengthening digital human rights while opening new opportunities for businesses to develop innovative new services based on personal data and mutual trust. MyData Design was established in September 2019 to advance the design culture and practices within the MyData...

Read More

The post Putting MyData Principles into action: An introduction to the MyData Design Toolkit appeared first on MyData.org.

Thursday, 24. September 2020

Hyperledger Foundation

Tackling Climate Change with Blockchain: An Urgent Need, Ready Opportunity and Call to Action

If blockchain is really going to change the world, then why are so many of us stuck in pilot purgatory? Is it because our distributed ledgers are too disruptive to... The post Tackling Climate Change with Blockchain: An Urgent Need, Ready Opportunity and Call to Action appeared first on Hyperledger.

If blockchain is really going to change the world, then why are so many of us stuck in pilot purgatory? Is it because our distributed ledgers are too disruptive to the existing incumbents? Or that they already have solutions that are good enough, at least for now, so breakthrough ideas like blockchain could wait on the back burner?  

Is there a large scale, urgent business problem out there that requires massive collaboration and does not have existing incumbents?

We believe there is one: Climate change.  

While we as a society recognize that climate change is real and have the technologies to fix it, we lack a way to get all the parts of our economy — businesses, investors and banks, consumers, and regulators — to work together on it.  Part of the problem is we have to work across traditional boundaries of industries and countries and integrate vast supply chains around the world. And we have to do it without recognized central authorities because they don’t exist at this point.  

Fortunately, blockchain, or distributed ledger technologies (DLT), may be just the right tool for this challenge: It is designed for coordinating trust and collaboration across multiple parties, with greater speed and much greater scale than ever before. With blockchain, we could record trusted Greenhouse Gas (GHG) emissions for every type of economic activity and transfer them across supply chains as products and services are transacted.

The Climate Action and Accounting Special Interest Group (CA2SIG) of the Linux Foundation’s Hyperledger project is an open source effort to foster a collaborative network of climate, DLT, and other emerging technology organizations (i.e., universities, NGOs, government, startups, corporations, multilateral development banks, etc.) that can create a center of gravity around the role of DLT and open source software to address challenges in the global climate action, policy and digital accounting space.  

We hope that our work could act as a shared initiative where participants can contribute value to and share explorations in the use of DLT alongside other emerging technologies such as IoT (Internet of Things), big data, and machine learning to address the challenge of keeping a transparent climate accounting system towards the climate targets set in the 2015 Paris Agreement.

The CA2SIG is currently comprised of the following working groups:

Carbon Accounting and Certification Working Group, which is working on automating accounting and transactions of emissions:

Consumer Disclosure Working Group, which is working on ways of making customers aware, in a meaningful, understandable way, of the impact they bring about on the environment while going about their daily life:

Climate Accounting Standards and Protocols Working Group, which is focused particularly on the protocols and standards that will enable consistent climate accounting :

Together, these working groups are building software for the following goals:

Implementing GHG emissions accounting using verified data and models, which could publish trusted emissions data for a wide variety of business activities. Passing GHG emissions up to national and supra-national structures. Making accurate GHG emissions available at the consumer level.

By making our work open source, we hope to enable more developers to build on our work and extend GHG accounting to every part of our economy around the world.  

What we’re asking is for people to help us integrate our software into more activities. Climate change is happening because every little thing that is happening is contributing to it just a tiny bit. We want to be able to get data on those activities, model their emissions, and start making people aware of their impact and work together to reduce emissions.  

Whether you’re an experienced developer, from the business side, or a private individual, we could use your help in linking real world activities to climate change and coming up with solutions together. Join us on the Hyperledger Wiki for more details and links to regular calls.

The post Tackling Climate Change with Blockchain: An Urgent Need, Ready Opportunity and Call to Action appeared first on Hyperledger.

Tuesday, 22. September 2020

OpenID

OpenID Foundation Deepens Partnership with Financial Data Exchange on Adoption of New Security Standards

OpenID Foundation Chairman, Nat Sakimura, presented a keynote at the Financial Data Exchange’s (FDX) Global Summit Fall 2020. Nat’s keynote, “Global Adoption of FAPI Among Open Banking Standards… And Beyond”, highlighted the growing adoption momentum of the Foundation’s Financial-grade API (FAPI) security profile and the high quality of self-certified implementations via the Open Certification Pro

OpenID Foundation Chairman, Nat Sakimura, presented a keynote at the Financial Data Exchange’s (FDX) Global Summit Fall 2020. Nat’s keynote, “Global Adoption of FAPI Among Open Banking Standards… And Beyond”, highlighted the growing adoption momentum of the Foundation’s Financial-grade API (FAPI) security profile and the high quality of self-certified implementations via the Open Certification Program.

The FDX Global Summits are the organization’s signature technical conferences for its members and brings together the best of the financial industry’s engineers, business leaders and stakeholders in a technical working group environment to better the development, implementation and adoption of open standards and associated data use cases and certification protocols. The Financial Data Exchange is a standards development organization that has rapidly grown to over 150 Banks, Fin-Techs and key players in the US and Canadian financial services market.

The OpenID Foundation and the Financial Data Exchange continue to partner in working groups and workshops to drive the adoption of these important new standards. Don Cardinal, Managing Director of the FDX, Anoop Saxena, of Intuit and Co-Chair of the FAPI Work Group, and Nat Sakimura will “keynote” a panel on the intersection of identity and open banking standards at Summit Fall 2020.

Please note that registration is open for the upcoming OpenID Foundation Virtual Workshop on Wednesday, October 28, 2020.

The post OpenID Foundation Deepens Partnership with Financial Data Exchange on Adoption of New Security Standards first appeared on OpenID.


FIDO Alliance

Webinar: FIDO Alliance Account Recovery Needs

Introduction to FIDO and Account Recovery – Using Multiple Authenticators for Reducing Account-Recovery Needs for FIDO-Enabled Consumer Accounts. This webinar addresses an overview on: 1. Why are multiple authenticators needed? […] The post Webinar: FIDO Alliance Account Recovery Needs appeared first on FIDO Alliance.

Introduction to FIDO and Account Recovery – Using Multiple Authenticators for Reducing Account-Recovery Needs for FIDO-Enabled Consumer Accounts. This webinar addresses an overview on: 1. Why are multiple authenticators needed? 2. How to register multiple authenticators. 3. Policy for registering multiple authenticators.

The post Webinar: FIDO Alliance Account Recovery Needs appeared first on FIDO Alliance.


Hyperledger Foundation

Answering the FDA’s call: LedgerDomain’s Hyperledger Fabric-based BRUINchain improves tracking and tracing of prescription drugs

Four billion prescriptions were dispensed at US pharmacies in 2019, and even conservative estimates suggest that over 100 million prescriptions may be incorrectly dispensed. To address this problem, healthcare leaders... The post Answering the FDA’s call: LedgerDomain’s Hyperledger Fabric-based BRUINchain improves tracking and tracing of prescription drugs appeared first on Hyperledger.

Four billion prescriptions were dispensed at US pharmacies in 2019, and even conservative estimates suggest that over 100 million prescriptions may be incorrectly dispensed. To address this problem, healthcare leaders are actively working to put new tools into the hands of pharmacists to ensure the right drugs reach the right people.

Part of that effort is the Drug Supply Chain Security Act (DSCSA), an ongoing, decade-long effort to track and trace prescription drugs in the United States. The DSCSA is intended to enhance the FDA’s ability to help protect consumers from drugs that may be counterfeit, stolen, contaminated, or otherwise harmful. The vision is to have an interoperable system in place by 2023 that will allow for drug tracing, product verification, and prompt detection and response protocols to handle all suspect medications. To get the system in place, the FDA turned to the public in 2019 and asked for new, cutting-edge approaches to improve the prescription pipeline.

LedgerDomain, an enterprise-grade blockchain solutions provider known for its work on developing the next generation of healthcare and pharmaceutical supply chains, was one of the companies that responded to the FDA’s request. LedgerDomain’s proposal of a blockchain-based solution in collaboration with UCLA and the pharmaceutical company Biogen was selected by the FDA as part of its pilot project program. 

LedgerDomain’s pilot centered on the development and live testing of BRUINchain, a blockchain-based system that meets DSCSA standards for pharmaceutical dispensers all within a shared-permission yet private ecosystem. While the pharmaceutical supply chain has numerous stakeholders, BRUINChain, which is built on Hyperledger Fabric, establishes one version of the truth for the pipeline that is immutable and invaluable.

The team tested BRUINchain within UCLA Health’s network of 500 pharmacists and technicians, focused on tracking the drug Spinraza, the first medication approved to treat children and adults with a rare and often fatal genetic disease called spinal muscular atrophy. The results exceeded UCLA Health and LedgerDomain’s expectations. The BRUINchain app’s barcode scanning functionality on iPhones was 100 percent effective, and the Hyperledger Fabric-based system was able to track every dose of Spinraza at UCLA Health, down to which refrigerator each dose was stored in across the campus. Even before the pilot ended, the team was adding new functionality and products as the network of pharmacists grew more reliant on the BRUINchain system. 

Hyperledger teamed up with LedgerDomain on a detailed case study on the BRUINchain pilot, including deployment details and results, projected cost and time saving and next steps based on the solution’s success to date.

Read the full case study here.

The post Answering the FDA’s call: LedgerDomain’s Hyperledger Fabric-based BRUINchain improves tracking and tracing of prescription drugs appeared first on Hyperledger.

Monday, 21. September 2020

Oasis Open

Invitation to comment on AMQP Request-Response Messaging with Link Pairing v1.0 - ends October 21


OpenID

Important Announcement about OpenID Foundation Transitions

Dear OpenID Foundation Members: It is with a heavy heart to share this news with you. Don Thibeau, after many years of his excellent service, informed the OpenID Board of his intention to move on from his position as the Executive Director at the end of 2020 to pursue other opportunities and challenges in the […] The post Important Announcement about OpenID Foundation Transitions first appeared

Dear OpenID Foundation Members:

It is with a heavy heart to share this news with you. Don Thibeau, after many years of his excellent service, informed the OpenID Board of his intention to move on from his position as the Executive Director at the end of 2020 to pursue other opportunities and challenges in the identity space. This is such a loss for the Foundation, as we would never have grown to what we are without Don’s dedicated service as a colleague and friend to many of us.

Don has committed to the Board of Directors to provide the time needed to ensure a successful transition to new leadership in 2021. Don will continue to be instrumental through his tenure in the many liaison relationships that the Foundation has under way.

I have asked Vice Chairman Bjorn Hjelm to lead the Foundation’s transition to new leadership in 2021. The Executive Committee and the Board of Directors have started this work under Bjorn’s direction and will continue to communicate with membership and the community at large on our progress. If you have any questions or input into this process, please direct your inquiries to Vice Chairman Bjorn Hjelm.

This is an important transition in the evolution of the OpenID Foundation. The Board of Directors is committed to taking the time required to successfully execute a transition plan while being transparent in our efforts, and continuing the work of the Foundation with its members and working groups. Thank you for your continued support and contributions to the OpenID Foundation.

 

Best regards, 

Nat Sakimura
Chairman, OpenID Foundation Board of Directors

The post Important Announcement about OpenID Foundation Transitions first appeared on OpenID.


OpenID Foundation Continues to Evolve in 2021

Dear OpenID Foundation Members:  After 10 years I’ve decided to move on from my position as Executive Director of the OpenID Foundation at the end of 2020. It’s been an honor to serve the Board, members of the Foundation and the community at large.  It has been a privilege and a lot of fun to […] The post OpenID Foundation Continues to Evolve in 2021 first appeared on OpenID.

Dear OpenID Foundation Members: 

After 10 years I’ve decided to move on from my position as Executive Director of the OpenID Foundation at the end of 2020. It’s been an honor to serve the Board, members of the Foundation and the community at large. 

It has been a privilege and a lot of fun to help lead the Foundation. I’ve been proud to add my efforts to yours in ensuring the OpenID Foundation’s unique and important contributions to a more secure, interoperable identity ecosystem.

For the Foundation, it’s an opportunity to take a fresh look at the future. For me, it’s a chance to do new, big and bold things in the identity space. I look forward to working with you in the months remaining and years to come.

 

Best regards, 

Don Thibeau
Executive Director

The post OpenID Foundation Continues to Evolve in 2021 first appeared on OpenID.

Thursday, 17. September 2020

Berkman Klein Center

Urs Gasser on two new books — and what’s ahead

Urs Gasser on two new books — and what’s ahead The precariousness of the early days of the pandemic turned parents into educators and scholars scrambling to make sense of the historic challenges faced by our societies and the institutions governing them. Urs Gasser, the Executive Director of the Berkman Klein Center (BKC) and Professor of Practice at Harvard Law School, has co-authored two
Urs Gasser on two new books — and what’s ahead

The precariousness of the early days of the pandemic turned parents into educators and scholars scrambling to make sense of the historic challenges faced by our societies and the institutions governing them.

Urs Gasser, the Executive Director of the Berkman Klein Center (BKC) and Professor of Practice at Harvard Law School, has co-authored two timely books that inform both of those struggles.

Gasser co-authored The Connected Parent with John Palfrey, president of the John D. and Catherine T. MacArthur Foundation, which turns a decade of academic research into practical guidance for parents raising children in a “digitally connected” world. He also wrote an essay series published in German (Pandemie als Verbundkrise und digitales Phaenomen) that focuses on the COVID-19 pandemic, risk, digitization, and the law. This book is co-authored with Jens Drolshammer, professor emeritus at the University of St. Gallen and former BKC faculty associate.

We spoke with Gasser about the books, threads between them, and what he is working on next.

You’re the co-author of two new books to be published within a few weeks’ time. Let’s start with “The Connected Parent”. In a nutshell, what is this book about?

“The Connected Parent”, written with my friend and long-time collaborator John Palfrey, offers advice to parents and other caregivers on how to support their children as they grow up in an increasingly digitally connected environment. The book includes very practical advice and suggestions. John and I summarized the best available research, including 15 years of youth and media work at the Berkman Klein Center (BKC), to help parents figure out how to think about issues like screentime, social media usage, privacy and well-being, digital activism and citizenship skills, to name just a few — and what to do about them to minimize risk and embrace opportunities.

Your second book focuses on the COVID-19 pandemic, risk, digitization, and the law. Can you tell us more about it?

This book is published in German and in the form of an essay collection. It offers initial reflections on COVID-19 as a specific type of risk that Judge Posner a decade ago in a seminal book described as a “catastrophic risk” — something most recently also taken up in Tony Ord’s new book.

The texts were written during the “lockdown” and in collaboration with my former teacher and previous BKC associate Jens Drolshammer. Switzerland serves as a country case study to better understand what role the law plays during such a massive crisis. We have heard and learned a lot from public health experts during the crisis. Understandably, the legal system has been less front-and-center. Yet, it turns out that law is almost everywhere and hugely relevant especially during a crisis of this magnitude. Some of the essays also explore the historic role digital technologies play in dealing with COVID-19 — I call it metaphorically the first “digital pandemic.” We talk about the intersectionality of these things.

Both of these books are timely to the ongoing pandemic, in different ways. Are there any connecting points between these two books?

We submitted “The Connected Parent” manuscript before COVID-19 arrived in the US and were only able to add small references to it as our publisher was initially skeptical about how much of a “big deal” COVID-19 would be. Well, of course, now we know better. Parents and educators are trying to figure out how digital tech can be used to support kids around the world as their education is so deeply disrupted by COVID-19. The book will not give a full answer to the current crisis, but might be still helpful in the present based on the connected parent philosophy we sketch in the book. And we believe it offers sound longer-term guidance that helps parents to engage with their kids — and be connected with the digital world they live in. The book on the pandemic reflects on some of the educational experiences in real-time, albeit from a policy and not necessarily a parental perspective. There are also other connection points between the two books. Both are written with a broader audience in mind, and both are the fruit of collaboration.

What motivated you and John Palfrey to write “The Connected Parent”? Isn’t it unusual for scholars to write a parents’ guide?

Yes, it is! John and I have already written several books together, including our 2008 and 2016 book “Born Digital,” and in some ways, the new book is its cousin. Since our last book, we’ve been asked many times for more practical guidance than we were willing to offer in our previous work. And at some point, we decided to take on this challenge and translate what we can learn from research in ways that it translates into recommendations for parents. For me, it’s been a great learning experience to write this book. As academics, we are used to making all sorts of caveats — “can’t say, more research is needed” — where the data is shaky. But as a parent, you have to make decisions, whether you have scientific evidence or not. So we’ve tried to take this seriously and be helpful even where we don’t have all the answers. We did so by being very honest about what we know and what we don’t know — and then still give advice based on what we think makes sense based on our own experiences as researchers, educators, and parents. The Youth and Media team at BKC has been very helpful to keep us honest and grounded.

In the introduction to the essay series on the pandemic, risk, digitization, and the law, you and Jens Drolshammer state that the book is an experiment. What do you mean by that?

It’s been an experiment in multiple ways. It’s experimental in the sense that it was written during the early moments of the pandemic, with lots of uncertainty and even unknown unknowns. The texts offer real-time observations and reflections, without a rigorous methodology, which of course means that our observations are not scientific and offered more in the spirit of early hypotheses. We looked at it like writing initial observations and questions into a personal journal and making these entries publicly available because it might be of interest to others as well. We did so based on stories, reports, news coverage, etc. we’ve collected from the first day of the pandemic based on a set of 10 criteria.

So both the format and working style is experimental, at least for me. We hope that these early and only tentative entries into what we termed our “logbook” might invite more rigorous work over the years to come. It’s also an experiment to write and publish such a book across the Atlantic during such an extraordinary time.

Will you publish an English translation of the book?

I don’t think so. While I enjoy the challenge of writing and publishing in two different languages, I generally don’t feel excited about translating what I’ve written in one language to the other. To me, it’s about more than translating the text: When writing in German or English, I think differently about what I am going to say and how — it’s like flipping a switch.

That said, a brief summary with some of the key observations, as well as a transatlantic conversation with Professor Martha Minow and John Palfrey that is included in the essay collection, is also available on Medium.

Do you plan to continue writing books, and if so, what’s next?

I try to keep a balance as far as types of contributions are concerned. I’m working on a number of shorter articles right now, but have another book project lined up — this time a book on the turn to information and information law, which brings me back to the roots of my academic life.

On a personal level, I enjoy working on books because it forces me to learn and engage in different ways than what has become the dominant mode in today’s professional lives. I’m acutely aware that both reading and writing books are an enormous privilege, and I couldn’t be more grateful for it.

Urs Gasser on two new books — and what’s ahead was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.


Me2B Alliance

Re: Introducing new co-chair for the Me-s WG

Thanks for the introduction, Lisa. It's great to meet you, Muriel! We've got lots to learn and many discussions ahead about the impacts of technology on Me's, and thank you for all your work and leadership to get us there! Looking forward to speaking soon, Sincerely, Zach
Thanks for the introduction, Lisa.
It's great to meet you, Muriel!
We've got lots to learn and many discussions ahead about the impacts of technology on Me's, and thank you for all your work and leadership to get us there!
Looking forward to speaking soon,
Sincerely, Zach



Wednesday, 16. September 2020

ID2020

ID2020 Celebrates International Identity Day

Please join us today in celebrating International Identity Day. Identity is a fundamental and universal human right. Unfortunately, one in seven people globally — more than one billion individuals — are unable to prove who they are by any widely recognized means. This most fundamental function — the ability to prove who we are — is something that many of us take for granted. Yet it is an in

Please join us today in celebrating International Identity Day.

Identity is a fundamental and universal human right. Unfortunately, one in seven people globally — more than one billion individuals — are unable to prove who they are by any widely recognized means.

This most fundamental function — the ability to prove who we are — is something that many of us take for granted. Yet it is an incredibly important one, allowing us to enjoy rights and protections under the law, access a variety of services, participate as citizens and voters, transact in an increasingly digital economy, and much more.

ID2020 was launched in 2016 to address this global issue by fostering collaboration between the private sector, government, and nonprofit organizations toward a common vision: good ID for all.

Our work is premised on the notion that we all deserve better ways to prove who we are, both in the physical world and online. But achieving our vision will require an intentional focus and sustained commitment to ensuring that the needs of the most vulnerable in society are met. If past experience has taught us anything it is that, absent this focus, hundreds of millions of people will be left behind.

In 2018, in collaboration with the UN High Commissioner for Refugees (UNHCR), we published the ID2020 Manifesto. The Manifesto outlines our values and serves as the basis for the ID2020 Certification for digital ID solutions, our advocacy activities, and the programmatic work we are undertaking in partnership with governments and development and humanitarian organizations.

ID2020 Alliance partners recognize that achieving our shared vision will also require businesses, government, and civil society to collaborate and make simultaneous progress along four tracks:

Continuing to advance digital ID technologies and test them in the field Promoting public and private sector implementations Establishing the technical standards and legal and regulatory frameworks necessary to ensure that these systems are privacy-protecting, user-controlled, portable, interoperable, and persistent across an individual’s lifespan Working across sectors — and with a wide array of stakeholders — to build trust in these systems and support their adoption

ID2020 exists to support this type of collaboration.

Each year, the United Nations recognizes official days of observance for a variety of issues on the international development and human rights agenda. These days promote awareness of, and global action on, important political, social, cultural, humanitarian, or human rights issues.

This is a marathon, not a sprint, and a mission we cannot accomplish alone. We are proud to support efforts, such as the International Identity Day Coalition, that expand awareness of this critical development goal.

We hope that you will consider joining ID2020 as a member of the International Identity Day Coalition. The Coalition brings together development agencies, governments, and public interest organizations to advocate for the formal recognition of International Identity Day by the United Nations and its member nations.

For more information about the Coalition, please visit their website: https://www.id-day.org

ID2020 Celebrates International Identity Day was originally published in ID2020 on Medium, where people are continuing the conversation by highlighting and responding to this story.


ID2020 Celebrates International Identity Day

Please join us today in celebrating International Identity Day. Identity is a fundamental and universal human right. Unfortunately, one in seven people globally — more than one billion individuals — are unable to prove who they are by any widely recognized means. This most fundamental function — the ability to prove who we are — is something that many of us take for granted. Yet it is an in

Please join us today in celebrating International Identity Day.

Identity is a fundamental and universal human right. Unfortunately, one in seven people globally — more than one billion individuals — are unable to prove who they are by any widely recognized means.

This most fundamental function — the ability to prove who we are — is something that many of us take for granted. Yet it is an incredibly important one, allowing us to enjoy rights and protections under the law, access a variety of services, participate as citizens and voters, transact in an increasingly digital economy, and much more.

ID2020 was launched in 2016 to address this global issue by fostering collaboration between the private sector, government, and nonprofit organizations toward a common vision: good ID for all.

Our work is premised on the notion that we all deserve better ways to prove who we are, both in the physical world and online. But achieving our vision will require an intentional focus and sustained commitment to ensuring that the needs of the most vulnerable in society are met. If past experience has taught us anything it is that, absent this focus, hundreds of millions of people will be left behind.

In 2018, in collaboration with the UN High Commissioner for Refugees (UNHCR), we published the ID2020 Manifesto. The Manifesto outlines our values and serves as the basis for the ID2020 Certification for digital ID solutions, our advocacy activities, and the programmatic work we are undertaking in partnership with governments and development and humanitarian organizations.

ID2020 Alliance partners recognize that achieving our shared vision will also require businesses, government, and civil society to collaborate and make simultaneous progress along four tracks:

Continuing to advance digital ID technologies and test them in the field Promoting public and private sector implementations Establishing the technical standards and legal and regulatory frameworks necessary to ensure that these systems are privacy-protecting, user-controlled, portable, interoperable, and persistent across an individual’s lifespan Working across sectors — and with a wide array of stakeholders — to build trust in these systems and support their adoption

ID2020 exists to support this type of collaboration.

Each year, the United Nations recognizes official days of observance for a variety of issues on the international development and human rights agenda. These days promote awareness of, and global action on, important political, social, cultural, humanitarian, or human rights issues.

This is a marathon, not a sprint, and a mission we cannot accomplish alone. We are proud to support efforts, such as the International Identity Day Coalition, that expand awareness of this critical development goal.

We hope that you will consider joining ID2020 as a member of the International Identity Day Coalition. The Coalition brings together development agencies, governments, and public interest organizations to advocate for the formal recognition of International Identity Day by the United Nations and its member nations.

For more information about the Coalition, please visit their website: https://www.id-day.org


Me2B Alliance

Introducing new co-chair for the Me-s WG

Hi everyone,   I’m delighted to introduce you all to Muriel Shockley who has volunteered to co-chair the Me-s WG with Jeff Orgel.   Muriel is the program director for undergraduate studies at Goddard College in Vermont, and has a rich background of skills and expertise, with a BS in Econ from Smith College, a masters in Clinical Psychology from Antioch University and a PhD in Leade

Hi everyone,

 

I’m delighted to introduce you all to Muriel Shockley who has volunteered to co-chair the Me-s WG with Jeff Orgel.

 

Muriel is the program director for undergraduate studies at Goddard College in Vermont, and has a rich background of skills and expertise, with a BS in Econ from Smith College, a masters in Clinical Psychology from Antioch University and a PhD in Leadership and Change from Antioch University.  We are fortunate indeed to have Muriel engaged as a co-chair of the Me-s working group.

 

Please join me in welcoming Muriel to the Me2B Alliance family.

 

Lisa


WomenInIdentity

Member Interview – Shilpa Maher

What do you do and what is it about your job that gets you out of bed in the morning? I’m working for HSBC and have been here since May… The post Member Interview – Shilpa Maher appeared first on Women in Identity.
What do you do and what is it about your job that gets you out of bed in the morning?

I’m working for HSBC and have been here since May 2016 doing a variety of roles, but recently (well since Jan 2018), I have been getting my fingers dirty in something very exciting –  defining and creating a brand new strategic capability for the Bank called – Events Based Data Assurance – which will underpin our Digital Identity efforts.

Essentially, all Digital Identity is customer data that we trust. We have a lot of customer data in the Bank but we don’t record why we trust this data and so we ask the customer to prove who they are over and over again. i.e. when someone wants to open a new account, we ask them to prove their ID by showing us their passport. Someone in the Bank will look at the passport, match the photo on the passport to the person standing in front of them, and confirm that they match. However, what is recorded is the person’s name, DOB, Nationality BUT not the event of ‘passport check in branch’.

If we recorded ‘why we trust the data’ using a new type of data called ‘EVENTS’ i.e. the event which led to us knowing why we trust a piece of data (in the above example, Suzie, a Branch advisor in our Canary Wharf branch checked that the photo on the passport matched the person in front of them and it matched, it unlocks a huge opportunity inside the bank to ‘RE-USE’ data across markets and functions – resulting in a fantastic customer experience and reduction in costly and often duplicative processes.

How did you get to where you are today?

I started on the Barclays Bank Graduate Programme and tended to move around every 3 years or so to new places.

I had a curious mind and wanted to do ‘new’ things rather than be in a BAU type role.

I was hungry to learn and develop and so sought opportunities every time I felt like I had learnt all I could from an organisation. I’ve tried my hand at all sorts of things from Banking, to Management Consulting, to starting up a brand new dotcom business, to digitising an insurance company, studying for an MBA, moving to the online travel industry and then back to Digital Banking and now most recently, qualifying as a Personal Performance Coach and setting up a Coaching Business as a side hustle!  I absolutely love helping people understand what their potential is and to guide them to go and realise this!

What is the most important lesson you have learned along the way?

The most important lesson I have learnt along the way is to be your authentic self, don’t try and be someone who you’re not. I know this is difficult because we all suffer from this, especially us women. We’re always comparing ourselves with the person who is always getting the promotions, the attention, the recognition etc – but by trying to be like her, you slowly start to move away from who you are at your core – your authentic self.

This will only result in a lot of frustration and unhappiness which can become a huge problem.

Remember, you’re an individual with skills, experience and a personality which is unique to you. Embrace this and become comfortable in your own skin and let people see the real you! You’ll be surprised where this can lead!

What’s your pitch to CEOs in the identity space? What do you suggest they START / STOP / CONTINUE doing and why? Writing down your internal business activities in a granular way – so that others can understand why they should trust this piece of data Agree on a common data model which can be used to describe events Define the key trusted providers in your country (utility companies, passport office, mobile phone companies, travel companies) who are willing to start exchanging data/ events with you; get them to write down what they do to assure data in a machine readable way (using the same data model) Stop: Trying to solve for the World – start small, and then scale focusing on real life use cases Continue: to have dialogue with organisations, governments and customers/ citizens to keep the conversation going so that potential solutions/ way forward are relevant to define key customer/ citizen/ employee pain points and look to solve for these In one sentence, why does diversity matter to you?

We are all unique and with this uniqueness, we each bring a different viewpoint to the same problem so be tolerant, embrace this difference and experience the powerful results that follow.

What book/film/piece of art would you recommend to your fellow members? Why?

I’d highly recommend ‘Man’s search for meaning’ by Viktor Frankl because it teaches us/demonstrates the power of the mind and resilience.

I absolutely love the quote in the book: “he who has a WHY to live can bear with almost any HOW……and what alone remains is the last of human freedoms is the ability to choose one’s attitude in a given set of circumstances.”

What advice would you give to the teenage ‘you’?

Don’t be afraid, speak your mind, be yourself and think positive thoughts. As a kid growing up in the UK, I suffered from both racial discrimination and bullying – which impacted hugely on my self -confidence. I hid in my shell and didn’t feel as valued, important or equal to my peers and therefore didn’t take the opportunities that presented themselves to me because of this.

Don’t worry about what people will think; ask the ‘stupid’ questions and never feel that you’re not good enough!

Where can we find you on social media / the Web?

LinkedIn: linkedin.com/in/shilpamaher

Twitter: @shilpamaher

Instagram: shilpamahercoaching

Facebook: shilpamahercoaching

Website: www.shilpamahercoaching.com

The post Member Interview – Shilpa Maher appeared first on Women in Identity.


Berkman Klein Center

International Human Rights Law Is Not Enough to Fix Content Moderation’s Legitimacy Crisis

Photo: Pixabay Should tech companies follow human rights law to govern online speech? This proposal has tremendous appeal. International human rights law can offer a set of rules designed in the public interest with the broad support of a global community. This certainly appears superior to the status quo wherein a handful of CEOs set rules for the speech of billions of social media users. Unsurpri
Photo: Pixabay

Should tech companies follow human rights law to govern online speech? This proposal has tremendous appeal. International human rights law can offer a set of rules designed in the public interest with the broad support of a global community. This certainly appears superior to the status quo wherein a handful of CEOs set rules for the speech of billions of social media users. Unsurprisingly, scholars (here and here) and civil society organizations (here and here) have expressed their support and the project has gained a lot of traction since David Kaye — then UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression — promoted it in 2018.

However, adopting international human rights law might not lead to more legitimate content moderation rules. First, international human rights law is not a set of universally accepted rules. The framework favors some speech standards over other reasonable alternatives. The choice for those standards should itself be subject to a legitimate rule-making process. Second, international human rights law is in many areas highly indeterminate. It offers guidance but no precise answers to many challenging questions. In those cases, human rights law might not constrain the power of tech firms but instead only create the appearance of legitimacy. In other words, the proposal could mean business as usual with the added ‘legitimacy-aura’ of human rights law.

International Human Rights Law Is Not Neutral

The International Covenant on Civil and Political Rights (the Covenant) offers the primary international guidance for free expression standards. The Covenant puts a priority on some normative options over others in areas in which reasonable disagreement between legal systems, experts, and communities exists. Two current controversies illustrate this point.

In July, the Stop Hate for Profit campaign brought together hundreds of companies. For one month, they withheld advertisement from Facebook demanding that the tech giant curb the spread of hate on the platform. Among other demands, the campaign requests the removal of groups focused on Holocaust denial. Although sensible and understandable, the request is in tension with Articles 19 and 20 of the Covenant. The Human Rights Committee, the body that authoritatively interprets this international treaty, has said, “Laws that penalize the expression of opinions about historical facts are incompatible with the obligations that the Covenant imposes.” Indeed, in 2019, Kaye explicitly used the bans on Holocaust denial as an example of a law that breaches states’ international obligation to protect freedom of expression.

In other areas, human rights law sides with the campaign’s demands. Stop Hate for Profit also asks that platforms apply their rules equally to politicians and other users. Twitter and Facebook, however, see things differently. During the COVID-19 pandemic, they decided not to delete President Trump’s posts violating their rules on glorification of violence, election integrity, and COVID misinformation. They reasoned that the public interest of citizens in learning what their representatives think in these cases outweighed the harmful effects of such speech. In other instances, Facebook did remove a video posted by Trump’s campaign for spreading COVID-19 misleading information, and both firms took down content that Brazil’s President Jair Bolsonaro had posted in violation of their rules.

In this contentious debate, international law falls much closer on the side of the Stop Hate for Profit campaign. Kaye’s 2019 report (see para. 47) explains that even though exceptions to protect political speech could in exceptional cases be acceptable, in principle politicians and the public ought to be subject to the same rules. According to the report, harmful speech can even be more dangerous when uttered by political leaders. Therefore, there are even stronger reasons to apply speech rules to these figures.

The main point is that reasonable disagreement exists about how to balance these different considerations when governing politicians’ speech. And the choices that international law (or the Human Rights Committee) makes in these debates are not obvious and not universally accepted. They should themselves be subject to the control of the people. Rather than shifting decision-making power from tech companies to the UN (although certainly a step forward), it is urgent to focus on building processes that can actually involve the public in the deliberation over speech rules.

Lending Legitimacy to Unconstrained Power

At the same time, international human rights law leaves many speech questions unanswered. I have written about the contradictions between regional human rights systems that the UN framework does not solve. A more fundamental open question is how to apply the legitimacy requirement of Article 19 of the International Covenant on Civil and Political Rights to content moderation.

According to Article 19, all restrictions to freedom of expression must have a legitimate end. Legitimate ends for governmental restrictions on speech are the protection of national security or of public order or of public health or morals. Evelyn Aswad asks the right questions: Which ends would be legitimate for content moderation rules set by private companies? Could tech companies claim a business interest as a legitimate purpose? And even if they were not entitled to rely on the most explicit commercial interests such as advertisers’ preferences, could these companies claim that a specific content moderation rule helps them shape the type of community they want to foster?

Most supporters of the proposal would acknowledge that it is necessary to let companies disallow content for the purpose of meeting the preferences and expectations of different users. This appears sensible. Otherwise, all the speech that international human rights law protects — including adult nudity, pornography, and many graphic depictions of violence — would likely have to be allowed on platforms such as Facebook. This would render platforms nearly useless to a large set of users that does not want to navigate through all forms of legal, but perhaps undesirable, speech. But the line between permissible and impermissible ends becomes blurry, and the Covenant, designed to be applied to states, definitely does not draw such a line.

As long as no line exists, international human rights law poses few constraints on what companies can do. For any rule a company might wish to set, it could articulate a public interest end that the rule advances. For instance, for nudity rules, tech firms could claim they are trying to avoid all possible non-consensual distribution of intimate images. For hate speech that does not incite violence, they could posit that they are creating a “safe” environment for communities that are disproportionately the target of such speech. And the list goes on. Susan Benesch has proposed helpful guidance to translate the requirements of Article 19 to content moderation. But unless broad consensus can be built around the meaning of terms such as “the protection of moral,” human rights law will lend its legitimate framework and vocabulary without meaningfully constraining private regulatory power.

International Human Rights Law as a Framework

Adopting human rights law as default content moderation rules can be a project of translation, meaning: take international law standards that already exist and translate them into implementable content moderation rules. For the reasons I discussed earlier, I have little faith in that project.

However, another proclaimed virtue of international human rights law is that it offers a common framework and vocabulary to guide the discussion between multiple actors on how to come up with a new language, a new rulebook specifically designed for online speech. Indeed, it may still be valuable to rely on the human rights framework not to answer all questions but to agree on what questions need to be asked (does the rule have a legitimate end? is the rule necessary to meet that end? are less intrusive measures available?). Tech companies (or anyone making the rules) can contribute to public reasoning and deliberation by being transparent about the lack of unequivocal answers. They should explain, instead, why they prefer certain rules and how they think about them through the lens of the standards set forth in Article 19 of the Covenant. That type of transparent reasoning could be the start of a dialogue with other actors in a shared language.

Such an approach resembles what Larry Lessig refers to as “latent ambiguities.” Lessig tried to imagine how judges would react to novel legal questions posed by the development of technology. In some cases, translation of already existing rules would be easy: for example, extending the protection of mail to electronic communications. In other cases, however, there is no unequivocal answer, and there is a need to decide anew how to regulate. For those situations, Lessig imagined that judges could promote democratic deliberation by identifying those “ambiguous” areas, proposing possible paths forward, and explaining how their own decisions would advance constitutional values.

There is one fundamental difference between Lessig’s work on judicial adjudication and content governance. In the case of judicial decision-making, legislatures could later contest the judges’ decisions. Lawmakers can debate and vote for a different rule. In the governance of online content, although civil society may well play a role in contesting the reasoning and choices tech firms offer, no institution has the authority equivalent to that of a legislature to move the dialogue forward. In that sense, the transparent reasoning of companies can be the beginning of a conversation, but it remains unclear who can “speak” next.

As Jonathan Zittrain argues, the current era of content moderation requires experimentation with processes and institutions that can reconstruct legitimacy and open opportunities for people’s participation in online governance. Looking at international human rights law, to the extent that it offers a common framework to enable conversations, might be a step in that direction. I have tried to begin exploring which positions that framework gives priority to and to emphasize the need for finding other actors that have the capacity to contest the public reasoning of tech companies. Only then will international law be able to foster an actual conversation rather than a monologue uttered by tech firms in the guise of human rights language.

International Human Rights Law Is Not Enough to Fix Content Moderation’s Legitimacy Crisis was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.

Tuesday, 15. September 2020

WomenInIdentity

Supporting International Identity Day on 16th September

The post Supporting International Identity Day on 16th September appeared first on Women in Identity.
Supporting the campaign to make every 16th September International Identity Day.

Why September 16th?

The choice of the date is in recognition of the UN’s Sustainable Development Goal (SDG) 16.9 which calls for a legal identity for all including birth registration by 2030.

In support of this, we asked some of the WiD team  to tell us about themselves and what identity means to them…

Kay Chopard Cohen Teresa Wu Esther Hoeksema-Westra Dia Banerji Diane Joyce Tamara Al-Salim

Join the conversation! Share your video messages with us!!

Email communications@womeninidentity.org.

The post Supporting International Identity Day on 16th September appeared first on Women in Identity.


FIDO Alliance

Information Security Media Group: Accelerating the Path to Passwordless Authentication

In an exclusive video interview with Information Security Media Group, Dr. Rolf Lindemann of Nok Nok Labs discusses the value of a FIDO-based approach and the road to passwordless authentication. The post Information Security Media Group: Accelerating the Path to Passwordless Authentication appeared first on FIDO Alliance.

In an exclusive video interview with Information Security Media Group, Dr. Rolf Lindemann of Nok Nok Labs discusses the value of a FIDO-based approach and the road to passwordless authentication.

The post Information Security Media Group: Accelerating the Path to Passwordless Authentication appeared first on FIDO Alliance.


The Next Web: Stop Confusing Facial Recognition with Facial Authentication

Andrew Shikiar, Executive Director and Chief Marketing Officer of the FIDO Alliance, writes how facial authentication is the easiest and most secure method to log into your device—and soon to […] The post The Next Web: Stop Confusing Facial Recognition with Facial Authentication appeared first on FIDO Alliance.

Andrew Shikiar, Executive Director and Chief Marketing Officer of the FIDO Alliance, writes how facial authentication is the easiest and most secure method to log into your device—and soon to websites. It should not be confused with a related, but fundamentally different technology. 

The post The Next Web: Stop Confusing Facial Recognition with Facial Authentication appeared first on FIDO Alliance.


Help Next Security: Five Ways to Maximize FIDO

by Jeremy Walker, Director of Sales Engineering, Identité Jeremy Walker, Director of Sales Engineering at Identité, shares five ways to maximize FIDO: use all three factors, make it simple and […] The post Help Next Security: Five Ways to Maximize FIDO appeared first on FIDO Alliance.

by Jeremy Walker, Director of Sales Engineering, Identité

Jeremy Walker, Director of Sales Engineering at Identité, shares five ways to maximize FIDO: use all three factors, make it simple and secure, fully leverage existing MDM features, get rid of passwords, use bidirectional authentication. 

The post Help Next Security: Five Ways to Maximize FIDO appeared first on FIDO Alliance.


Mobile ID World: FIDO Provides Update on 2020 Hackathon in South Korea

The FIDO Alliance’s Korea Working Group hosted a Mid-Term Meetup Event at Telecommunication Technology Association (TTA) on July 1, giving participants the opportunity to share their projects and get feedback […] The post Mobile ID World: FIDO Provides Update on 2020 Hackathon in South Korea appeared first on FIDO Alliance.

The FIDO Alliance’s Korea Working Group hosted a Mid-Term Meetup Event at Telecommunication Technology Association (TTA) on July 1, giving participants the opportunity to share their projects and get feedback from members of the Korea Working Group. The top five teams will present their projects and receive awards at the FIDO Seoul Public Seminar.

The post Mobile ID World: FIDO Provides Update on 2020 Hackathon in South Korea appeared first on FIDO Alliance.


Tech Radar Pro: Using Identity to Forge a New, Passwordless Future

by Nick Caley, ForgeRock Vice President of UK and Ireland Nick Caley, ForgeRock Vice President of UK and Ireland shares how can businesses move towards an alternative to username and […] The post Tech Radar Pro: Using Identity to Forge a New, Passwordless Future appeared first on FIDO Alliance.

by Nick Caley, ForgeRock Vice President of UK and Ireland

Nick Caley, ForgeRock Vice President of UK and Ireland shares how can businesses move towards an alternative to username and password-based credentials and names FIDO as an important driver of passwordless authentication. 

The post Tech Radar Pro: Using Identity to Forge a New, Passwordless Future appeared first on FIDO Alliance.


Identity at the Center #56: What is FIDO with Andrew Shikiar

In this episode of Identity at the Center, Jim McDonald and Jeff Steadman speak with Andrew Shikiar, Executive Director and Chief Marketing Officer of the FIDO Alliance, about FIDO and […] The post Identity at the Center #56: What is FIDO with Andrew Shikiar appeared first on FIDO Alliance.

In this episode of Identity at the Center, Jim McDonald and Jeff Steadman speak with Andrew Shikiar, Executive Director and Chief Marketing Officer of the FIDO Alliance, about FIDO and the challenges it seeks to solve.

The post Identity at the Center #56: What is FIDO with Andrew Shikiar appeared first on FIDO Alliance.


Apple @ Work Podcast: iOS 14 and macOS Big Sur bring new password technology to market

In this episode of the Apple @ Work podcast, Andrew Shikiar, Executive Director and Chief Marketing Officer of the FIDO Alliance, joins Bradley Chambers to discuss FIDO’s mission to eliminate […] The post Apple @ Work Podcast: iOS 14 and macOS Big Sur bring new password technology to market appeared first on FIDO Alliance.

In this episode of the Apple @ Work podcast, Andrew Shikiar, Executive Director and Chief Marketing Officer of the FIDO Alliance, joins Bradley Chambers to discuss FIDO’s mission to eliminate dependence on passwords and the latest developments with Apple.

The post Apple @ Work Podcast: iOS 14 and macOS Big Sur bring new password technology to market appeared first on FIDO Alliance.

Monday, 14. September 2020

Oasis Open

Invitation to comment on Open Document Format for Office Applications (OpenDocument) v1.3 - ends Sept. 29th


OpenID

Registration Open for OpenID Foundation Virtual Workshop — Wednesday, October 28, 2020

Workshop Overview OpenID Foundation Workshops provide technical insight and influence on current Internet identity standards. This virtual workshop is a reschedule of the planned face-to-face workshop prior to IIW Fall 2020. This workshop includes a panel discussion on the Foundation’s ongoing relationship and efforts with the Financial Data Exchange focused on open banking initiatives. The […]

Workshop Overview
OpenID Foundation Workshops provide technical insight and influence on current Internet identity standards. This virtual workshop is a reschedule of the planned face-to-face workshop prior to IIW Fall 2020. This workshop includes a panel discussion on the Foundation’s ongoing relationship and efforts with the Financial Data Exchange focused on open banking initiatives. The workshop will provide updates on all OpenID Foundation Working Groups as well the OpenID Certification Program.

Technologists from member organizations and others will update key issues and discuss how they help meet social, enterprise and government Internet identity challenges.


Workshop Details
WHEN: Wednesday, October 28, 2020 — 9am-11:30am PT
REGISTRATION REQUIRED: https://www.eventbrite.com/e/openid-foundation-virtual-workshop-tickets-121075932373


Workshop Agenda

TIME (PT) PRESENTATION PRESENTER 9:00-9:05 Welcome & Introduction Nat Sakimura & Don Thibeau (OpenID Foundation) 9:05-9:20 Panel Discussion: OpenID Foundation & Financial Data Exchange’s Ongoing Collaboration in Open Banking ·   Moderator: Don Thibeau – OpenID Foundation

·   Panelist: Nat Sakimura – OpenID Foundation

·   Panelist: Don Cardinal – FDX

·   Panelist: Anoop Saxena – Intuit

9:20-9:30 OpenID Certification Program Update Joseph Heenan – Fintech Labs 9:30-9:40 WG Update – AB/Connect Michael Jones – Microsoft 9:40-9:50 Self-issued OpenID Provider (SIOP) Update Kristina Yasuda — Microsoft 9:50-10:00 OpenID Federation Update Roland Hedberg — Catalogix 10:00-10:10 WG Update – eKYC-IDA Torsten Lodderstedt – yes.com 10:10-10:20 WG Update – Enhanced Authentication Protocol (EAP) Michael Jones – Microsoft 10:20-10:25 BREAK 10:25-10:35 WG Update – Fast Federation (FastFed) Darin McAdams – Amazon 10:35-10:45 WG Update – Financial-grade API (FAPI) Anoop Saxena — Intuit

 

10:45-10:55 WG Update – HEART Debbie Bucci – Consultant 10:55-11:05 WG Update – MODRNA (Mobile OpenID Connect Profile) Bjorn Hjelm – Verizon

 

11:05-11:15 WG Update – Shared Signals & Events Atul Tulshibagwale – Google

 

11:15-11:30 Open Q&A Session and Closing Remarks

 

The post Registration Open for OpenID Foundation Virtual Workshop -- Wednesday, October 28, 2020 first appeared on OpenID.


MyData

Guest Blog: Interesting outcome of the MyData Accelerator project

– What a datafied future of work & skills might be like To this day, ten months have passed since the launch of the MyData Accelerator in November 2019. We coordinated the Accelerator at Vake, the Finnish State Development Company, supported by the Technology Industries of Finland and Sitra. It has been a learning experience... Read More The post Guest Blog: Interesting outcome of the M

– What a datafied future of work & skills might be like To this day, ten months have passed since the launch of the MyData Accelerator in November 2019. We coordinated the Accelerator at Vake, the Finnish State Development Company, supported by the Technology Industries of Finland and Sitra. It has been a learning experience...

Read More

The post Guest Blog: Interesting outcome of the MyData Accelerator project appeared first on MyData.org.

Friday, 11. September 2020

FIDO Alliance

CISA Cites FIDO Authentication to Protect Political Campaigns

Andrew Shikiar, FIDO Alliance Executive Director & CMO  The US Cybersecurity and Infrastructure Security Agency (CISA),  issued an advisory Thursday recommending cyber attack remedies for election-related activities  including the use […] The post CISA Cites FIDO Authentication to Protect Political Campaigns appeared first on FIDO Alliance.

Andrew Shikiar, FIDO Alliance Executive Director & CMO 

The US Cybersecurity and Infrastructure Security Agency (CISA),  issued an advisory Thursday recommending cyber attack remedies for election-related activities  including the use of FIDO authentication to thwart phishing  attempts and account takeover. 

The advisory, entitled “ACTIONS TO COUNTER EMAIL-BASED ATTACKS ON ELECTION RELATED ENTITIES” noted that 78 percent of cyber-espionage incidents are enabled by phishing. CISA makes specific recommendations on protecting against cyber attacks to aid organizations involved in election-related activities.

Among other recommendations, FIDO Authentication was highlighted to thwart phishing attempts and protect against account takeover for cloud email and other high-value services. Specifically, CISA cites FIDO2 Security Keys as a tool that campaigns and organizations can, and should, use to protect themselves. The advisory also recommends that, when available, campaigns and organizations should enroll users in advanced protection services such as Google Advanced Protection, which leverages FIDO Security Keys as a best practice over other 2FA methodologies to protect workforces from account takeovers related to malicious attacks.

FIDO security keys offer protection against phishing attacks by working as a second, physical factor of authentication and only authenticating when a user is on the correct website. Thus, even if a user is tricked into supplying their password to a phishing website, the physical security key will still block attackers from accessing their account. 

Phishing continues to be a problem and remains one of the most popular means by which cybercriminals obtain data. Embracing FIDO technology is smart politics, and smart policy for those who understand the gravity of the cyber threat. As the election draws near, we’re increasingly seeing foreign agents attempting to infiltrate, influence and disrupt our elections.

As the CISA advisory implies, phishing and other cyber attacks are a critical issue with widespread and damaging implications to U.S. national security. The CISA advisory highlights the importance of locking down email systems, which have become a preferred vector for malicious activity. The CISA recommendations are intended as a preferred method for protecting the 2020 and future political campaigns. 

The post CISA Cites FIDO Authentication to Protect Political Campaigns appeared first on FIDO Alliance.


FIDO Alliance Submits Comments to NIST on Digital Identity Guidelines, Asks for Stronger Differentiation for Phishing-resistant Authentication Tools

In June, NIST put out a call for comments on the next iteration of its Digital Identity Guidelines, SP 800-63-4. We welcomed the opportunity to comment; read our full comments […] The post FIDO Alliance Submits Comments to NIST on Digital Identity Guidelines, Asks for Stronger Differentiation for Phishing-resistant Authentication Tools appeared first on FIDO Alliance.

In June, NIST put out a call for comments on the next iteration of its Digital Identity Guidelines, SP 800-63-4. We welcomed the opportunity to comment; read our full comments in the Government & Public Policy area of the website.

Up front, we note that SP 800-63-3 represented a significant improvement in NIST’s Digital Identity Guidelines, taking a more modern approach to identity proofing, authentication, and federation. That said, technology and threat are both never static, and we are encouraged to see that NIST is embarking on another revision of the document.

In our comments, we make three recommendations for SP 800-63-4:

1. NIST should adjust its approach to AALs to help implementers clearly differentiate between tools that are phishing resistant and those that are not. 

Today, a variety of authenticators based on shared secrets – including Look-Up Secrets, Out-of-Band Devices (i.e., Push), and OTP apps and tokens – are given the same weight in AAL2 as authenticators based on asymmetric public key cryptography, such as FIDO. Given how attackers have caught up with the former, it no longer makes sense to combine  these two types of authenticators under a single designation. Doing so misleads implementers into thinking these two categories of authenticators are equivalent in strength or resiliency. In our comments, we provide NIST with several ideas for how it can adjust the AALs to provide more differentiation between tools that are phishing resistant and those that are not. 

2. NIST should engage with FIDO Alliance to explore other alternatives to enable FIDO authenticators to meet AAL3 requirements

When SP 800-63-3 was first published, it created a path for some FIPS 140 validated FIDO authenticators to meet AAL3 – if those authenticators were deployed in concert with Token Binding to deliver Verifier Impersonation Resistance. Since that time, most major browser vendors have withdrawn support for token binding. Per discussions with NIST, we understand that this means that FIDO authenticators can no longer meet AAL3 without implementing other approaches to mitigate the loss of token binding. As NIST embarks on the next revision of SP 800-63, we urge NIST to engage with FIDO Alliance to explore other alternatives to enable FIDO authenticators to meet AAL3 requirements.

3. Provide more direct references to FIDO

SP 800-63B describes Requirements by Authenticator Type but is inconsistent in how it points to standards that support that type. This has created some confusion in the marketplace when implementers consult SP 800-63B and see reference to standards like OTP and PKI but do not see any specific reference to FIDO. In our comments, we offer three suggestions for how the guidance can directly reference FIDO so that implementers have a clearer understanding of where FIDO fits in and supports the requirements. 

We greatly appreciate NIST’s consideration of our comments and look forward to ongoing dialogue and collaboration as they seek to update the Digital Identity Guidance.

The post FIDO Alliance Submits Comments to NIST on Digital Identity Guidelines, Asks for Stronger Differentiation for Phishing-resistant Authentication Tools appeared first on FIDO Alliance.


One World Identity

Face the Facts: Friday Dealbook for 9/11/2020

Facial biometric technology is one of the hottest and most controversial tech topics of the year. From protests and policing, to payments and travel, to lawsuits and city-wide bans, facial biometrics and facial recognition have taken the world by storm, for good or otherwise. Our deals this week also reflect the rampant interest in this … Face the Facts: Friday Dealbook for 9/11/2020 Read More

Facial biometric technology is one of the hottest and most controversial tech topics of the year. From protests and policing, to payments and travel, to lawsuits and city-wide bans, facial biometrics and facial recognition have taken the world by storm, for good or otherwise. Our deals this week also reflect the rampant interest in this technology, with AnyVision and Wee Digital bringing in more than $44 million collectively for their facial recognition-based services. 

 

What are your thoughts on the use of facial recognition? Is more government oversight needed, or are we sleeping on a valuable opportunity? 

If you are interested in learning more about these deals and deals like them, let’s talk.

 

The Top Deals Covered by OWI this Week

 

Sumsub \ sumsub.com \ Founded in 2015

Developer of an identity verification platform intended to speed up verification, reduce costs, and detect digital fraud. The company’s platform is an artificial intelligence-based identity verification and compliance risk management toolkit that automates identity verification and translates the organization’s AML policy into automated digital workflows, enabling clients to make identity verification and background checks within a minute for conversation rates of up to 97%.

The company raised $6 million of Series A venture funding in a deal led by MetaQuotes Software on September 8, 2020. Flint Capital and Ilia Perekopsky also participated in the round. The funding raised will be used to further develop its products, expand into new markets, and grow its enterprise customer base.

 

AnyVision \ anyvision.co \ Founded in 2015

Developer of a facial recognition technology designed to shape the future of AI. The company’s technology analyzes face recognition results with an open-source intelligence dashboard based on a social network database and reveals contacts, collaborators, and insights about the given target, thereby enabling businesses to get an advanced object and facial recognition technology integrated with their cameras.

The company raised $43 million of Series B venture funding from Qualcomm Ventures, Robert Bosch, and Lightspeed Venture Partners on September 3, 2020. DFJ Growth, O.G. Tech Ventures, Eldridge Industries, and other undisclosed investors also participated in the round. The funds will be used to scale its touchless access control and remote authentication products. 

 

Wee Digital \ weedigital.vn \ Founded in 2016

Developer of face recognition technology designed to offer digital banking experience. The company’s platform offers biometric technology for financial institutions on mobility and digitalization in order to shape the future banking and payment landscape, enabling clients to change micro- transaction behavior and move towards a cashless society.

The company announced a seven-digit funding round on September 8, 2020 from InterVest and existing backer VinaCapital Ventures. The company said it looks to use the fresh capital to expand in the market and to further develop products and services across the financial services sector in Vietnam.

 

Investor Highlight

Flint Capital \ flintcap.com \ Founded in 2013

Founded in 2013, Flint Capital is a venture capital firm based in Cambridge, Massachusetts. The firm seeks to invest in companies operating in consumer internet, mobile, health tech, fintech, cybersecurity and enterprise software sectors.

Active Portfolio – 33

Investments (TTM) – 11

Med. Round Amount – $6.00M

Med. Valuation – $27.96M

# of Exits – 14

 

Cyolo

Mitiga

Socure

Sumsub

 

Join our next monthly Investing in Identity Digital Forum on September 29th, for a deep dive into investing in identity.

The post Face the Facts: Friday Dealbook for 9/11/2020 appeared first on One World Identity.

Thursday, 10. September 2020

Credentials Community Group

What’s in a Wallet? The recap

On July 7 and 14, 2020, The CCG hosted two sessions where we asked people from inside and outside the community to answer the question, “What’s in a Wallet?” You can review the meeting notes and listen to the audio … Continue reading →

On July 7 and 14, 2020, The CCG hosted two sessions where we asked people from inside and outside the community to answer the question, “What’s in a Wallet?” You can review the meeting notes and listen to the audio below:

Tuesday July 7, 2020 Tuesday July 14, 2020

“What’s in a Wallet?” as answered by…

Manu Sporny, Digital Bazaar: Wallet Architecture Diagram Christopher Allen: Decentralized Identity Network Components Dan Buchner: Microsoft (check the minutes.) Kyle Kemper, SwissKey Kaliya Identity Woman Young: CCG Glossary Group with DIF Presentation Orie Steele, Transmute: Universal Wallet Daniel Hardman: What goes in a Wallet? Darrell O’Donnell: The State of Digital Wallets Charles Cunningham, Jolocom: What’s in a Wallet? Katryna Dow, MeeCo (check the minutes.) Nathan Tonani, Learning Economy.io: What is a Wallet?

As you can see, there are a lot of interpretations for what is in a wallet. We hope you find these presentations and perspectives mind-opening and keep in mind the desires of your end users when you develop digital identity wallets.

Materials from this blog post taken from this github thread (shout out to Juan Caballero), & Heather Vescent’s Twitter week 1 & week 2 threads.

Wednesday, 09. September 2020

Oasis Open

OSLC Quality Management Version 2.1 from the #OSLC Open Project is approved as our first Project Specification

Tuesday, 08. September 2020

Me2B Alliance

Re: Selling personal data -- an experiment

Hi James, I think that particular one is around complexity. They know that they cannot serve the needs of those looking for complex products very well with only a single white box to fill in. So they make more money by doing that hand-off to someone who is more geared up to do so. Google have dabbled in the space over the years with various ‘offers’ services or comparison shopping but they are n
Hi James, I think that particular one is around complexity. They know that they cannot serve the needs of those looking for complex products very well with only a single white box to fill in. So they make more money by doing that hand-off to someone who is more geared up to do so.
Google have dabbled in the space over the years with various ‘offers’ services or comparison shopping but they are not as yet that big in those areas.
Iain


Re: Selling personal data -- an experiment

@Iain and others – why do you think that the big players (Google, Facebook etc.) are not (yet) doing too much in those spaces and leave quite some money on the table for intermediaries? Reputational concerns, regulatory concerns, complexity…?     From: <main@Me2BAlliance.groups.io> on behalf of "Iain Henderson via groups.io" <iain.henderson@...> Reply to: "main@Me2BAllia

@Iain and others – why do you think that the big players (Google, Facebook etc.) are not (yet) doing too much in those spaces and leave quite some money on the table for intermediaries? Reputational concerns, regulatory concerns, complexity…?

 

 

From: <main@Me2BAlliance.groups.io> on behalf of "Iain Henderson via groups.io" <iain.henderson@...>
Reply to: "main@Me2BAlliance.groups.io" <main@Me2BAlliance.groups.io>
Date: Saturday, 25 July 2020 at 20:45
To: "main@Me2BAlliance.groups.io" <main@Me2BAlliance.groups.io>
Subject: Re: [Me2BAlliance] Selling personal data -- an experiment

 

Agreed James, although I suspect the steady state for ‘considered purchases’ won’t need/ benefit from intermediaries. Individuals (demand) will have standardised API’s as will the manufacturers, distributors and retailers (supply).

 

If you look at considered purchases in more detail, Google, Facebook and Amazon don’t actually try to do too much in those spaces other than hand off to sector level experts after the search phase. For example, if you do a google search for ’new car’ you get intermediaries at the top of the list as below. Behind the scenes the manufacturers are happy to let the intermediaries separate the wheat from the chaff (unless the search mentions them specifically).

 

Iain

 



Monday, 07. September 2020

Me2B Alliance

No Alliance call today

Hi Friends,   A friendly reminder that this month is a webinar month, which will be next Monday in light of the holiday in the US.      So no monthly meeting or webinar today.  Enjoy your week!   Lisa

Hi Friends,

 

A friendly reminder that this month is a webinar month, which will be next Monday in light of the holiday in the US.   

 

So no monthly meeting or webinar today.  Enjoy your week!

 

Lisa


WomenInIdentity

Launching our Singapore chapter

Local Ambassador, Helen Chua, gives a round-up of the latest WiD launch on August 28th 2020 There has been much discussion of the role of digital identity since the pandemic.… The post Launching our Singapore chapter appeared first on Women in Identity.
Local Ambassador, Helen Chua, gives a round-up of the latest WiD launch on August 28th 2020

There has been much discussion of the role of digital identity since the pandemic. Most countries have experienced lockdowns and are now looking to digitise many traditional services.

In Singapore, the pandemic clearly highlighted the digital divide. While much has already been done to fill the gap, there is still more to do. This was a key point made by Minister Indranee, the keynote speaker at our recent webinar.

She explained that the Singapore government’s enduring vision is to have a fair and just society where everyone has equal opportunity to fulfill their dreams. But, like many countries, social divisions have widened during COVID-19.

The launch of the WiD Singapore chapter is a timely one as it emphasizes the importance of digitalisation and digital identity.  The Minister believes that, in order to encourage women into careers in these areas, we have to start educating young girls to the benefits and opportunities of STEM subjects.

Ms Rama Sridhar, EVP at Mastercard, highlighted that the establishment of WiD will further encourage women to participate as subject matter experts around various aspects of technology. It is one of WiD’s core objectives to encourage and support women into leadership roles.

The establishment of WiD will further encourage women to participate in speaking as subject matter experts around various domains of technology.

Rama Sridhar, EVP at Mastercard

Personally, I am very excited about the role that WiD can play in Singapore, promoting digital identity and digital inclusion. Digital identity empowers every business and individual to reach their full potential.  This is just the beginning of our journey as the Singapore chapter and we really want to reach out to more Singaporeans to elevate, inspire and support women in their STEM careers.

Join us now at https://womeninidentity.org/become-a-member/ #ForAllByAll

The post Launching our Singapore chapter appeared first on Women in Identity.

Sunday, 06. September 2020

Me2B Alliance

Re: Local First

(Maybe safe to say that all 7 principles are a matter of opinion.)   The preference of keeping stuff local—I gotta think that’s allowed.  Maybe safe to say the principles need more contextual nuance.   And yeah, “ownership” is problematic.  BTW, I’ve been reading Sandra Petronio’s Communication Privacy Management  Theory and she makes clear that as soon as you discl

(Maybe safe to say that all 7 principles are a matter of opinion.)

 

The preference of keeping stuff local—I gotta think that’s allowed.  Maybe safe to say the principles need more contextual nuance.

 

And yeah, “ownership” is problematic.  BTW, I’ve been reading Sandra Petronio’s Communication Privacy Management  Theory and she makes clear that as soon as you disclose something, it becomes co-owned by both you and the confidant—as are the boundary management rules.  I’m finding CPM to be incredibly rich and relevant to thinking about information sharing and management (h/t to John Wunderlich for the suggestion months ago).

 

Lisa

 

Thursday, 03. September 2020

OpenID

The eKYC & IDA Working Group Welcomes the Proposal of the European Commission to Extend the Scope of eIDAS Trust Services

The eKYC and Identity Assurance Working Group (eKYC & IDA WG) of the OpenID Foundation welcomes the proposal of the Commission to extend the scope of eIDAS trust services by introducing a new trust service for identification, authentication and for the provision of attributes, credentials and attestations and allowing the provision of identification for devices […] The post The eKYC & ID

The eKYC and Identity Assurance Working Group (eKYC & IDA WG) of the OpenID Foundation welcomes the proposal of the Commission to extend the scope of eIDAS trust services by introducing a new trust service for identification, authentication and for the provision of attributes, credentials and attestations and allowing the provision of identification for devices (Option 2 in the EC Revision of the eIDAS Inception Impact Assessment). This will allow companies operating identity solutions to contribute to securing digital transactions across the EU.

The eKYC & IDA WG is a dedicated working group of the OpenID Foundation (the technical standardisation body specifying OpenID Connect and accompanying extensions). The OpenID Foundation delivers specifications for interfaces that enable interoperability between implementations, and the eKYC and Identity Assurance Working Group is focusing on use cases and extensions to OpenID Connect for communicating strong identity assurance. (https://openid.net/wg/ekyc-ida/).

Most commercial identity providers have built their solutions on OpenID Connect because of its strong support for mobile platforms, ease of integration, formally proven security, and the ability to have users explicitly consent. Billions of transactions are performed every day using OpenID Connect. A significant number of identity providers, e.g. financial institutions or telecommunications operators, are also able to assert digital identities on a level comparable to eIDAS trust level substantial or high. A significant number of relying parties and their developers are familiar with OpenID Connect as it is used for Open Banking as well as their own use cases. In order to leverage the respective digital identities for the EU Single Market, we recommend the commission to endorse OpenID Connect beside SAML (which was already endorsed under Implementing Act 2015/1501) as a technical standard for eIDAS.

We would also like to mention that several Identity Providers provide access to government issued identities via OpenID Connect and even eID systems use OpenID Connect, namely itsme (Belgium), BankID (Norway, Sweden, & Finland), and France Connect (France). We think this is a strong evidence that OpenID Connect could facilitate the implementation of all options given in the inception impact assessment document.

We also know that most commercial identity providers provide a mixture of attributes maintained according to different trust frameworks and at different trust levels (just think of name vs eMail address) and even self asserted attributes for the same identity. Technical standards utilised to implement the updated eIDAS regulation should consider and support such use cases by providing a clear delineation between identity attributes verified and maintained according to different trust frameworks as well as accompanying metadata about sources, validation process, and trust level (https://www.slideshare.net/TorstenLodderstedt/identity-assurance-with-openid-connect).

The commission might also want to consider use cases where the digital identity of EU citizens is used beyond the boundaries of the EU. The eKYC working group focuses on an international standard that is relevant to many jurisdictions with representatives from Japan, Australia, UK, US, France, Czech, and Germany. In our experience, international use cases increase the requirement for dedicated representation of the aforementioned metadata in the technical standard for attribute provisioning in order to allow the relying party to process identity data in a robust fashion.

Since the consultation paper mentions blockchain based identity solutions, we would like to point out that technical diversity in implementations is of utmost importance for innovations. However, adoption across member states and services requires technical interoperability. That’s why there is also work under way to provide a bridge between blockchain based identity solutions and relying parties via the mature and simple integration with OpenID Connect standard.

As subject matter experts in digital identity, we are thrilled with the direction eIDAS is taking and are more than happy to offer our advice in the course of targeted stakeholder interviews.

The post The eKYC & IDA Working Group Welcomes the Proposal of the European Commission to Extend the Scope of eIDAS Trust Services first appeared on OpenID.

Wednesday, 02. September 2020

Me2B Alliance

Re: Ethisphere

From the FAQ: The self-reported scores are combined with the qualitative assessment of an applicant company’s supplemental documentation and independent research to produce a final EQ score. It looks like it’s primarily qualitative and based on a risk assessment process that is similar to one we used to do when I was at Price Waterhouse years ago. Noreen
From the FAQ: The self-reported scores are combined with the qualitative assessment of an applicant company’s supplemental documentation and independent research to produce a final EQ score.

It looks like it’s primarily qualitative and based on a risk assessment process that is similar to one we used to do when I was at Price Waterhouse years ago.
Noreen


Decentralized Identity Foundation

Presentation Exchange: A Leap Toward Interoperability for the Decentralized Identity Ecosystem

Photo by 🇨🇭 Claudio Schwarz | @purzlbaum on Unsplash The decentralized identity ecosystem is on its inevitable path toward widespread adoption and meaningful use. There are a growing number of interpretations and implementations of various decentralized standards. These standards are at different stages in their development lifecycles, harmonizing gradually. As a result, there are lots of data
Photo by 🇨🇭 Claudio Schwarz | @purzlbaum on Unsplash

The decentralized identity ecosystem is on its inevitable path toward widespread adoption and meaningful use. There are a growing number of interpretations and implementations of various decentralized standards. These standards are at different stages in their development lifecycles, harmonizing gradually. As a result, there are lots of data, from lots of sources, that, without a little planning, won’t play nicely with other data. It is exciting to see the enthusiasm around the standards we know and love and to watch the proliferation of verifiable and portable data. With implementation boundaries as a hindrance, data interoperability will continue to be difficult. We could lose much utility and portability of the data. Luckily, in the midst of this excitement, a great opportunity presents itself: to forge bridges between data islands and promote the cross-pollination of methodologies for generating and exchanging verifiable data. Enter: the Presentation Exchange specification.

The Claims & Credentials working group has been hard at work on the Presentation Exchange specification for months. The effort, starting in January 2020, began to provide a solution to the question, “How should we request and exchange credentials across implementations and systems?” Though a few solutions have been proposed before, none have been as inclusive in the data model and transport agnosticism, or able to attract broad adoption, as Presentation Exchange. The working group is working towards the first release — at the time of writing, we have made over 100 commits and closed 37 GitHub issues.

The specification prides itself on its adaptability, aiming to be “both credential format and transport envelope agnostic, meaning an implementer can use JWTs, VCs, JWT-VCs, or any other credential format, and convey them via OIDC, DIDComm, CHAPI, or any other transport envelope.” At the same time, Presentation Exchange has garnered the interest and support of many key-players throughout the ecosystem, a step crucial to fulfilling the ambitions of the specification.

You may be wondering, what’s up with the title? Isn’t interoperability much broader than sharing credentials? Yes! Absolutely. Sharing credentials is only part of interoperability. Universal wallets, secure data storage, transports, identifiers, DIDComm, and so many more pieces are paramount to thriving in an interoperable, decentralized ecosystem. At the heart of many of these interactions, we find ourselves exchanging verifiable data. By driving a standardized method for requesting and returning verifiable data, which adapts to many data models and functional use cases, we cross an important threshold in making interoperability possible. Without working software to back up the specification, it is merely an interesting idea. We need to go further — to make it an interesting reality.

Recognizing how important the Presentation Exchange spec and reference implementations could be for accelerating real interoperability and healthy competition, we, on the Workday Credentials team, are involved in the specification’s development and are investing significantly in one of its first demonstrable implementations. Workday has been a very active member of DIF since 2019. Our interests lie across the DIF stack, with a focus on standards compliance, affording us opportunities to interoperate with community members and standards adopters alike. Towards that end, we have open-sourced much of our code and specifications relating to decentralized identity. For Presentation Exchange, we have recently pushed a Golang representation of the object model that can be useful in building and validating presentation definitions, submissions, and verifiable presentations (as defined by the W3C standards). We are building out more Presentation Exchange logic that we plan to open source in the coming months. We intend to adopt Presentation Exchange at Workday as we gain confidence in the specification and its other implementations. We are considering different ways Presentation Exchange can be useful in interoperating with verifiable data that does not originate on our platform.

We are looking forward to seeing others contribute reference implementations in other languages and we encourage you to consider contributing to Presentation Exchange and DIF! For more information, please reach out to DIF, or jump in on the public GitHub. To join DIF and contribute directly to the Presentation Exchange specification or implementations, visit here. And for an overview of the design process and goals of the project in video form, see this recording from DIF Virtual Face to Face Meeting in June 2020 (P.E. segment starts at 3.00):

Presentation Exchange: A Leap Toward Interoperability for the Decentralized Identity Ecosystem was originally published in Decentralized Identity Foundation on Medium, where people are continuing the conversation by highlighting and responding to this story.

Tuesday, 01. September 2020

Me2B Alliance

Re: Ethisphere

Agreed.  That’s why I think it will be interesting to see how their companies do on our certification—i.e. several will fail.   Lisa  

Agreed.  That’s why I think it will be interesting to see how their companies do on our certification—i.e. several will fail.

 

Lisa

 


Re: Ethisphere

I concur with this assessment. Regards, Sheryl  M:703.855.1208
I concur with this assessment.
Regards, Sheryl 
M:703.855.1208

Re: Ethisphere

it struck me as a curious collection of companies - with some I would have thought would have been included - not … so i looked further ... https://www.worldsmostethicalcompanies.com/application-process/ this suggests that unless you actually apply - you wont be considered - much less appear …. not something that i think is a good benchmark for Me2B /J
it struck me as a curious collection of companies - with some I would have thought would have been included - not … so i looked further ...
https://www.worldsmostethicalcompanies.com/application-process/
this suggests that unless you actually apply - you wont be considered - much less appear ….
not something that i think is a good benchmark for Me2B
/J




Credentials Community Group

September 2020 Schedule

Welcome to the September Schedule for the Credentials Community Group. We have a great line-up of speakers this month. Got something you are interested in presenting on identity, credentials, security or diversity identity/credential adjacent? Get in touch. September 8, 2020: … Continue reading →

Welcome to the September Schedule for the Credentials Community Group. We have a great line-up of speakers this month. Got something you are interested in presenting on identity, credentials, security or diversity identity/credential adjacent? Get in touch.

September 8, 2020: Dakota Gruener will speak on ID2020. September 15, 2020: Anil John will speak on Government Perspectives on DIDs and VCs, lessons learned from funding SSI development. September 22, 2020: Andi Hindle will give us a report out on the 6 week IDENTIVERSE September 29, 2020: Dave Birch will share his latest thoughts on identity, data privacy, and maybe a splash of IoT identity

All meetings are on Tuesday, at 9am PT, Noon ET, 5pm BST, 6pm CET. Anyone can join. We hope you will join us.


r@w blog

#DigitalDesires

Silpa Mukherjee, Ankita Deb & Rahul Kumar Session We propose to design the panel as a workshop with three paper presentations followed by an open discussion with the house exploring the key question of media objects‟ (in the form of film/film music/memes/gifs/trolls) changing relations with law; copyright and piracy having attained newer connotations in the age of media convergence. Whi
Silpa Mukherjee, Ankita Deb & Rahul Kumar Session

We propose to design the panel as a workshop with three paper presentations followed by an open discussion with the house exploring the key question of media objects‟ (in the form of film/film music/memes/gifs/trolls) changing relations with law; copyright and piracy having attained newer connotations in the age of media convergence. While we deal with the materiality of cinema in the new media moment, the session will open out debates on the mutability of media objects in a networked digital terrain ushered in by fast growing and cost-effective internet culture in urban India.

In terms of methodology the panel deploys media archaeology to trace the mutations that film culture has undergone in the digital age. The coexistence of the obsolete media copyright with its meme and its digitally re-mastered copy on torrent informs the research that the three papers involve. A certain engagement with the logic of informed/fan-cinephilic digital labour that unwittingly maintains and updates the algorithmic database of Web 2.0 services will run through the presentations. Along with archival research and interviews with professionals involved with online media companies and “users” who are now the “pirate/prosumer-cinephiles” of media objects, we will carry out extensive digital ethnography to map the chimera of digital territory that user traffic based internet culture in India helped produce.

The digital is a space of intervention: a space for the users to intervene and play with the material online. It is a constant form of participation underscoring a potential for democratic authorship. The definitive notion of authorship voices the overarching body of the state through its legal status. Thus copyright as a legal entity produces a discourse of power through this form of authorship. The contemporary medium or rather the multi-media constellation driven by internet culture in India produces an alternative discourse on authorship, complicating the notion of copyright and piracy at the same time. This charged terrain of (il)legality is also due to the nature of piracy in the digital domain, which does not exist in isolation but have now created bodies or spheres where it has been appropriated as a sub-cultural practice. The figure of the “pirate”/ the “troll”/ the “fan” and the “cinephile” now merges with the technologically enabled body of the user of new media who negotiates with the medium in multiple ways (and morphs it) and thereby touches all kinds of spaces within and outside the webspace. It has changed the physical scope of cinephilia as addressed in the paper “A Laptop and a Pen-drive: Cinephiles of Mukherjee Nagar,” where the culture of networked sharing evolves from and further complicates physical stations. It has permeated into the body of film music in the paper “Licensed, Remixed and Pirated: Item numbers and the web”, which interrogates the layers of user-based morphs that the text of a dance number in Bollywood undergoes in the culture of web based remixing and hacking. It changes the way protected materials like films circulate in the space designated as YouTube, marked by its ability to reproduce copyright materials without violating the law as the third paper titled “Online Streaming in the Era of Digital Cinephilia” points out; the logic of the obsolete license of old Hindi films which gains a new viral life on YouTube with its official upload vying with the multiple hacker-user uploads.

Thus the panel intends to explore the dizzying overlaps that produce this internet induced distinct zone of ambiguity that neither the law nor the state or the author can claim ownership over. The very embodiment of the material in the digital is in transition i.e. in a state of being morphedby the blurring of the identities of the multiple bodies at work at each moment. Through the three papers we intend to chart this transitional aesthetic sometimes contained and sometimes flowing out of the body of the media text onto the physical, technological and extra textual objects as well. The panel seeks to position this new world of media objects that overlap and form an uncontainable entity, seeking newer forms of negotiations with the older existing order. We seek to explore then what happens to the very essence of author(ity)ship when digital enters its domain.

Plan

A Laptop and a Pen-drive: Cinephiles of Mukherjee Nagar

With the changes technology has brought to contemporary life, cinephiles — for whom movies are a way of life, films and how they are experienced have undergone major changes. The classic cinephile, as the term was adopted in the 1960s has undergone a major change in the era of internet piracy. I will look at the way pirated films via torrent downloads are consumed by students in certain pockets in New Delhi especially around Mukherjee Nagar area. These students who come from the upwardly mobile Indian middle class families are engaged inpreparations of competitive exams to land a lucrative government job. Circumstances dictate that these students own a laptop to watch films but not a high speed internet connection. To fuel their cinephilic urge, they are dependent upon soft copy vendors of pirated films. These vendors are like a video library, the repository here being a laptop and a storage drive. These professional film pirates depend upon the p2p file sharing commonly referred as “torrent.” DVD and Blu Rays released by official sources are ripped at a bigger size by certain uploaderswhich are downloaded by another one who rips it to an even smaller size, fit enough to be downloaded by pirates with a slower broadband till it reaches places like Mukherjee Nagar. Using this particular case study, where the world of online film piracy merges with a third world piracy domain, I plan to interrogate the logistics of a new kind of cinephilia and try and frame this particular form of informal circuit of media production and consumption into a coherent perspective.

Relevant websites: https://kat.cr, https://yts.la/, https://torrentfreak.com.

Relevant software: Handbrake, uTorrent / Deluge / Vuze.

Relevant reading: Treske, Andreas. The Inner Life of Video Spheres: Theory for the YouTube Generation. Institute of Network Cultures, Amsterdam, 2013

Licensed, Remixed and Pirated: Item Numbers and the Web

The coming of new digital technologies has rendered the relationship of media objects’ with law extremely malleable and volatile. It urges us to rethink certain categories we have been working with, viz. piracy and copyright. The specific focus of the paper will be on item numbers’ relationship with changing technology and the law. The proprioceptive body being the central node of enquiry here: the law that affects the body that moves on screen and the body that is moved by the screen is made flexible in the digital age with Web 2.0’s unique design that spawns hackability and remixability. Through the registers of music licensing to YouTube, circulation of content offline as MP3 downloads in cheap mass storage devices, user generated morphed content related to item numbers (in the form of memes, GIFs, trolls, posters, tumblr blogs and listicles) spawned by amateur digital culture and remixing videos of film content the paper traces the gray zone between web based music piracy and its copyright rules. It will interrogate the moment when the entertainment industry has recognized the clear shift of its spectatorship from the older media to the more digital platforms and appropriates the contingency brought in by the algorithmic anxiety of Web 2.0 and its unique relationship with law and hence censorship regulations to innovate newer means of mass circulation and bypassing censorship.

Relevant content: https://www.youtube.com/watch?v=i2O2dBonBok.

Relevant user-traffic-oriented platforms: http://www.memegenerator.com, http://www.trolldekho.com, http://www.imgur.com, https://www.tumblr.com/.

Relevant curated online media platforms: ScoopWhoop, Buzzfeed India, blog.erosnow.com.

Online Streaming in the era of Digital Cinephilia

Digital piracy has allowed for certain democratization of film distribution and consumption through a parallel economy of piracy. The lack of control over these channels of distribution produces a blatant threat to the copyright and intellectual property rights that are quintessential to the mainstream culture of commercial film distribution. This paper will focus on the intersection of these two dichotomous cultures through the experience of watching old films via online streaming. The resurfacing of old films hosted by big corporations like Shemaroo, Venus and Ultra who began as film rights and video rights owners at one point host their old video content in a user generated space called youtube. The video content is a very specific form here. It is an obsolete entity, defined by its ambiguity with copyright that is able to make a legal transgression in order to circulate.

The circulation of the feature films in a web space that is primarily known for its clip culture also provides an interesting paradigm for the copyright material. The big corporate copyright floats in a culture of pirated experiences where the legal domain becomes a dizzying site of contradictions. Through this paper I will draw parallels between the history of these companies and their work in the field of film circulation and to the creation of a new form of cinephilia and its complicated relationship to the law. I will use a variety of archival sources, legal documents and discourses on online streaming to contextualize my argument.

Relevant websites: https://www.youtube.com/user/ShemarooEnt, https://www.youtube.com/user/VenusMovies, https://www.youtube.com/user/UltraMovieParlour

Readings

None.

Audio Recording of the Session

IRC 2016: Day 1 #Digital Desires : Researchers at Work (RAW) : Free Download, Borrow, and Streaming : Internet Archive

Session Team

Silpa Mukherjee is a Delhi based research scholar. She is currently enrolled in an MPhil programme in Cinema Studies at the School of Arts and Aesthetics, Jawaharlal Nehru University. She is a recipient of the social media research fellowship awarded by Sarai, CSDS. Her research interests include media archaeology with a focus on the body’s warped interconnections with changing media technology, studies of the medium, its resolution, aesthetics and erotics and a keen engagement with the practices of the Bombay Hindi film industry.

Ankita Deb is an M.Phil candidate at the Dept of Cinema Studies, School of Arts and Aesthetics, Jawaharlal Nehru University, India. Her dissertation is on 1970s and the Romantic Couple in Bombay Cinema. Her other research interests are in melodrama, romance, media archaeology, Iranian cinema, early cinema and Bombay Cinema.

Rahul Kumar is an M.Phil. candidate at the Department of Cinema Studies, School of Arts and Aesthetics, JNU. His dissertation deals with film journalism during the 1970s in Bombay cinema. A post-graduate from CHS JNU, he’s an active media pirate. His other research interests include film piracy, classical Hollywood cinema, cinephilia, film history and film genre.

Note: This session was part of the first Internet Researchers’ Conference 2016 (IRC16) , organised in collaboration with the Centre for Political Studies (CPS), at the Jawaharlal Nehru University, Delhi, on February 26–28, 2016. The event was supported by the CSCS Digital Innovation Fund (CDIF).

#DigitalDesires was originally published in r@w blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Monday, 31. August 2020

Oasis Open

Invitation to comment on Security Playbooks v1.0 - ends Sept. 30th


One World Identity

Airside: Privacy in an Information Sharing World

Airside Chief Commercial Officer Jessica Patel joins State of Identity to discuss the history of their groundbreaking mobile passport app, how different industry verticals are coping with the identity impact of the COVID-19 crisis, and the key considerations that went into building Airside’s new mobile identity platform. Host: Cameron D’Ambrosi:  Principal, OWI Linkedin Twitter Guest: … A

Airside Chief Commercial Officer Jessica Patel joins State of Identity to discuss the history of their groundbreaking mobile passport app, how different industry verticals are coping with the identity impact of the COVID-19 crisis, and the key considerations that went into building Airside’s new mobile identity platform.

Host:
Cameron D’Ambrosi:  Principal, OWI
Linkedin
Twitter

Guest:
Jessica Patel: Chief Commercial Officer, Airside
Linkedin

Links:
State of Identity Listener Survey
Airside

The post Airside: Privacy in an Information Sharing World appeared first on One World Identity.


Adara: Predictive Traveller Intelligence

Adara COO Frank Teruel and VP of Partner Development Nguyen Nguyen join State of Identity to share their respective paths to the digital identity field, how the industry has transformed over the past ten years, discuss the foundation of reliable identity data, and unpack the implications of COVID-19 for IDV and fraud prevention in the … Adara: Predictive Traveller Intelligence Read More » Th

Adara COO Frank Teruel and VP of Partner Development Nguyen Nguyen join State of Identity to share their respective paths to the digital identity field, how the industry has transformed over the past ten years, discuss the foundation of reliable identity data, and unpack the implications of COVID-19 for IDV and fraud prevention in the travel industry.

Host:
Cameron D’Ambrosi:  Principal, OWI
Linkedin
Twitter

Guests:
Frank Teruel: Chief Operating Officer, Adara
Linkedin

Nguyen Nguyen: VP, Partner Development & Technical Services, Adara
Linkedin

Links:
State of Identity Listener Survey
Adara

The post Adara: Predictive Traveller Intelligence appeared first on One World Identity.

Sunday, 30. August 2020

One World Identity

Ockam: Architecture for Trust

Ockam Founder & CEO Matthew Gregory joins State of Identity to share how America’s Cup sailing yachts were the inspiration for founding his startup, the critical intersectionality between cryptographic security and digital identity applications, and his predictions for the future of connected devices. Host: Cameron D’Ambrosi:  Principal, OWI Linkedin Twitter Guest: Matthew Gregory: Founde

Ockam Founder & CEO Matthew Gregory joins State of Identity to share how America’s Cup sailing yachts were the inspiration for founding his startup, the critical intersectionality between cryptographic security and digital identity applications, and his predictions for the future of connected devices.

Host:
Cameron D’Ambrosi:  Principal, OWI
Linkedin
Twitter

Guest:
Matthew Gregory: Founder & CEO, Ockam
Linkedin

Links:
State of Identity Listener Survey
Ockam

The post Ockam: Architecture for Trust appeared first on One World Identity.


Incognia: Location-Based Behavioral Biometrics

Incognia Founder & CEO André Ferraz joins State of Identity to discuss his childhood interest in cybersecurity, how anonymized location data to can be leveraged to increase account security, and the impact he’s seeing from COVID-19 when it comes to digital transactions. Host: Cameron D’Ambrosi:  Principal, OWI Linkedin Twitter Guest: André Ferraz: Founder & CEO, … Incognia: Locati

Incognia Founder & CEO André Ferraz joins State of Identity to discuss his childhood interest in cybersecurity, how anonymized location data to can be leveraged to increase account security, and the impact he’s seeing from COVID-19 when it comes to digital transactions.

Host:
Cameron D’Ambrosi:  Principal, OWI
Linkedin
Twitter

Guest:
André Ferraz: Founder & CEO, Incognia
Linkedin

Links:
State of Identity Listener Survey
Incognia

The post Incognia: Location-Based Behavioral Biometrics appeared first on One World Identity.


Giant Oak: Seeing the People Behind the Data

Giant Oak Founder & CEO Gary Shiffman joins State of Identity to discuss how he’s leveraging machine learning to assist financial institutions and government agencies in identifying illicit actors and patterns of threat behavior including money laundering, human trafficking and terrorism. Host: Cameron D’Ambrosi:  Principal, OWI Linkedin Twitter Guest: Andre Boysen: Chief Identity Officer

Giant Oak Founder & CEO Gary Shiffman joins State of Identity to discuss how he’s leveraging machine learning to assist financial institutions and government agencies in identifying illicit actors and patterns of threat behavior including money laundering, human trafficking and terrorism.

Host:
Cameron D’Ambrosi:  Principal, OWI
Linkedin
Twitter

Guest:
Andre Boysen: Chief Identity Officer, SecureKey
Linkedin
Twitter

Links:
State of Identity Listener Survey
SecureKey

The post Giant Oak: Seeing the People Behind the Data appeared first on One World Identity.


WomenInIdentity

Interview with Andrew Weaver, Digital Identity NZ

Esme Wardhaugh sat down with Andrew to talk about identity, and the digital community. What is it about your job that gets you out of bed in the morning? I… The post Interview with Andrew Weaver, Digital Identity NZ appeared first on Women in Identity.

Esme Wardhaugh sat down with Andrew to talk about identity, and the digital community.

What is it about your job that gets you out of bed in the morning? Andrew Weaver

I wear a number of hats – from Digital Identity Aotearoa/New Zealand, to independent consulting, helping equip organisations with payments technology through to supporting mahi aroha (literally ‘love work’) with charities and social enterprises. I love supporting people to reach their full potential, especially if it involves challenging the status quo.

How did you get to where you are today?

A common thread of applying knowledge of technology and systems (including human systems) to improve and add value. I’m most definitely not a fan of shiny tech for shiny tech’s sake!

What is the most important lesson you have learned along the way?

Knowledge and wisdom is everywhere around us – in nature, in history, in different perspectives and worldviews. My most effective and rewarding role is in exploring and drawing that wisdom out, rather than assuming my own narrow perspective is shared by everyone.

What’s your message to CEOs in the identity space? What do you suggest they start, stop or continue doing – and why?

Identity is Taonga, a Māori word meaning something that is treasured and cherished. When we change our view of identity information and recognise it as something very personal and very precious we will start to treat it with a lot more dignity, care and respect. That means stopping treating identity as a means to a monetised marketing end and stopping the wholesale harvesting and sale of personal information.

In one sentence, why does diversity matter to you?

I have to quote your own motto (which I do all the time, by the way) – Identity systems built for everyone are built by everyone. #ForAllByAll

What book/film/piece of art would you recommend to your fellow members?

Technically Wrong is a great book on inclusive design.

What advice would you give to the teenage ‘you’?

Explore More

Where can we find you on social media / the Web?

On LinkedIn and at digitalidentity.nz.

The post Interview with Andrew Weaver, Digital Identity NZ appeared first on Women in Identity.

Friday, 28. August 2020

WomenInIdentity

WiD Diversity & Inclusion Policy

Guiding Principles At Women in Identity, we strive for a diverse, inclusive, and equitable workplace iwhere all volunteers and members feel valued and respected, regardless of gender, race, ethnicity, national… The post WiD Diversity & Inclusion Policy appeared first on Women in Identity.
Guiding Principles

At Women in Identity, we strive for a diverse, inclusive, and equitable workplace iwhere all volunteers and members feel valued and respected, regardless of gender, race, ethnicity, national origin, age, sexual orientation or identity, education or (dis)ability, .experiences and heritages and will ensure that all voices are valued and heard equally. 

We aim to create a model for diversity and inclusion that the identity industry can adopt.  

To provide informed, authentic leadership for cultural equality, Women in Identity strives to: 

See diversity, inclusion and equality as critical to the well-being of our staff and the identity communities we serve.  Acknowledge and dismantle any inequalities within our policies, systems, programs and services and continually update and report our progress.  Explore potential underlying, unquestioned assumptions that interfere with inclusiveness.  Advocate for and support board-level thinking about how systemic inequalities impact our organisation, and how best to address that in a way that is consistent with our mission. Help to challenge assumptions about what it takes to be a strong leader and champion diversity of leadership at all levels of our organisation   Practise and encourage transparent communication in all interactions. Lead with respect and tolerance. We expect all members to embrace this notion and to express it in organisation interactions and through everyday practices.

Women in Identity commits to promoting diversity and inclusion in our workplaces: 

Pursue cultural competency throughout our organisation by creating substantive learning opportunities and formal, transparent policies. Generate and aggregate quantitative and qualitative research related to equity
to make incremental, measurable progress toward the visibility of our diversity, inclusion, and equity efforts. Once the content is curated it will be added to our website so others can access. Improve our cultural leadership pipeline by creating and supporting programs and policies that foster leadership that reflects the diversity of communities that the identity industry serves.  Pool resources and expand offerings for underrepresented constituents by connecting with other identity organisations committed to diversity and inclusion efforts. Develop and present sessions on diversity, inclusion, and equality to provide information and resources internally, and to members, the community, and the identity industry.  Develop a system for being more intentional and conscious of bias during the hiring, promoting, or evaluating process.  Include a salary range with all public job descriptions.  Advocate for public and private-sector policy that promotes diversity, inclusion, and equity. Challenge systems and policies that create inequity, oppression and disparity. Our 2020 Goals Opening a US entity Restructuring Board of Directors Renewed focus on supporting non-western markets  Ambassador in India Seeking out multiple ambassadors for Africa External Diversity Review Kick off our inaugural research project which focuses on the impact of diversity and exclusion in the identity industry. The outputs of this project will include a code of conduct and implementation framework that will give identity organisations a practical and pragmatic guide to adopting a more diverse and inclusive approach to product development

The post WiD Diversity & Inclusion Policy appeared first on Women in Identity.

Thursday, 27. August 2020

Oasis Open

Invitation to comment on KMIP Specification v2.1 and KMIP Profiles v2.1 - ends Oct. 26th


OpenID

Open Digital Trust Initiative: A Proposal for Financial Institutions to Use an Open Standards Protocol to Verify Identity, Protect Privacy and Build Trust

In the digital space, people need new solutions to know the identity of who they are dealing with and whether or not they can trust them. A number of initiatives are working on the future of digital identity. Some of them are government-led while others are linked to specific private institutions or proprietary technologies. Banks […] The post Open Digital Trust Initiative: A Proposal for Financ

In the digital space, people need new solutions to know the identity of who they are dealing with and whether or not they can trust them. A number of initiatives are working on the future of digital identity. Some of them are government-led while others are linked to specific private institutions or proprietary technologies.

Banks and insurers are in a unique position to offer trust verification services built on their long track record of protecting personal information and providing banking privacy. They also have much at stake in how digital identity develops. The future of the customer relationship could be significantly altered in some scenarios, while in others they can build on traditional strengths, leverage their capabilities and monetize services they provide to the data economy. Recent developments have heightened the implications as COVID-19 accelerated digitalization and placed greater emphasis on Digital Identity as a critical underlying building block of the economy. At the same time, large tech firms are rapidly enhancing their capabilities as hubs of health data (in addition to the other areas they dominate).

The Institute of International Finance is collaborating with the OpenID Foundation, member firms, officials and various other entities to support the Open Digital Trust initiative, an interoperable and open source development with the objectives of introducing foundational trust into the global digital economy. It aims to create a vibrant marketplace for Digital Trust services which help individuals and entities to confirm identity and understand and manage risk. Specific workstreams have been mobilized (each with their respective working groups), with the IIF leading on policy development & OpenID leading on technical standards.

Technical protocols: This group is developing updated standards by 2021. For more information, please visit openid.net or contact Don Thibeau, Executive Director at don@oidf.org Policy initiative: will develop policy recommendations, requirements, and guidance for both public and private stakeholders in support the project’s wider objectives. Publishing target Q4’2020.

The Open Digital Trust Policy Initiative will build on guiding principles with focus groups developing the specific details in the following areas:

Individual centricity / purpose: Balance protecting individual rights (control, privacy) with a perspective among all stakeholder interests (individual, societal, corporate). Look across jurisdiction and regional approaches, such as the EU and ASEAN, to balance individual privacy with broader societal interests. Liability / legal frame: Create a market-based mechanism for addressing liability and legal frameworks of reference. Interoperability: Explore frameworks across geographies and develop “concordance mapping” across platforms to demonstrate interoperability and common values across different sectors, countries, and models such as self-sovereignty. Role of governments / public sector / academia

Participation in each of these working groups and their deliberations are open to all, without any cost or obligation.

The post Open Digital Trust Initiative: A Proposal for Financial Institutions to Use an Open Standards Protocol to Verify Identity, Protect Privacy and Build Trust first appeared on OpenID.

Wednesday, 26. August 2020

Oasis Open

Baseline Protocol Achieves Key Milestone with Release of v0.1 Implementation for Enterprise IT and the Ethereum Public Blockchain

Friday, 21. August 2020

FIDO Alliance

White Paper: FIDO Transaction Confirmation

Besides generic session authentication, there is an increasing need to gather explicit user consent for a specific action, i.e. “Transaction Confirmation”. Transaction Confirmation allows a relying party to not only […] The post White Paper: FIDO Transaction Confirmation appeared first on FIDO Alliance.

Besides generic session authentication, there is an increasing need to gather explicit user consent for a specific action, i.e. “Transaction Confirmation”. Transaction Confirmation allows a relying party to not only determine if a user is involved in a transaction, but also confirm that the transaction is what the user actually intended – for example, whether they intended to pay $1000 to company X for purchasing product Y, or whether they consent to have specific data shared with another party, such as test results with a doctor.

This paper provides an overview on Transaction Confirmation and the drivers for its support including: regulatory requirements (PSD2, eIDAS); addressing friendly and mobile fraud; and to enable online binding agreements. It explains current approaches for Transaction Confirmation, including through FIDO protocols for native applications, and the value of adding support for it directly in web browsers. It concludes with a call for feedback from relying parties on whether they would like to see Transaction Confirmation should be supported directly in web browsers.

The post White Paper: FIDO Transaction Confirmation appeared first on FIDO Alliance.

Thursday, 20. August 2020

ID2020

New Report Highlights Public Concerns About Data Privacy

Members of the ID2020 Alliance are united in the belief that identity is a fundamental and universal human right and that we all deserve better ways to prove who we are — both in the physical world and online. As a community of technologists, advocates, implementers, and funders, we also believe that ethically implemented, privacy-protecting, user-managed, and portable digital ID solutions o

Members of the ID2020 Alliance are united in the belief that identity is a fundamental and universal human right and that we all deserve better ways to prove who we are — both in the physical world and online.

As a community of technologists, advocates, implementers, and funders, we also believe that ethically implemented, privacy-protecting, user-managed, and portable digital ID solutions offer a better alternative to the current “data as a commodity” paradigm.

A new report from KPMG entitled, The New Imperative for Corporate Data Responsibility, suggests that the American public increasingly agrees with this perspective. Based on a survey of 1,000 respondents, the report concludes that consumers expect corporations to “take significant steps to better protect, manage, and ethically use their data.”

“The findings are unmistakable,” says Orson Lucas, Principal, KPMG Cyber Security Services. “Data privacy and protection are clear priorities for consumers. Close attention to customer data handling, management, and protection practices are key, foundational elements of establishing and maintaining digital trust.”

The report outlines valuable findings regarding how the public feels about the security of their data, the issues that concern them, and who they believe bears responsibility for creating a more secure and trustworthy digital ecosystem.

Key Findings: Beliefs

97 percent of respondents say that data privacy is important to them 87 percent believe that data privacy is a human right 86 percent believe that data privacy is a growing concern 68 percent don’t trust companies to ethically sell their private data 54 percent don’t trust companies to use their personal data in an ethical way 53 percent don’t trust companies to collect data in an ethical way 50 percent don’t trust companies to protect their personal data

These insights should not surprise us. After all, a majority of Americans have, at one time or another, been personally affected by a data breach. On the one hand, it is encouraging to see that public opinion is shifting; our experiences have made us all more cognizant of how our identity and personal data are being misused and mismanaged. On the other hand, these experiences are also contributing to a growing mistrust of all forms of digital ID. For those who work in this space, this is a timely reminder that, as we develop and deploy new forms of digital ID, we must do so with an intentional focus and abiding commitment to rebuild and maintain public trust.

Key Findings: Concerns

83 percent of respondents worry most about the theft of their Social Security Number, followed by their credit card number (69 percent), and their passwords (49 percent) Only 16 percent are worried about their medical records being stolen. Medical records are the most commonly cited example of data that consumers trust companies to protect (57 percent)

Given these rapidly changing consumer opinions, and with our vision of good digital ID for all as our guiding star, we at ID2020 regularly revisit the question: how do we get there?

The data suggest what we have long believed: that, in the coming years, market forces (i.e. consumer demands) will drive tectonic shifts in the data economy. But will market forces be enough?

Most telling in the data is that the public is most likely to trust healthcare companies to protect the privacy of their medical records. Laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the California Consumer Protection Act (CCPA) establish robust data protections and stiff penalties for companies that mishandle data. These offer the public a degree of confidence that their health information will be held sacrosanct.

The house is on fire and that the public is finally smelling the smoke when it comes to data security. Market forces can be extremely powerful, but we expect that governments will play an equally important, catalytic role by establishing the regulatory frameworks and consumer protections necessary to rebuild trust and encourage the broad adoption of safe and secure digital ID applications.

Here as well, the KPMG data provides some valuable insights for policymakers.

Key Findings: Who is Responsible

91 percent of respondents say that corporations should take the lead in establishing corporate data responsibility 56 percent say that companies should prioritize giving consumers more control over their data in 2020 84 percent are open to state legislatures giving consumers more control over their data
“Data privacy issues are not going to go away,” says KPMG Cyber Security Services Principle, Steve Stein. “In fact, consumer protections around data privacy, like the ones provided by the CCPA, are very likely to be codified in other states and eventually at the federal level. Simply put, privacy laws are only going to increase in volume and rigor. That’s why visibility, protection, and trust is gaining such momentum in the marketplace and also why leading-edge companies are not looking at data privacy as just another compliance or check-the-box exercise. They see privacy as one of the pathways to growing their business by improving trust with their customers.”

So…How DO We Get There?

Identity systems rely on trust to function; trust between issuers of identity and relying parties and, critically, that of those who use the system to prove their identity to access various goods, services, and privileges.

ID2020 was established in 2016 to promote the adoption and implementation of user-managed, privacy-protecting, and portable digital ID solutions. To achieve this vision, we are working simultaneously along three tracks.

We are helping shape the market through the ID2020 Certification, which applies 41 rigorous, outcome-based Technical Requirements to certify best-in-class digital ID solutions. We are working with policymakers in the United States and internationally to advocate for the ethical implementation of better forms of digital ID. And, as the technologies continue to evolve, we are implementing programs in the field to test and apply what we learn as these systems are replicated and brought to scale.

Fully realizing the potential of digital ID will require businesses, technology providers, policymakers, and civil society to collaborate — and quickly — to build and implement functional, privacy-preserving, user-managed ID systems, and work to overcome the mistrust which could impede their broad adoption. We developed the ID2020 Alliance model to foster this collaboration.

The road to good ID for all is riddled with potholes…and we have one chance to get this right.

About ID2020

ID2020 is a global public-private partnership that harnesses the collective power of nonprofits, corporations, and governments to promote the adoption and implementation of user-managed, privacy-protecting, and portable digital ID solutions.

By developing and applying rigorous technical standards to certify identity solutions, providing advisory services and implementing pilot programs, and advocating for the ethical implementation of digital ID, ID2020 is strengthening social and economic development globally. Alliance partners are committed to a future in which all of the world’s seven billion people can fully exercise their basic human rights, while ensuring data remains private and in the hands of the individual.

New Report Highlights Public Concerns About Data Privacy was originally published in ID2020 on Medium, where people are continuing the conversation by highlighting and responding to this story.

Wednesday, 19. August 2020

Berkman Klein Center

“No simple answer”

“Covid State of Play” examines sick buildings, planning lags, and reopening By Carolyn Schmitt A tent hospital in Central Park. Photo: Wikimedia Commons In the absence of leadership guidelines for mitigating COVID-19, creative solutions — in concert with established public health recommendations — are key. Low-cost air quality sensors, rethinking what schools look like, and identifying
“Covid State of Play” examines sick buildings, planning lags, and reopening

By Carolyn Schmitt

A tent hospital in Central Park. Photo: Wikimedia Commons

In the absence of leadership guidelines for mitigating COVID-19, creative solutions — in concert with established public health recommendations — are key.

Low-cost air quality sensors, rethinking what schools look like, and identifying new modes of collaboration are a few of the creative approaches discussed during a recent discussion hosted by Jonathan Zittrain and Magaret Bourdeaux of the Berkman Klein Center’s Digital Pandemic Response program.

The talk examined the current “Covid State of Play,” and covered COVID-19 testing, school reopenings, and ventilation. Their guest, Joseph Allen, is an Assistant Professor of Exposure Assessment Science at Harvard’s T.H. Chan School of Public Health.

Bourdeaux, also of the Harvard Medical School’s Global Public Policy and Social Change program and the Harvard Kennedy School’s Security and Global Health Project, outlined the current testing situation in the United States, urging for more action and implementation.

“I think this is all about hard work. It is about systematic planning. It is about leadership and not counting [on] that there’s going to be some miracle cure, some miracle intervention that is going to save us. We are going to have to actually do the work that is required to control this outbreak and we just have to grow up and do it,” she said.

Allen added that there ongoing work on a rapid saliva-based at-home test, which needs to be reviewed by the FDA but has the potential to be a quick, accessible, low-cost test. “There is the technology available for at-home rapid tests. To Margaret’s point, we need it now,” he said, noting that the test isn’t the same as the PCR tests currently in use. “It takes a different mentality. It’s not a diagnostic test like we expect at the doctor’s office. It’s a tool to control the pandemic or help control the pandemic, so we need a mindset shift here and think about how we think about testing.”

School reopenings without testing infrastructure and public health implementations are also a pressing concern. Atop the testing challenges, many schools and universities have buildings with poor ventilation, Zittrain pointed out. Bourdeaux and Allen emphasized how being outside is safer than being indoors, but buildings with good ventilation are important for mitigating the spread of COVID-19.

“We are in the sick building era,” Allen said, meaning many buildings meet only minimum air quality standards to save energy. “So we’re paying the consequence right now for our choices that we’ve stopped designing buildings for people.”

Zittrain inquired about the use of carbon dioxide sensors in indoor spaces to monitor the air quality, a tool Allen said is already in use, and that his lab has also built. “Some of these can connect to the building information system, so in real-time it can, to your point, ‘hey, your CO2 hit a certain level. Let’s open up the dampers in here.’ In fact, it’s called demand control ventilation,” Allen explained.

But the availability of low-cost carbon dioxide sensors means employees can also raise red flags about air quality. “It’s democratized this healthy buildings idea and people are sharing that data. They are sharing that. Buildings are getting labeled sick buildings,” he said. “People can finally make the invisible visible with these cheap sensors.”

With “sick buildings” as a backdrop, the conversation shifted to whether schools should reopen. Allen, a proponent for reopening schools, argued there should be prerequisites to opening: “One, you have to control the spread and two, you have to make enhancements to your risk reduction strategies within the school. So it’s the when and the what. When to open and what has to be done, and so that’s where I’ve been bullish to say hey, if you do those things, sure, schools should open.”

Allen cited recent reopening failures in states like Georgia as examples of when these conditions were not met and should not have opened. “I am confident if we meet those metrics you’ll have low community spread and the probability of entering into the school and your new cases lower, that’s obvious as a numbers game. And then if you put these other strategies in place which we know work in hospitals and elsewhere, including and beyond airborne transmission, it’s mask-wearing, it’s de-identification, it’s managing flows of people and queues of people,” he said.

Bourdeaux echoed Allen’s concerns, emphasizing the importance of controlling community transmission, including case counts, and “understanding how robust your public health measures to end community transmission are.”

She compared the current response to the virus to the way people experience a hurricane, where the storm blows over and the perceived danger subsides. Instead, she said, there is more work to do from a public health perspective before having the reopening conversation. Bourdeaux said having a national plan and for having the important conversations to help stop the spread of the virus should be part of this action plan.

“We’re not having a very intelligent conversation about really what we’re dealing with to date, and so that’s not related to schools and whether schools could be made safe,” she said. “They absolutely can be made safe. We’ve seen buildings like hospitals, as Dr. Allen has pointed out. We can make places safe but I think that it’s asking a lot to say okay, let’s reopen schools when we’re not having a smart conversation about where we stand with community transmission in general.”

While children have lower infection and mortality rates, Allen countered that schools play an important function for many students, and other risks — such as access to food and virtual dropout — should be factored in as well. “If we don’t think there are consequences to keeping tens of millions of kids outside of school, they’re at higher risk of abuse and neglect, exploitation. The loss of learning. The loss of socialization. Over 30 million kids rely on schools for meals. These are massive costs and it’s horrifying to recognize that our country hasn’t prioritized this,” he said.

Along similar lines, Zittrain asked whether any official guidelines for reopening might further intensify the inequalities between wealthier communities — who have access to more resources — and marginalized communities, who are disproportionately impacted by COVID-19.

These inequalities will still exist with virtual schooling, Allen said. “This virus is exposing deep fissures within our society, the structural racism that’s in our society that exists within these schools. If we keep kids all at home that’s going to exist for the exact same reason and if you bring back some, well that inequality, inequity is going to exist and be exacerbated as well. There’s no simple answer here other than honestly it’s a systemic issue that needs to be fixed and fixed fast.”

To address these myriad challenges presented by COVID-19, Zittrain asked about best practices for sharing information and working together. Both Allen and Bourdeaux underscored the great opportunities and responses they have seen. Allen described the past few months as a period of great collaboration and camaraderie with “the whole world, every scientist and medical professional is focused on the same problem.” As an illustration of such new collaboration, he cited a report he worked on to advise school superintendents. Bourdeaux similarly emphasized how so many people are trying to take action to help and support during the pandemic, and referred to a recent poll that says most Americans support a mask mandate.

The trio also explored creative ways to host schools, such as makeshift schools outside, similar to how hospitals made tented spaces in parks. Allen pointed to an op-ed he wrote outlining steps to reopen, which includes temporary school spaces.

“Let’s put some tents. Let’s use the ball field. Let’s get creative. Look at what the medical community did…There were tents in Central Park,” he said. “We should turn convention centers into schools. Let’s put tents in every park. We can get real creative here instead of saying well, we have this old crumbling infrastructure, what are we going to do? Let’s just jam a thousand kids back into it and do everything the same way. Instead, I think there are some creative solutions out there.”

“No simple answer” was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.


Oasis Open

Invitation to comment on five UBL Committee Note Drafts - ends Sept. 17th


Invitation to comment on Business Document Naming and Design Rules (BDNDR) v1.1 from the UBL TC - ends September 2nd


Invitation to comment on Universal Business Language v2.3 from the UBL TC - ends September 2nd

Tuesday, 18. August 2020

Decentralized Identity Foundation

Where to begin?

An Overview of Introductory Resources (August 2020) [Note: this article is also available as a downloadable PDF. It was co-written with Kaliya-IdentityWoman.] There is no one single (or even central) place where decentralized identity technologies are being created. It is decentralized in its processes as well as its topography. Learning the “lay of the land” entails bouncing around a netwo

An Overview of Introductory Resources (August 2020)

[Note: this article is also available as a downloadable PDF. It was co-written with Kaliya-IdentityWoman.]

There is no one single (or even central) place where decentralized identity technologies are being created. It is decentralized in its processes as well as its topography. Learning the “lay of the land” entails bouncing around a network more than surveying a city from a high vantage point. But that’s ok! We recommend starting from the least familiar of these links and bouncing around, rather than reading start to finish.

Photo by Benjamin Elliot —Video Introductions to SSI An Introduction to Self-Sovereign Identity 9min
This presentation by the “SSI Ambassador” (Adrian Doerk of the LISSI project, headquartered in Frankfurt, Germany) touches on the psychology and sociology of identity definitions. It highlights why digital identity offers many different ways to present ourselves and walks through the basics of how ID today is dominated by mega-IdPs (identity providers). It gets to the conceptual heart of what SSI is about. It also shows a real live demonstration of a scooter-authorization project spearheaded by T-Mobile Germany. Self-Sovereign Identity (SSI) Foam Figure Explainer v2 9min
John Phillips from 460 Degrees, a consulting firm from Sydney, AU, updated his earlier video in January of 2020. This level-setting and first-introduction was designed to help Phillips’ clients understand what SSI looks like from a business-process perspective, which is the key perspective from which large enterprises are mostly likely to decide how much to invest in researching and considering SSI solutions. For more guidance on B2B sales and education, see his longer February presentation at SSI Meetup about how to explain SSI to C-Level executives. The True Meaning of Identity 38 min
In September 2019, Kaliya Young presented to SIBOS (the conference of the SWIFT settlement network central to global banking) in their Innovation Track. The video introduces the concept of identity and how it has evolved over time, before sharing at a high level how Self-Sovereign Identity works and why it solves widespread business problems. Domains of Identity — 33 min
In July of 2018, Kaliya Young presented to the MyData Conference and tied together her research work developing the Domains of Identity and how the various domains connects to the usage of decentralized identity technology — decentralized identifier and verifiable credentials.

The SSIMeetup series run out of Madrid, Spain by the indefatigable Alex Preukchat has been assembling a video archive of their live webinar series for years. For these, they invite leaders of influential SSI projects from around the world. These events have a loyal following of regular attendees, making for a spirited Q&A session at the end of each video. While most of the videos tend towards deep dives in specific technical, governance, business, or regional topics, some of them can be useful, accessible, and inspiring for novices. Here are a few we recommend in particular as “novice-friendlier deep dives”:

At the Core of SSI is the Decentralized Identifier (DID) 50min by Drummond Reed CIO Brief: Why SSI is Important 65min by Steve Magennis Introduction to Hyperledger Aries 71min by Nathan George Sovereignty in Historical Context 55min by Natalie Smolenski SSI In Healthcare 63min by Manreet Nijjar — Organizational Centers of Gravity in SSI Decentralized Identity Foundation (you are here)

This organization was formed as a Joint Development Foundation project in 2017 and has grown to be a major venue for IPR-protected co-development among large and small industry players. It has historically focused on the development of both working open-source code and pre-standard specifications for decentralized identity, but it is starting to branch out into non-technical forms of cooperation for the purposes of market-building and to promote all open decentralized identity technology, whether created in DIF or elsewhere.

The W3C Credentials Community Group

This public discussion group is affiliated with the Worldwide Web Consortium (W3C), a standards organization for web technologies supported by membership dues and responsible for the management of core protocols like HTML and TLS. The Credential Community Group (CCG) is not an official working group of the W3C, but is still protected under a version of W3C’s IPR regime. Work items can be proposed by W3C non-members, and these often include specifications that go on to be standardized. CCG meets every week and is a hub for coordinating activity. Their meetings are recorded and minuted, often including presentations. They also have coordinate other discussion groups open to non-members, such as the Education Credentials Task Force (“vc-ed”).

The Internet Identity Workshop

This biannual event has been the convening at the heart of the decentralized identity community for 15 years, held at the Computer History Museum in the heart of Silicon Valley. It is uniquely co-created by its participants in a mostly-organic and community-driven way, with no pre-picked speakers, keynotes, or commercial presentations aside from a demo hour. True to its name, workshopping, whiteboarding, and open (but detailed and concrete!) discussion on a massive scale are the core of the event. The books of proceedings organize and refine all of the notes taken live during all the sessions convened at each event.

MyData Global

This influential and egalitarian global organization grew out of a series of conferences first held in 2016. They advocate for a human-centric and rights-driven vision where individuals can get digital services that support them to collect their data, not just safeguarding and well serving but even empowering the data subject. Organizational members and individual members come together to create an ongoing dialogue between “consumers” and ethical businesses to shape new types of markets for digital services. Rooted in the values of the MyData Declaration, they focus primarily on elaborating refined, nuance, and bottoms-up models for data governance; only from a solid governance foundation do they begin to make policy, business, and technology decisions. They recently published the MyData Operators paper, bringing their policy, business, and technological goals more squarely into the realm of decentralized identity.

The Sovrin Foundation

Since the early days of decentralized identity, Sovrin has been one of the major hubs of innovation and entrepreneurship, serving as a kind of all-in-one community, codebase, blockchain, and better business bureau. They have also published many canonical educational and marketing texts that have been foundational to the development of “self-sovereign identity” as a sector of the software industry. The Aries project (housed in the Hyperledger Foundation) and the Trust-over-IP foundation are, in a sense, spin-outs of the Sovrin foundation, and both remain loosely based (sometimes by design, sometimes by momentum) on the Sovrin community’s codebase, ledger, and design principles. The fastest way to familiarize yourself with these is the whitepaper library on the Foundation’s website.

Standards organizations

These centers of gravity are where ideas and business models evolve in broad conversation. Inevitably, structuring ground rules and governance models for these eventually have to be negotiated between technical experts and standards adopted before major investments (of capital, but also of legislation and public good will) can be approved. See Nader Helmy’s great tour of standards organizations relevant to these centers of gravity.

— Government Initiatives: United States Federal Government

Anil John, head of the Silicon Valley Innovation Program run under the auspices of the Department of Homeland Security’s Science and Technology directorate has been funding the development of standards and business models in the nascent field for years. Their website hosts an overview of related projects articles by them, as well as guidance documents such as the Taxonomic Approach to Understanding Emerging Blockchain Identity Management Systems. Anil’s blog hosted by CyberForge includes many thoughtful pieces, such as Anil’s recent thoughts on interoperability or his article on the role of government in free-market technology, Can LESS be more?

The British Columbia Provincial Government

“BCGov” has invested significantly in the SSI IT management model and has pioneered an approach to verifiable public data represented by the Verifiable Organizations Network (“VON”). This network provides public-record credentials about registered business in a publicly accessible repository of Verifiable Credentials, bringing the traditional “orgBook” into the decentralized era. By directing much of their IT budgets towards open-source development and participating heavily in the emerging open-source community around this project, they have provided invaluable leadership, particularly within the Aries community, including such major contributions as the core of the Aca-Py Codebase.

The European Union

ESSIF (European SSI Framework) is an ongoing open-source initiative to seed and accelerate the role of SSI in the EU digital “single market” strategy. It is housed jointly between the directorate-generals responsible for IT planning and policy in Brussels and the independent European Blockchain Services Infrastructure (EBSI), a 30-country collaboration of EU and EU-affiliated countries working together to build a shared infrastructure for government blockchain projects. SSI Meetups are the best way to learn more about ESSIF and its role in the EU’s broader digital initiatives:

An overview by ESSIF Convenors Daniel du Seuil and Carlos Pastor (July 2019) ESSIF Chief Legal Counsel Nacho Alamillo gave an introduction to ESSIF’s approach to eIDAS in February 2020 and a more detailed overview of the official report of the legal review based on that approach in May of 2020 ESSIF-LAB program coordinators Oskar van Deventer and Rieks Joosten (TNO, the Hague) gave an overview of how their program incentivizes interoperability and European contributions to the broader SSI landscape (March 2020) Interested parties are encouraged to check the ec.europa.eu website for current public consultations and calls for comment. Other Notable International Consortia:

The Known Traveler Digital Identity project is led by the World Economic Forum and brings together the governments of Canada and the Netherlands, two Airlines and three airports to create a proof of concept that schedule to start real-world trials in the ill-fated Spring of 2020. Interrupted roadmaps aside, it has produced a significant corpus of documentation, policy recommendations, debate, and interest among governments and technical industries.

— Whitepapers and Publications: The Concept of Self-Sovereign Identity including its Potential by eGovernment Innovationszentrum, Gratz University of Technology Self-sovereign Identity: A position paper on blockchain enabled identity and the road ahead, by the Identity Working Group of the German Blockchain Association Decentralized Identity: Own and control your identity by Microsoft Decentralized-ID.com is a sprawling and truly bottomless collection of resources culled from conference annals, github, and technical publications. It is almost exclusively gathered and curated by anonymous independent researcher “Infominer,” who has been working in the virtual salt mines of decentralized identity, cryptocurrency, and the #indieweb movement for almost a decade.

Rebooting the Web of Trust hosts a “github journal” of whitepapers, most of them not just peer-reviewed but collaboratively written in person at 3-day “working conferences”; these range from highly technical and even cryptographic topics to business and UX-oriented contributions to the knowledge base of the broader decentralized-identity community. Some recent and still-topical highlights include:

Co-organizer Joe Andreiu’s Primer on Functional Identity Eric Welton’s Bearing Witness and Ecosystem bootstrapping via Notary VCs Pamela Dingle, Daniel Hardman, et al’s Alice attempts abuse on attack modeling the SSI credential exchange model Michael Shea, Sam Smith, and Carsten Stöcker, Cooperation beats Aggregation Kaliya Young et al., Reputation Interpretation — Monographs: Comprehensive Guide to Self Sovereign Identity (2019) — Kaliya Young / Heather Vescent Spherity’s SSI 101 Series on Medium (2020) — Juan Caballero Self Sovereign Identity (2021) — Alex Preukschat / Drummond Reed — Podcasts: Definitely Identity by Tim Bouma who leads trust framework and identity projects for the IT authority of the federal government of Canada. On the show, he interviews leaders in the field. State of Identity. The One World Identity conference and network has a podcast that covers the identity technology sector broadly, including cybersecurity, federated and centralized identity vendors, and even identity-related machine learning projects. PSAToday by Kaliya Young and Seth Goldstien. PSA stands for Privacy Surveillance and Anonymity, and covers a wide range of data rights topics.

There is, of course, much more to be recommended for deeper dives into specific technologies, business problem spaces, policy histories, and governance thinking. But we have to draw the line somewhere, and by the time you get to those advanced topics, are you really reading “introductory” texts anymore? Stay tuned for more curation, more knowledge bases, and more network exploration.

Where to begin? was originally published in Decentralized Identity Foundation on Medium, where people are continuing the conversation by highlighting and responding to this story.


Berkman Klein Center

Beware of Apps Bearing Gifts in a Pandemic

Companies are using tricky user interfaces to get more of our data in ways that take advantage of our isolation and need. Continue reading on Berkman Klein Center Collection »

Companies are using tricky user interfaces to get more of our data in ways that take advantage of our isolation and need.

Continue reading on Berkman Klein Center Collection »


ID2020

ID2020 Announces Certification of BLOK Bioscience Immunity Passport

ID2020 is proud to announce the certification of Immunity Passport from BLOK Bioscience, a digital ID-based solution for COVID health status certificates. Immunity Passport is the first COVID-focused solution to be certified by ID2020. Immunity Passport offers individuals a self-sovereign record of their testing, antibody and, ultimately, vaccination status. Initially envisioned as a means t

ID2020 is proud to announce the certification of Immunity Passport from BLOK Bioscience, a digital ID-based solution for COVID health status certificates. Immunity Passport is the first COVID-focused solution to be certified by ID2020.

Immunity Passport offers individuals a self-sovereign record of their testing, antibody and, ultimately, vaccination status. Initially envisioned as a means to help businesses and governments manage the safe and incremental return to public life in the midst of the COVID-19 pandemic, the solution is expected to be applied more broadly in the future to support immunization certificates and the transmission of other medical test results.

“The COVID-19 pandemic has thrust digital credentials into the global spotlight,” said ID2020 Executive Director, Dakota Gruener. “As we consider digital ID-based solutions for public health applications, getting the technology right is not negotiable. We intentionally set a high bar for certification and are delighted to recognize the BLOK Bioscience Immunity Passport solution for meeting our high standards for privacy protection, user-management, portability, and more.”

To be eligible for certification, solutions must adhere to 41 functional, outcomes-based Technical Requirements. In addition to providing a roadmap to help developers create better products, the ID2020 Certification also provides a “third-party seal of approval” so that implementers — and ultimately, end-users — can trust that the technology was developed in accordance with the highest ethical and technical standards.

“Pandemic management is essentially an entirely new solution domain,” said BLOK Solutions Chief Technology Officer, Areiel Wolanow. “The precedents we set now will set the standard for how the future unfolds, so we have a duty to get things right. By starting with the principle that individuals should always be the sole owner of their data, it is our hope at BLOK that this a standard that others will find it exceedingly difficult to deviate from.”

The ID2020 Certification is already impacting the technical landscape for digital ID and technology providers of all sizes are increasingly aligning their technical approaches to comport with ID2020’s requirements. To date, more than 30 technology providers from every corner of the globe have submitted applications and worked with the ID2020 staff and advisory committees to complete the application process.

Today, Immunity Passport joins Kiva Protocol, Gravity.earth, and ZAKA as part of a small, but rapidly growing, cadre of ID2020 certified digital ID solutions.

About ID2020

ID2020 is a global public-private partnership that harnesses the collective power of nonprofits, corporations, and governments to promote the adoption and ethical implementation of user-managed, privacy-protecting, and portable digital identity solutions.

By developing and applying rigorous technical standards to certify identity solutions, providing advisory services and implementing pilot programs, and advocating for the ethical implantation of digital ID, ID2020 is strengthening social and economic development globally. Alliance partners are committed to a future in which all of the world’s seven billion people can fully exercise their basic human rights and reap the benefits of economic empowerment and to protecting user privacy and ensuring that data is not commoditized.

www.ID2020.org

About BLOK BioScience, Ltd.

BLOK BioScience is part of the BLOK Group. With a network of global experts and a robust and far-reaching supply chain, we provide trusted and authentic solutions to help respond to the rapidly changing population wellness landscape.

Our unique combination of medical and strategic expertise and technical knowledge results in secure and compliant solutions for tracking and verifying immunity, and we use rapid antibody testing and recording to enable governments and industry to manage viral outbreaks and mitigate the economic and social effects of pandemics

www.blokbioscience.com

ID2020 Announces Certification of BLOK Bioscience Immunity Passport was originally published in ID2020 on Medium, where people are continuing the conversation by highlighting and responding to this story.

Monday, 17. August 2020

FIDO Alliance

New White Paper Series Provides How-tos and Best Practices for Going Passwordless in the Enterprise

Support for FIDO in browsers and operating systems is widespread and growing fast. Enterprises now have better tools to replace easily compromised passwords with simpler, stronger FIDO Authentication and eliminate […] The post New White Paper Series Provides How-tos and Best Practices for Going Passwordless in the Enterprise appeared first on FIDO Alliance.

Support for FIDO in browsers and operating systems is widespread and growing fast. Enterprises now have better tools to replace easily compromised passwords with simpler, stronger FIDO Authentication and eliminate phishing, man-in-the-middle and other security attacks. But, if you want to deploy FIDO in your enterprise, what are the first steps? Do you need to explain “why FIDO?” to your CISO? What do the timelines look like? Should you build your own server or work with a vendor? What FIDO authenticators should you accept? How do you manage  them? 

The FIDO Alliance Enterprise Deployment Working Group (EDWG) will answer these questions, and more, in its new white paper series. The series aims to educate corporate management and IT security on the improvements available for authentication today and how to leverage them within their own organizations. This work is dedicated to eliminating passwords and securing the simple act of logging into company systems and applications. 

First up in the series is the primer “CXO Explanation: Why Use FIDO for Passwordless Employee Logins?” This document is the guide for you and/or the executive leaders in your organization as to why you should invest in FIDO2 deployment for your employees.

It addresses all of the common questions from CXOs on the value proposition of FIDO Authentication and how the FIDO2 passwordless framework addresses the authentication needs and challenges of companies for the modern workforce. Read it now at https://fidoalliance.org/white-paper-cxo-explanation-why-use-fido-for-passwordless-employee-logins/ and pass it along to colleagues.

Subsequent entries in this educational series will focus on server deployment, authenticator choices, authenticator life-cycle management, and credential acceptance in the enterprise. This series is part of the Alliance’s strategy to provide expert deployment guidance to our community in order to support the rapidly growing number of FIDO implementations across a variety of use cases. Please watch this space as we publish more in this Enterprise Series over the coming months. 

The post New White Paper Series Provides How-tos and Best Practices for Going Passwordless in the Enterprise appeared first on FIDO Alliance.

Friday, 14. August 2020

FIDO Alliance

First Citrus Bank Eliminates the Password for Employees

Florida-based First Citrus Bank provides premier independent community banking services to individuals, professionals, executives and entrepreneurs. With 70 employees in five locations, First Citrus is ranked in the top five […] The post First Citrus Bank Eliminates the Password for Employees appeared first on FIDO Alliance.

Florida-based First Citrus Bank provides premier independent community banking services to individuals, professionals, executives and entrepreneurs. With 70 employees in five locations, First Citrus is ranked in the top five Tampa Bay community banks by asset size.

Struggling with costs, complexities and security issues with passwords, First Citrus sought to increase security and usability for its employees logging into its various systems on shared Windows workstations. After testing several alternative authentication methods, First Citrus turned to FIDO Authentication as the best option to provide strong cryptographic authentication with a much easier passwordless user experience.

Eliminating the password

First Citrus sought to move away from passwords as the primary form of authentication for its employees logging on to its systems on shared Windows workstations. Between costly resets and a negative impact on employee productivity, First Citrus’s main objective was to eliminate the need for its employees to have to enter a password while providing secure user authentication.

The bank evaluated several desktop authentication options including smart cards and time-based one-time passwords (TOTPs), but found that these options added friction for their employees’ logins, creating a poor user experience while not providing enough additional security. All of the options they reviewed also still required password entry.

Taking a standards-based approach to passwordless authentication

First Citrus then looked to FIDO Authentication, a standards-based approach to strong authentication. The interoperability that comes with taking a standards-based approach fit well into First Citrus’s broader security strategy.

FIDO standards use on-device public key cryptography techniques to provide stronger authentication over passwords and other forms of strong authentication; user credentials are never shared and never leave the user’s device. The protocols are also designed from the ground up to protect user privacy. The protocols do not provide information that can be used by different online services to collaborate and track a user across the services, and biometric information never leaves the user’s device. This is all balanced with a simple user experience that meets passwordless use cases with native biometrics on the user’s device.

It was important to First Citrus to choose an end-to-end FIDO Certified solution in order to roll out FIDO Authentication to all of its access points with assured security and interoperability. The bank chose to work with HYPR, which offers FIDO Certified platforms for FIDO UAF (mobile-based passwordless authentication) and FIDO2 (mobile and desktop passwordless and second-factor authentication) standards. The mixture of these FIDO specifications allows First Citrus to cover mobile and desktop requirements for user authentication.

Simpler, mobile-initiated authentication for all employees

First Citrus deployed HYPR’s FIDO platform to provide truly passwordless authentication for all of its employees logging into Windows 7 and 10 workstations. Deployment was straightforward: within an hour, the bank was able to have computers leveraging FIDO Authentication. After a several-month evaluation period, First Citrus rolled out the FIDO solution to all of its employees in February 2019.

For First Citrus employees, logging in is now mobile-initiated. They simply use the native biometrics on their mobile device (iOS or Android) to log in to any First Citrus desktop workstation, with far higher FIDO security and privacy over the old password model. Employee feedback has been positive; the chief financial officer has joked, “I’ve completely forgotten my password!” HYPR’s FIDO Certified platform has now become a core component of First Citrus’s internal authentication strategy, with the possibility of extending FIDO authentication options to its online banking customers in the future.

View the First Citrus Bank Case Study PDF document here.

OVERVIEW

First Citrus is ranked in the top five Tampa Bay community banks by asset size, with 70 employees in five locations.

Objective
First Citrus sought to eliminate the need for employees to have to enter a password while providing secure user authentication.

Solution
First Citrus implemented HYPR’s FIDO Certified authentication platform, which provides simpler and secure mobile-initiated biometric logins for all employees to Windows workstations.

What’s Next
FIDO and HYPR have now become core components of First Citrus’s authentication strategy, with the possibility of extending FIDO authentication options to its online banking customers in the future.

“I’ve completely
forgotten my
password!“

The post First Citrus Bank Eliminates the Password for Employees appeared first on FIDO Alliance.

Thursday, 13. August 2020

Berkman Klein Center

The Breakdown: Daphne Keller explains the Communications Decency Act

Daphne Keller discusses CDA 230, the executive order, and content moderation Daphne Keller (left) joined Oumou Ly (right) for the latest episode of The Breakdown. In this episode of The Breakdown, Oumou Ly is joined by Daphne Keller of the Stanford Cyber Policy Center to discuss the Section 230 of the Communications Decency Act, content moderation and Big Tech platforms, and recent events that pro
Daphne Keller discusses CDA 230, the executive order, and content moderation Daphne Keller (left) joined Oumou Ly (right) for the latest episode of The Breakdown.

In this episode of The Breakdown, Oumou Ly is joined by Daphne Keller of the Stanford Cyber Policy Center to discuss the Section 230 of the Communications Decency Act, content moderation and Big Tech platforms, and recent events that propelled them into the spotlight in recent months.

Section 230 of the Communications Decency Act, or “The Twenty-Six Words That Created The Internet,” provides platforms legal immunity for third party speech — including by their users. It came under fire recently when President Donald Trump signed an executive order to limit protections for social media companies.

Read the transcript, which has been lightly edited for clarity.

Oumou Ly (OL): Welcome to the Breakdown. My name is Oumou; I’m a staff fellow on the Berkman Klein Center’s Assembly: Disinformation program. Our topic of discussion today is CDA 230, Section 230 of the Communications Decency Act, otherwise known as “The Twenty-Six Words That Created The Internet.” Today I’m joined by Daphne Keller from the Stanford Cyber Policy Center.

Thank you for being with us today Daphne, I appreciate it, especially this conversation will help to unpack what has turned out to be such a huge and maybe consequential issue for the November election and certainly for technology platforms and all of us who care and think about this information really critically.

One of the first questions I have for you is a basic one, can you tell us a little bit about CDA 230 and why it’s referred to as The Twenty Six Words That Started The Internet?

Daphne Keller (DK): Sure. So first, I strongly recommend Jeff Kosseff’s book, which coined that Twenty Six words phrase, it is a great history of CDA 230, and it’s very narrative.

So Intermediary Liability Law is the law that tells platforms what legal responsibilities they have for the speech and content posted by their users. And US law falls into three buckets. There’s a big bucket, which is about copyright, and there the law in point is the Digital Millennium Copyright Act, the DMCA, and it has this very choreographed notice and takedown process.

The other big bucket that doesn’t get a lot of attention is federal criminal law. There’s no special immunity for platforms for federal criminal law crimes. So if what you’re talking about is things like child sexual abuse material, material of support of terrorism, those things, the regular law applies. There is no immunity under CDA 230 or anything else.

And then the last big bucket, the one we’re here to talk about today is CDA 230, which was enacted in 1996 as part of a big package of legislation. Some of which was subsequently struck down by the Supreme Court, leaving CDA 230 standing as the law of the land. And it’s actually a really simple law, even though it’s so widely misunderstood that there’s now a Twitter account, a Bad Section 230 Takes, just to retweet all the misrepresentations of it that come along.

“Broadly speaking, the Internet could not exist the way we know it without something like CDA 230”

But what it says is, first, platforms are not liable for their users’ speech. Again, for the category of claims that are covered, so this isn’t about terrorism, child, sex abuse material, et cetera. But for things like state law defamation claims, platforms are not liable for their users’ speech. And the second thing it says is also platforms are not liable for acting in good faith to moderate content. So to enforce their own policies against content they consider objectionable.

And this, that second prong was very much part of what comes Congress was trying to accomplish with this law. They wanted to make sure that platforms could adopt what we now think of as terms of service or community guidelines and could enforce rules against hateful speech or bullying or pornography, or just the broad range of bad human behavior that most people don’t want to see on platforms. And the key thing that Congress realized, because they had experience with a couple of cases that had just passed that happened at the time, was that if you want platforms to moderate, you need to give them both of those immunities. You can’t just say you’re free to moderate, go do it. You have to also say, and if you undertake to moderate, but you miss something and there’s defamation… still on the platform or whatever, the fact that you tried to moderate won’t be held against you.

And this was really important to Congress because there had just been a case where a platform that tried to moderate was tagged as acting like an editor or a publisher and therefore facing potential liability. That’s the core of CDA 230. And I can talk more if it’s helpful about the things people get confused about, like the widespread belief that platforms are somehow supposed to be neutral, which is —

OL: Well, would you please say something about that.

DK: Yeah. Congress had this intention to get platforms to moderate. They did not want them to be neutral; they wanted the opposite. But I think a lot of people find it intuitive to say, well, it must be that platforms have to be neutral. And I think that intuition comes from a pre-Internet media environment where everything was either a common carrier, like a telephone, just interconnecting everything and letting everything flow freely. Or it was like NBC News or The New York Times — it was heavily edited, and the editor clearly was responsible for everything that the reporters put in there. And those two models don’t work for the Internet. If we still have just those two models today, we would still have only a very tiny number of elites with access to the microphone.

And everybody else would still not have the ability to broadcast our voices on things like Twitter or YouTube or whatever that we have today. And I think that’s not what anybody wants. What people generally want is they do want to be able to speak on the Internet without platform lawyers checking everything they say before it goes live. We want that. And we also — generally — also want platforms to moderate. We want them to take down offensive or obnoxious or hateful or dangerous but legal speech. And so 230 is the law that allows both of those things to happen at once.

OL: Okay. Daphne, can you talk a little bit about the two different types of immunity that are outlined under CDA 230 we call them shorthand (c )(1) and (c ) (2)?

DK: Sure. So in the super shorthand, (c )(1) is immunity for leaving content up, and (c ) (2) is immunity for taking content down.

OL: Yeah.

DK: So most of the litigation that we’ve seen historically under the CDA is about (c )(1). It’s often really disturbing cases where something terrible happened to someone on the Internet, and a speech defaming them was left out, or speech threatening them was left up, or they continue to face things that were illegal. So those are cases about (c )(1). If the platform leaves that stuff up, are they liable? The second prong (c )(2) just hasn’t had nearly as much attention over the years until now. But that’s the one that says platforms can choose their own content moderation policy that they’re not liable for choosing to take down content they deem objectionable as long as they are acting in good faith.

And that’s the problem that does have this good faith requirement. And part of what the executive order attempts is to require companies to meet the good faith requirement in order to qualify for immunities. If someone can show that you are not acting in good faith, then you lose this much more economically consequential immunity under (c )(1) for contents that’s on your platform that’s illegal.

And the biggest concern I think for many people there is if this economically essential immunity is dependent on some government agency determining whether you acted in good faith. That introduces just a ton of room for politics because my idea of what’s good faith won’t be your idea of what’s good faith, won’t be Attorney General Barr’s idea of what’s good faith. And so having something where political appointees, in particular, get to decide what constitutes good faith and then all of your immunities hanging in the balance is really frightening for companies.

And, interestingly, today we see Republicans calling for a fairness doctrine for the Internet calling for a requirement of good faith or fairness in content moderation. But for a generation, it was literally part of the GOP platform every year to oppose the fairness doctrine that was enforced for broadcast by the FCC. President Reagan said it was unconstitutional. This was just like a core conservative critique of big government suppressing speech for decades, and now it has become their critique, and they’re asking for state regulation of platforms.

OL: That is so interesting to me, both that and the fact that CDA 230 in so many ways is what allows Donald Trump’s Twitter account to stay up. It’s really, really interesting that the GOP has decided to rail against it.

DK: It’s fascinating.

OL: So just recently, the president signed an executive order concerning CDA 230 pretty directly. Can you talk a little bit about what the executive order does?

DK: Sure. So I think I wanted to just start at a super high level with the executive order in the day or so after it came out, I had multiple people from around the world reach out to me and be like, this is like what happened in Venezuela when Chavez started shutting down the radio station.

It has this resonance of like, there is a political leader trying to punish speech platforms for their editorial policies. And that — before you even get into the weeds — that high-level impact of it is really important to pay attention to. And that is the reason why [the] CDT (the Center for Democracy and Technology) in DC has filed a First Amendment case saying this whole thing just can’t stand, we’ll see what happens with that case.

But, and there again like that’s not a bad idea, but then it leads to things in the executive order that I think don’t work. So then there are also in the executive order for other things that might be big deals. So one is that [the] DOJ has instructed to draft legislation to change 230. So eventually, that will come along, and presumably, it will track the very long list of ideas that are in the DOJ report that came out this week. [Editor’s note: this interview was recorded on June 18, 2020] A second is it instructs federal agencies to interpret 230 in the way that the executive order does.

This way that I think is not supported by the statute that takes the good faith requirement and applies it in places it’s not written in the statute. Nobody’s quite sure what that means because there just aren’t that many situations where federal agencies care about 230, but we’ll see what comes out of that. A third is that Attorney General Barr of the DOJ is supposed to convene state attorneys general to look at a long list of complaints. And this is like, if you look at it, if you’re an Internet policy nerd, it’s just all the hot button issues… are fact-checkers biased? Can algorithmic moderation be biased? And, well, it can. How can you regulate that? You will recognize these things if you look at the list.

And then the fourth one, and this is one that I think deserves a lot of attention is that DOJ is supposed to review whether platforms, particular platforms are quote problematic vehicles for government speech due to viewpoint discrimination, unquote. And then, based on that, look into whether they can carry federally funded ads. This is I think for most platforms the ads dollars part is not that big a deal, but being on a federal government block list of platforms with disapproved editorial policies, just like has this McCarthyist feeling.

OL: Can you talk a little bit about the role of CDA in relation to the business models that the platforms run?

DK: Sure. So broadly speaking, the Internet could not exist the way we know it without something like CDA 230. And that’s not just about the Facebooks of the world, that’s about everything all up and down the technical stack DNS providers, CloudFlare, Amazon Web Services is another backend web hosting. And also tons of little companies, the knitting blog that permits comments or the farm equipment seller that has user feedback. All of those are possible because of CDA 230. And if you pull CDA 230 out of the picture, it’s just very hard to imagine the counterfactual of how American Internet technology and companies would have evolved.

They would have evolved somehow and, presumably, the counterfactual is we would have something like what the EU has, which boils down to a notice and takedown model for every kind of legal claim. But they’d barely have an Internet economy for these kinds of companies. There’s a reason that things developed the way that they did.

OL: Yeah. Do you think that there’s any, maybe not what you think, but I’m sure that we can all agree this is likely to be the case, if the liability shared with that 230 offers platforms is removed, how would that change the way that platforms approach content moderation?

DK: Well, I think a lot of little companies would just get out of the business entirely. And so there’s an advocacy group in DC called Engine, which represents startups and small companies, and they put together a really interesting two-pager on the actual cost of defending even frivolous claims in a world with CDA 230 and in a world without CDA 230. And it’s basically, you’re looking at 10 to 30 thousand dollars in the best-case scenario for a case that goes away very, very quickly even now. And that’s not a cost that small companies want to incur. And the investors there are all these surveys of investors saying, I don’t want to invest in new platforms to challenge today’s incumbents if they’re in a state of legal uncertainty where they could be liable for something at any time. So I think you just eliminate a big swath of the parts of both the existing parts of the Internet that policymakers don’t pay any attention to.

You make them very, very vulnerable, and some of them go away, and that’s troubling, and you create a lot of problems for any newcomers who would actually challenge today’s incumbents and try to rival them in serious user-generated content hosting services.

For the big platforms, for Facebook, for YouTube they’ll survive somehow, they’d change their business model, they probably … the easiest thing to do is, you use their terms of service to prohibit a whole lot more and then just like take down a huge swath, so you’re not facing much legal risk.

OL: Yeah. It’s hard to imagine living in that kind of a world.

DK: It is, it is.

OL: Yeah. Thank you so much for joining me today, Daphne. This was a great and enlightening conversation, and I’m sure our viewers will enjoy it.

DK: Thank you for having me.

OL: Thanks.

The Breakdown: Daphne Keller explains the Communications Decency Act was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.

Friday, 07. August 2020

Berkman Klein Center

Tech Execs Wield Privacy as a Shield and a Sword in Congressional Hearing

Thoughts on the #BigTech antitrust hearing & the path ahead for privacy Continue reading on Berkman Klein Center Collection »

Thoughts on the #BigTech antitrust hearing & the path ahead for privacy

Continue reading on Berkman Klein Center Collection »

Thursday, 06. August 2020

OpenID

OpenID Certification Program – Last Call for Testing OpenID Connect Implementations on Python Platform

The OpenID Foundation has made a considerable investment in 2020 in transitioning the certification program’s conformance test suite to a single, Java-based system. The Financial-grade API (FAPI) tests have been Java-based since early 2019 and now we are preparing to finish transitioning the OpenID Connect tests to the Java-based conformance test suite on Monday, August […] The post OpenID Certi

The OpenID Foundation has made a considerable investment in 2020 in transitioning the certification program’s conformance test suite to a single, Java-based system. The Financial-grade API (FAPI) tests have been Java-based since early 2019 and now we are preparing to finish transitioning the OpenID Connect tests to the Java-based conformance test suite on Monday, August 31, 2020, at which point we plan to decommission the existing Python-based conformance suite. See https://openid.net/certification/migration/ for details on the migration.

If you are currently testing your OpenID Connect implementations, please note this transition date and migrate your testing from the Python-based suite to the Java-based suite prior to that. If you are considering testing your OpenID Connect implementations, please include the transition date in your planning.

The transition to a single code base for the conformance test suite will enable the Foundation to more efficiently manage the program and add new profiles for testing. Thank you to those community members who have assisted in “testing the tests” and helping us reach this important milestone in the Certification Program’s history.

Please send any inquiries or issues encountered to certification@oidf.org and/or submit issues about the Java-based conformance suite at https://gitlab.com/openid/conformance-suite/-/issues.

 

Don Thibeau
OpenID Foundation Executive Director

The post OpenID Certification Program – Last Call for Testing OpenID Connect Implementations on Python Platform first appeared on OpenID.

Wednesday, 05. August 2020

WomenInIdentity

Interview with Dia Banerji, UK Ambassador at WiD

We interviewed Dia Banerji, one of our UK Ambassadors, to find out more about her passion for innovation and technology. What gets you out of bed in the morning? I… The post Interview with Dia Banerji, UK Ambassador at WiD appeared first on Women in Identity.

We interviewed Dia Banerji, one of our UK Ambassadors, to find out more about her passion for innovation and technology.

What gets you out of bed in the morning? Dia Banerji

I am passionate about the power of innovative technology & its potential in creating a better world. As an individual, I enjoy solving problems with technology solutions. I consider myself to be fortunate to be able to pursue my passion in the work I do.

I am the founder of ID4V. It is an early stage start-up focused on building a platform to enable Self Sovereign Digital Identity for Cross-Border Travel Visa Applications using Blockchain Technology. ID4V aims to address the inefficiency in our travel visa application system which affects millions of people around the world. Very few experiences in life can be compared to the joy of creation. I am thrilled to be on this journey.

I also work as a Consultant to the Blockpass identity Lab at Edinburgh Napier University where I advise on commercialization of emerging technology. I help identify industry applications for Blockchain & Privacy Preserving Machine Learning research. Every day I spend at the lab I learn something new. I am surrounded by brilliance and get to work with innovative cutting-edge research. It is truly inspiring.

This is a very exciting time to be in Identity. We are creating a gateway to access the digital economy. What we build today & how we build it, will shape our future. My work in Identity allows me to be part of this incredible evolution.

Roosevelt once said “Far and away the best prize that life has to offer is the chance to work hard at work worth doing.” To me, working in Identity as an Entrepreneur and a Professional is work worth doing and I love it!

How did you get to where you are today?

The short answer would be ‘CURIOSITY’!

Prior to embarking a career in the technology sector, I spent over fifteen years in the financial services industry and worked for some of the top global banks in the world. Around 2016, within my fraternity there was a lot of noise about Bitcoin. Most of my peers and friends who were in Financial Services were naysayers and opposed Bitcoin with the utmost passion. Wall street greats like Warren Buffet famously called Bitcoin ‘Rat Poison Squared’! This got me curious. I wanted to learn more about Bitcoin to be able to figure out where I stood on the debate. This pursuit led me to studying Blockchain and Distributed Ledger Technologies. I was amazed with the potential of this technology in solving real world problems. I wanted to be part of it. So, I pivoted my career to outlining use cases for Blockchain especially within Financial Services sector. And in that journey, I came to narrow my focus on Digital Identity and got to where I am today.

What is the most important lesson you have learned along the way?

The most important lesson that I learned was not to be intimidated by the things I did not know and appreciate the value of stepping outside my comfort zone. I was a financial service professional before I entered the world of Technology and Digital Identity. I have an MBA and not a computer science degree. There will always be somethings that we do not know and that is absolutely fine! Especially when one is working within the Identity Industry which is constantly changing and new standards are being incubated as we speak. Knowledge has a way of demystifying complex concepts. And once you understand something in depth you are no longer intimidated by it. The key thing is to never stop learning. And one of the most enjoyable aspects of my work is that I get to learn something new all the time. This to me this is both inspiring and empowering.

What should leaders in identity start, stop and continue – and why?

The concept of identity has been broadly accepted as a fundamental human right. A legal identity enables individuals to participate in society and have access to rights and services. It is a prerequisite to financial & social inclusion.

Identity management is a global problem. The current system does not scale and is in much need for disruption. For, those of us in the developed world we are plagued with inefficiencies of legacy systems, data privacy breaches & leaks leading to trust issues with central authorities. For the citizens of the developing nations many are denied access to financial & social services for lack of verifiable identity. According to World Bank, it is estimated that approximately one billion people across the world do not have access to an officially recognizable identity!

As the world transitions to a digital economy we need to have a more secure, scalable, interoperable and citizen focused digital identity management solutions to ensure inclusion.

So, my advice to the CEO’s in the identity space would be the following:

START: Collaborating with one another and build solutions and platforms which are interoperable. Have diverse teams within the organisation so that the solutions reflect the wider needs of society. Both are imperative for mass adoption!

STOP: Building centralized identity management solutions! Be citizen focused and build applications on the principles of self-sovereign digital identity. Allow individuals to own, control and manage the distribution of their personal identity. This is essential to be able to build scalable and secure systems with no central point of failure and reduce risk of data theft.

CONTINUE: Identifying new uses cases for Identity management solutions and apply innovative technologies to enhance efficiency and security of applications. Digital Identity is a relatively new industry and is constantly changing. We need to continue to fund new research and explore new use cases. This is crucial, for the creation of robust digital identity management platforms for the future.

In one sentence, why does diversity matter to you?

I have always looked to nature to find order and to me diversity is the purest form of natural existence and the only way to live and thrive in this world.

What book/film/piece of art would you recommend to your fellow members? Why?

I would recommend the film, The Matrix. It is a beautiful film and the script is almost Shakespearean. If one sees beyond the action-packed computer graphics there is a deep spiritual message and a tale about the constant strife between ignorance and enlightenment faced by mankind. Like most great works of art, it leaves you questioning. Definitely worth a watch!

What advice would you give to the teenage ‘you’?

I would advise my teenage self to be ‘fearless’ and ‘take chances’. In order to walk the path that no one has ever walked before requires one to be brave and follow one’s gut. Greatness is seldom achieved by being careful. So, go ‘ALL IN’ and follow your passion and don’t seek external validation. Believe in yourself!

Where can we find you on social media / the Web?

You can find me on LinkedIn.

The post Interview with Dia Banerji, UK Ambassador at WiD appeared first on Women in Identity.


Interview with Janelle Riki-Waaka

Esme Wardhaugh interviewed Janelle Riki-Waaka, for an interesting discussion on the digital identity sphere. What do you do and what is it about your job that gets you out of… The post Interview with Janelle Riki-Waaka appeared first on Women in Identity.

Esme Wardhaugh interviewed Janelle Riki-Waaka, for an interesting discussion on the digital identity sphere.

What do you do and what is it about your job that gets you out of bed in the morning? Janelle Riki-Waaka

As Queen Whitney says, I believe the children are our future, teach them well and let them lead the way! Cheesy I know but no truer words were spoken. I am so privileged to work with educators and support them in their professional learning needs.

Education systems world wide originated from the need to prepare kids for the workforce. In the industrial era this meant reflecting the work conditions they would eventually go into – large warehouses became classrooms and the smoko bell became the school bell. In terms of education for young girls, it was often crafted around antiquated expectations of a ‘woman’s work’. In terms of education for indigenous kids, this was primarily designed to assimilate them into the dominant culture. This practice was considered to be ‘in their best interests’ and would ensure a more ‘fair’ and just society for all. The education system wasn’t designed to empower indigenous kids to be deeply connected to their language, identity and culture and we are still feeling the ramifications of the trauma that this caused for indigenous people across the world. Until we actively start to redress that trauma, we will continue to experience inequity in its most harmful forms.

So what gets me out of bed in the morning? It’s the responsibility I feel to be a voice for those indigenous kids who are continuing to experience inequity in our education system. It’s the understanding I have through my own learned experiences that our kids rely on us to be their allies, their advocates and their cheerleaders. They deserve to walk into schools and be empowered to be who and what they are and be secure in the knowledge that they are surrounded by adults who are working really hard to know better and do better.

How did you get to where you are today?

Pure determination to prove people wrong! I hated the stereotypes about Māori women so becoming a single mother in my early 20’s lit a fire in me to push as hard as I could against those stereotypes and become more than what society expected of me. I worked really hard and I leaned into my support network. I read and learned and listened to people that inspired me and I set goals and just ticked them off one at a time. I went from a high school failure and a young single mother, to a self sufficient, empowered woman with a Masters Degree. At the start of my journey the degree was my aspiration and I was fuelled by wanting to prove a point. But the real reward for me was the self assurance that I could in fact achieve anything I dared to dream about.

What is the most important lesson you have learned along the way?

Gosh so many! I think the most valuable lesson for me was to learn to trust my gut. Over the years I have come to realize that female intuition is probably the most powerful tool in our arsenal! I’m not referring to that little voice in our head that is most often our harshest critic, I’m talking about that gut feeling you get right when you need to get it! Looking back over things you can often remember a time when your gut warned you this was the wrong path. Or it screamed at you to just have faith. When things are tough in my world and I can’t see the wood for the trees, I always try to block out the noise and tune into my female intuition to allow it to guide me on my journey.

What’s your advice to CEOs in the identity space?

STOP considering only your learned perspective of what identity is. There are so many diverse definitions of identity and it’s important we don’t narrow the lens here. It would be dangerous to assume there is one definition of identity and even more dangerous to assume the western world view is the correct one! We need to allow diverse perspectives of identity to inform our practice for the future as one size will definitely not fit all and it’s too important to get wrong.

START educating people about digital identity. If you work in this space you might be forgiven for assuming everyone understands it but I assure you this is far from the case. Education should empower people to make informed choices and we must be careful not to educate through fear. We need to start to look at how we can educate our kids about their digital identity and integrate this important knowledge into school curriculum.

CONTINUE exploring alternative ways, processes and perspectives. You know what they say true collaboration is – it’s about the ideas that don’t exist until you get everyone in the room! So as you are continuing to explore innovative solutions to new emerging challenges ask yourselves this – who’s voice is missing in the conversation. And then go engage with those missing voices. They may just have the very solution you’ve been searching for.

We need to allow diverse perspectives of identity to inform our practice for the future as one size will definitely not fit all and it’s too important to get wrong.

In one sentence, why does diversity matter to you?

Because everyone should feel important and valued for who they are.

What book/film/piece of art would you recommend to your fellow members? Why?

The Whale Rider is an amazing book by Witi Ihimaera and the film is phenomenal. It gives a great insight into the Māori culture and practices and it’s a go to for me when I need a reminder about having faith and trusting my intuition. It also explores a Māori perspective on identity and the importance of understanding indigenous world views and practices.

What advice would you give to the teenage ‘you’?

Have faith, be present and take it easy on yourself! You’re loved and strong and trust me, it’s all coming to you.

Where can we find you on social media / the Web?

Find me on the web at https://core-ed.org/about-core/our-team/professional-learning-solutions/janelle-riki-waaka, on Twitter @jayeriki and on LinkedIn.

The post Interview with Janelle Riki-Waaka appeared first on Women in Identity.

Monday, 03. August 2020

Oasis Open

ISO Approves OASIS ebMS3 and AS4 as International Standards for Messaging

Saturday, 01. August 2020

r@w blog

#DigitalLiteraciesAtTheMargins

Aakash Solanki, Sandeep Mertia & Rashmi M Session The session intends to initiate a discussion on digital literacies in the wake of ‘Digital India’ programme drawing on the empirical insights from three different field situations. The discussion will be anchored in the social and material context of Digital India but will not be limited to it. The questions we raise in this specific con
Aakash Solanki, Sandeep Mertia & Rashmi M Session

The session intends to initiate a discussion on digital literacies in the wake of ‘Digital India’ programme drawing on the empirical insights from three different field situations. The discussion will be anchored in the social and material context of Digital India but will not be limited to it. The questions we raise in this specific context may be extended to understand the current conceptual as well as practical deployment of many ICT4D programmes as envisioned by both government and non-government actors. The idea of digital literacy is central to both the conceptualization and the execution of such programmes, and the actors in charge work with their own understanding of the context and needs of the people they aim to empower. There have been very few attempts to systematically understand the concept of digital literacy which leave much scope for either lenient contextual interpretations or context insensitive one-size-fits-all approach towards technological interventions. This session is an effort to begin one such discussion which we hope will refine the prevalent understanding of digital literacy/literacies in India.

From a glance at the structure of Digital India programme, it is apparent that the programme is designed to achieve digital inclusion and is primarily directed towards the digitally marginalized in spite of having a more comprehensive agenda. The schemes such as National Digital Literacy Mission (NDLM) and the way they are conceived are indexical of the kind of target groups which the programme plans to address. A key concern for us is to think through the mismatches between the frameworks of the digital literacy initiatives and the local socio-technical contexts which we observed in our field sites. The objective of the session is not as much to arrive at the definitional fixity of the concept of digital literacy as it is to complicate and problematize the prevalent definitions of digital literacy implicit in both visualization and execution of such initiatives. We plan to meet this objective through empirical insights we have on three different field sites.

The session will also focus on certain methodological questions that might help us better understand digital literacy. This part of the session addresses questions such as: how can we conceptually define digital literacy/literacies? What parameters should go into the measuring of digital literacy? How should we theoretically understand it — as technical skills or knowledge or some higher cognitive ability? How can we best pedagogically achieve it given the complexity of ground reality? The questions will be directed towards encouraging thought in this area rather than providing answers. The session will also try and discuss various kinds of policy and pedagogical documentation available on digital literacy and critically debate their conceptualization and execution by juxtaposing them against various uses of ICTs on the ground by specific groups of users. This part of the discussion will draw upon scholarly and other kinds of documentation available on the topic and use them to evaluate various government and corporate initiatives to achieve digital literacy in India.

Plan

In keeping with the spirit of the conference, the three discussants’ will try to put forth empirical insights from their respective field situations and frame nuanced research and discussion questions on digital literacies at the margins of techno-cultural capital and/or access. Further the discussion will be aided by specific readings and the insights drawn from them. The idea is to have a symmetrical, reciprocatory and anthropologically comparative conversation on questions of technology, materiality, access, meaning making, development and literacy, by moving back and forth between different fieldsites and interpretive frameworks.

Field Note I

The first discussant’s work on social media use in rural Rajasthan discusses socio-technical changes instituted by the introduction of ICTs despite their developmental failures. He claims that these changes have been often viewed from technologically or socially deterministic positions and that there are significant empirical gaps between such technocratic discourses and the grassroots experiences of technology. There is a growing usage of social and digital media in rural areas where ICT4D and e-Governance pilot projects have failed to meet their goals. Based on an ethnographic study of ICTs in two villages of Rajasthan, his work aims to situate social and digital media in a complex rural society and media ecology using co-constructivist approach. Focusing on context sensitive meaning making of ICTs, it will seek to contribute to an empirically sound discourse on media, technology and rural society in India.

Field Note II

The second discussant’s work on mobile phones and multimedia consumption among the digitally marginalized users in Bangalore brings into focus the popular usage of ICTs, specifically mobile phones, among the subaltern users. While such popular usage indicates a certain level of literacy already achieved by the digitally marginal groups by mere exposure and peer learning, it is not sufficient to do away with all kinds of guided training required to make such users participate in informationalized environments. Her observations on the mobile phone usage among the subaltern users in Bangalore problematize the notion of digital literacy and invite us to think about it as a more layered and stratified concept. They raise questions such as ‘what constitutes digital literacy?’ — some complex use of gadgets learnt by mere exposure and peer knowledge or an awareness about the social relevance of the technologies and knowledge about their appropriate deployment in different social contexts? While mere access and some nominal training might be helpful in equipping people with some knowledge about gadget-use, her study points out that such initiatives are far from achieving the right degree of digital literacy needed to make these people participate in new media ecologies. Thus it contends the claims of 1. Organic literacy attained by mere exposure and peer sharing of technological knowledge and 2. Literacy attained by current training programmes which might equip the digitally marginalized with knowledge of technological use but not necessarily inform them about the context relevant knowledge needed for their appropriate deployment.

Field Note III

The third discussant’s work on e-governance initiatives in an Indian state plans to return the gaze on to the bureaucracy itself and takes the conversation from the margins back to the centre. His work moves away from the target groups generally alluded to in programs such as the NDLM. It takes into accounts the struggles, anxieties, hopes and promises of/for a bureaucracy in coming to terms with a gradual but seemingly eventual shift from paper work to digital paper work. The users in this case are staff members tasked by the higher-level bureaucracy-who have little or no clue about it themselves- to learn a new tool and migrate all paper work to the digital domain. Many of e-governance projects are spearheaded by corporate organizations, which in turn dictate the terms of the conversation on Digital Literacy even within the government. What impact does this have on how Digital Literacy is understood, articulated and executed in ICT4D programs within and without the government.

Readings

Terranova, Tiziana. 2004. Chapter 5: Communication Biopower, 131–157. Network Culture: Politics for the Information Age. London: Pluto Press.

Mazzarella, William. 2010. Beautiful Balloon: the Digital Divide and the Charisma of New Media in India. American Ethnologist, 37(4), 783–804.

Smith, Richard Saumarez. 1985. Rule-by-Records and Rule-by-Reports: Complementary Aspects of the British Imperial Rule of Law. Contributions to Indian Sociology 19(1): 153–176.

Audio Recording of the Session

IRC 2016: Day 2 #Digital Literacies at Margins : Researchers at Work (RAW) : Free Download, Borrow, and Streaming : Internet Archive

Session Team

Aakash Solanki is a PhD candidate in Anthropology and South Asian studies at the University of Toronto. He is broadly interested in the genealogical study of states, statistics (stats), and computing. In the past, he has worked on the collection, classification, management of information and its politics in colonial India. In addition to prior training in computer science, he has worked in government agencies both in the US and India, on data science projects in education , health, and skill development at the city, state, as well as the federal level. He has previously published in the journal South Asia and is a Contributing Editor to the journal Cultural Anthropology. He runs an interdisciplinary seminar series on Development at University of Toronto.

Sandeep Mertia is a PhD Candidate at the Department of Media, Culture, and Communication, and Urban Doctoral Fellow at New York University.

Rashmi M is a doctoral student in the school of social sciences at National Institute of Advanced Studies (NIAS), Bangalore. Her research interest is in the area of media studies. Her M.Phil work at English and Foreign Languages University, Hyderabad was on Kannada websites, in which she looked at the cultural politics of regional vernacular languages especially Kannada in the English dominated world of the Internet. Her doctoral work at NIAS focuses on changing media consumption practices via mobile phones and other peripheral technologies among users with limited technological access and economic means in the city of Bangalore and surrounding areas.

#DigitalLiteraciesAtTheMargins was originally published in r@w blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Friday, 31. July 2020

MyData

MyData Online 2020 Conference Call for Proposals open from 30 July to 6 September

The main programme of the conference is content made by the MyData community through the Call for Proposals. The call started on 30 July. After the call ends on 6 September, all submissions will be reviewed twice by our community of reviewers. Notification of acceptance will be sent out on 18 September. The full conference programme will be published... Read More The pos

The main programme of the conference is content made by the MyData community through the Call for Proposals. The call started on 30 July. After the call ends on 6 September, all submissions will be reviewed twice by our community of reviewers. Notification of acceptance will be sent out on 18 September. The full conference programme will be published...

Read More

The post MyData Online 2020 Conference Call for Proposals open from 30 July to 6 September appeared first on MyData.org.

Thursday, 30. July 2020

Berkman Klein Center

The Breakdown: Jonathan Zittrain reflects on 2019–2020 Assembly program, disinformation

Special two-part episode delves into BKC’s Assembly program, big challenges with disinformation Jonathan Zittrain joins Oumou Ly for the latest episode of The Breakdown. Photo: Lydia Rosenberg This episode of The Breakdown featuring Assembly Staff Fellow Oumou Ly in conversation with Professor Jonathan Zittrain, is shared in two parts. Part one delves into the Berkman Klein Center’s Assembly progr
Special two-part episode delves into BKC’s Assembly program, big challenges with disinformation Jonathan Zittrain joins Oumou Ly for the latest episode of The Breakdown. Photo: Lydia Rosenberg

This episode of The Breakdown featuring Assembly Staff Fellow Oumou Ly in conversation with Professor Jonathan Zittrain, is shared in two parts. Part one delves into the Berkman Klein Center’s Assembly program — which focused on disinformation from a cybersecurity perspective for the 2019–2020 year — and some of the big challenges that surfaced from Assembly work this year. Part two explores disinformation in the context of trust and platforms, and looks ahead at Assembly in the future.

Read the transcript, which has been lightly edited for clarity and brevity.

Oumou Ly (OL): Welcome to The Breakdown. My name is Oumou. I’m a staff fellow on the Berkman Klein Center Assembly: Disinformation Program. Our episode today features our very own Jonathan Zittrain. Jonathan is the George Bemis Professor of International Law at Harvard Law School. He’s also a Professor at the Harvard Kennedy School, a Professor of Computer Science at the School of Engineering and Applied Sciences, Director of the Law School Library and Co-founder and Director of the Berkman Klein Center for Internet & Society. Thank you for joining us today, Jonathan.

Jonathan Zittrain (JZ): It’s my pleasure. Thank you, Oumou.

OL: So our Assembly Program is wrapping up for the 2019 through 2020 year and you’ve joined us in your capacity as faculty advisor for the Assembly Program and also as a Co-founder and Director of the Berkman Klein Center of which the Assembly Program is based.

Can you talk a little bit about yourself, a little bit about the Assembly Program and how it came to be?

JZ: At one point we had gotten word of one of our fellow universities getting on rather abrupt notice a $15 million grant to improve the state of cybersecurity. We were certainly thrilled for our peers and then couldn’t help but brainstorm, gosh, if we unasked had $15 million appear, which I won’t say has happened yet, what would we do with it and how would we deploy it in a way that did justice to the confidence of whoever would be entrusting us with that much money?

JZ: What emerged from that discussion was a sense that in some ways the reach of academia is limited. But what if people who weren’t dispositionally inclined to sit down and write 250 manuscript pages could be brought together around these really hard problems that transcend traditional disciplinary boundaries?

What would it look like to gather people around hard problems and work on them? Our first efforts were on cybersecurity and specifically on what we call the going dark problem as framed by law enforcement.

Our group, which included government officials, civil libertarians, academics, and human rights folks, had really good discussions about that and put a report entitled Don’t Panic. In a way, it said to law enforcement, don’t panic and to the civil libertarians, maybe you should panic because there are a bunch of fronts on which to worry. That’s just an example of the sorts of things our group came together to do in that instance and the intervening years. Most recently, as you know, we’ve taken up the problem of disinformation. How big is it, how bad is it, how would we measure it and know if it’s getting better or worse and who, if anyone, would we trust with an intervention designed to do something about it?

I should say quickly, the Assembly Program as it’s evolved has roughly now three pillars, three tracks, one of which involves our students at the university. Graduate students looking for thesis topics across multiple departments, including law students looking for meaningful applied experiential work, lend their talents to projects, come together as a cohort to do independent work, and meet faculty from other departments that they normally wouldn’t have a chance to come across. That’s the Assembly student fellowship. We also have Assembly fellows who are people from industry, nonprofits, NGOs, and outside academia.

It doesn’t mean they’re running a particular company, but they are the people within the engineering rooms of those companies trying to make a difference. By calling them together, having them spend some time on campus here full time, and then scatter again,that can maybe yield something interesting. That was the premise. For now several years, our Assembly fellows have bonded as a group, done multiple projects and presented those projects.

Then the third pillar is what we call the Assembly Forum. We convene senior officials and senior executives or their representatives and get them talking with one another in the kind of setting that they wouldn’t get in their own natural environment. These are people that might well be thinking about this kind of stuff all the time, and are trying to see things from a new angle. Those are the three pieces of Assembly.

OL: Were there any issues that we discussed over the course of the year on which you experienced a perspective shift, had your mind changed? Or, did you perhaps change someone else’s mind?

JZ: I certainly found my own thinking deepened and changed on some things. First off, you certainly can’t just assume that disinformation is a scourge or undifferentiated. Across the board, some of the slicing and dicing that academics want to do and that we found some of the companies are doing too, is them trying to create measurements to counter it where they want to weigh in. It really makes a difference to figure out, “Well, all right. What are we defining as misinformation?” Even… I mean, to some listeners, this may be a kind of new distinction to everybody who’s new at one point, the difference between misinformation and disinformation.

OL: Absolutely.

JZ: Misinformation being, “Oh, you just got it wrong”, and disinformation being, “You are wrong. You’re trying to get other people to get it wrong”, with the latter being propaganda. Even that isn’t sufficient because you would think that if some government cooks up a piece of disinformation in a lab and releases it, that is the disinformation. But if somebody repeats it too credulously, they really believe it themselves, they’re engaging in misinformation with the disinformation they got. It might well be that if you’re a platform conveying that or amplifying that speech, you would react to it differently if you know the actor is intending it versus the actor just being a credulous vehicle for it. So being more careful and precise so that we can cut to action that more narrowly addresses the worst aspects of the problem, seems to me really useful in a way that just otherwise makes the problem feel so inchoate and overwhelming that it’s hard to even start with your spoons scooping out the ocean.

I think that in the particular instance of political mis- and disinformation, there are interesting questions. If you have a platform like Facebook, or you have a government intelligence agency that’s charged with protecting the nation, looking for threats and they see another government trying to salt falsehoods and trying to make those falsehoods are coming from fellow Americans — now what? You would think, well, at least you should disclose what you see. Certainly if I’m on Facebook, I would prefer that if I saw something that was supposedly from a neighbor, and it turns out it’s from somebody thousands of miles away getting paid by their government to pull my leg, I should know about that.

OL: Right.

JZ: But it’s very complicated. One of the hypotheticals we entertained as a group was, all right. Suppose the government, the US government, absolutely with great certainty can say, “Here’s disinformation. This is coming from this other country. It’s targeting this political candidate.” Do you tell the candidate? If you tell the candidate, what do you tell them? By the way, it’s like another country has it in for you? Should that be all? Do you say, “Here are the specific posts”, and then do you tell them, “By the way, it’s classified, so you can’t tell anyone else?”

JZ: If not, why did you tell them? What are they supposed to do with it? Those are real questions and I’m not sure I have answers to them all. But we should be thinking about situations wherein some of us know what’s going on and are prepared to share it, or have an inkling and aren’t certain — and what we would advise the disclosees to do about it. What’s the right course of action that advances the cause against disinformation? That seems to me a better articulated question than I had when I was going into it.

OL: What concerns you most about the current state of play with regard to disinformation? Is it that the problems are so intractable that we find ourselves at a status quo that seems untenable? What really keeps you up at night?

JZ: What keeps me up at night is the absence of trust in any referee. Just to take an example from the foundations of a legal system: Two people have a dispute so intractable and important to them that they are willing to endure litigation… they’re ready to go into a courthouse and spend potentially years and tens of thousands of dollars trying to just get an answer from a jury or a judge and an appellate court.

OL: Yeah.

JZ: It would be nice to know that at the end of that, when somebody wins and somebody loses, although the loser will be disappointed, they don’t feel it’s the case that they were robbed. We don’t want it to be the case that they wonder, “Why did I even have the faith to go into that courthouse?” It is valuable to have a legal system that can settle disputes without the system itself being rightly called into question in every case as to whether it is the problem.

The fact that we don’t have a significant majority of people trusting anything is a huge problem. There’s a necessity to create more trust and buy in among us. My thought was to have political ads submitted to a platform, then assigned to an American high school class, which under the guidance of their teacher and maybe a school librarian work through whether this ad contains disinformation or misinformation. The class determines whether the ad remains on the platform, they write up their findings, and get graded as to how well they do it. Maybe the decision favored by two out of three classes is the final decision. That’s an example of an idea that I acknowledge is clearly crazy. But I’m hard pressed when I think about it to say why it’s worse than the status quo, which is clearly unacceptable to me.

OL: Do you think that this lack of trust in traditionally trusted institutions is the result of the disinformation situation that we’re in? Or do you think that there was the sentiment that preceded it and this has just exacerbated it? I talked with Renee DiResta for our first episode of the series and she said something interesting to me, which is that social media had this democratizing effect in terms of who we consider to be a credible source. At the same time, we’re experiencing disinformation that degrades the credibility of traditionally respected sources. Where do you think that this has come from?

JZ: It’s likely a sadly mutual cycle. An example is this tale about how 5G relates to COVID. Anybody could sit down and write a page of word salad that invokes a bunch of words having to do with physics to explain how the vibrations actually change the vibrations of the… It’s incoherent. But, the fact that it could have purchase begs the question — all you needed was to have your eyes encounter those words?

That’s partly the worry about deep fakes. That you see something, you feel like your eyes aren’t lying and you’re already inclined to accept it for various reasons, including just wanting to rationalize what you may already believe or want to have happen in the world.

OL: Our forum wrapped on May 12th and we had our last two sessions were really heavily focused on COVID. Of course, it’s topical as so much of what we’re seeing online is COVID related or COVID focused. In our last two sessions, platforms, researchers and others in our group talk[ed] about the challenges that they’ve encountered as they work to manage the sheer volume of disinformation surrounding this issue. Then just recently, sustained attention has really shifted to issues of racial inequity, injustice and police brutality.

As you take stock of the challenges that are mounting in the world at large, and maybe amongst the countering disinformation community as well, are there particular reforms that you hope to see?

JZ: Well, I think part of the throughline of the examples you’re talking about is disinformation that could contribute to violence or to harm, including self harm in the health context.

OL: Yeah.

JZ: It makes the stakes real. When it’s disinformation that could lead to violence and conflict and purveyors of disinformation are putting it out exactly for that purpose, it makes it awfully hard to just say this is just too thorny a problem.

So while acknowledging all of the difficulties that come from figuring out who’s supposed to be the truth police here, having no police here is also the stakes are very real, very immediate. When the denominator of people involved is in the billions and you know that slight tweak to the platform here could greatly change the views of tens of millions of people, it is not a non neutral position. There’s just whether you’re going to be stirring the pot or whether third parties, including state actors will be stirring the pot.

OL: I completely agree with you. What is on tap for next year?

JZ: We’ve taken up other issues like cybersecurity and the ethics and governance of AI. This problem of disinformation requires calls for more than just the one academic year’s worth of focused attention. There’s a lot of momentum and I think enough collective feeling within the various groups that the status quo really isn’t working, and that it’s worth pressing on to solve it other than just keeping on with some of the measures already in place. It’s really calling out for new thinking and new experiments.

I’m also mindful that a lot of the action here, both in understanding the dimension of the problem through access to data and in implementing attempted solutions — that’s largely in private hands. Figuring out the right way to bridge those private companies that happen to shape speech so much with the public interest is a really important role that our group can play and model and work with for the coming year.

So my sensibility is that we’ll certainly continue through the November US elections, but even beyond with the relationships that have been forged among us and we’ll see if we can bring more to the table as we go.

OL: Thanks so much for joining me today, Jonathan.

JZ: It’s my pleasure. Thank you, Oumou.

The Breakdown: Jonathan Zittrain reflects on 2019–2020 Assembly program, disinformation was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.


Decentralized Identity Foundation

The Universal Resolver Infrastructure

A DIF-hosted resource for community development Introduction It has been almost three years since DIF began working on the Universal Resolver (GitHub: Universal Resolver) — a foundational piece of infrastructure for the Decentralized Identity ecosystem (see the original announcement). Since then, our vision of being interoperable across ledgers and DID methods has seen a lot of support. Thanks t
A DIF-hosted resource for community development Introduction

It has been almost three years since DIF began working on the Universal Resolver (GitHub: Universal Resolver) — a foundational piece of infrastructure for the Decentralized Identity ecosystem (see the original announcement). Since then, our vision of being interoperable across ledgers and DID methods has seen a lot of support. Thanks to community contributions, the Universal Resolver now supports around 30 different DID methods.

Today, we are happy to announce an updated set of instances where the Universal Resolver is deployed. One stable and one experimental version will be iterated, maintained, and hosted by DIF as a service to the community!🎉

While this is undoubtedly a useful resource for research, experimentation, testing, and development, it is important that it not be mistaken for a production-grade universal resolver. It should be pointed out that:

This infrastructure is neither intended or approved for production use cases and that nobody should rely on it for anything other than for development and testing purposes. These two specific deployments are not production-ready. The preferred scenario continues to be that all DID-based information systems, run by a method operator or otherwise, production or otherwise, host their own instance of the Universal Resolver (or other DID Resolution tools). DIF withholds the right to limit or modify the performance of this free service in case usage for production, commercial, and/or malicious purposes is detected. Two Deployments

The following two deployments are now available as a community service:

* https://resolver.identity.foundation/ — Hosted on IBM Cloud by DIF (thanks IBM!). While not considered production-ready, this instance is expected to be relatively stable. It will be tested before and after manual updates from time to time, with versioned releases.
* https://dev.uniresolver.io/ — Hosted on AWS by DIF. This instance is more experimental, will be updated frequently, and is connected to CI/CD processes. It may be down from time to time or have unexpected functionality changes.

Note: For backward compatibility, the original URL https://uniresolver.io/ will now redirect to https://dev.uniresolver.io/.

Documentation

See the following links for more information about testing, release, and deployment processes of the Universal Resolver:

Photo by Anne Nygård AWS Architecture: https://github.com/decentralized-identity/universal-resolver/blob/master/docs/dev-system.md CI/CD Process: https://github.com/decentralized-identity/universal-resolver/blob/master/docs/continuous-integration-and-delivery.md Branching Strategy: https://github.com/decentralized-identity/universal-resolver/blob/master/docs/branching-strategy.md Release process: https://github.com/decentralized-identity/universal-resolver/blob/master/docs/creating-releases.md Periodically, this standing work item is discussed in the Identifiers and Discovery Working Group, so that group’s recorded meetings and discussions on Slack and mailing list may contain further insight on the above topics.

The Universal Resolver Infrastructure was originally published in Decentralized Identity Foundation on Medium, where people are continuing the conversation by highlighting and responding to this story.

Wednesday, 29. July 2020

Oasis Open

OASIS Approves Four Public-Key Cryptography (PKCS) #11 Standards


MyData

Press release: MyData Operator 2020 status awarded to 16 organisations from around the world

MyData Global Press release Helsinki, July 29th 2020 Embargo 16:30 CEST    A bold new initiative to shape the new normal of data has arrived – MyData Operator 2020 status awarded to 16 organisations from around the world   As the CEOs of US data giants face inquiry in the country’s Congress, an alternative to... Read More The post Press release: MyData Operator 2020 status aw

MyData Global Press release Helsinki, July 29th 2020 Embargo 16:30 CEST    A bold new initiative to shape the new normal of data has arrived – MyData Operator 2020 status awarded to 16 organisations from around the world   As the CEOs of US data giants face inquiry in the country’s Congress, an alternative to...

Read More

The post Press release: MyData Operator 2020 status awarded to 16 organisations from around the world appeared first on MyData.org.


OpenID

The OpenID Foundation and Financial Data Exchange Host Workshop Focused on Fintech Standards and Certification

The OpenID Foundation (OIDF) and Financial Data Exchange hosted a joint workshop on July 21, 2020 to share information on their respective standards and certification programs. OIDF Chairman, Nat Sakimura provided a global view of the state of financial APIs followed by FDX Managing Director, Don Cardinal, who described FDX’s focus as the financial services […] The post The OpenID Foundation and

The OpenID Foundation (OIDF) and Financial Data Exchange hosted a joint workshop on July 21, 2020 to share information on their respective standards and certification programs.

OIDF Chairman, Nat Sakimura provided a global view of the state of financial APIs followed by FDX Managing Director, Don Cardinal, who described FDX’s focus as the financial services industry’s standards development and certification center of excellence in the US. Torsten Lodderstedt, CTO at yes.com and a OIDF contributor overviewed the roadmap of the Foundation’s Financial-grade API (FAPI). FDX Director Product, Dinesh Katyal, shared a high level look at the FDX API plans. All this led to the key part of the conversation: how the two organizations may best to continue to collaborate. The workshop concluded with a demonstration of the OIDF certification suite including FAPI certification by Joseph Heenan, Fintech Labs CTO and lead developer of the OIDF Certification Program.

 

Workshop Presentations

OpenID Foundation Overview by Nat Sakimura

Financial Data Exchange Overview by Don Cardinal

Financial-grade API (FAPI) Overview and Roadmap by Torsten Lodderstedt

FDX API Presentation by Dinesh Katyal

OpenID Certification Program Overview by Joseph Heenan

The post The OpenID Foundation and Financial Data Exchange Host Workshop Focused on Fintech Standards and Certification first appeared on OpenID.

Tuesday, 28. July 2020

Decentralized Identity Foundation

Where to begin with OIDC and SIOP

and how today’s most powerful authentication mechanisms can be decentralized It is a mouthful of an acronym: it stands for OpenID Connect — Self-Issued Identity Provider. Unless you are familiar with the terminology of the OpenID community, knowing what the acronym stands for doesn’t illuminate much, but rest assured, this is one of the most exciting developments to support the widespread adoptio
and how today’s most powerful authentication mechanisms can be decentralized

It is a mouthful of an acronym: it stands for OpenID Connect — Self-Issued Identity Provider. Unless you are familiar with the terminology of the OpenID community, knowing what the acronym stands for doesn’t illuminate much, but rest assured, this is one of the most exciting developments to support the widespread adoption of Verifiable Credentials across the web.

This post will explain how it’s exciting and what kinds of adoption it could galvanize. First, we will cover OpenID & OpenID Connect, then touch on how decentralized identity (or “self-sovereign identity”) relates to “authentication” and “user accounts,” and finally how they can work together, with two educational videos along the way.

While there is substantial and sophisticated prior art, particularly in the Aries community, for integrating verifiable credentials with OpenID Connect, using DIDs for OIDC is still emerging and approaching its first stable specification in the coming months. This is the culmination of substantial collaborative work to develop this bridge between the DID Authentication Working Group at DIF and various interlocutors at the OpenID Foundation. This post breaks down key elements of this development and shares more resources if you want to explore it further.

What is OpenID & OpenID Connect

The first seeds of OpenID were sprouted at the very first Internet Identity Workshop in 2005. All the companies interested in URL-based protocols got together and collaborated together on their various models for designing authentication for users against URLs they controlled, like their personal blogs. This protocol has evolved and the latest iteration is based on sophisticated OAuth (Open Authorization) standards and tooling.

The basic and most typical flow used by OpenID Connect can be described as follows: an individual, which in this context can be called a “user” of the identity system, first gets a fresh proof of authenticity of their digital identity. This unique proof is minted in the course of an interaction with a service called an “Identity Provider” (IP), i.e. Google or Facebook. This proof usually takes the form of a “token,” a single-use cryptographic access code linked to the corresponding identity record at the IP. The user then takes that token to a second site that they are going to login to, with is called the “Relying Party” or RP, which can then trust they are dealing with the same person identified (usually very strongly) by the Identity provider.

OpenID Login Flow

The teams of professionals that created OpenID Connect had enough imagination to anticipate more complex use-cases that weren’t immediately needed by the commercialized web of 2005, but for which the technical foundations were still worth laying. Among there, there was a clear idea that users would, in some cases, prefer or need to bring their own identity with them rather than a pointer to a record on an IP’s server. This identity would thus be “self-issued,” a capability they designed into the OpenID core specification.

The vision of DID-SIOP is a way of bringing decentralized identity concepts into alignment with the ideas of “self-issued” portable identity that the original OpenID innovators had. It was good that they included and preserved this underutilized capability in their immensely popular and internet-powering framework, which is the basis of modern social login (i.e., “Sign on with Google/Facebook/etc”). After all, it would have been simpler not to, but enough of designers and thinkers involved anticipated much of what has developed in parallel, the decentralized identity technology that the DIF serves to support.

How do decentralized identity systems work?

In this conceptual framework, the “Identity Provider” has been cut down a notch, and is instead referred to as a mere “Issuer” (of credentials and information, perhaps of identities over which it has less control).Similarly, the “user” is defined less by borrowed tools and more by owned ones, assuming the title of “Holder” of information and identity, whether issued or self-issued.. The “verifier” relies less on the identity provider, choosing instead to verify information and identities presented by their holder on their own terms (with some cryptographic assurances about the issuer).

One interesting difference between traditional OIDC and decentralized systems is that in the latter, all parties have identifiers that make it possible to verify signatures; it is hard to tell from a DID whether it corresponds to an institution, an individual, or an inanimate object, because it could be any or all of those. Whatever it represents, it points to ways of verifying signatures with so-called “key material” (public keys, hints to how to classify and use them). Most often, this happens by looking up the material on a distributed ledger, but this is not, strictly speaking, definitive of the framework..

The key material from an OIDC issuer proves the veracity of whatever information or identity is being presented in a way that is tied back to that issue by similar key-material guarantees, and a self-issued OIDC token works the same way. (In a self-issued OIDC credential, the holder’s key material is used in the place of an institutional issuer’s).

How OpenID and Decentralized ID can fit together

One of the big challenges for any new technology that needs an identity system is getting adoption of the needed components so the system can actually work at a sustainable scale. This usually required buy-in from various kinds of actors in an ecosystem: at the very least, it needs critical mass of users/holders, IPs/issuers, and RPs/verifiers, each maintaining their end of the infrastructure and “keeping the lights on,” as it were.

This is exactly where the two systems can really help each other: achieving and maintaining critical mass of all three, as the distribution of more and less centralized solutions changes, and self-issued credentials come to be accepted in theory and in practice. OpenID Connect has a large “install base”: there are literally millions of websites running OpenID Connect tooling as the authentication mechanism at their “front door” for users. Indeed, while a vanishingly small portion of internet users have ever heard of OIDC, it is the nuts and bolts of the most universal and familiar UX and user flow of the contemporary commercial web, including online banking and government services.

OIDC-SIOP leverages the code that OpenID Connect relying parties already have in place across all these millions of sites, and the lion’s share of the 10,000 most used websites. Think of the screen that reads, “Log in with Google / Facebook / Twitter / Github / etc.” OIDC-SIOP enables organizations to ask for Verifiable Credentials that an individual holds in their wallet instead of a token from Google / Facebook / Twitter / Github. These can be single-use access codes with cryptography built in, or more reusable credentials, or richer credentials containing various kinds of information otherwise requested from an IP. This mechanism is provided by the Self-Issued OpenID Provider flow described by the core specification:

If successful, this will be a huge win for decentralized identity, because it addresses the perennial “Relying Party” problem of adoption: how do you get relying parties to adopt a new technology, install and trust a new “doorway,” adapt their security and business processes to a new set of strengths and weaknesses? In the popular imagination and even in much of the technology press, scaling a business or a technology is often imagined as a quest for users, but they are often the easiest shareholder to get on board, particularly for something convenient and powerful. The relying parties (or, in economic terms, the “demand side” of identity) is often a much harder business problem, and in this case, no “big lift” is required of the verifiers or “relying party” consuming a new kind of authentication credentials because they only have to make minor adjustments to the nearly universal OIDC tooling they already have.

Further Reading

The purpose of the DID Authentication Working Group at DIF is to design, recommend, and implement authentication protocols that rely on open standards and cryptographic protocols tailored to today’s and tomorrow’s systems for handling DIDs and DID documents, the primitives of decentralized identities. In last six months, the group has been actively working on the OIDC bridge, and they presented their latest work at DIF’s June 2020 virtual “face to face” meeting:

Here is a link to their draft specification, nearing stability and ratification at time of press: https://identity.foundation/did-siop/. For an explanation of some of the design principles and conceptual fine points, see the article “If You Build an Island You Need a Boat” from DIF member Mattr Global (NZ).

Finally, if you want to go even deeper into the technical nitty gritty (particularly if you are unfamiliar with OIDC best practices), watch this video of a two hour presentation about OIDC-SIOP put on jointly with the DIDAuth group and the OpenID Foundation June 25th 2020.

Where to begin with OIDC and SIOP was originally published in Decentralized Identity Foundation on Medium, where people are continuing the conversation by highlighting and responding to this story.


ID2020

Grameen Foundation Joins the ID2020 Alliance

ID2020 is proud to announce that Grameen Foundation, one of the world’s leading nonprofits using technology to alleviate poverty and hunger, has joined the ID2020 Alliance. “Over the past 23 years, Grameen Foundation has demonstrated what we can accomplish when we empower women to help their families escape the cycle of poverty and hunger,” said ID2020 Executive Director, Dakota Gruener. “Given G
ID2020 is proud to announce that Grameen Foundation, one of the world’s leading nonprofits using technology to alleviate poverty and hunger, has joined the ID2020 Alliance.

“Over the past 23 years, Grameen Foundation has demonstrated what we can accomplish when we empower women to help their families escape the cycle of poverty and hunger,” said ID2020 Executive Director, Dakota Gruener. “Given Grameen Foundation’s enthusiastic embrace of technology to enhance the delivery of financial and other development services, we are delighted to welcome them to the Alliance and look forward to collaborating with them as they continue to incorporate digital ID into their programs.”

Grameen Foundation was inspired and encouraged by Nobel Laureate Professor Muhammad Yunus, the founder of Grameen Bank and a global leader in the fight against poverty. Rooted in the microfinance movement, Grameen Foundation works across Africa, Asia, the Americas, and the Middle East to extend financial and other services to the world’s poorest people.

Today, Grameen Foundation embraces a multidimensional approach to the complex problems of poverty, using technology to strengthen resilience and food security, increase incomes, enhance health, and build financial security.

Their work is guided by five principles:

· Give poor women a better way to manage their money.

· Give poor farmers a better way to grow crop income.

· Stay data-driven, evidence-based, and human-centered.

· Use digital as a tool, people will make the change.

· Design to be scalable and sustainable.

“We are pleased to join the ID2020 Alliance in support of its work toward ethical implementation of digital identity solutions,” said Steve Hollingworth, president and CEO of Grameen Foundation. “Grameen’s work has long been guided by the principle that digital technologies are our most promising path to empower the poor to break the cycle of poverty.”

We are excited to welcome the Grameen Foundation to the ID2020 Alliance.

###

About ID2020

Globally, one person in seven is unable to prove her identity through any recognized means. As a result, these individuals lack access to basic legal protections and social services, such as education and healthcare; are unable to participate fully as a citizen and voter; and are systematically excluded from the modern economy.

ID2020 is a global public-private partnership that harnesses the collective power of nonprofits, corporations, and governments to promote the adoption and ethical implementation of user-managed, privacy-protecting, and portable digital identity solutions.

By developing and applying rigorous technical standards to certify identity solutions, providing advisory services and implementing pilot programs, and advocating for the ethical implantation of digital ID, ID2020 is strengthening social and economic development globally. Alliance partners are committed to a future in which all of the world’s seven billion people can fully exercise their basic human rights and reap the benefits of economic empowerment and to protecting user privacy and ensuring that data is not commoditized.

www.ID2020.org

About Grameen Foundation

Grameen Foundation is a global nonprofit whose mission is to enable the poor, especially women, to create a world without poverty and hunger. In collaboration with our partners, we harness the power of digital data to create tech-forward tools for self-sufficiency and deliver them through local Community Agent networks. The Grameen Foundation Model is transformational regardless of Internet access, smartphone ownership, or the ability to read.

www.grameenfoundation.org

Grameen Foundation Joins the ID2020 Alliance was originally published in ID2020 on Medium, where people are continuing the conversation by highlighting and responding to this story.


WomenInIdentity

Canadian team represents WiD at IdentityNORTH

Melissa Carvalho, Nicole Landry and Chanda Jackson represented Women in Identity at the 2020 IdentityNORTH annual summit where over 500 people attended a two day conference. While going virtual this… The post Canadian team represents WiD at IdentityNORTH appeared first on Women in Identity.

Melissa Carvalho, Nicole Landry and Chanda Jackson represented Women in Identity at the 2020 IdentityNORTH annual summit where over 500 people attended a two day conference. While going virtual this year, the IdentityNORTH team was able to produce 3x more content than in previous years and offer a professional development certificate at 1/4 the price of their typical in-person events.

Before committing to the event, Melissa, Nicole and Chanda carefully analyzed the content to ensure that the summit reflects the values held by Women in Identity.

They were very impressed with the diversity of speakers – 46% of sessions featured speakers that are women, Indigenous or people of color. Sessions ranged from public and private sector business to health, democracy and inclusion and representation.

The team is pleased with the feedback obtained from other conference attendees. We’ve met many new people and look forward to building our relationships with those championing diversity in identity. We’re currently working with one of the groups, who would like to sponsor WiD, to launch a co-branded event this fall.

The IdentityNORTH 2020 Annual Summit event summary can be found online. It’s a great source of information for those looking to learn more. In the summary, you’ll find that the IdentityNORTH team featured Women in Identity in the following excerpt:

“It’s so important to understand when you build and deliver something to market, it’s not only going to be used for the purpose that you intended for, but it can be used for another purpose,” Chanda Jackson, Canadian Co-Lead of Women in Identity and Sr. Manager, IAM Planning at Royal Bank of Canada (RBC) reminded participants. There’s a whole world of untapped potential and possibilities out there, Jackson noted – it’s time to open the door to more ways of thinking.

Melissa Carvalho, Nicole Landry and Chanda Jackson are Canada Country Ambassadors for WiD. Catch up with them in the Canada forum.

The post Canadian team represents WiD at IdentityNORTH appeared first on Women in Identity.

Friday, 24. July 2020

Oasis Open

Invitation to comment on Exchange Header Envelope (XHE) V1.0 - ends Sept. 21st

Wednesday, 22. July 2020

Decentralized Identity Foundation

DIF’s Updated Code of Conduct

Setting a tone for inclusive collaboration An important part of supporting a community where people are coming from all over the world and from a variety of backgrounds is putting in place a code of conduct that provides a baseline understanding about what is ok and what is not. The purpose of DIF’s Code of Conduct is to create an open, healthy and productive culture where members and the communi

Setting a tone for inclusive collaboration

An important part of supporting a community where people are coming from all over the world and from a variety of backgrounds is putting in place a code of conduct that provides a baseline understanding about what is ok and what is not. The purpose of DIF’s Code of Conduct is to create an open, healthy and productive culture where members and the community can build and grow together.

During the DIF Virtual Face-to-Face Meeting in June of 2020, this Code of Conduct was reviewed:

In lieu of an executive summary, we would here like to offer a few highlights:

1.) Community Advocates

One of the innovations in the code of conduct is the creation of a role we call community advocates. Each of these is a community member who takes seriously their power and responsibility as facilitator. We are working to provide formal training to support these advocates and give them a firm foundation on what to listen for and how to speak to conflicts. If you are part of the community and would like to volunteer as a community advocate, please let us know.

In particular, these advocates can diffuse, mitigate, and failing both, escalate conflicts. See in particular the expanded dispute escalation section of the code:

Dispute Escalation and Incident Resolution Mechanisms
We are all here to contribute value and reap the benefits of community collaboration. While it is natural to have disagreements and find situations uncomfortable, DIF believes that resolving any issues should take place within the community via open communication.
DIF has within it a group of members who have some training and skills in supporting healthy conflict resolution that can be volunteer community advocates.
If something does happen, open communication and shared, cross community healing is a must. The community should get better as a whole.
2.) Diversity front-of-mind

Informed by a substantial corpus of experiences throughout the broader identity technology community where perspectives from marginalized groups were actively or unwittingly excluded, we felt our code of conduct needed to be explicit about the most nefarious and effective tool of silencing: scope management. To this end, we put into our code of conduct the following definitive statement:

Diversity is never definitively out-of-scope or foreclosed as irrelevant to more urgent business.
3.) Proactive inclusivity

Here are some more important excerpts from the code of conduct that cover our statement on inclusivity and diversity

Inclusive: We work together to resolve conflict, assume good intentions, and do our best to act in an empathetic fashion. We may all experience some frustration from time to time, but we do not allow frustration to turn into a personal attack. A community where people feel uncomfortable, threatened, or unheard/dismissed (explicitly or implicitly) is not a productive one. We should be respectful when dealing with other community members as well as with people outside our community, contributing to an atmosphere of inclusion. DIF takes seriously the maintenance of substantive inclusion in which any member feels empowered to contribute; if any do not feel the group’s chairs are doing enough to create this atmosphere, they may go elsewhere in DIF for help achieving this change.
Diverse: DIF welcomes and encourages participation by everyone. We are committed to being a community that everyone feels good about joining. Although we may not be able to satisfy everyone, we will always work to treat everyone fairly. No matter how you identify yourself or how others perceive you: we welcome you. Though no list can hope to be comprehensive, we explicitly honour diversity in age, culture, ethnicity, genotype, gender identity or expression, language, national origin, neurotype, phenotype, political beliefs, profession, race, religion, dis/ability, sexual orientation, socioeconomic status, subculture and technical ability. Diversity of perspective, identity and experience should be considered a positive contribution. Diversity and empathetic, pro-actively inclusive ways of stewarding cooperation is an ongoing commitment, not a one-time gesture; DIF’s Steering Committee and Working Group Chairs and Editors concretely support ongoing training or cooperative learning between leaders of working groups, mailing lists, and other venues.
A living, open-source document

You can read the full code of conduct here, or if you would like to suggest edits or open issues, you can do so on github here. As Balázs mentions in the video, the code of conduct is licensed for being “forked” and adapted anywhere it can be helpful, and we look forward to contribution and discussion as it continues to evolve.

DIF’s Updated Code of Conduct was originally published in Decentralized Identity Foundation on Medium, where people are continuing the conversation by highlighting and responding to this story.


Oasis Open

Four PKCS #11 OASIS Standards published

Monday, 20. July 2020

Oasis Open

Open Source Communities Embrace New Option for Running Independent Foundations

Thursday, 16. July 2020

Berkman Klein Center

On Platforms and Power

E pluribus unum or e pluribus pauca? Continue reading on Berkman Klein Center Collection »

E pluribus unum or e pluribus pauca?

Continue reading on Berkman Klein Center Collection »

Wednesday, 15. July 2020

Berkman Klein Center

Legal Risks of Adversarial Machine Learning Research

Adversarial machine learning (ML), the study of subverting ML systems, is moving at a rapid pace. Researchers have written more than 2,000 papers examining this phenomenon in the last 6 years. This research has real-world consequences. Researchers have used adversarial ML techniques to identify flaws in Facebook’s micro-targeting ad platform, expose vulnerabilities in Tesla’s self driving cars, re

Adversarial machine learning (ML), the study of subverting ML systems, is moving at a rapid pace. Researchers have written more than 2,000 papers examining this phenomenon in the last 6 years. This research has real-world consequences. Researchers have used adversarial ML techniques to identify flaws in Facebook’s micro-targeting ad platform, expose vulnerabilities in Tesla’s self driving cars, replicate ML models hosted in Microsoft, Google and IBM, and evade anti-virus engines.

Studying or testing the security of any operational system potentially runs afoul of the Computer Fraud and Abuse Act (CFAA), the primary federal statute that creates liability for hacking. The broad scope of the CFAA has been heavily criticized, with security researchers among the most vocal. They argue the CFAA — with its rigid requirements and heavy penalties — has a chilling effect on security research. Adversarial ML security research is no different.

In a new paper, Jonathon Penney, Bruce Schneier, Kendra Albert, and I examine the potential legal risks to adversarial Machine Learning researchers when they attack ML systems and the implications of the upcoming U.S. Supreme Court case Van Buren v. United States for the adversarial ML field. This work was published at the Law and Machine Learning Workshop held at 2020 International Conference on Machine Learning (ICML).

In the paper, we consider two CFAA sections particularly relevant to adversarial machine learning.

First, intentionally accessing a computer “without authorization” or in a way that “exceeds authorized access” and as a result obtains “any information” on a “protected computer” (section 1030(a)(2)(C)). This landscape is particularly complex and confusing given the current circuit split. CFAA Interpretation By Circuit Court Region Second, intentionally causing “damage” to a “protected computer” without authorization by “knowingly” transmitting a “program, information, code, or command” (section 1030(a)(5)(A)). Takeaways from the paper
Is the Adversarial ML Researcher violating the CFAA when attacking an ML system? Depending on the nature of the adversarial ML attack, and which US State the lawsuit is brought, the answer varies.
Using the example of a ML service whose rules are based on Google API’s Terms of Service (TOS), we considered a range of adversarial ML attacks in light of the CFAA. We show how taking into account the circuit split on how section 1030(a)(2) should be interpreted, and 1030(a)(5)(A), whether the researcher is committing a violation or not. Adversarial ML Legal Risks
If the Supreme Court follows the Ninth Circuit’s narrow construction when it decides Van Buren, it will lead to better security outcomes for adversarial ML research in the long term.

2. If ML security researchers and industry actors cannot rely on expansive TOSs to deter against certain forms of adversarial attacks, it will provide a powerful incentive to develop more robust technological and code-based protections. And with a more narrow construction of the CFAA, ML security researchers are more likely to be conducting tests and other exploratory work on ML systems, again leading to better security in the long term.

Link to full paper: https://arxiv.org/abs/2006.16179

Legal Risks of Adversarial Machine Learning Research was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.

Monday, 13. July 2020

Oasis Open

Bank of America, Google, and Red Hat Executives Join OASIS Board of Directors

Friday, 10. July 2020

Oasis Open

Repeatable Requests Version 1.0 from OData TC approved as a Committee Specification


OpenID

OpenID Foundation and Open Banking Implementation Entity Continue Collaboration with Conformance and Certification Workshop at OAuth Security Workshop 2020

The OpenID Foundation (OIDF) and the UK Open Banking Implementation Entity (OBIE), continue our collaboration efforts building on the success of our recent workshop focused on Financial-grade API (FAPI) conformance and certification. It was a deep dive into the technical interface of our open, international standard with the OBIE’s functional UK standard. More workshops are […] The post OpenID F

The OpenID Foundation (OIDF) and the UK Open Banking Implementation Entity (OBIE), continue our collaboration efforts building on the success of our recent workshop focused on Financial-grade API (FAPI) conformance and certification. It was a deep dive into the technical interface of our open, international standard with the OBIE’s functional UK standard. More workshops are planned with OBIE and the FDX in the coming weeks.

OIDF and OBIE have been invited to deliver a similar session at the upcoming OAuth Security Workshop 2020 virtual conference July 21-24, 2020. We’ll take a deeper dive into:

the extra security in FAPI-RW 1.0 and FAPI 2.0 the security checks done in the certification suites (is this just the FAPI suite or do the OBIE tests cover some security checks?) the security advantages of the OB directory model vs eIDAS the apparent conflict between security and interoperability, especially in bank environments how the certification programs attempt to ensure both security and interoperability

OIDF and OBIE continue to collaborate to help drive global open banking initiatives with the following goals:

To update participants on the latest developments in both the OIDF Financial-Grade API (FAPI) profile and the OBIE Standard. To demonstrate the respective conformance tools and the benefits of certification including why conformance and certification is critical to ensuring standards are secure and interoperable. To provide participants with help and support in using these tools. To encourage a greater number of certifications. Ultimately to help grow the open banking ecosystem, enhancing security and benefits for participants and end customers.

We hope you’ll join us at OSW 2020.

 

Don Thibeau
OpenID Foundation Executive Director

 

Agenda

 

Topic Presenter(s) Notes Welcome & Introduction Don Thibeau (OIDF)

Chris Michael (OBIE & Session Host)

Intro to OpenID Foundation Intro to Open Banking Implementation Entity Why conformance and certification is critical to ensuring standards are secure and interoperable Introduction to OpenID Connect and Financial-grade API (FAPI) Nat Sakimura (OIDF) OpenID Connect overview Introduction to Financial-grade API (FAPI) Vision for the FAPI profile and conformance tools in a global context Detailed Overview of the FAPI and CIBA Profiles Including Enhanced Security in New Versions Dave Tonge (OIDF & Moneyhub) High level functionality of latest drafts of FAPI and CIBA The extra security in FAPI-RW 1.0 and FAPI 2.0 Future planned updates Introduction to the OBIE Standard Freddi Gyara (OBIE) Summary of Functional APIs and DCR Different approaches to use of OBIE Directory and eIDAS certificate validation Standards, Security & Interoperability Discussion Dave Tonge (OIDF & Moneyhub)

Freddi Gyara (OBIE)

The security advantages of the OB directory model vs eIDAS The apparent conflict between security and interoperability, especially in bank environments How Certification Programs Attempt to Ensure Both Security and Interoperability: Demonstration of the OpenID Conformance Test Suite Joseph Heenan (OIDF & Fintech Labs) Overview of self-certification Examples of security & interoperability checks the suite does on OAuth2 & OpenID Connect Architecture / extensibility / applicability to further protocols Future roadmap Demo of the conformance test suite including App-App tests & RP tests How Certification Programs Attempt to Ensure Both Security and Interoperability: Demonstration of the OBIE Conformance Tool Glyn Jackson (OBIE) & Julian Coombes (OBIE)

 

For AIS, PIS, CBPII and DCR Examples of security & interoperability checks Q&A Session on OIDF & OBIE Specifications & Conformance Tools Nat Sakimura (OIDF)

Chris Michael (OBIE)

Open Audience Discussion on Issues and Suggestions Nat Sakimura and Don Thibeau (OIDF)

Chris Michael (OBIE)

Getting other jurisdictions engaged Global open banking initiatives What can OIDF & OBIE do to help?

 

The post OpenID Foundation and Open Banking Implementation Entity Continue Collaboration with Conformance and Certification Workshop at OAuth Security Workshop 2020 first appeared on OpenID.

Thursday, 09. July 2020

ID2020

ID2020 Welcomes the National Cybersecurity Center to the Alliance

Today, ID2020 announced its newest Alliance partner, the National Cybersecurity Center (NCC). ID2020 was founded in 2016 to ensure that all people have access to better forms of digital ID, bringing together nonprofits, corporations, and governments to promote the adoption and implementation of user-managed, privacy-protecting, portable digital identity solutions. Founded in 2016 by the for
Today, ID2020 announced its newest Alliance partner, the National Cybersecurity Center (NCC).

ID2020 was founded in 2016 to ensure that all people have access to better forms of digital ID, bringing together nonprofits, corporations, and governments to promote the adoption and implementation of user-managed, privacy-protecting, portable digital identity solutions.

Founded in 2016 by the former Governor of Colorado, John Hickenlooper, the National Cybersecurity Center (NCC) is a Colorado Springs-based nonprofit committed to promoting cyber innovation and awareness.

“We are delighted to welcome the National Cybersecurity Center to the ID2020 Alliance,” said ID2020 Executive Director, Dakota Gruener. “Because technology is evolving so quickly, many of the transactions that once took place in person and required traditional forms of ID are today being conducted digitally. Cyber threats, whether criminal or state-state sponsored, underscore the urgency and importance of ID2020 and the NCC’s collective efforts. We look forward to sharing our expertise and learning from their world-class team of cybersecurity experts.”

With a mission to “secure the world”, the NCC has four main initiatives:

● Secure the Vote seeks to increase voter confidence in the U.S. on the accuracy of vote-counting, and to generate greater awareness of possible solutions to critical gaps in the voting infrastructure. Secure the Vote supports jurisdictions’ efforts to offer a secure, auditable mobile voting option for overseas voters through coordinating, and evaluating pilots across the country.

● Secure Smart Cities: Hyper-connectivity amongst smart devices and urbanization drive the need for cities to become more efficient in their operations as they continue to grow, but the concern of security impedes the overall advancement of several cities with “Smart” agendas.

● The NCC’s Cyber Education Program provides cybersecurity leadership, and one of the main pillars is K-12 education. As our nation addresses the critical gap in skilled cybersecurity talent, NCC addresses the importance of cyber education through programs and partnerships that invite students to participate in an ecosystem that encourages them to learn, explore, and build their skills.

○ The NCC’s K-12 initiative, the National Cybersecurity Center Student Alliance (NCCSA) offers opportunities for middle and high school students to improve technical literacy through fun, interactive, and challenging camps, field trips, workshops, and events. NCC encourages STEM education for all students, with special attention towards creating inviting and collaborative opportunities for girls and other underrepresented groups in the cyber ecosystem.

● The Space Information Sharing and Analysis Center (ISAC), a separate nonprofit organization, has the mission to facilitate collaboration across the global space industry to enhance our ability to prepare for and respond to vulnerabilities, incidents, and threats; to disseminate timely and actionable information among member entities; and to serve as the primary communications channel for the sector with respect to this information.

“Digital citizenship is an increasingly critical space as more of our identity is online,” said NCC Director of Business and Government Initiatives, Forrest Senti. “The NCC’s work to secure cyberspace intersects directly with ID2020’s work to protect individuals’ online identity and to ensure that policies created around that protection are fair and equitable and ensure the utmost security for citizens around the world. We look forward to working with ID2020 to pioneer new ways to secure the future of identity.”

The future of digital ID is at an important crossroads. As policymakers in the US and around the world struggle to confront the social and economic consequences of the COVID-19 pandemic, some are considering plans for digital identity-based health credentials to facilitate a return to work, school, and other social activities. The risks to privacy and security are high, as are the rewards of doing it right. ID2020 is working urgently with its partners and other stakeholders to ensure that privacy and data security are built into the technical architecture of these systems and that the appropriate legislative and regulatory are developed to guide their implementation.

ID2020 and the National Cybersecurity Center share a common mission to secure our individual and collective privacy and security. We welcome them to the Alliance and look forward to working collaboratively to advance our shared goals.

About ID2020

ID2020 is a global public-private partnership that harnesses the collective power of nonprofits, corporations, and governments to promote the adoption and ethical implementation of user-managed, privacy-protecting, and portable digital identity solutions. By developing and applying rigorous technical standards to certify identity solutions, providing advisory services and implementing pilot programs, and advocating for the ethical implantation of digital ID, ID2020 is strengthening social and economic development globally. Alliance partners are committed to a future in which all of the world’s seven billion people can fully exercise their basic human rights and reap the benefits of economic empowerment and to protecting user privacy and ensuring that data is not commoditized.

www.ID2020.org

About National Cybersecurity Center

Established in 2016, The National Cybersecurity Center exists to help secure the world using knowledge, connections, and resources to solve global cybersecurity challenges and develop a protected cyber ecosystem. An independent and non-profit think tank based in Colorado Springs, Colorado, the NCC provides cyber innovation and awareness and is a leader in cyber education, workforce development, and informing public policy.

www.cyber-center.org

ID2020 Welcomes the National Cybersecurity Center to the Alliance was originally published in ID2020 on Medium, where people are continuing the conversation by highlighting and responding to this story.

Wednesday, 01. July 2020

r@w blog

#InternetMovements

Becca Savory, Sarah McKeever & Shaunak Sen Session Since its early days the Internet has been conceived in terms of both movement and landscape — from “cyberspace” to the “Information Superhighway” — and in popular perception is often viewed as a boundless space imagined in terms of limitless possibilities. Indeed, across our research fields, from digital media to performance and social
Becca Savory, Sarah McKeever & Shaunak Sen Session

Since its early days the Internet has been conceived in terms of both movement and landscape — from “cyberspace” to the “Information Superhighway” — and in popular perception is often viewed as a boundless space imagined in terms of limitless possibilities. Indeed, across our research fields, from digital media to performance and social activism, we find that the Internet is frequently perceived as a space of mobilisation: where moving bodies are remediated within online content; where the movement of images, ideas and bodies can occur freely, with the rapid transmission of the “viral”; and where movement(s) frequently spill over into physical geographies.

Yet increasingly the Internet is also a space of fractured and fragmented movement(s): of blockages and blockades, discontinuities and disappearances. Landscapes become territorialized and movement(s) confined or obstructed. On this basis, we propose an interdisciplinary discussion session around the theme of “#InternetMovement(s)”. We ask how we can conceive of movement(s) in relation to the Internet in India, in terms of both mobility and immobility, fissure and flow.

To encourage fluidity, we propose to structure the session around three “nodes” rather than three separate research papers. Our nodes are as follows:

How can we conceive of movement(s) in relation to Internet research in India? What are the forms that movement(s) take in our respective fields? What “stop” or blocks” movement in these cases?

The three co-conveners will each prepare a 5-minute response to each of these nodes, based on our specific areas of research. At each nodal point we will then allow time for wider discussion, enabling inter-disciplinary discussion and flow to underpin the session.

We perceive the session to speak to the first of the conference’s core questions: “How do we conceptualise, as an intellectual and political task, the mediation and transformation of social, cultural, political, and economic processes, forces, and sites through internet and digital media technologies in contemporary India?”

Each of the three co-convenors is approaching this question in their own research, asking how online media and communications mediate, remediate and transform the fields of film-media, social activism, and performance. We also ask the corollary: what are the limits and impediments to those transformations or mediations? The following section outlines the co-convenors’ approaches in more detail.

Plan Statement of Intent I

The internet increasingly impresses traces on nearly all media technologies everyday. The once stable film body, gets disaggregated into various new forms of loop videos, GIFS, photo-memes, as clips and stills from disparate films get extracted, re-edited, patched and re-moulded into new user-generated media material. Solitary moments and gestures from films (a menacing wink by Jack Nicholson from The Shining, a clap from Charles Kane, a tear from the Tin-Man in The Wizard of Oz) get completely unchained from the original narrative context and used as discrete independent communicative units (Kane’s a popular Birthday wish gesture, while Nicholson’s Is a common linguistic unit signifying playful flirtation.) One of the primary ontological pegs of cinema — movement, today becomes the center of urgent debate around the status of photographs, movement-image forms like GIFs, and traditional moving images as the basic configuring elements of contemporary cinema. Using the film-GIF form as its primary vector this paper opens up the category of ‘movement’ philosophically as well as a constituent form to understand cinema today within the context of India.

As the cinematic object disperses into thousands of fragments hurtling through innumerable new online contexts, questions related to stardom also get radically transformed. I will be investigating a particular site of cinematic re-instansiation — the recent Alok Nath meme phenomenon. Long relegated to the margins of films as the venerable Hindu middle class father, the ‘’Alok Nath is so sanskaari..’’ set off a viral maelstrom that suddenly recast his cinematic body and the memory of a whole host of films (the Suraj Barjatya Hindu joint-family films). The paper focus on questions around movement as a philosophical arena as well as radical new form re-inscribing the cinematic in hitherto unprecedented shapes today.

Statement of Intent II

An examination of social movements with digital components in India begs several questions: What forms do social movements take in the digital world? How do we conceptualise social movements using digital and physical evidence? How does the context of India — as a functioning democracy — allow or restrict digital and physical social movements and define what is an “acceptable” protest movement? Engaging with these questions demands an interdisciplinary perspective, and exploring the interplays between the physical and the digital in regard to social issue protest movements.

Movement in my particular research area is understood in two aspects: the physical mobilisation of individuals to protest against perceived grievances and the movement of information around specific issue areas. The physical movement of bodies in public places is intimately connected to flow of information throughout digital networks, generating entangled and complex interfaces between the digital and the physical and creating new imagined possibilities of the efficacy of social protest (Castells 2012; Gerbaudo 2012). Examining recent social movements in New Delhi allows us to explore the linkages and disjuncture between the physical and digital, using theoretical developments in social movement theory to anchor the study (Earl, Hunt, and Garrett 2014; Krinsky and Crossley 2014).

Examining the repercussions and strategies of physical/digital mobilisation can lead to a confrontation between the “imagined” possibilities of digital mobilisation and the realities of technological and physical blockages. These blockages can exist at the level of the network — both in digital and physical limitations — but also at the level of digital informational flow and who is allowed to view data? Confronting the “imagined” capabilities with the reality of entrenched power networks contests the notion of the digital as a free superhighway of information into a series of blocks and stoppages, restricting what is possible and feasible. By exploring question of movement(s) in New Delhi, I will explore the disjuncture between the imagined possibilities and the restriction of information — by nature of the algorithms that govern our capabilities and our own social networks — and complicate the triumphal narrative of the affordances of digital mediums on protest movements.

References

Castells, M. (2012) Networks of Outrage and Networks of Hope: Social Movements in the Internet Age, Cambridge, MA: Polity Press

Earl, J., Hunt, J., and Kelly Garrett, R. (2014) ‘Social Movements and the ICT Revolution’ in van der Heijden (Ed.) Handbook of Political Citizenship and Social Movements, Cheltenham: Edward Elgar. Pgs. 359–383

Gerbaudo, P. (2012) Tweets and the Streets: Social Media and Contemporary Activism, London: Pluto Press

Krinsky, J. and Crossley, N. (2014) ‘Social Movements and Social Networks: An Introduction’, Journal of Social, Cultural and Political Protest, Vol. 13, №1. Pgs. 1–21

Statement of Intent III

My research centres on the recent history of flash mob performance in India and analyses the transformations that have taken place within the genre: firstly, as an initially American, then “global,” performance form becomes re-situated and adapted within an Indian context; and secondly, as the form has evolved over time in relation to the transitioning of the Internet from a predominantly text-based medium to a predominantly image- and video-based one (see Strangelove 2010).

In the field of flash mob performance, we see moving bodies becoming re-mediated as moving images, and mobilised into the flow of global circuits of online reception. My underlying concern when approaching this research is: who is mobile in these contexts? Who becomes visible through movement, and by extension, who may disappear in these same moments?

I intend to approach this session by examining what is enacted through the movements of flash mob performance, focusing on the more recent phase of the genre in which flash mobs become mobilised through online video-sharing practices. I argue that they perform mediated representations of “New India” for an online national and international audience, valorising the new “non-places” (Augé 1992) of Indian supermodernity, through the acts of a mobilised “digerati” (Keniston 2004). If we consider that performance can play a role in the construction of cultural memory (Roach 1996; Taylor 2003), and that the Internet as an archive can become a repository of performances and thus memories(Gehl 2009), I ask if online performance in these contexts may be seen as an aspect of the processes that structure a “politics of forgetting” (Fernandes 2006) in globalising India. Which narratives are rendered visible and which invisible through these performances? Who appears and who disappears? Movement on the Internet thus becomes a political question concerned with comparative mobilities, visibilities, and participation in the narratives of “India” that are constructed for global circulation.

References

Augé, M., 1992. Non-places : introduction to an anthropology of supermodernity. Translated by J. Howe. 1995. London & New York: Verso.

Fernandes, L., 2006. The politics of forgetting: class politics, state power and the restructuring of urban space in India. In Y. Lee and B.S.A. Yeoh eds., Globalisation and the Politics of Forgetting, London; New York: Routledge.

Gehl, R., 2009. YouTube as archive: Who will curate this digital Wunderkammer? International Journal of Cultural Studies, 12(1), pp.43–60.

Keniston, K., 2004. Introduction: The four digital divides. In K. Keniston & D. Kumar eds., IT experience in India: bridging the digital divide, New Delhi; Thousand Oaks, California: Sage Publications.

Roach, J.R., 1996. Cities of the Dead: Circum-atlantic performance. Chichester and New York: Columbia University Press.

Strangelove, M., 2010. Watching YouTube: Extraordinary videos by ordinary people. Toronto: University of Toronto Press.

Taylor, D., 2003. The archive and the repertoire: Performing cultural memory in the Americas. USA: Duke University Press.

Readings

Noys, B. (2004) Gestural Cinema?: Giorgio Agamben on Film. In Film Philosophy Vol. 8 no. 22. Available at: http://www.film-philosophy.com/vol8-2004/n22noys.

Couldry, N. (2015) ‘The Myth of ‘Us’: Digital Networks, Political Change and the Production of Collectivity’, Information Communication and Society, Vol. 18, №6. Pgs. 608–626 .

Appadurai, A., (2010) How histories make geographies: circulation and context in a global perspective. Transcultural Studies, 1. Availabile at: http://heiup.uni-heidelberg.de/journals/index.php/transcultural/article/view/6129.

Audio Recording of the Session

IRC 2016: Day 1 #Internet Movements : Researchers at Work (RAW) : Free Download, Borrow, and Streaming : Internet Archive

Session Team

Dr. Rebecca Savory Fuller is a Lecturer in Theatre & Performance at the Arts University Bournemouth (UK). She is a performance maker and researcher with a background in movement, interactive and site-based performance. Her doctoral research examined the flash mob performance genre in India, as it evolved urban contexts between 2003 to 2015. The project was funded by UKEIRI as part of an interdisciplinary, split-site doctoral programme between the University of Exeter and the National School of Advanced Studies (NIAS) in Bangalore.

Sarah McKeever is currently a PhD Candidate in Contemporary India Research at the India Institute, King’s College London. She previously completed a Masters of Science on Contemporary India at the University of Oxford and a Bachelors of Arts at the University of Chicago. Ms. McKeever was a Fulbright-Nehru English Teaching Assistant in New Delhi from 2010–2011.

Shaunak Sen is a film maker and researcher based in Delhi.His first feature
length documentary film is *Cities of Sleep* which premiered at MAMI in November 2015. He has published widely in journals including Bioscope and Widescreen. He received the Sarai Digital Media Fellowship in 2014, and the Films Division grant in 2013, the Luminato Festival Copycat residency at Toronto in 2015 as well as the Pro Helvetia residency in Switzerland for 2016.

Note: This session was part of the first Internet Researchers’ Conference 2016 (IRC16) , organised in collaboration with the Centre for Political Studies (CPS), at the Jawaharlal Nehru University, Delhi, on February 26–28, 2016. The event was supported by the CSCS Digital Innovation Fund (CDIF).

#InternetMovements was originally published in r@w blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Tuesday, 30. June 2020

SSI Meetup

Solving compliance for crypto businesses using Decentralized Identity – Pelle Braendgaard

https://ssimeetup.org/solving-compliance-crypto-businesses-using-decentralized-identity-pelle-braendgaard-webinar-60/ A new global framework for regulating the crypto industry is coming into place this year. One of the most important new rules that businesses interacting with crypto has to implement is what is known as the Travel Rule. The Travel Rule, which is also known as The Wire Transfer rul

https://ssimeetup.org/solving-compliance-crypto-businesses-using-decentralized-identity-pelle-braendgaard-webinar-60/ A new global framework for regulating the crypto industry is coming into place this year. One of the most important new rules that businesses interacting with crypto has to implement is what is known as the Travel Rule. The Travel Rule, which is also known as The Wire Transfer rule, requires a business managing crypto on behalf of their user to transfer KYC’d (Know-Your-Customer) Identity Information to a receiving institution. Pelle Braendgaard, CEO of Notabene, will share his insights and explain how his company is tackling this business challenge for the industry. Complying with this rule provides many challenges for the industry. Several industry groups have already started to invent several new protocols to solve this. Notabene helps financial companies be compliant with new, global anti-money laundering (AML) regulations for crypto transactions coming into effect right now. Pelle believes this is a critical use case for SSI (Self-Sovereign Identity). In this talk, he will go over the rule itself, industry protocols, how he sees SSI can help here, and how they are helping to solve it.

Monday, 29. June 2020

Oasis Open

OASIS Open Joins Open Source Initiative

Thursday, 25. June 2020

Covid Credentials Inititative

Hello World from the COVID-19 Credentials Initiative

The COVID-19 pandemic has, in a few months’ time, taken the lives of almost half a million people worldwide and brought economies into lockdown globally. While many are struggling with the effects of social distancing, financial distress, or fear of contracting the virus, here at the COVID-19 Credentials Initiative (CCI), nearly 300 individuals from 100 organizations have united around a cause wor

The COVID-19 pandemic has, in a few months’ time, taken the lives of almost half a million people worldwide and brought economies into lockdown globally. While many are struggling with the effects of social distancing, financial distress, or fear of contracting the virus, here at the COVID-19 Credentials Initiative (CCI), nearly 300 individuals from 100 organizations have united around a cause worthy of our collective efforts: supporting projects that deploy privacy-preserving Verifiable Credentials (VCs) to mitigate the spread of COVID-19 and strengthen our societies and economies.

We are a global community that shares a vision for the effective use of technology to mitigate the impact of COVID-19. We believe that, when used responsibly, VCs can be great privacy-preserving components of solutions addressing the numerous social and economic challenges caused by this and future pandemics. We are aware that without a holistic perspective from the onset, many COVID-19 technology solutions may introduce unintended results (e.g. surveillance, abuse of personal data, social inequalities). To avoid such outcomes, we have committed ourselves to open collaboration with a diverse range of experts, embracing open standards, and protecting the fundamental privacy and personal data rights of all stakeholders.

If you lead a project implementing VCs in your local communities and are aligned with our values, we want to hear from you. We also wish to share and discuss our work openly, including its technical, medical, legal, ethical, and business implications. We invite your input on these considerations as well as any other important aspects that can help build responsible, human-centric VC solutions to fight COVID-19.

If you are ready to contribute or collaborate, please join us at https://www.covidcreds.com/.


ID2020

ID2020 Announces Certification of ZAKA Group Ltd.

The global movement in support of “good ID” advanced another step today as ID2020 announced ZAKA as its third “certified” digital ID solution. Most of us take the ability to prove our identity for granted. But for one in seven people globally, the lack of a widely recognized form of ID means being unable to access basic legal protections and social services and being unable to participate fully a

The global movement in support of “good ID” advanced another step today as ID2020 announced ZAKA as its third “certified” digital ID solution.

Most of us take the ability to prove our identity for granted. But for one in seven people globally, the lack of a widely recognized form of ID means being unable to access basic legal protections and social services and being unable to participate fully as citizens and voters. Worldwide, more than one billion people are systematically excluded from the modern economy because they lack any form of formal ID.

In 2019, ID2020 announced plans to launch the first certification mark for digital ID at the World Economic Forum in Davos, Switzerland. The Certification recognizes solutions that adhere to ID2020’s stringent standards for user-management, privacy-protection, portability, and interoperability and offers technology companies a roadmap for the development of ethical, inclusive digital ID.

To be eligible for certification, applicants must adhere to 41 functional, outcomes-based Technical Requirements. To date, 29 technology providers from every corner of the globe have submitted applications and worked with our staff and advisory committees to complete the process. In March, ID2020 announced its first two certified solutions, Kiva Protocol and Gravity. Today, ZAKA joins this esteemed community of technology providers.

The COVID-19 pandemic has thrust digital ID technology into the headlines as countries around the world consider plans for digital health credentials and technology-assisted contact tracing. There has never been more urgency to “get the technology right”.

“Digital ID can be a powerful force multiplier for global social and economic development, but it can also be used to exclude people or even persecute vulnerable populations like refugees, children, and the homeless,” said ID2020 Executive Director, Dakota Gruener. “As governments and businesses rush to adopt digital ID solutions, the ID2020 Certification is proving a valuable tool for those who are developing user-centric, privacy-protecting solutions to meet the needs of all people.”

The Certification also provides a third-part seal of approval so that those implementing and using these technologies know that they were developed according to the highest ethical and technical standards and with full consideration of both the benefits and risks.

This market-based approach is already shifting the technical landscape and several multinational technology providers have adapted their technical approaches to comply with ID2020’s Technical Requirements.

About ZAKA

Based in the UK, ZAKA is committed to the idea that any person, with any phone, should be able to access any service, at any time. Like ID2020, ZAKA shares the perspective that, in an increasingly connected world, digital trust is an essential enabler of thriving economies.

ZAKA’s mobile app and software development kit (available in Android, iOS and USSD) helps individuals to build a set of verifiable digital credentials that are private, secure and portable, allowing them to connect with services such as mobile health, financial services, and education. And for service providers, ZAKA’s web dashboard allows them to configure their digital trust requirements and roll-out the solution to remotely verify and onboard customers. This allows services to concentrate on developing and distributing high-quality services, rather than be held back by high distribution and customer acquisition costs. ZAKA has also developed proprietary voice biometric technology which can be deployed together with, or separately from, it’s Apps.

In recent months, ZAKA has also extended its solution to support the response to, and recovery from, COVID-19. Their NewNorm™️ service is now being used by universities, employers, and event organizers to support a safe return to the “new normal”.

“We are delighted to receive the ID2020 Certification,” said ZAKA CEO and Co-Founder Nick Mason. “We expect a great return on our investment of time and resources in this process and look forward to using the ID2020 certification to set ZAKA apart from our competition. The rigorous evaluation of our company by ID2020 should give prospective partners confidence that our solution is meeting global standards and advancing the vital mission of bringing “good ID” to all.”

ZAKA is already implementing their its technology in Turkey, Rwanda, and the United States.

In partnership with the United Nations Development Program and led by the Turkish Ministry of Foreign Affairs, ZAKA is helping refugees obtain verifiable digital ID credentials that are portable and owned by them. Refugees can use these credentials to connect with services in a dedicated marketplace for services that support their self-sufficiency. Through the app, refugees can also receive promotional information from their chosen services about beneficial opportunities.

In Rwanda, ZAKA is working in partnership with the utility regulator, Airtel, and other private and public partners to implement a solution that leverages voice biometrics for remote customer verification. This can be used by banks, telcos, and healthcare providers to serve rural customers, whether they own a smartphone or feature phone.

Here in the United States, ZAKA’s COVID-19 status tracking solution, NewNorm™️, is helping employees and customers be safe in the “new normal”. This is being used by two New York University departments that have returned students, staff, and faculty to on-site instruction.

About ID2020

Based in San Francisco, ID2020 harnesses the collective power of nonprofits, corporations, and governments to promote the adoption and implementation of responsibly implemented, user-managed, privacy-protected, and portable digital identity solutions.

Through its advocacy, project funding, technical support, and now by certifying best-in-class identity solutions, ID2020 is helping build the infrastructure needed to strengthen social and economic development and ensure that all of the world’s seven billion people can fully exercise their basic human rights and reap the benefits of economic empowerment.

ID2020 Announces Certification of ZAKA Group Ltd. was originally published in ID2020 on Medium, where people are continuing the conversation by highlighting and responding to this story.

Tuesday, 23. June 2020

MyData

Personal note from our outgoing Deputy General Manager, Viivi Lähteenoja

I write this message with a heart filled with joy, gratitude, and not a little sadness. I’ve had the privilege of working with MyData for the past few years and now the time has come for me to say goodbye to the organisation I’ve had the privilege to develop and to develop alongside. From 1... Read More The post Personal note from our outgoing Deputy General Manager, Viivi Lähteenoja appear

I write this message with a heart filled with joy, gratitude, and not a little sadness. I’ve had the privilege of working with MyData for the past few years and now the time has come for me to say goodbye to the organisation I’ve had the privilege to develop and to develop alongside. From 1...

Read More

The post Personal note from our outgoing Deputy General Manager, Viivi Lähteenoja appeared first on MyData.org.

Monday, 22. June 2020

Oasis Open

Invitation to comment on Collaboration Protocol Profile and Agreement Version 3.0 - ends July 22

Wednesday, 17. June 2020

Oasis Open

New Version of REST-based Open Data Protocol (OData) Approved as OASIS Standard

Tuesday, 16. June 2020

Oasis Open

4 #PKCS #11 Candidate OASIS Standards approved

Monday, 08. June 2020

SSI Meetup

The Pan-Canadian Trust Framework (PCTF) for SSI

https://ssimeetup.org/pan-canadian-trust-framework-pctf-ssi-tim-bouma-webinar-59/ We are very proud to release a special webinar to introduce the next chapter of the “Self-Sovereign Identity Book” from two of the most eminent authorities on digital identity in government: Tim Bouma and Dave Roberts, senior public servants with the Government of Canada and major contributors to the Pan-Canadian Tr

https://ssimeetup.org/pan-canadian-trust-framework-pctf-ssi-tim-bouma-webinar-59/ We are very proud to release a special webinar to introduce the next chapter of the “Self-Sovereign Identity Book” from two of the most eminent authorities on digital identity in government: Tim Bouma and Dave Roberts, senior public servants with the Government of Canada and major contributors to the Pan-Canadian Trust Framework (PCTF). In this chapter, Tim and Dave explain the PCTF model and how it maps to the SSI model and the Trust over IP (ToIP) stack. This webinar describes how a world leader in digital identity (which Canada has been for two decades) sees the opportunity in the new decentralized identity model represented by SSI (Self-Sovereign Identity).

Wednesday, 03. June 2020

Oasis Open

OASIS Approves SARIF as Interoperability Standard for Detecting Software Defects and Vulnerabilities

Tuesday, 02. June 2020

MyData

Guest Blog Post – The MyData Commons Prototype

  For many years, we have discussed ‘the individual as the point of integration for data about them’, and that statement is hard-wired into the MyData Principles. But what that means in practice has been less than clear. With COVID-19 as an inspiration/ driver, we have had to dig into that in more detail; this... Read More The post Guest Blog Post – The MyData Commons Prototype appeare

  For many years, we have discussed ‘the individual as the point of integration for data about them’, and that statement is hard-wired into the MyData Principles. But what that means in practice has been less than clear. With COVID-19 as an inspiration/ driver, we have had to dig into that in more detail; this...

Read More

The post Guest Blog Post – The MyData Commons Prototype appeared first on MyData.org.


COVID-19 affects MyData Global – we need your support now more than ever

Dear friend and supporter of MyData Global, These times of the COVID-19 pandemic are difficult for all people and organisations around the world. We are sad, though not totally surprised, that MyData and MyData Global is not an exception. Our world, too, has been affected tremendously. Due to the pandemic, we have had to postpone... Read More The post COVID-19 affects MyData Global – we nee

Dear friend and supporter of MyData Global, These times of the COVID-19 pandemic are difficult for all people and organisations around the world. We are sad, though not totally surprised, that MyData and MyData Global is not an exception. Our world, too, has been affected tremendously. Due to the pandemic, we have had to postpone...

Read More

The post COVID-19 affects MyData Global – we need your support now more than ever appeared first on MyData.org.

Monday, 01. June 2020

Oasis Open

Call for Consent for 4 PKCS #11 specifications as OASIS Standards


r@w blog

#WebOfGenealogies

Ishita Tiwary, Sandeep Mertia & Siddharth Narrain Sessions The Internet today, as we know, is one of the most challenging socio-technical systems to understand and theorise. As a hybrid medium that perpetually, reinvents, redesigns and re-markets itself and its publics it defies all forms of historical, social, legal and technological determinisms and/or generalisations. The complex nature o
Ishita Tiwary, Sandeep Mertia & Siddharth Narrain Sessions

The Internet today, as we know, is one of the most challenging socio-technical systems to understand and theorise. As a hybrid medium that perpetually, reinvents, redesigns and re-markets itself and its publics it defies all forms of historical, social, legal and technological determinisms and/or generalisations. The complex nature of the medium and the social and cultural lives of the information packets which flow through it can perhaps be better understood by heeding critical attention towards longer histories of media circulation, technology-society relationships and legal regulations.

The panel attempts to understand the way digital technologies (the Internet/the current digital moment) mediate aspects of our contemporary being through the history of media circulation, legal regulation and data infrastructure. The papers in the panel focus on three crucial periods — the 1940s early history of statistical mediation, the 1980s video moment and the early 2000s advent of legal regulation of the Internet. Each of these moments is marked by socio-technical, cultural and legal disruption as seen through both moral anxieties and utopian claims that circulate at the time. The panel attempts to understand media technologies through their technological affordances (unpacking current debates around data analytics through a history of statistical mediation) and the social and legal disruptions that follow their advent (video in the 80s and the Internet in late 90s).

The papers in the panel approach the Internet and networked digital media as an assemblage of media infrastructures, bringing together both conceptual and material layers of their experience. The papers in this panel use a media archaeology approach (Elsaesser, 2004) to engage with the longer history of electronic communication in India by looking at both its material nature (how law produces the representation of digital media and the Internet), and the history of non narrative framework of databases (the Internet as a massive data infrastructure) which have become increasingly diverse and distributed through a network of institutions, practices and technological platforms.

Plan

Abstract I: ‘What is Video?’ Video and the Moment of Legal Disruption

The advent of YouTube changed the way users interact with media content as now they are making videos, watching videos, editing them, sharing them and discussing them at a frantic speed, creating new communities as they go along (Manovich, 2008).

The YouTube phenomenon and its implications cannot be understood without contextualizing it within the broader history of video. In India, the Asiad Games heralded the arrival of analog video technology, although there was no legal producer of video content in the country. In a sense video was an illegal object that spawned a vibrant economy of video films, video magazines and pornography.

Video cassettes were primarily in the pirate economy and circulated all across the country through video libraries and parlours. New Bollywood and Hollywood releases as well as pornographic films were available on video cassettes which initially did not have any film certification regulation. The new mode of circulation made these video exhibition spaces a lynchpin of moral paranoia and economic anxiety for those in authority-video was like a plague that needed to be monitored and regulated. This led to a string of legal regulations to keep the ‘video menace’ in check. Associations, organizations and forums protested the new wave of regulations as it pitched the medium of video against that of cinema, demanding new medium specific laws instead of amendments to previous laws on cinema.

In this paper, I will examine how the wave of regulations and contesting bodies creates a charged force field of the period that gives one a sense of a social, cultural and legal disruption caused by the arrival of a new technology. Particularly, I want to focus on how video as an illegal object circulates through informal circuits at a rapid pace and how the law deals with this new technological development. By looking at the example of video, it would be productive to think about the resonances the extended genealogies of how the law is interacting with the current digital moment through the prism of analog video.

Abstract II: Big Data 2.0 — A History of Statistical Remediation

One of the fast emerging themes in the understanding of the Internet is centred on its various technological affordances to generate, collect, measure, analyse, mine andvisualise data. With the recent (circa 2010) advent of the hype cycles of Big Data and data revolution, the socio-technical imaginaries which reveal the Internet as a massive data infrastructure have been gaining momentum. ‘Data’ which in many ways is an ontological byproduct of the Internet, is now increasingly becoming the object of thought and computation for understanding and analysing the Internet. This moment of flux invites us to reflect upon the genealogies of the concepts, techniques and practices which are consciously or otherwise informing the incredible epistemic investment in data-driven systems. With an aim to unpack some of the long histories of the contemporary data analytics movement and moment, this paper tries to trace some of the inflection points in the genealogies of analytics and statistical remediation in colonial and post-colonial India, with an emphasis on the works of P C Mahalanobis and the statistical framing of planning and governance in the pre- and post-independence era.

The author will utilise ethnographic and archival material from his on-going fieldwork on emerging data-driven systems in the social sector in India, to reflect upon the shifts in materiality of data, classificatory affordances of paper and software based systems, and their epistemic implications across two different epochs. In addition, as a methodological reflection, the paper will argue that — developing lateral, conceptual connections between pre-digital circulations and meaning making of numbers and their contemporary algorithmic ecologies, is crucial for moving beyond causalities and the Big Data hubris, towards a thicker anthropology of data-driven knowledge production across times, infrastructures and networks.

Abstract III: The History of Internet Law in India

The relationship between law and media technology in India has been broadly characterized as the law catching up with technological change. To unpack this statement, one needs to take into account how the law both shapes and is shaped by media technologies. As the law ‘catches up’ with new technology, it also characterizes this technology, brackets it, and helps reinforce popular perception of technology. This paper will examine the early history of Internet law in India, the debates that arose in the pre web 2.0 era, and the ways in which a wide variety of factors, over a period of 15 years, has gradually shaped the scope and extent of the law that governs the Internet, the Information Technology Act (IT), 2000.

The IT Act, being relatively recent legislation is an ideal illustration to study the manner in which government policy, public perception, judicial pronouncements, parliamentary committee proceedings, legislative debates, and rapidly changing technology have influenced the shaping of this specific media infrastructure. By examining these documents I would like to open up a series questions around law and media technology How is the relationship between law and media technology staged through public discourse? What are the ways in which both the extremes — utopian hope and moral panic play out, and how are these then related to the more functional aspects of technology? Who were the major actors, individuals and institutions, who drove Internet law and regulation at this time?

By addressing these questions, this paper seeks to examine a small slice of the longer history of electronic communication in India.

Readings

Lovink, Geert and Nadiere, Sabine ed. Video Vortex Reader: Responses to YouTube, Amsterdam, Institute of Network Cultures, 2008.

Lisa Gitelman and Virginia Jackson, Introduction, Raw Data is an Oxymoron. Edited by Lisa Gitelman. Cambridge, Massachusetts, MIT Press, 2013.

Shreya Singhal v. Union of India. Full text of judgement available at http://supremecourtofindia.nic.in/FileServer/2015-03-24_1427183283.pdf.

Audio Recording of the Session

IRC 2016: Day 1 #Web of Genealogies : Researchers at Work (RAW) : Free Download, Borrow, and Streaming : Internet Archive

Session Team

Ishita Tiwary is a Horizon Post Doctoral Fellow at the Mel Hoppenheim School of Cinema, Concordia University, Montreal.

Sandeep Mertia is a PhD Candidate at the Department of Media, Culture, and Communication, and Urban Doctoral Fellow at New York University.

Siddharth Narrain is a PhD candidate and Scientia scholar at the Faculty of Law, University of New South Wales, Sydney.

Note: This session was part of the first Internet Researchers’ Conference 2016 (IRC16) , organised in collaboration with the Centre for Political Studies (CPS), at the Jawaharlal Nehru University, Delhi, on February 26–28, 2016. The event was supported by the CSCS Digital Innovation Fund (CDIF).

#WebOfGenealogies was originally published in r@w blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Thursday, 28. May 2020

SSI Meetup

Key Event Receipt Infrastructure (KERI): A secure identifier overlay for the internet

https://ssimeetup.org/key-event-receipt-infrastructure-keri-secure-identifier-overlay-internet-sam-smith-webinar-58/ Samuel M. Smith will present KERI that stands for Key Event Receipt Infrastructure. Its a ledger-less approach to identity that enables a universal decentralized key management infrastructure (DKMI). KERI is the basis for a new proposed universal DID method DID:uni. Because KERI id

https://ssimeetup.org/key-event-receipt-infrastructure-keri-secure-identifier-overlay-internet-sam-smith-webinar-58/ Samuel M. Smith will present KERI that stands for Key Event Receipt Infrastructure. Its a ledger-less approach to identity that enables a universal decentralized key management infrastructure (DKMI). KERI is the basis for a new proposed universal DID method DID:uni. Because KERI identifiers are portable they are truly self-sovereign. The primary root-of-trust in KERI is a self-certifying identifier that is cryptographically bound to a set of key-pairs. These have fully generalized derivation mechanisms including content addressability with support for both rotatable and non-rotatable key-pairs. Its secondary root-of-trust are end-verifiable key event receipt logs. End verifiability means that KERI is not dependent on any intervening infrastructure. This fixes the primary security weakness of internet identity system security overlays thereby making KERI a candidate for a universal trust spanning layer for the internet to replace DNS-CA. KERI is an open-source project within the Decentralized Identity Foundation. Samuel M. Smith Ph.D. works at the intersection of AI, blockchain, and decentralized computing systems as both an entrepreneur and strategic consultant. He has written and continues to write seminal white papers on decentralized identity, reputation AI, distributed computing, and tokenomics. He provides strategic technical and business model guidance to startups in these fields and is active in shaping the underlying standards and driving their adoption. Samuel received a Ph.D. in Electrical and Computer Engineering from Brigham Young University in 1991. He spent 10 years at Florida Atlantic University, reaching full professor status before retiring to become an entrepreneur. He has over 100 refereed publications in the areas of machine learning, autonomous vehicle systems, automated reasoning, and decentralized systems. He was principal investigator on numerous federally funded research projects. Dr. Smith is an active participant in open standards development and is a serial entrepreneur.

Thursday, 21. May 2020

Oasis Open

Call for Participation: Security Algorithms and Methods (SAM) TC

Wednesday, 20. May 2020

SSI Meetup

Identity-centric interoperability with the Ceramic Protocol

https://ssimeetup.org/identity-centric-interoperability-ceramic-protocol-joel-thorstensson-webinar-57/ Ceramic is a new permissionless protocol for creating and accessing unstoppable documents that serve as the foundation for a connected, interoperable web without silos. Joel Thorstensson is the founder and CTO of 3Box and the primary author of the ceramic protocol as well as several Ethereum sta

https://ssimeetup.org/identity-centric-interoperability-ceramic-protocol-joel-thorstensson-webinar-57/ Ceramic is a new permissionless protocol for creating and accessing unstoppable documents that serve as the foundation for a connected, interoperable web without silos. Joel Thorstensson is the founder and CTO of 3Box and the primary author of the ceramic protocol as well as several Ethereum standards for identity and will provide a conceptual and technical intro to Ceramic. At the root of many of the internet’s problems is that apps and services today are built primarily in silos. This includes identity registries and credentials, user data and access permissions, infrastructure, and services. It not only puts control over data and identities in the wrong hands, but it’s a fundamentally outdated and inefficient model for building digital products. Ceramic unlocks information interoperability between all platforms and services across the web, allowing participants to create and resolve documents for any type of information without any centralized service. Ceramic uses DIDs (Decentralized Identifiers), IPLD (InterPlanetary Linked Data), signed messages, and blockchain anchoring to create a trusted and shared graph of verifiable documents. While flexible, these documents are especially well-suited for self-sovereign identity systems, user-centric data ecosystems, and open web services.

Oasis Open

#OData JSON Format, OData Common Schema Definition Language (CSDL) JSON Representation, and OData Common Schema Definition Language (CSDL) XML Representation OASIS Standards now published

Tuesday, 19. May 2020

eSSIF-Lab

Q&A session on Infrastructure-oriented Open Call

eSSIF-Lab is organising a Q&A session about its Infrastructure-orientd open call to help potential applicants craft an effective proposal and to help them solve their doubts and questions about the application proccess.

When:

On Thursday, 28th of May at 11:00 am (CEST), we will be answering all your questions about the application process, the programme, framework and the value of the eSSIF-Lab’s Infrastructure – oriented Open Call in this live chat session that will take place in NGI Online Community.

Where? 

The Q&A session is online, free and open to all interested people.

REGISTER NOW!

 

The Infrastructure-Oriented Open Call, which was launched on 1st of March, targets the development and testing of open source Self-Sovereign Identity components for eSSIF-Lab Framework which fall within the SSI concept (i.e. technologies which allow individuals to control their electronic identities and guard their privacy).

The next deadline to apply for the Open Call is on 29th of June 2020 and selected projects will get funding up to 155,000 €.

 

Join the Q&A session and find out all you need!

Monday, 18. May 2020

Oasis Open

#KMIP Test Cases v2.1 and KMIP Usage Guide v2.1 Committee Notes published by KMIP TC


KMIP Specification v2.1 and KMIP Profiles v2.1 from #KMIP TC approved as Committee Specifications

Friday, 15. May 2020

r@w blog

#ManyPublicsOfInternet

Sailen Routray & Khetrimayum Monish Singh Session The discussion in this session will focus on the cultures of practices around digital / information networks. The objective would be to open up the understanding around notions of identity and rights in the context of governance on one hand, and the proliferation of various subcultures on the other. The objective is to try and understand
Sailen Routray & Khetrimayum Monish Singh Session

The discussion in this session will focus on the cultures of practices around digital / information networks. The objective would be to open up the understanding around notions of identity and rights in the context of governance on one hand, and the proliferation of various subcultures on the other. The objective is to try and understand the political and cultural imaginations ‘of and as the public’ enabled by internet and digital technologies. In this, we are trying to connect the whole discussion to the first two questions the conference focuses on:

How do we conceptualise, as an intellectual and political task, the mediation and transformation of social, cultural, political, and economic processes, forces, and sites through internet and digital media technologies in contemporary India?

How do we frame and explore the experiences and usages of internet and digital media technologies in India within its specific historical-material contexts shaped by traditional hierarchies of knowledge, colonial systems of communication, post-independence initiatives in nation-wide technologies of governance, a rapidly growing telecommunication market, and informal circuits of media production and consumption, among others?

Plan

Each discussant will present for 20 minutes after which the session will be thrown open for discussion amongst all the participants of the session.

Abstract I

Internet in India has led to the proliferation of practices and notions of governance and citizenship simulated by information networks and data. On one hand, the internet has captured the imagination of citizens and the reassertion of user agency; on the other, the experiences with the internet reflects the new ways of how the state imagines itself and the citizens. Hence, not only a critical mass replete with the possibilities of user agency, but also one aggregated by the state as part of a political project. Initiatives such as Digital India, the Aadhar project, rural internet and increased emphasis on mobile internet services are some of ways through which the logic of access and participation now operates. The paper will draw perspectives from four case studies in Assam — the Mahanagar Project (internet and mobile services), the National Register of Citizens (NRC) update, the Aadhaar Project and rural internet kiosks (Common Service Centers). With these, it focuses on the larger context of the cultures of digital practices; and techno-politics through the various sites and projects through which the internet operates in India.

Abstract II

Those of us who have jumped or meandered across to the wrong (or perhaps the right) side of thirty by now, first came to consume internet in what were called, and are still called, cyber cafes or internet cafes. Their numbers in big Indian cities is dwindling because of the increasing ubiquity of smartphone, and netbooks and data cards. The cyber café seems to be inexorably headed the way of the STD booth in the geography of large Indian cities. The present paper is a preliminary step towards capturing some of the experience of running and using internet cafes. With ethnographic fieldwork with cyber café owners and internet users in these cafes in the Chandrasekharpur area of Bhubaneswar (where the largest section of the computer industry in the state of Odisha is located), this paper tries to capture experiences that lie at the interstices of ‘objects’ and spaces — experiences that are at the same time a history of the internet as well as a personal history of the city. By doing so it tries to ask and answer the question — what kinds of publics does the consumption of the internet in spaces such as cybercafes create?

Readings

Escobar, Arturo, et al. 1994. Welcome to Cyberia: Notes on the Anthropology of Cyberculture [and Comments and Reply]. Current Anthropology. 35(3): 211–231.

Nayar, Pramod K. 2008. New Media, Digitextuality and Public Space: Reading “Cybermohalla”. Postcolonial Text. 4(1):1–12.

Kurian, Renee and Isha Ray. 2009. Outsourcing the State? Public–Private Partnerships and Information Technologies in India. World Development. 37(10): 1163–1173.

Audio Recording of the Session

https://archive.org/details/Day1.ManyPublicsofInternet

Session Team

Sailen Routray is a researcher, writer, editor and translator who lives and works in Bhubaneswar.

Khetrimayum Monish Singh works on data governance and is interested in questions around data-driven community experiences and practices, specifically with regard to access, security, and identity. He has submitted his doctoral thesis at Jawaharlal Nehru University, New Delhi.

Note: This session was part of the first Internet Researchers’ Conference 2016 (IRC16) , organised in collaboration with the Centre for Political Studies (CPS), at the Jawaharlal Nehru University, Delhi, on February 26–28, 2016. The event was supported by the CSCS Digital Innovation Fund (CDIF).

#ManyPublicsOfInternet was originally published in r@w blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Tuesday, 12. May 2020

Oasis Open

#OData JSON Format, OData Common Schema Definition Language (CSDL) JSON Representation, and OData Common Schema Definition Language (CSDL) XML Representation, all version 4.01, approved as OASIS Standards


SSI Meetup

The SSI Ecosystem in South Korea

https://ssimeetup.org/ssi-ecosystem-south-korea-jaehoon-shim-webinar-56/ Jaehoon Shim, a blockchain researcher at LG CNS and the founder of SSIMeetup Korea, will introduce the Self-Sovereign Identity (SSI) ecosystem of South Korea. South Korea became a hotbed of Self Sovereign Identity in the last couple of years. The number of government-funded projects, including the mobile credential for gover

https://ssimeetup.org/ssi-ecosystem-south-korea-jaehoon-shim-webinar-56/ Jaehoon Shim, a blockchain researcher at LG CNS and the founder of SSIMeetup Korea, will introduce the Self-Sovereign Identity (SSI) ecosystem of South Korea. South Korea became a hotbed of Self Sovereign Identity in the last couple of years. The number of government-funded projects, including the mobile credential for government officials, requires using DIDs (Decentralized Identifiers). Also, hundreds of enterprises joined public/private consortia on decentralized identity to empower the digital transformation of the South Korean society. Jaehoon will explain in detail the current ecosystem and discuss opportunities for the future.

Thursday, 07. May 2020

Oasis Open

Invitation to comment on Message Annotations for Response Routing Version 1.0 - ends June 6th


SSI Meetup

Introducing the SSI eIDAS Legal Report – Ignacio Alamillo

https://ssimeetup.org/introducing-ssi-eidas-legal-report-ignacio-alamillo-webinar-55/ The European Commission developed the SSI (Self-Sovereign Identity) eIDAS bridge, an ISA2 funded initiative, to promote eIDAS as a trust framework for the SSI ecosystem. It assists a VC (Verifiable Credential) issuer in the signing process, and helps the verifier to automate the identification of the organizatio

https://ssimeetup.org/introducing-ssi-eidas-legal-report-ignacio-alamillo-webinar-55/ The European Commission developed the SSI (Self-Sovereign Identity) eIDAS bridge, an ISA2 funded initiative, to promote eIDAS as a trust framework for the SSI ecosystem. It assists a VC (Verifiable Credential) issuer in the signing process, and helps the verifier to automate the identification of the organization behind the issuer’s DID (Decentralized Identifier). Simply by “crossing” the eIDAS Bridge, a Verifiable Credential can be proven trustworthy in the EU. Ignacio Alamillo will present at this SSI Meetup webinar the insights gained from this report. In the context of the eIDAS bridge project, we performed an analysis on how eIDAS can legally support digital identity and trustworthy DLT-based transactions in the Digital Single Market, and this is reflected in the SSI eIDAS legal report, available at this link. The objective of this report is to evaluate the potential legal issues that are important to an SSI solution and make some recommendations to be used as policy input for the eIDAS 2020 review. The report outlines short-term objectives, where changes in the Regulation would not be necessary, but also mid to long-term scenarios requiring major changes in the Regulation to comply with the SSI design principles. The different scenarios described in the report are aligned with the proposed architectural and procedural considerations designed in the SSI eIDAS Bridge project and the European Self Sovereign Identity Framework.

Tuesday, 05. May 2020

SSI Meetup

Learn about the Trust Over IP (ToIP) stack

https://ssimeetup.org/trust-over-ip-toip-stack-webinar-54/ At SSI Meetup you’ve been hearing about the Trust over IP (ToIP) stack (originally called the “SSI stack”) since last September 2019. In this webinar, three pioneers of this new architecture for Internet-scaled digital trust infrastructure will share exciting news about where ToIP is going. We can’t reveal the details yet—it is under emba

https://ssimeetup.org/trust-over-ip-toip-stack-webinar-54/ At SSI Meetup you’ve been hearing about the Trust over IP (ToIP) stack (originally called the “SSI stack”) since last September 2019. In this webinar, three pioneers of this new architecture for Internet-scaled digital trust infrastructure will share exciting news about where ToIP is going. We can’t reveal the details yet—it is under embargo until next Tuesday—but let’s just say you don’t want to miss it.

Trust over IP

Cross-Industry Coalition Advances Digital Trust Standards

Governments, nonprofits and private sectors across finance, health care, enterprise software and more team up with Linux Foundation to enhance universal security and privacy protocols for consumers and businesses in... The post Cross-Industry Coalition Advances Digital Trust Standards appeared first on Trust Over IP.
Governments, nonprofits and private sectors across finance, health care, enterprise software and more team up with Linux Foundation to enhance universal security and privacy protocols for consumers and businesses in the digital era

The ToIP Foundation is being developed with global, pan-industry support from leading organizations with sector-specific expertise. Founding Steering members include Accenture, BrightHive, Cloudocracy, Continuum Loop, CULedger, Dhiway, esatus, Evernym, Finicity, Futurewei Technologies, IBM Security, IdRamp, Lumedic, Mastercard, MITRE, the Province of British Columbia and SICPA. Contributing members include DIDx, GLEIF, The Human Colossus Foundation, iRespond, kiva.org, Marist College, Northern Block, R3, Secours.io, TNO and University of Arkansas.

Businesses today are struggling to protect and manage digital assets and data, especially in an increasingly complex enterprise environment that includes the Internet of Things (IoT), Edge Computing, Artificial Intelligence and much more. This is compounding the already low consumer confidence in the use of personal data and is slowing innovation on opportunities like digital identity and the adoption of new services that can support humanity.

Without a global standard for how to ensure digital trust, these trends are bound to continue. The ToIP Foundation will use digital identity models that leverage interoperable digital wallets and credentials and the new W3C Verifiable Credentials standard to address these challenges and enable consumers, businesses and governments to better manage risk, improve digital trust and protect all forms of identity online.

“The ToIP Foundation has the promise to provide the digital trust layer that was missing in the original design of the Internet and to trigger a new era of human possibility,” said Jim Zemlin, executive director at the Linux Foundation. “The combination of open standards and protocols, pan-industry collaboration and our neutral governance structure will support this new category of digital identity and verifiable data exchange.”

The Linux Foundation’s open governance model enables the ToIP Foundation to advance a combination of technology and governance standards for digital trust in a neutral forum that supports pan-industry collaboration. An open governance model that can be integrated into the development of the standards for digital trust is essential where the business, legal and social guidelines for technology adoption impacts human trust and behavior.

The ToIP Foundation will initially host four Working Groups. The Technical Stack Working Group and the Governance Stack Working Group will focus on building out and hardening the Technical and Governance halves of the ToIP stack, respectively. The Utility Foundry Working Group and the Ecosystem Foundry Working Group will serve as communities of practice for projects that wish to collaborate on the development of ToIP utility networks or entire ToIP digital trust ecosystems.

The ToIP Foundation will host an all-digital launch event on May 7, 2020 at 9AM PDT that will feature a panel discussion, interoperability demonstration and live Q&A. Register now for the live event. A second event will be hosted for the APAC region.

For more information about the ToIP Foundation, please visit www.trustoverip.org

Steering Member Comments

Accenture

“The internet and digital technologies are a critical part of the way we engage with each other and with organizations. Accenture has a deep commitment to developing solutions to build trust, protect privacy and put control of an individual’s data squarely in their hands. The Trust over IP (ToIP) Foundation is bringing together a powerful mix of experts and doing it at the exact right time given the urgent need to encourage greater adoption and increase trust in data privacy and ownership,” said Christine Leong, managing director, global lead for Decentralized Identity & Biometrics at Accenture.

BrightHive

“Now, perhaps more than ever, networks of public and private sector organizations know the value that can be created by collaborating with one another around their combined data to create novel insights and better align their work. But they also want to collaborate in the most responsible way possible. The work of the Trust over IP Foundation will radically strengthen the infrastructure of responsible data sharing by establishing a global standard for digital trust—ensuring that the very way that data is exchanged and verified creates a much-needed layer of security, privacy and trust. BrightHive is excited by the promise of this standard, and proud to partner with the other members to help see it realized,” said Matt Gee, CEO, BrightHive.

Cloudocracy

“Trust is the foundational element of all relationships between government, organizations, and each of us as individuals. Trust at Internet-scale, serves our greater global community and is best accomplished by communities of trust ecosystems. The Trust Over IP Foundation is the next stage of enabling this journey globally. The paradigm-shifting model of decentralized, person-centric identity is likely one of the most important breakthroughs in data privacy, cyber security and unlocking business value in many years. Cloudocracy seeks to facilitate coalitions of government, supply-chains and individuals to embark on journeys to establish value-based trust ecosystems towards achieving highly secure and empowered private ecosystems and the public-private ‘Internet of Value.’ The global shift will go beyond enabling government and organizations to reduce costs, complexity and add value but will also help steer to a better compass heading in protecting individual data privacy, health and biometric information, while also reducing risks and economic impacts of cyber security data breaches,” said Will Groah, executive director, Cloudocracy.

Continuum Loop

“The leaders we work with know that trust on the Internet isn’t working. They want to start building deep trust with their customers and partners. Our clients are investing, as are we, in the Trust Over IP Foundation. We all want to make sure we are involved in building the digital trust layer that the Internet needs. The technology works – now it is about building business cases and governance,” said Darrell O’Donnell, president and CEO, Continuum Loop.

CULedger

“The credit union movement is based on the idea that trusted interactions between people connected by a common bond are the best interactions.  A self-sovereign, secure, trusted identity, like MemberPass, is essential in the world ahead, and CULedger is paving the way for credit unions and financial cooperatives worldwide to pioneer this important effort and bring this frictionless digital experience to more than 270 million credit union members.  The work developed out of the Trust over IP Foundation will be the cornerstone to facilitate these trusted interactions in the new digital age.  We are excited about the opportunity to be working with other leading organizations in support of this effort,” said John Ainsworth, president/CEO, CULedger.

Dhiway

“Dhiway is happy to join the Trust over IP (ToIP) Foundation as one of the founding members. Our strategic initiatives are designed to bring a higher degree of assurance to the exchange of data between peers, over the Internet and other digital networks. Our participation is aligned with our vision to make the world more transparent and trusted, using digital frameworks that can be universally referenced, understood and consumed.  We intend to contribute our knowledge and expertise to support the ToIP foundation in its mission to build an interoperable architecture for Internet-scale digital trust –  empowering a growing ecosystem of companies and communities to exercise control over their digital assets. It’s encouraging to see the open collaboration that has led to the formation of this Foundation, and we are humbled and thrilled to be a part of this pioneering effort,” said Satish Mohan, Founder & CTO, Dhiway.

esatus

“On our mission of enforcing information security, strong trust relationships are essential. We need them to be equally strong in the real world and online. The Trust over IP Foundation facilitates easy composition, ramp-up and maintenance of digital trust components. Conveying real-world trust online is ultimately possible at flexibility and scale. esatus enterprise solutions employ digital trust components already, making next-gen security and privacy available to its customers today. Being a founding member of the Trust over IP Foundation is a natural fit,” said Dr. André Kudra, CIO at esatus AG. 

Evernym

“Evernym believes the only way to truly solve the avalanche of trust problems on the Internet is with an open standard and open governance model that is as universal as the TCP/IP stack that created the Internet itself. We have helped build the architecture of the ToIP stack layer by layer for the past three years, including the W3C Verifiable Credentials and Decentralized Identifiers standards that are at the heart of this new model, because we believe it will unlock a new explosion of value for every person, business, community and government using digital communications. We are thrilled to help stand up the ToIP Foundation at the Linux Foundation and hope that it attracts every company and contributor who wants to build a strong and lasting trust layer for the Internet,” said Drummond Reed, chief trust officer at Evernym and co-editor of the W3C Decentralized Identifier (DID) specification.

Finicity

“The Internet has fueled incredible innovation over that past few decades. And yet it has been significantly handicapped due to a general lack of trust. As we solve the trust dilemma, we will see a rapid acceleration of innovations that will change the way we do business, connect with others and consume information and entertainment,” said Nick Thomas, president & chief scientist and innovation officer, Finicity. “Finicity looks forward to advancing digital trust standards through its participation in the Trust over IP (ToIP) Foundation.”

IBM

“In today’s digital economy, businesses and consumers need a way to be certain that data being exchanged has been sent by the rightful owner and that it will be accepted as truth by the intended recipient. Many privacy focused innovations are now being developed to solve this challenge, but there is no ‘recipe book’ for the exchange of trusted data across multiple vendor solutions,” said Dan Gisolfi, CTO, Decentralized Identity, IBM Security. “The new Trust over IP Foundation marks an evolutionary step which goes beyond standards, specs and code, with the goal of creating a community-driven playbook for establishing ‘ecosystems of trust.’ IBM believes that the next wave of innovation in identity access management will be for credential issuers and verifiers to partake in these ecosystems, where trusted relationships are built upon cryptographic proofs.”

IdRamp

“Formation of The ToIP Foundation will transform and improve how digital services operate. Traditional centralized identity systems are hinged to vast security vulnerabilities that are not sustainable in a growing digital economy. Centralized services for things like mufti-factor authentication or social login encumber user flow and unnecessarily expose sensitive information to third parties. Decentralized systems resolve these problems but struggle with interoperability and standards to accelerate mass adoption. The Trust Over IP Foundation will help formalize and simplify adoption of Trust as a basic digital utility for everyone. The TOIP stack provides the foundation for a new generation of digital identity services. These services will provide high security frictionless interaction that put the user in control of their personal data. Organizations will establish personal connections with employees and user communities that are immune to the vulnerabilities of centralized systems. Individuals will be able to connect with one another without exposing personal information to the mediators that regulate digital interactions today. This will help businesses move beyond complex identity security investments that erode the bottom line and slow innovation. Verifiable digital trust in a decentralized data economy will open a world of possibilities for all individuals and businesses. As a founding member of the ToIP foundation, IdRamp is committed to helping businesses build a new decentralized digital economy that will evolve organically from traditional centralized systems,” said Mike Vesey, CEO, IdRamp.

Lumedic

“As the first representative of the health care industry on the Steering Committee, Lumedic sees tremendous potential for the Trust over IP Foundation to contribute to health care interoperability,” said Chris Ingrao, chief operating officer of Lumedic. “In confronting the challenges raised by the COVID-19 pandemic, we’ve seen that modern technologies can make a powerful difference when paired with strong governance models. The TOIP stack ensures that the way we exchange trusted health care information meets industry needs at a global scale.”

Mastercard

“We are building a bridge to a world where a person’s identity can be verified immediately, safely and securely for use in the digital world – where now, more than ever, identity is essential for delivery of digital health, education and government services. This cannot be accomplished in isolation. We are collaborating and innovating with governments, technology companies, financial institutions and industry sectors to make this a reality. Our participation within the Trust over IP Foundation builds atop the groundwork we currently have in place to ensure industry standards to guarantee we all transact and interact in a secure, convenient and trusted manner,” said Charles Walton, senior vice president, Digital Identity, Mastercard.

MITRE

“Advances in digital technologies and the Internet have brought great convenience to our lives.  But they also present risk – the inability to verify with confidence the identity of those you are connected with leaves us vulnerable to cyberattacks, identity theft, human trafficking, and financial fraud,” said Jim Cook, vice president of Strategic Engagement and Partnerships at MITRE. “As a not-for-profit company working in the public interest with a mission to solve problems for a safer world, we at MITRE are committed to creating a digital world in which people can interact safely and with confidence.  We applaud the Linux Foundation initiative to launch the Trust over IP Foundation, and we are honored to be a founding member.  We believe real innovation is made possible through open partnership, collaboration and cooperation, and we look forward to contributing to a safer internet through the Trust over IP Stack project.”

The Province of British Columbia

“The Province of British Columbia sees our collective potential to enable global-scale digital trust. The Trust over IP Foundation will be a significant leap forward in establishing a standards-based way for individuals and businesses around the world to interact and transact in safe and secure ways over the Internet,” said Dave Nikolejsin, Deputy Minister of Energy, Mines and Petroleum Resources and Chair of the Board of Digital Identity and Authentication Council of Canada. “From our perspective, this work augments our foundational regulatory role in the economy. In the natural resources sector, we see the potential to empower companies to have a new digitally trusted means to demonstrate due diligence on environmental and social impacts of projects as they work with Indigenous peoples and government. The Province of British Columbia is a founding member of the Trust over IP Foundation to help promote this new era of trusted digital services that everyone can rely on.”

SICPA

“For over 90 years, SICPA has partnered with governments, companies and organizations worldwide, to enable trust in banknotes, identities, products and brands. Our customers’ physical and digital lives are increasingly entwined, at work and at home, and our mission is to help shape trusted digital interactions by collaborating in enabling initiatives like the Trust over IP Foundation.  Building trust at a distance and at scale is a global challenge that will form the keystone in delivering the ultimate promise of an interconnected world: to respect the rights, privacy and security of everyone online and offline,” said Kalin Nicolov, Head of Digital Currency, SICPA.

 

Contributing Member Comments

DIDx

“The Internet lacks a digital trust layer that is not centrally controlled and managed. It is more important than ever to take control of our digital identities and data. The ToIP stack provides full control of digital identities and enables secure, privacy-preserving trust channels with verifiable data exchange. The digital trust layer of the internet. DIDx (a South African based startup) is excited to contribute and build interoperable trust ecosystems across Africa using the ToIP stack and are pleased to join the establishment of the ToIP Foundation together with the Linux Foundation,” said Lohan Spies, CEO DIDx.

GLEIF

“Trust is paramount within today’s digital world and we shouldn’t be afraid to challenge existing online processes for the greater good. The Trust over IP Foundation provides a neutral environment for these important conversations and will facilitate industry collaboration to create a global standard which businesses and consumers can trust. This aligns closely with GLEIF’s work to date as a not-for-profit organization which enables smarter, less costly and more reliable decisions about who to do business with. Our Global LEI System solves the problem of trust for legal entities worldwide, and we look forward to applying our expertise alongside many leading organizations within the foundation,” said Stephan Wolf, CEO, Global Legal Entity Identifier Foundation (GLEIF).

kiva.org

“As internet connectivity and digital services reach the world’s most vulnerable populations, it is paramount that we implement standardized, interoperable systems,” said Matthew Davie, chief strategy officer at Kiva. “The Trust over IP Foundation provides a framework to bring trust to this emerging segment of the digital economy and does so in a way that is consumer-centric and privacy-centric by design.”

The Human Colossus Foundation

“The synergistic domains of trusted identity and immutable semantics are required for organizations to integrate into a new decentralized data economy. The Human Colossus Foundation mission to implement decentralized semantics is aligned with the Trust over IP Foundation. We are proud to contribute to the collaborative projects and initiatives being launched,” said Paul Knowles, Head of the Advisory Board at The Human Colossus Foundation.

iRespond

“Trust is the foundation of every ecosystem, and governance is critical to build trust.  The creation of the ToIP foundation is a critical step toward both trust and governance, built on inclusion, transparency and open standards. We expect ToIP to be part of the essential glue that binds decentralized networks and identity.  The disadvantaged beneficiaries we serve will likely gain from this critical step to address challenges of guardianship and disruption of traditional barriers to establishing identity,” said Scott Reid, CEO, iRespond.

Marist College

“Marist College has long been on the cutting edge of technology innovation. We are excited to be a founding member of this effort to address digital trust and decentralized identity management at a time when internet transactions are a vital part of higher education and our growing digital economy,” said Michael Caputo, MS, vice president for Information Technology/CIO, Marist College.

Northern Block

“Northern Block is committed to empowering the mass adoption of digital verifiable credentials, which we believe won’t be possible without robust and common standards. The launch of the ToIP Foundation is the beginning of a new chapter for any organization who has been working diligently to enhance trust in life’s experiences. We look forward to supporting increasing participation in trusted ecosystems and burgeoning innovation in consumer experiences through digital trust,” said Mathieu Glaude, CEO at Northern Block.

R3

“R3 remains committed to supporting the development of secure, trusted and privacy preserving digital identity ecosystems and our participation in the Trust over IP Foundation is a reflection of that commitment. Our customers across industries including banking, insurance health care and telecommunications all agree that identity cannot be solved in isolation. With the industry coming together under the Trust Over IP Foundation we can work on the standards that will enable interoperability and unlock new opportunities for all. Our Corda platform is designed to enable private transactions, and by incorporating the work of the ToIP Foundation, we can develop solutions uniquely suitable for self-sovereignty in the digital world,” said Abbas Ali, Head of Digital Identity at R3.

Secours.io

“Our past inability to deal with privacy has cost human lives, because it limits innovation that can save lives. Trust over IP gives government the verification and governance it needs, and the public gets the trust it needs now allowing innovation to save lives,” said Sgt. J. Stirling Ret., Ontario Provincial Police, Provincial SAR Coordinator.

TNO

“TNO has deep involvement in the standardization and ecosystems of self-sovereign identity, including W3C, DIF, Hyperledger, Sovrin, RWoT and IIW. Our national and international partners and customers are looking for full-stack Trust-over-IP solutions. The ToIP approach is unique, as it includes the complexities of the top ‘business’ parts of the Trust-over-IP stack, as well as the governance of all layers. We believe that ToIP provides an excellent ground to contribute and further develop this knowledge base and apply it to many projects in ‘admintech’ and other industry sectors where trust in the provenance of data is essential,” said Dr. Oskar van Deventer, senior scientist Self-Sovereign Identity, TNO.

University of Arkansas

“The Internet was built in the 1970s and 1980s to allow machine-to-machine transfer of information, but it was missing the trust layer that identifies the people, organizations, or objects running those machines. The Trust over IP (ToIP) Foundation is building the technical and governance standards to provide that missing layer, which will enable trusted, secure, peer-to-peer transfers of value.  Voices from industry, governments and academia are needed to realize the vision. As an academic partner, the Blockchain Center of Excellence at the University of Arkansas is pleased to join this effort to develop open standards for a trust layer over the Internet,” said Mary Lacity, Walton Professor and Director of the Blockchain Center of Excellence at the University of Arkansas.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

 

Media Contacts
Beth Handoll
ReTHINKitMedia
beth@rethinkitmedia.com
+1 415 535 8658

The post Cross-Industry Coalition Advances Digital Trust Standards appeared first on Trust Over IP.

Saturday, 02. May 2020

r@w blog

#SpottingData

Dibyajyoti Ghosh & Purbasha Auddy The proposed workshop will focus on internet usage in India and the possibilities that the internet offers for representation of data. The workshop will be divided into two parts, the first, of a more general nature, and the second, will focus on one specific aspect of data — representation. While the first part will be more of a documentation exercise,
Dibyajyoti Ghosh & Purbasha Auddy

The proposed workshop will focus on internet usage in India and the possibilities that the internet offers for representation of data. The workshop will be divided into two parts, the first, of a more general nature, and the second, will focus on one specific aspect of data — representation. While the first part will be more of a documentation exercise, the second part will be a hands-on exercise of some data representation tools that are available on the internet.

Plan

Part I: The Nature of Internet Usage in India

The workshop will engage the participants in trying to map the ways that they use the internet in their daily lives, such as circulating emails, using social networks, downloading software, online commerce, academic research, circulating audio and video, etc. This part of the workshop will try to study ‘the starkly hierarchical and segmented experiences and usages of the [internet] in India’. The study will try to distinguish between those who are consumers of data and systems and those who, in addition to consuming, also produce data and systems. Various types of production of data will also be looked at, such as crowdsourcing data (such as in Wikipedia, or restaurant review or hotel review websites).

The workshop will be conducted in an interactive manner, where the participants will enter their responses in an online collaborative platform (Google Sheets), which will be editable by all the participants. This brief documentation exercise will also be used to prepare a report at the end of the conference.

After completing this exercise of mapping the usage of the internet, the second segment of the workshop will try to explore various ways of representing data. This exercise will be done by using tools available online.

Part II: Representation of Data

This part of the workshop will deal with various kinds of data representation, of various kinds of data that users contribute to the internet through websites, such as social networks, blogs, etc. The workshop will try to look at the various existing ways in visualising and representing such data through the internet, such as chronology timelines, location mapping, network mapping, enhanced text representation such as through display of XML-Text Encoding Initiative (XML-TEI) files, etc. so as to enhance the data and open up other aspects of the data not usually evident in forms such as lists and spreadsheets.

The participants will be led through to the creation of small chronology timelines and location mapping in particular. Therefore participants will be requested to contribute data in the form of simple and small English texts which have either several markers of time, or several markers of location, so as to enable such visualisation. Examples of such texts include biographies, travel narratives, etc. The workshop will discuss how to filter ‘structured data’ from prose text to get desirable result from the softwares.

This part of the workshop will try to answer the question as to ‘how do we begin to use the internet as a space for academic and creative practice and intervention?’ The workshop will use open-access tools and software so as to highlight the low-investment infrastructure that is often sufficient enough to represent and enhance data.

Readings

Participants are requested to look at two visualisation tools in particular (both of which were developed by the Knight Lab in Northwestern University, USA), one for creating a chronology timeline (https://projects.knightlab.com/projects/timelinejs) and the other for creating a location map (https://projects.knightlab.com/projects/storymapjs).

Audio Recording of the Session

IRC 2016: Day 2 #Spotting Data : Researchers at Work (RAW) : Free Download, Borrow, and Streaming : Internet Archive

Session Team

Dibyajyoti Ghosh is a PhD student in the Department of English, Jadavpur University. He has four years of full-time work experience in projects which dealt with digital humanities and specially with digitisation of material in Indic scripts.

Purbasha Auddy is a Research Fellow at the School of Cultural Texts and Records (SCTR), Jadavpur University, in a project titled ‘Shabdakalpa’, a historical dictionary of the Bengali language. She has been coordinating/ teaching in a post-graduate diploma course titled ‘Digital Humanities and Cultural Informatics’ offered by the SCTR since 2013. She is an SYLFF PhD Research Fellow; the title of her submitted thesis is : ‘Development of Contents in Bengali Periodicals (1818–1867)’: A Narrative of Objectives’

Note: This session was part of the first Internet Researchers’ Conference 2016 (IRC16) , organised in collaboration with the Centre for Political Studies (CPS), at the Jawaharlal Nehru University, Delhi, on February 26–28, 2016. The event was supported by the CSCS Digital Innovation Fund (CDIF).

#SpottingData was originally published in r@w blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Wednesday, 29. April 2020

MyData

Press release: MyData takes an important step towards open personal data ecosystems

MyData Global 29 April 2020 Helsinki, Finland Press release: MyData takes an important step towards open personal data ecosystems Today, MyData Global nonprofit, published its paper Understanding MyData Operators as a foundation for a roadmap towards a human-centric personal data infrastructure. In a collaborative effort of 34 experts and supported by 48 personal data operators... Read More

MyData Global 29 April 2020 Helsinki, Finland Press release: MyData takes an important step towards open personal data ecosystems Today, MyData Global nonprofit, published its paper Understanding MyData Operators as a foundation for a roadmap towards a human-centric personal data infrastructure. In a collaborative effort of 34 experts and supported by 48 personal data operators...

Read More

The post Press release: MyData takes an important step towards open personal data ecosystems appeared first on MyData.org.

Tuesday, 28. April 2020

ID2020

ID2020 Announces Kim Gagné As New Board Chair

ID2020 Announces Kim Gagné as New Board Chair The ID2020 Alliance announced today that Kim Gagné has been elected to serve a four-year term as chair of its board of directors. Based in London, Mr. Gagné is a Senior Counselor with the advisory and advocacy communications consultancy APCO Worldwide. He also serves as Executive Director of the European Cloud Alliance, a business coalition focu
ID2020 Announces Kim Gagné as New Board Chair The ID2020 Alliance announced today that Kim Gagné has been elected to serve a four-year term as chair of its board of directors.

Based in London, Mr. Gagné is a Senior Counselor with the advisory and advocacy communications consultancy APCO Worldwide. He also serves as Executive Director of the European Cloud Alliance, a business coalition focused on policy issues related to cloud computing.

With his election, Gagné replaced The Honorable Gary Conille, former Prime Minister of Haiti, who currently serves as the United Nations Resident Coordinator in Burundi.

“Kim understands that technology, when ethically applied, can be transformative. It can enhance access to vital public services, enable people to exercise their rights as citizens and voters, and participate in the modern economy,” said ID2020 Executive Director, Dakota Gruener. “During these uncertain times, we look forward to Kim’s thoughtful leadership as we navigate our response to the COVID-19 pandemic and determine our strategic direction for the future.”

Mr. Gagné brings extensive experience in communications, government relations, diplomacy, and law to his new role with ID2020.

Prior to joining APCO in 2016, Gagné was a member of the Microsoft Corporate, External and Legal Affairs group and held a variety of senior policy and management positions throughout Europe, the Middle East, Africa, and Asia. From 1995–2004, he also served as a Foreign Service Officer with the U.S. Department of State, with postings in Haiti, Saudi Arabia and the U.S. Mission to the European Union. Before entering government service, Mr. Gagné was a partner at a Washington, D.C. law firm where he specialized in white collar criminal defense and complex civil litigation.

“Digital identity has the potential to transform the lives of more than one billion people around the world, providing access to critical political, social, and economic opportunities. I am excited to join the ID2020 Alliance as the organization champions the development of ethical, privacy-protecting digital identity solutions,” said Gagné. “I am especially keen to support the organization as it establishes new collaborations with governments, technology companies, and civil society organizations to facilitate the return of individuals to the workplace and public life in the wake of the global pandemic.”

Mr. Gagné holds a B.A. and a J.D. from Duke University and a M.A. from Middlebury College.

ID2020 Announces Kim Gagné As New Board Chair was originally published in ID2020 on Medium, where people are continuing the conversation by highlighting and responding to this story.

Monday, 27. April 2020

Oasis Open

Call for Consent for 3 OData specifications as OASIS Standards

Friday, 24. April 2020

Oasis Open

Invitation to comment on Repeatable Requests Version 1.0 - ends May 24th


OData Version 4.01 approved as an OASIS Standard

Tuesday, 21. April 2020

Oasis Open

LegalRuleML Core Specification v1.0 from the OASIS LegalRuleML TC approved as Committee Specification 02


OASIS Enhances Commitment to Open Source and Standards by Appointing Guy Martin as Executive Director


ID2020

Immunity Certificates: If We Must Have Them, We Must Do It Right

In a white paper, published today by the Harvard University Edmond J. Safra Center for Ethics, ID2020 Executive Director Dakota Gruener urged policy makers, technology providers, and civil society organizations to collaborate to ensure that digital health credentials or “immunity certificates”, if implemented, are intentionally designed to protect privacy and civil liberties. Over the past couple

In a white paper, published today by the Harvard University Edmond J. Safra Center for Ethics, ID2020 Executive Director Dakota Gruener urged policy makers, technology providers, and civil society organizations to collaborate to ensure that digital health credentials or “immunity certificates”, if implemented, are intentionally designed to protect privacy and civil liberties.

Over the past couple weeks, public health officials and policy makers have begun making the case for digital health credentials or “immunity certificates”. If implemented in conjunction with large-scale testing (for the COVID-19 virus and antibodies), immunity certificates could facilitate an incremental and orderly return to economic and social activities. While this presents a compelling opportunity, and one which may be worth considering, such a system cannot be allowed to compromise personal privacy rights, promote exclusion, or exacerbate existing social inequities.

“We all share an obligation to protect public health. But doing so should not mean giving up our right to privacy,” noted Gruener. “Proven technologies, grounded in a respect for equity and human rights, can be redeployed to help protect society from a resurgence of the disease and put control of personal health information in the hands of the individual. But this approach must be pursued cautiously, with a full acknowledgement of the risks, and detailed plans to mitigate them.”

Immunity certificates would enable workplaces, schools, medical facilities, airlines, and other public or private venues to identify those who have tested positive for the antibody (OR who have recently tested negative for the virus) through a verified credential issued by a medical provider (or certified testing center) and carried on a mobile phone. Because the credential is stored on the phone, rather than in a centralized database, it is vastly more secure and would enable the user to share it when, and with whom, they choose.

At this point, testing continues to lag far behind what would be needed to properly implement immunity certificates. But, with sufficient public investment and political will, the necessary level of testing could be achieved in the weeks and months ahead. Scaling access to serological testing will also help firm up our understanding of the virus, including the presence and duration of immunity and the potential for re-infection. At this time, these remain open questions.

The white paper is intended to further the public discourse about immunity certificates and ensure that such systems are developed consistent with the principles outlined in the ID2020 Manifesto for digital ID (developed in 2018 in partnership with the UN High Commissioner for Refugees). The Technical Requirements that underlie the ID2020 Certification also provide a valuable roadmap to assist technology providers and governments in the development of ethical, inclusive digital identity solutions, including digital health credentials.

Widespread social distancing orders have proven an effective strategy for containing the spread of the virus. But these strategies are not without significant economic, social, and psychological consequences. The time is now to begin planning for the next phase of the COVID-19 response and recovery. “If we need to do immunity certificates”, said Gruener, “let’s make sure we do them right.”

Immunity Certificates: If We Must Have Them, We Must Do It Right was originally published in ID2020 on Medium, where people are continuing the conversation by highlighting and responding to this story.

Friday, 17. April 2020

ID2020

Advanced Technologies, Cultural Diversity and Operational Constraints: the Need for Pilots

Authentication Process. Photo: Everest Hilman Palaon of TNP2K (Indonesia) along with Cornelius Saunders and Devina Srivastava of ID2020, present evidence around the importance of pilots to effectively launching large-scale programs. Palaon, Saunders and Srivastava use their experience with the LPG Subsidy Digital ID Pilot in Indonesia led by TNP2K, ID2020 and Everest, as a case study, to disc
Authentication Process. Photo: Everest Hilman Palaon of TNP2K (Indonesia) along with Cornelius Saunders and Devina Srivastava of ID2020, present evidence around the importance of pilots to effectively launching large-scale programs.

Palaon, Saunders and Srivastava use their experience with the LPG Subsidy Digital ID Pilot in Indonesia led by TNP2K, ID2020 and Everest, as a case study, to discuss some technological, cultural and operational insights gained through carefully monitored and evaluated pilots.

View the article here.

LPG Gas Subsidy Beneficiary. Photo: Everest

Advanced Technologies, Cultural Diversity and Operational Constraints: the Need for Pilots was originally published in ID2020 on Medium, where people are continuing the conversation by highlighting and responding to this story.

Thursday, 16. April 2020

r@w blog

#AFCinema2.0

Akriti Rastogi and Ishani Dey Session Amour fou is saturated with its own aesthetic, it fills itself to the borders of itself with the trajectories of its own gestures, it runs on angels’ clocks, it is not a fit fate for commissars & shopkeepers. Its ego evaporates in the mutability of desire, its communal spirit withers in the selfishness of obsession. (Bey, 1985) Confronted with
Akriti Rastogi and Ishani Dey Session

Amour fou is saturated with its own aesthetic, it fills itself to the borders of itself with the trajectories of its own gestures, it runs on angels’ clocks, it is not a fit fate for commissars & shopkeepers. Its ego evaporates in the mutability of desire, its communal spirit withers in the selfishness of obsession. (Bey, 1985)

Confronted with consolidating rhizomatic concerns that inevitably crop their heads in any forum on internet discussions, let alone cinema, AF, or Amour fou encapsulates the very essence of free access cinema — AF is “not the result of freedom but rather its precondition” (Bey, 1985), AF is Cinema in web 2.0.

The proposed session will be an interactive conversation exploring the Indian scenario of internet based independent filmmaking. The key concerns mediating this dialogue are the mobilization of the internet as a space of exhibition and distribution and its implications in moving through extra-legal spaces, garnering cultural capital and articulating desires of its audience. The purpose here is to engage with cinema within “the broader industrial, institutional, and market contexts in which film exists” moving away from film scholarship focusing solely on the “meaning of the text” while disregarding the very circumstances in which those texts or discourses are “produced and circulated” (McDonald, 2013: 147).

Drawing from traditional methods in cinema scholarship, we turn to our own research methods in trying to articulate contextual engagements with amorphous forms of medium, media and archive. We explore the research potentials that the internet provides as an immediate archive of the contemporary while providing provocations to engage with the internet as an alternative space for film exhibition, distribution and funding. While Ishani Dey explores the mobilization of internet’s potential as an alternative space for film exhibition tracing connections that link pirate circuits, film festivals and subversive mainstream aesthetic shifts; Akriti Rastogi provides an overview of entrepreneurial space of internet based independent filmmaking and the surge in DIY filmmaking in web 2.0.

The session concludes with mediations over the poetics of technological access. The internet’s prolific open access archive’s potential to foster cinephilia and the mutations in viewing habits that ensue lead to novel cinematic experiences and their implication for the profilmic aesthetic. In continuum our encounters with the mainstream and anonymous figures etches out the narrative of experiencing cinema and filmmaking in web 2.0.

Plan

This session proposes to conceptualize the implications of open access digital media spaces for cinema in India. Reading cinema as a product of market driven industry factors it interrogates the shifting industrial, institutional, and market contexts which contemporary India cinema negotiates and the implications of contingent media, mode and exhibition on the cinematic experience. The primary concern is to form methods to navigate the expansive archive of the internet and mark the potentials for alternate production and distribution practices that lie within. The session proposes to walk through a number of case studies illustrating the dissolution of dichotomies that is brought about by the interventions of digital and new media technologies. Drawing parallels between earlier shifts in cinema studies discourses with the coming in of videotape and satellite television in India in the 80s and the contemporary debates surrounding digital film practices and direct to home transmissions, the session attempts to historicize cinephilia within the milieu of technophilia in India.

Provocations

Informal distribution networks like peer-to-peer distribution and pirate circles come to the foreground in the discussion on the construct of the cinephile. While the space of the auteur-entrepreneur claims the spotlight in discussions surrounding linkages in film exhibition — navigating through pirate circles to film festivals, bootlegging to the big league.

The figure of the anonymous filmmaker stands precariously on the divide of the legal and extra-legal boundary that the internet thrives in traversing, thus emerging as a vast platform for exhibition that is then mobilized by the DIY filmmaker. The growing popularity of the short film format and the shifts in viewing screens are seen as symptomatic of internet’s effect on cinema’s aesthetic.

The essential provocation here is that while cinema affects the modes of archiving on the internet, the internet in turn affects the cinematic form.

Readings

McDonald, P. (2013). “Introduction: In Focus Media Industries Studies.” Cinema Journal, 52(3).

Lobato, R. (2012) Shadow Economies of Cinema: Mapping Informal Film Distribution.

Zimmerman, R. D.H. (2009). “Cinephillia, Technophilia and Collaborative Remix Zones.” Screen, 135–147.

Audio Recording of the Session

IRC 2016: Day 3 #AFCinema 2.0 : Researchers at Work (RAW) : Free Download, Borrow, and Streaming : Internet Archive

Session Team

Akriti Rastogi is a PhD candidate at the Cinema Studies department of the School of Arts and Aesthetics, Jawaharlal Nehru University, New Delhi. Her current work proposes to trace the design of monetization channels of cinema effects in a new media environ. She has previously worked as a radio broadcast producer at All India Radio, New Delhi.

Ishani Dey is working on her PhD in Cinema Studies at the School of Arts and Aesthetics, Jawaharlal Nehru University. Her current project seeks to analyse some of the ways in which the body-technology ensemble has changed with the rise of the digital. While every new image making technology since the mid-nineteenth century has reconfigured the human body, this project is dedicated to understanding the implications of twenty-first century digital technologies and the internet on bodies that inhabit the screens of the ‘post-cinematic’.

Note: This session was part of the first Internet Researchers’ Conference 2016 (IRC16) , organised in collaboration with the Centre for Political Studies (CPS), at the Jawaharlal Nehru University, Delhi, on February 26–28, 2016. The event was supported by the CSCS Digital Innovation Fund (CDIF).

#AFCinema2.0 was originally published in r@w blog on Medium, where people are continuing the conversation by highlighting and responding to this story.


eSSIF-Lab

Know more about eSSIF-Lab Framework!

Are you applying to any of the eSSIF-Lab’s Open Calls? Would you like to know more about the eSSIF-Lab Framework you will be contributing to build? Tune in to our 3rd webinar on the eSSIF-Lab’s vision and SSI Framework.

When:

On Tuesday, 21st of April 11:30 pm CEST, we will be answering all your questions about the project, functional architecture for its SSI Framework and programme and values e of the eSSIF-Lab’s Open Calls, live on air.

Where? 

The webinar is free and open to all interested people.

REGISTER NOW!

More info on the Open Calls:

Infrastructure-Oriented Open Call

This call targets open source technical enhancements and extensions for eSSIF-Lab Framework which fall within the SSI concept (i.e. technologies which allow individuals to control their electronic identities and guard their privacy).

Deadline: 29th of June 2020 at 13:00 (CEST)
Funding: up to 155,000 €

First Business-oriented Open Call

Solutions proposed for this open call should be business solutions that make it easy for organizations to deploy and/or use SSI and must fall within the SSI concept (i.e., technologies which allow individuals to control their electronic identities and guard their privacy).

Deadline: 30th of April 2020 at 13:00 (CEST)
Funding: up to 106,000 € (for those best in class).

 

Join the webinar and find out all you need!

Thursday, 09. April 2020

Oasis Open

Call for Consent for #OData Version 4.01 as an OASIS Standard

Wednesday, 08. April 2020

Oasis Open

Static Analysis Results Interchange Format (#SARIF) Version 2.1.0 OASIS Standard published

Monday, 06. April 2020

Schema

COVID-19 schema for CDC hospital reporting

The COVID-19 pandemic requires various medical and government authorities to aggregate data about available resources from a wide range of medical facilities. Clearly standard schemas for this structured data can be very useful. The Centers for Disease Control (CDC) in the U.S. defined a set of data fields to facilitate exchange of this data. We are introducing a Schema.org represe
The COVID-19 pandemic requires various medical and government authorities to aggregate data about available resources from a wide range of medical facilities. Clearly standard schemas for this structured data can be very useful.

The Centers for Disease Control (CDC) in the U.S. defined a set of data fields to facilitate exchange of this data. We are introducing a Schema.org representation of these data fields. 

The purpose of this schema definition is to provide a standards-based representation that can be used to encode and exchange records that correspond to the CDC format, with usage within the U.S. primarily in mind. While the existence of this schema may provide additional implementation options for those working with US hospital reporting data about COVID-19, please refer to the CDC and other appropriate bodies for authoritative guidance on the latest reporting workflows and data formats.

Depending upon context, any of the formats and standards that work with Schema.org may be applicable for encoding this data, including the Microdata, RDFa and JSON-LD data formats, as well as related technologies such as W3C SPARQL for data query. JSON-LD is in most cases likely to be the most appropriate format. There is no assumption that data encoded using this schema should necessarily be published on the public Web, nor that it would be used by search engines.

We will continue to improve this vocabulary in the light of feedback, and welcome suggestions for improvements and additions particularly from US healthcare organizations who are using it. This CDC-based vocabulary follows other recent changes we have made to Schema.org. For details of recent changes see our release notes and our previous post announcing the SpecialAnnouncement markup, which is now supported at both Bing (blog, docs) and Google (blog, docs). As the global response to COVID-19 evolves we will do our best to improve schema.org's vocabularies to represent the changes that Coronavirus is bringing to society, and to assist those using structured data to help with the response.



MyData

An approach for fighting COVID-19 and beyond: MyData

  [Join us on MyData vs COVID-19 calls every Wednesday 15:00-16:00 CEST. For details, join mydata.org/slack #coronadata channel.] The whole world is looking for ways to curb and combat COVID-19: vaccines are being developed, medications are being tested and personal data-based applications to track and isolate the suspected cases are being built. The digital solutions introduced...

  [Join us on MyData vs COVID-19 calls every Wednesday 15:00-16:00 CEST. For details, join mydata.org/slack #coronadata channel.] The whole world is looking for ways to curb and combat COVID-19: vaccines are being developed, medications are being tested and personal data-based applications to track and isolate the suspected cases are being built. The digital solutions introduced...

Read More

The post An approach for fighting COVID-19 and beyond: MyData appeared first on MyData.org.

Friday, 03. April 2020

eSSIF-Lab

Join the eSSIF-Lab’s webinar on its current Open Calls!

Have questions about our Open Calls? Want tips for crafting an effective proposal? Tune in to our webinar on the eSSIF-Lab’s current Open Calls.

When:
On Tuesday, 7th of April 12:00 pm CEST, we will be answering all your questions about the application process, the programme and the value of the eSSIF-Lab’s Open Calls, live on air.

Where? 

The webinar is free and open to all interested people.

REGISTER NOW!

More info on the Open Calls:

Infrastructure-Oriented Open Call

This call targets open source technical enhancements and extensions for eSSIF-Lab Framework which fall within the SSI concept (i.e. technologies which allow individuals to control their electronic identities and guard their privacy).

Deadline: 30th of June 2021 at 13:00 (CEST)
Funding: up to 155,000 €

First Business-oriented Open Call

Solutions proposed for this open call should be business solutions that make it easy for organizations to deploy and/or use SSI and must fall within the SSI concept (i.e., technologies which allow individuals to control their electronic identities and guard their privacy).

Deadline: 30th of April 2020 at 13:00 (CEST)
Funding: up to 106,000 € (for those best in class).

 

Join the webinar and find out all you need!

Wednesday, 01. April 2020

Oasis Open

60-day Public Review for four PKCS #11 Candidate OASIS Standards - ends May 31st


r@w blog

#ArchiveAnarchy

Ranjani M Prasad and Farah Yameen Source: Centre for Community Knowledge (CCK) at Ambedkar University Delhi Session In the last decade, the internet has aided a proliferation of information networks — Google Books, archive.org, Hathi Trust, pad.ma and similar archive based knowledge platforms — and cloud based data storage has become a useful and accessible alternative to file based sys
Ranjani M Prasad and Farah Yameen Source: Centre for Community Knowledge (CCK) at Ambedkar University Delhi Session

In the last decade, the internet has aided a proliferation of information networks — Google Books, archive.org, Hathi Trust, pad.ma and similar archive based knowledge platforms — and cloud based data storage has become a useful and accessible alternative to file based systems.

The session opens up with questions of accessibility, ownership and hegemonies in an active archive. It takes up three archives that are being built at Ambedkar Univeristy and other similar archives to explore the emerging issues of knowledge sharing on the internet.

The Lotika Vardarajan archive is an ethnographic archive putting together an academic’s research on indigenous Maritime and Textile traditions and their indepth documentation. The Delhi Oralities Archive is an oral history archive of city memories and resident narratives that seeks to be accessible to the city as an open resource. The Institutional Memory Archive is a living archive continuously reinventing itself according the needs of the university campus that it documents.

The archiving impulses in each case are different as are the dissemination needs of the archive. How do Internet tools like social media, audio and video distribution platforms like Soundcloud and YouTube intervene in the archiving space to enable and catalyze access? Do dissemination strategies provided by Twitter and Facebook affect the use and usability of archives? Does such access threaten questions of ownership and privacy? Who owns a public archive like Delhi Oralities? What hierarchies operate in living archives to decide what is archived and who archives it? What are the limits of such knowledge repositories and the open access movement itself, especially in the light of traditional knowledge structures?

Plan

The discussion session explores questions of archives outside the academic research space. It discusses the possibility of using non-traditional platforms for data sharing to maximize access, sustainability and co-authorship for living archives.

Readings

Basic knowledge about existing social media platforms, open source repository softwares such as DSpace and familiarity with Creative Commons licensing.

Audio Recording of the Session

IRC 2016: Day 1 #Archive Anarchy : Researchers at Work (RAW) : Free Download, Borrow, and Streaming : Internet Archive

Session Team

Ranjani M Prasad is a researcher and archivist, currently based out of Nilgiris and working with Keystone Foundation. She has been working with archiving methodologies over the last 8 years and is interested in intersections between histories, cultures, memories and technologies.

Farah Yameen works with public histories and digital archives. As an independent researcher operating on the margins of academia she engages with oral narratives, ethnographies, and their digital lives.

Note: This session was part of the first Internet Researchers’ Conference 2016 (IRC16) , organised in collaboration with the Centre for Political Studies (CPS), at the Jawaharlal Nehru University, Delhi, on February 26–28, 2016. The event was supported by the CSCS Digital Innovation Fund (CDIF).

#ArchiveAnarchy was originally published in r@w blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Tuesday, 31. March 2020

SSI Meetup

eSSIF-Lab: creating & funding an interoperable SSI infrastructure in Europe

https://ssimeetup.org/essif-lab-creating-funding-interoperable-ssi-infrastructure-europe-webinar-52/ Attend this webinar to learn about the eSSIF-Lab (EU H2020) project with Oskar van Deventer and Rieks Joosten from TNO in the Netherlands. WHY: the eSSIF-Lab vision, objectives, and intended benefits; WHAT: its (initial) functional architecture/components; HOW: ways in which you may contribute (a

https://ssimeetup.org/essif-lab-creating-funding-interoperable-ssi-infrastructure-europe-webinar-52/ Attend this webinar to learn about the eSSIF-Lab (EU H2020) project with Oskar van Deventer and Rieks Joosten from TNO in the Netherlands. WHY: the eSSIF-Lab vision, objectives, and intended benefits; WHAT: its (initial) functional architecture/components; HOW: ways in which you may contribute (and possibly get funded for that). eSSIF-Lab is an EU H2020 project whose purpose is to fundamentally improve real-life transactions via the Internet, by focusing on next-generation mental models for such next generation transactions, and using SSI technologies and implementations to realize them. Today, conducting an online business transaction consist of an individual that fills in an online form, which is subsequently processed (data is validated, and a commitment decision is made). Filling in and validating forms can be quite tedious, frustrating, time consuming and costly. Digitally inexperienced people are known to give up on requesting (social) benefits they are entitled to, enlarging the digital divide. But even people with an academic background and years of IT experience find this difficult. In the SSI-enabled world as eSSIF-Lab sees it, an SSI IT infrastructure can help to find, provide and validate the needed data electronically. This makes filling and processing forms much easier (people no longer have to understand forms, upload pdfs, etc.), much faster (people no longer have to go places to get paperwork) much cheaper (saving tens of billions of euro’s – or even more – on verification/validation costs and IT-links). The current wealth of SSI-related products, technologies and standards is insufficient for realizing this vision, because it generally lacks interoperability and scalability, and does not address the process- and business levels. eSSIF-Lab calls for a scalable and interoperable technological infrastructure that is very easy to use by and integrate with (the IT, the processes and the business/policies of) arbitrary organizations and individuals to request, obtain, store and issue data objects whose meaning (semantics), origin (provenance) and integrity can be proved (verified) – which is basically what SSI is all about. The main task of the eSSIF-Lab consortium is to coordinate between and fund projects of SME’s/startups (from EU/EEA countries) that contribute to the realization of this vision, in terms of technology and/or associated business propositions, and that will work together so as to benefit from each other’s contributions.

Monday, 30. March 2020

Oasis Open

Static Analysis Results Interchange Format (SARIF) V2.1.0 is approved as an OASIS Standard

Friday, 27. March 2020

SSI Meetup

How to avoid another identity nightmare with SSI? Christopher Allen

https://ssimeetup.org/how-avoid-another-identity-tragedy-with-ssi-christopher-allen-webinar-53/ Join the Dutch Self-Sovereign Identity community in a #Foremembrance for those who died by attempting to bomb the civil archives captured by the Nazis & those defending the vulnerable today. Christopher Allen will share with us the importance of this event for the self-sovereign identity community

https://ssimeetup.org/how-avoid-another-identity-tragedy-with-ssi-christopher-allen-webinar-53/ Join the Dutch Self-Sovereign Identity community in a #Foremembrance for those who died by attempting to bomb the civil archives captured by the Nazis & those defending the vulnerable today. Christopher Allen will share with us the importance of this event for the self-sovereign identity community to build the future of identity on sunset Amsterdam time March 27th. We will also analyze the impact and risk of COVID-19 for privacy and identity systems. March 27th is a Friday this year. Sunset in Amsterdam is at 19:06 CET, 2:06 pm EDT, 11:06 am PDT & is 1:06 am March 28 in Taipei & Hong Kong.

Tuesday, 24. March 2020

Oasis Open

STIX Version 2.1 from CTI TC approved as a Committee Specification

Monday, 23. March 2020

eSSIF-Lab

eSSIF-Lab online webinar hosted by SSI Meetup

SSI Meetup will host eSSIF-Lab on 31st March 2020 at 13:00 (CEST) for their online webinar nº 52 “eSSIF-Lab: creating & funding an interoperable SSI infrastructure in Europe”

 

Our colleagues Oskar van Deventer and Rieks Joosten (from TNO in the Netherlands) will take the chance to explain:

WHY: the eSSIF-Lab vision, objectives, and intended benefits; WHAT: its (initial) functional architecture/components; HOW: ways in which you may contribute (and possibly get funded for that).

Two eSSIF-Lab open calls are now admitting applications so,

don’t miss the chance! 

REGISTER NOW!

In eSSIF-Lab, we want to strengthen internet trustworthiness with electronic identities by supporting the further development, integration and adoption of SSI technologies.

 

To this purpose, we are building the eSSIF-Lab SSI Framework jointly with SSI ecosystem by using a cascade funding approach: the framework will be built upon extensions that will be selected through the Infrastructure-oriented open call and it will be dedicated to the development of generic  services that use SSI (to be selected by the 1st Business-oriented Open Call) and SSI-based applications (to be selected by the 2nd Business-oriented Open Call). From these, both Infrastructure-oriented call and First Business-oriented Call are alive now.

 

Learn more about us or join the conversation at eSSIF-Lab space at NGI Community!


eSSIF-Lab Open Calls already alive!

First Business-oriented call and Infrastructure-oriented call of eSSIF-Lab are already accepting applications.

In eSSIF-Lab, we want to strengthen internet trustworthiness with electronic identities by supporting the further development, integration and adoption of SSI technologies.

To this purpose, we are building the eSSIF-Lab SSI Framework jointly with SSI ecosystem by using a cascade funding approach: the framework will be built upon extensions that will be selected through the Infrastructure-oriented open call and it will be dedicated to the development of generic  services that use SSI (to be selected by the 1st Business-oriented Open Call) and SSI-based applications (to be selected by the 2nd Business-oriented Open Call).

 

Do you think you can contribute? Read on, two eSSIF-Lab calls are now alive!

eSSIF-Lab will select and support 62 projects through its open calls. Two of them are now accepting applications.

1. Infrastructure-Oriented Open Call:

This call targets open source technical enhancements and extensions for eSSIF-Lab Framework which fall within the SSI concept (i.e. technologies which allow individuals to control their electronic identities and guard their privacy).

Open source SSI components developed as a result of this open call will be applied by other participants in eSSIF-Lab. Hence, applicants shall be willing and able to work in an agile way with lots of communication and interaction with other participants in the eSSIF-Lab ecosystem, together developing the eSSIF-Lab Framework and testing the interoperability of delivered components.

Who can apply?

This call targets innovators in the SSI domain (such as outstanding academic research groups, hi-tech startups, SMEs, etc.), legally established/resident in a Member State of the EU or in a H2020 associated country.

Deadline: 30th of June 2021, at 13:00 CEST. (Cut-off for evaluation on 30/10/20).

Funding: up to 155,000 € per project.

APPLY NOW! 2. First Business-oriented Open Call

Solutions proposed for this open call should be business solutions that make it easy for organizations to deploy and/or use SSI and must fall within the SSI concept (i.e., technologies which allow individuals to control their electronic identities and guard their privacy).

Generic commercial competitive SSI components and services developed as a result of this open call will be applied at a later stage in areas such as HealthTech, e-Government, Education or by proposals in the generic track of Open Disruptive Innovation.

Who can apply?

The call is open to single start-ups or SMEs, legally established in a Member State of the EU or in a H2020 associated country.

Deadline: 30th of April 2020 at 13:00 (CEST)

Funding: up to 106,000 € per project (for those best in class)

APPLY NOW!

Friday, 20. March 2020

SSI Meetup

Self-Sovereign Identity: Ideology and Architecture with Christopher Allen

https://ssimeetup.org/self-sovereign-identity-why-we-here-christopher-allen-webinar-51/ Internet cryptography and Self-sovereign identity (SSI) pioneer Christopher Allen talks about essential insights and reflections around historical, technological and ethical aspects of Self-Sovereign Identity at the 51st SSIMeetup.org webinar in collaboration with Rebooting the Web of Trust (RWOT) and Alianza

https://ssimeetup.org/self-sovereign-identity-why-we-here-christopher-allen-webinar-51/ Internet cryptography and Self-sovereign identity (SSI) pioneer Christopher Allen talks about essential insights and reflections around historical, technological and ethical aspects of Self-Sovereign Identity at the 51st SSIMeetup.org webinar in collaboration with Rebooting the Web of Trust (RWOT) and Alianza Blockchain Iberoamérica as part of the events that took place at RWOT in Buenos Aires (Argentina). Christopher is an entrepreneur and technologist who specializes in collaboration, security, and trust. As a pioneer in internet cryptography, he’s initiated cross-industry collaborations and co-created industry standards that influence the entire internet. Christopher’s focus on internet trust began as the founder of Consensus Development where he co-authored the IETF TLS internet-draft that is now at the heart of all secure commerce on the World Wide Web. Christopher is co-chair of the W3C Credentials CG working on standards for decentralized identity. Christopher has also been a digital civil liberties and human-rights privacy advisor, was part of the team that led the first UN summit on Digital Identity & Human Rights, and was the producer of a half-dozen iPhone and iPad games, and of Infinite PDF, a non-linear media app.

Tuesday, 17. March 2020

Schema

Schema for Coronavirus special announcements, Covid-19 Testing Facilities and more

The COVID-19 pandemic is causing a large number of “Special Announcements” pertaining to changes in schedules and other aspects of everyday life. This includes not just closure of facilities and rescheduling of events but also new availability of medical facilities such as testing centers. We have today published Schema.org 7.0, which includes fast-tracked new vocabulary to assist the global resp
The COVID-19 pandemic is causing a large number of “Special Announcements” pertaining to changes in schedules and other aspects of everyday life. This includes not just closure of facilities and rescheduling of events but also new availability of medical facilities such as testing centers.

We have today published Schema.org 7.0, which includes fast-tracked new vocabulary to assist the global response to the Coronavirus outbreak.

It includes a "SpecialAnnouncement" type that provides for simple date-stamped textual updates, as well as markup to associate the announcement with a situation (such as the Coronavirus pandemic), and to indicate URLs for various kinds of update such a school closures, public transport closures, quarantine guidelines, travel bans, and information about getting tested.  

Many new testing facilities are being rapidly established worldwide, to test for COVID-19. Schema.org now has a CovidTestingFacility type to represent these, regardless of whether they are part of long-established medical facilities or temporary adaptations to the emergency.

We are also making improvements to other areas of Schema.org to help with the worldwide migration to working online and working from home, for example by helping event organizers indicate when an event has moved from having a physical location to being conducted online, and whether the event's "eventAttendanceMode" is online, offlline or mixed. 

We will continue to improve this vocabulary in the light of feedback (github; doc), and welcome suggestions for improvements and additions particularly from organizations who are publishing such updates. 

Dan Brickley, R.V.Guha, Google.
Tom Marsh, Microsoft.

Friday, 13. March 2020

Oasis Open

Call for Consent for Static Analysis Results Interchange Format (#SARIF) V2.1.0 as OASIS Standard

Tuesday, 10. March 2020

SSI Meetup

Decentralized Digital Identity in the Spanish and Portuguese speaking world

https://ssimeetup.org/decentralized-digital-identity-spanish-portuguese-speaking-world-alex-preukschat-webinar-50/ SSI Meetup coordinating node Alex Preukschat presents in this webinar the 2020 SSI report for Iberoamerica with the main highlights and insights gained for this edition. Self-Sovereign Identity (SSI) is booming, and we expect it to be one of the main unifying technologies of the bloc

https://ssimeetup.org/decentralized-digital-identity-spanish-portuguese-speaking-world-alex-preukschat-webinar-50/ SSI Meetup coordinating node Alex Preukschat presents in this webinar the 2020 SSI report for Iberoamerica with the main highlights and insights gained for this edition. Self-Sovereign Identity (SSI) is booming, and we expect it to be one of the main unifying technologies of the blockchain and decentralized world. Unlike our first report for Iberoamerica, we have chosen, for this edition, to prepare a shorter executive document that reflects the main trends in the region. In this study, we focus on Ibero-American initiatives that are either done in the name of SSI or have elements strongly resembling SSI, rather than simple authentication experiments that are further away from the principles of SSI.

Tuesday, 03. March 2020

SSI Meetup

eIDAS regulation: anchoring trust in Self-Sovereign Identity systems

https://ssimeetup.org/eidas-regulation-anchoring-trust-self-sovereign-identity-systems-ignacio-alamillo-webinar-49/ Ignacio Alamillo is a lawyer, PhD in eIDAS Regulation, CISA, CISM, and EU Commission legal expert for EBSI eSSIF and the EBSI eIDAS Bridge initiatives. Ignacio will introduce SSI solutions, using the Alastria ID reference model as an illustrative example, taking into account the nee

https://ssimeetup.org/eidas-regulation-anchoring-trust-self-sovereign-identity-systems-ignacio-alamillo-webinar-49/ Ignacio Alamillo is a lawyer, PhD in eIDAS Regulation, CISA, CISM, and EU Commission legal expert for EBSI eSSIF and the EBSI eIDAS Bridge initiatives. Ignacio will introduce SSI solutions, using the Alastria ID reference model as an illustrative example, taking into account the need for trust management frameworks, and trust anchors. Secondly, he will introduce the eIDAS Regulation, currently the major electronic identification regulation in the European Union, supporting a pan-European identity federation system, and the legal framework for the so-called trust services. The EU has developed some key proposals arising from the legal assessment of the EBSI ESSIF use case, oriented to extend the eIDAS Regulation to SSI solutions used with public sector bodies relationships and procedures. This results were publicly presented in the 2nd ESSIF Stakeholders Meeting that took place in Brussels mid-January 2020. The objective of the ESSIF legal assessment is to evaluate the potential legal issues that are horizontal to an SSI solution, including: DIDs: What is the legal nature and ownership of DIDs (asset vs a special kind of pseudonym), how should be DIDs managed in case of minors and incapable persons, if DID may be subject to seizure, when DIDs may be deactivated, what is the legal regime of keys and wallets, etc. VCs: What are the duties and responsibilities of VCs issuers, holders and verifiers. How to model the contractual/non-contractual relations between issuers & verifiers, and set up liability models. We should pay special attention to the legal aspects of the VC lifecycle (issuance, suspension and revocation causes, etc). Alignment of the SSI solution with the eIDAS Regulation: aligning VCs with eIDAS eID rules, but also linking VCs to eSeals or eSignatures. Trust framework: legal input regarding LoAs, governance aspects, conformity, etc. The use cases include: Using eIDAS identification means (and qualified certificates?) to issue verifiable credentials. Using qualified certificates to support verifiable claims (EBSI eIDAS bridge) and legal evidences with full legal value. Using SSI VCs as an eIDAS identification means. Using blockchain plus SSI as an electronic registered delivery service. All content represent just the opinion of Ignacio Alamillo, and do not represent any official position from the EU Commission nor any of its officers

Friday, 28. February 2020

Oasis Open

TOSCA Simple Profile in YAML v1.3 OASIS Standard published


eSSIF-Lab

EU Project eSSIF-Lab, aimed at faster and safer electronic transactions via the internet as well as in real life, open for start-ups and SMEs

In November TNO, FundingBox, BLUMORPHO and GRNET started a new EU-Horizon 2020 research project ‘NGI eSSIF-Lab’. The project will offer open calls for start-ups, SMEs and other innovators to further develop, integrate and adopt self-sovereign identity technologies for Europe. The first open calls are expected to begin in March 2020. What makes eSSIF-Lab different from other initiatives is that it focuses on scalable SSI-solutions that are mutually interoperable and not limited to solving a problem in just a specific domain.

 

Are you interested?

Please fill in our contact form to receive updates when an open call is published

STAY UP TO DATE Self-sovereign identity

Self-sovereign identity (SSI) promises to empower European citizens with new means to manage privacy, to eliminate logins, and to enjoy much faster and safer electronic transactions via the internet as well as in real life. SSI promises not only to empower European organisations to speed up, secure and automate transactions with customers, suppliers and partners, resulting in annual savings of tens of billions of euros on administrative costs in Europe but also to drive a new business ecosystem with thousands of new jobs, new job categories and new business opportunities for existing and new European companies.

eSSIF-Lab project

The eSSIF-Lab project will provide business and technical support to integrate SSI technology with market propositions, and will accelerate SSI-related businesses and social applications. The outreach though the open calls and the prominent position in the emerging SSI community will enable the eSSIF-Lab consortium to advance the broad uptake of SSI as a next generation, open and trusted digital identity solution.

The project will award 62 subgrants in two types of open call: one infrastructure-oriented open call targeting technical enhancements and extensions of the SSI framework and two business-oriented open calls targeting SSI business and social innovations and applications. The infrastructure-oriented open call (open to any type of innovator) and the first business-oriented open call (limited to start-ups and SMEs) are expected to open in March 2020. 

TNO’s lead SSI scientist Rieks Joosten is excited: “While so-called SSI ‘solutions’ are popping up all over the world, the vast majority has a local scope: they solve a problem in a specific domain, are not scalable and scarcely interoperate with each other. Addressing these issues is a top priority for the eSSIF-Lab project. We invite the SSI community in Europe to come forward and apply for the open calls.”

The project receives funding from the European Commission under the Horizon 2020 research and innovation programme, of which €5.6 m is available for subgrants. The eSSIF-Lab project will run for three years.

Consortium

The eSSIF-Lab consortium is a lean consortium comprised of a combination of one RTO, one funding management organisation, one business accelerator and one organisation that offers advanced e-infrastructures and innovative services. The partners have distinct but complementary profiles, spanning the whole range of activities and areas covered within the project.

TNO (Netherlands) is the project coordinator and brings in its extensive SSI technical expertise and understanding of innovation processes to the startup/SME/innovator community targeted by the open calls. TNO has a unique position as an RTO, with a strong connections to both fundamental research, industry, SMEs and societal stakeholders. TNO has an extensive track record in H2020 project coordination.

FundingBox (Poland) manages the open calls. FundingBox is the European leader in managing Financial Support to Third Parties, having distributed up to €62 m by participating in 14 projects, including FSTP, since 2014. It has a community with over 18,000 subscribers where makers, entrepreneurs and innovators meet, interact and collaborate to build growth connections and win equity-free funding to catalyse their growth.

BLUMORPHO (France) is a business accelerator that has 20+ years of experience in building and developing successful ecosystems around innovations. It will provide business support to the start-ups that participate in the open call projects to accelerate their SSI-related business. BLUMORPHO has a large European and worldwide network, and brings in its expertise from training and developing ideas with high potential to fully-fledged business plans.

GRNET (Greece) is responsible for the ongoing deployment infrastructure in the project. GRNET is the national network, cloud computing and IT eInfrastructure and services provider. It supports hundreds of thousands of users in the key areas of Research, Education, Health and Culture.

Contact

TNO: Oskar van Deventer, scientific coordinator, oskar.vandeventer@tno.nl
GRNET: Georgios Tsoukalas, gtsouk@grnet.gr
FundingBox: David Seoane, david.seoane@fundingbox.com
BLUMORPHO: Régis Hamelin, hamelin@blumorpho.com

Meer informatie: essif-lab.eu

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 871932.


SSI Meetup

Explaining SSI to C-suite executives, and anyone else for that matter

https://ssimeetup.org/explaining-ssi-c-suite-executives-anyone-else-john-phillips-webinar-48/ John Phillips from 460degrees in Australia has been exploring with his team for more than two years for a way to describe Self-Sovereign Identity (SSI) that was easy to understand. We think he has found a good method to make SSI easy to understand for any C-suite executive and business people that goes b

https://ssimeetup.org/explaining-ssi-c-suite-executives-anyone-else-john-phillips-webinar-48/ John Phillips from 460degrees in Australia has been exploring with his team for more than two years for a way to describe Self-Sovereign Identity (SSI) that was easy to understand. We think he has found a good method to make SSI easy to understand for any C-suite executive and business people that goes beyond the technology. John published a video in late 2019 that we found deeply insightful and we have invited him to share this with the SSI Meetup audience. This demo has been going down amazingly well with audiences from c-suite technology execs to design students. This approach quite literally animates the discussion. People add other objects into the mix, move things around, ask relevant, insightful, questions. John will share the learnings he is gaining from University research, as well as the results of work in supporting capstone projects for higher education students, and how this has led us to a storytelling model to explain SSI.

Thursday, 27. February 2020

SSI Meetup

Using SSI for enterprise identity and access management

https://ssimeetup.org/using-ssi-enterprise-identity-access-management-sebastian-weidenbach-christopher-hempel-webinar-47/ Sebastian Weidenbach and Christopher Hempel from esatus AG will explain in this presentation why Self-Sovereign Identity (SSI) has great advantages to facilitate enterprise identity and access management. It will also go into detail about how a connection between existing iden

https://ssimeetup.org/using-ssi-enterprise-identity-access-management-sebastian-weidenbach-christopher-hempel-webinar-47/ Sebastian Weidenbach and Christopher Hempel from esatus AG will explain in this presentation why Self-Sovereign Identity (SSI) has great advantages to facilitate enterprise identity and access management. It will also go into detail about how a connection between existing identity and access management solutions and distributed identity ledgers can be implemented. SSI enables users to create proofs over facts about themselves using a distributed ledger. In an enterprise context, this also means that an employee can send a proof to, for instance, a compatible file server containing data exclusively meant for the human resources department. If this proof is valid and contains the fact that the prover is a member of the human resources department, access can be granted automatically. The need for individual approval by a superior, common reason for the tiresome and expensive delay, is removed. Switching enterprises’ IAM systems to SSI technology cannot realistically be done in one fell swoop, though, as migrating thousands of accounts and their privileges to a new system is an intimidating task. There are ways to connect SSI technology to existing IAM solutions, though, which are starting to enter the market using gateway components to connect the old and new worlds of identity.

Oasis Open

#TOSCA Simple Profile in YAML Version 1.3 is approved as an OASIS Standard

Tuesday, 25. February 2020

Oasis Open

Invitation to comment on STIX v2.1 from the CTI TC - ends March 11th


Open Cybersecurity Alliance Unveils First Open Source Language to Connect Security Tools

Wednesday, 22. January 2020

Schema

Schema.org 6.0

Schema.org version 6.0 has been released. See the release notes for full details.  As always, the release notes have full details and links (including previous releases e.g. 5.0 and 4.0). We are now aiming to release updated schemas on an approximately monthly basis (with longer gaps around vacation periods). Typically, new terms are first added to our "Pending" area to give t
Schema.org version 6.0 has been released. See the release notes for full details.  As always, the release notes have full details and links (including previous releases e.g. 5.0 and 4.0).

We are now aiming to release updated schemas on an approximately monthly basis (with longer gaps around vacation periods). Typically, new terms are first added to our "Pending" area to give time for the definitions to benefit from implementation experience before they are added to the "core" of Schema.org. As always, many thanks to everyone who has contributed to this release of Schema.org.

--
Dan Brickley, for Schema.org.

Sunday, 23. February 2020

Oasis Open

Interoperability Between Leading Key Management Vendors Demonstrates Continued Strength of OASIS KMIP Standard at RSA 2020

Wednesday, 19. February 2020

Oasis Open

XACML v3.0 Time Extensions Version 1.0 from XACML TC approved as a Committee Specification

Friday, 14. February 2020

Oasis Open

U.S. Leaders Help Define International Standards for Sharing Economy

Wednesday, 12. February 2020

Oasis Open

Call for Consent for TOSCA Simple Profile in YAML Version 1.3 as OASIS Standard


Invitation to comment on KMIP Specification v2.1 and KMIP Profiles v2.1 - ends March 13th

Friday, 07. February 2020

Oasis Open

60-day Public Review for four #OData Candidate OASIS Standards - ends April 7th 2020

Tuesday, 04. February 2020

SSI Meetup

Decentralized Identifier (DIDs) fundamentals deep dive

https://ssimeetup.org/decentralized-identifiers-dids-fundamentals-identitybook-info-drummond-reed-markus-sabadello-webinar-46/ Decentralized identifiers (abbreviated as “DIDs”), are the cryptographic counterpart to verifiable credentials (VCs) that together are the “twin pillars” of SSI architecture. In this special IdentityBook.info webinar Markus Sabadello, Founder and CEO of Danube Tech, and D

https://ssimeetup.org/decentralized-identifiers-dids-fundamentals-identitybook-info-drummond-reed-markus-sabadello-webinar-46/ Decentralized identifiers (abbreviated as “DIDs”), are the cryptographic counterpart to verifiable credentials (VCs) that together are the “twin pillars” of SSI architecture. In this special IdentityBook.info webinar Markus Sabadello, Founder and CEO of Danube Tech, and Drummond Reed, Chief Trust Officer at Evernym, co-authors of the DID chapter of the “Self-Sovereign Identity: Decentralized Digital Identity and Verifiable Credentials” book published by Manning will explain all the fundamentals of DIDs. Based on the did chapter of the book, you will learn how DIDs evolved from the work started with VCs, how they are related to URLs and URNs, why a new type of cryptographically-verifiable identifier is needed for SSI, and how DIDs are being standardized at World Wide Web Consortium (W3C). Your guides will be two of the editors of the W3C Decentralized Identifier 1.0 specification: Markus Sabadello and Drummond Reed.

The 2nd Official W3C DID Working Group Meeting (The Netherlands)

https://ssimeetup.org/did-report-2-2nd-official-w3c-did-working-group-meeting-netherlands-drummond-reed-markus-sabadello-webinar-45/ The DID Report 2 about the Second Meeting of the W3C DID Working Group with Drummond Reed and Markus Sabadello from Danube Tech, co-authors of the W3C DID specification. DID spec co-author Drummond Reed and Markus Sabadello will report back from Amsterdam (The Neth

https://ssimeetup.org/did-report-2-2nd-official-w3c-did-working-group-meeting-netherlands-drummond-reed-markus-sabadello-webinar-45/ The DID Report 2 about the Second Meeting of the W3C DID Working Group with Drummond Reed and Markus Sabadello from Danube Tech, co-authors of the W3C DID specification. DID spec co-author Drummond Reed and Markus Sabadello will report back from Amsterdam (The Netherlands) for the second official meeting of the W3C DID Working Group taking place from January 29-31, 2020 to share highlights of the meeting and the roadmap for taking DIDs to a full Web standard. This session will be followed one hour later by a full DID education session based on the DID chapter published with Manning by IdentityBook.info authors Drummond Reed, Markus Sabadello and Alex Preukschat. If you want to learn all the basics about DIDs please also join this session here: Webinar 46

Saturday, 01. February 2020

r@w blog

Mock-Calling — Ironies of Outsourcing and the Aspirations of an Individual

Mock-Calling — Ironies of Outsourcing and the Aspirations of an Individual Sreedeep Best Start (The Advertisement) In the darkest hours of night, they remain awake serving some other continent across the oceans. The sparkling exterior complements the sleeplessness. Colorful half-pagers listing job openings in dedicated sections of dailies for the ‘educated’ and ‘experienced’ have been common in
Mock-Calling — Ironies of Outsourcing and the Aspirations of an Individual Sreedeep Best Start (The Advertisement) In the darkest hours of night, they remain awake serving some other continent across the oceans.
The sparkling exterior complements the sleeplessness.

Colorful half-pagers listing job openings in dedicated sections of dailies for the ‘educated’ and ‘experienced’ have been common in post liberalized India. When the eyes cruise through the various logos and offerings of the MNCs in these over populated pages, one gets reminded of a decade when the front, back, and inside pages of newspaper supplements overflowed with job offerings in the lowest ranks of the IT. BPO vacancies which littered the folios primarily sought to lure fresh college pass-outs ‘proficient in English’. Back then, one was yet getting familiar with names such as ‘Convergys’, ‘Daksh’, ‘Global-Vantage’, ‘EXL’, ‘Vertex’. It made one wonder why they needed so many people to ‘walk-in’ week after week, and how they made thousands of ‘on the spot offers’ with ‘revised salaries’ following ‘quick and easy interviews’ and ‘fastest selection processes’. What these selected people actually did, once they got in, was another mystery altogether.

Some of these MNCs promising nothing short of a ‘best start’ to one’s career, that too with the ‘best starting salaries for a fresher’, often came to college campuses for recruitment. They conducted large scale interviews and generously granted immediate offer-letters to final-year students, at the end of each academic year. I happily overlooked the (fine) print, the text, design, and all the other details of these BPO ads. In fact, I never bothered to figure out what the acronym meant till such time when I was in desperate need for a gadget make-over. My age old Range-Finder camera deserved to be disposed and displaced by a Digital SLR. That was the summer of 2003…

The iconic ship building of Convergys — one of the first amongst the many that stood alone fifteen years ago, surrounded by far-­‐away sketches of multistoried constructions and a cyber-­‐hub that was yet to be born and the eight lane highway leading to Jaipur, about to be built beside it. Say Something More About Yourself (The Interview) Call flow and traffic flow is fast and furious both inside and outside such centers of info-­exchange and mega-­data transmissions every second every day.

“You have mentioned in this form that your aim is to ‘do something different’. How would you relate that to your decision to work in a call center?” I was asked.

I had given more than couple of interviews, to get rejected on both occasions, and by then had realized what exactly they preferred to hear and the kind of profile that they wanted to hire. I was in no mood to miss my lunch and waste another day in the scorching heat traveling to one of these hotels where the interviews were conducted. I was tired of waiting for hours sipping cold water and looking at formally dressed men and women being dumped from one room to another — going through a series of eliminating rounds before reaching the interview stage, when they politely conveyed “…thank you very much, you may leave for now, we’ll get back to you…”, especially, to all those lacking a ‘neutral English accent’.

On the first occasion, I took great pleasure and interest in observing every bit of it. On the second, I was getting a hang of it. On the third, I felt like a school kid appearing for an oral examination at the mercy of the schoolmaster and was perennially requested at every step to say something (more) about oneself. But, I had no grudges. Neither the posh ambience nor the polite attitude of the employers towards hundreds of candidates walking-in everyday was comparable with the interview-scene of Ray’s ‘Pratidwandi’ [1]. The scene was acting out in reverse. Now they needed us (in bulk) more than we needed them. Any English-speaking dude eager to believe in the promises of the new-age-profession, even with less or ordinary qualifications, or with no desires to seek further qualifications, was in great demand, like never before.

On the fourth occasion, I thought that I had my answers ready.

“Well, your CV suggests something else. Why don’t you contemplate choosing a creative profession?”

The extra curricular activities’ column on my CV was getting reduced in size with each passing interview that I chose to face. Later I felt that I could have said something else instead of answering, “Madam, I am from a middle-class family, where creativity is not given much space beyond a point.”

I was reminded that I should use her first name instead of uttering ‘Madam’ repeatedly. “But, most of the creative minds come from the middle-class background”, she refuted.

“May be I don’t have much of confidence in my creative abilities.”

The conversation continued for quite long. I did not fall short of sentences to cover up this process of conscious deception. She was busy evaluating my English and was possibly overlooking the content of my answers while making points on a piece of paper as she kept asking questions regarding hobbies, movies, etc. I was asked to listen to men talking in American accent and was instructed to choose between options that summarized the probable conclusion of their conversation. Then I was asked me to wait outside.

The interview with the Senior Process Manager from Pune was supposedly the last round, I was told. A charming voice from across the table made me feel as if he had been waiting to hear from me since the time we met long ago, “So, how is life?”

“Great Sir”.

“Great? You don’t get to hear that too often. Okay, please say something about your self.”

There seemed to be no end to this essential inquiry about ‘the self’ at any stage! I started with my name and ended with my ambition, which was to make a career in a call center.

He must have found it useless to discuss the work profile with me. Truly, I had no idea about what I was supposed to do on the deck. But, I did not miss any chance to convey how keen I was to learn and deliver. This was followed by a discussion on salary, which was short, because as a fresher, I was in no position to bargain.

While passing the offer letter, the HR lady formally made a point to emphasize the formal dress code in the office. Looking back, I presume it was my appearance that prompted her to state the code. With the hair almost touching the shoulders, and a face not shaven for more than a month, the loose fit denims incapable of keeping the shirt tucked, I must have made a sufficient impression to instigate concern in her mind, although unknowingly. Jaswindar (the man who thought smoking bidi in the lawns of the corporate cathedral is quite cool) replied, “I don’t have any formal wear. Does the company pay any advance for buying some?”

Cyber Hub @ midnight — the nerve centre of several corporates. What If They Find Out (The First Day) Even sky is not the limit. The exchange of information and its pace defies border — political or physical.

A cold current ran through the spine of several candidates, especially the first timers, with every signature they put on the bottom left of each page of the agreement of the terms and conditions that required them to be graduates. Obviously, quite a few of them were not graduates. What if they found out that they were not? But they did not. I guess, they never cared to verify the certificates enclosed in the pink file. Nor did they care to figure out what happened to those tax-forms, provident fund forms, insurance forms signed and submitted by the 124 employees joining job on the 9th of June. Lengthy spells of instructions related to form-filling on the first day were forgotten, as most of them were happily distracted or disinterested. The crowd was busy checking out each other — the vending machine and its options, the fancy phone and its features — also enquiring or narrating previous call center experiences, the hassle in missing or getting the first pick-up for the day…

While these strangers were desperate to know or let the others know ‘something more about themselves’, the junior officials instructing us ‘where to tick’, ‘what to remember’, ‘how to write’, ‘when to stop’ were not in a position to exhibit how irritated they were with the tough task of managing so many recruits. Things got even worse with the daylong induction lectures on training, transport, finance, assets, ‘our motifs’ and ‘your expectations’, ‘your contribution’ and ‘our expectations’. Thankfully, there was good lunch, free internet access (quite unthinkable in those days of expensive cyber cafes) and AC cabs to follow. I fancied my relief from the heat and hostel food for the next few weeks of my paid holiday without any sense of remorse.

The Convergys building (now taken over by Vedanta) on a full moon night. The plush lawns used to be a breeding ground for generating dust haze. The compound is highly protected/exclusive zone. Epitome of global connectivity ensures complete disconnection with the local surroundings. My Camera vs Their Camera (Getting Trained) The ever-expanding city with all its imposed notions of urbanity on an area essentially rural leaves no scope for the evolution of the public space. On the contrary, any space outside the strict confines of these gated nations/notions invite threats of the highest order or at least it is perceived to be so.

What if they find out? No, they didn’t.

For the next one and a half months, we loitered around in the mornings, nights, evenings, and graveyard shifts of the classrooms and cafés (though not in every corner as mobility was highly restricted and under severe surveillance), at times enjoying and at times sleeping through the training sessions, impatiently waiting for the salary to get transferred to the Citi Bank account which they had opened for us to be swiped-out the moment the money arrived. Their surveillant eyes were not technologically advanced enough to guess the respective reasons to take up the job casually and remain appointed before absconding. A host of young fellas kept counting the number of day remaining:

While the trainer with 3 kids in 7 years (now needing one more) with a ‘do it or I’ll make you do it’ attitude reminded us that prostitution is oldest customer care service, and the role of a customer care executive is one of the most prestigious ones and definitely not deplorable just because we work at night (as do the docs and cops). While listening to the trainees whose primary interests varied from stock exchange to cooking for the wife to horse breeding and extending till the ‘search for truth in Himalayas’. In a free speech session in VNA (Voice and Accent Training), fitness was synonymous with Baba Ramdev for some folks and euthanasia meant mass-killing. And what about capital-punishment? “Would have known if I attended the college debates”, someone proudly said. The trainer was kind to say “Then talk about censorship”. The girl with colored hair was quick to question, “Is that an automated cruise?” While cruising through the consonants, diphthongs, vowel sounds, and imported ‘modules’, rapid ‘mock-calls’ and learning to intonate. We bit the ‘B’s, kissed the ‘W’s and by the time we rolled the ‘R’s, reached the soft ‘T’s and faded ‘P’s, I felt that the next big revolution was here. Tongue, lip, throat, teeth tried their level best to ape the ones across the Atlantic to the norms of their phonetic culture. While obviously not uttering the obvious that this entire system was a consequence of service being subcontracted to places where establishment and labour costs were way more cheaper. Walls can guard the flow of trespassers but the walls can rarely be guarded against the practice of public urination. An employee relieves himself in the middle of a graveyard shift on his way back after a quick smoke during the miserly half an hour break. Keeping Balance (The Absconding Case & The Attrition List) The building came first as isolated blocks of self-sufficient units generating its own electricity and meeting its own needs. The infrastructure external and essential to its sustenance is still in its nascent stage.

In between the lines of the Punjabi beats in the moving cab or Pearl Jam playing on the i-pod in full volume to resist the former; before and after ‘hi bro’, ‘hey dude’, ‘yo man’, ‘yap buddy’; from weekend masti to an inspirational night-out, we constantly juggled with call-center jargon and silently yapped about:

How to revolt against ‘IST’ (Indian Stretchable Time) Why the ‘pick-up time’ hadn’t been SMSed yet Why the fucking cab driver did not come fucking five fucking minutes earlier How often to ‘login’ early and ‘logout’ late Why the ‘systems were running slow’ What should be the perfect ‘call-opening’ and ‘call ending’ How to handle ‘high call flow’ How to ‘sale’ a product to the ‘disinterested customer’ How to ‘appease’ the dissatisfied ‘enquiring consumers’ How to ‘empathize’ with an ‘irate customer’ How to keep the ‘call control’ while making the customer feel empowered How to avoid ‘escalating’ the call How to make full use of the two ‘fifteen minutes breaks’ and one ‘half hour break’ Why not to say — “I am sorry to hear that” — to a recently divorced customer Whom to give the extra food coupons What to do to in order to know when your calls are being monitored How to reduce the ‘AHT’ (Average Handling Time) How to increase the ‘C.Sac’ (Customer Satisfaction) scores Why not to take two ‘consecutive weekend-offs’ What to write in the ‘feed-back forms’ Which friend should be referred to get compensated for the ‘referral’ before leaving the job What else could be done to maximize ‘P4P’ (Pay for Performance)

Soon after swiping the card and clearing the balance, many of us became what they called, ‘an absconding case’ and added our names to the ‘attrition list’. The ‘cost-effective-labour’ (not ‘cheap labor’), stopped coming to office just before ‘hitting the (production) floor’ without bothering to formally say a bye, and without multiplying the hundreds of dollars that their clients had invested in our training and maintenance. Some of us had to get back to our colleges, which had re-opened. The others either complained about the team-leader or the work pressure till the time they got a call from some other call-center across the road offering a slight increment, but the same work. Others changed jobs as they habitually did twice or thrice a year to acquire a new ambience and acquaintances only to get bored yet again. One chap was smart enough to hold two offices simultaneously. The rest either perished without a trace or sat on the same chair hoping to climb the ‘vertical ladder’ by pleasing the bosses and putting more working hours while executing the ‘communicative tools’ and ‘navigation skills’ that they remembered from the training days. They were the ones the industry hoped to retain. They were also the ones too particular about their performance. Habitual consumption and consistent conflicts between the personal mornings/mourning and the professional nights took a consistent toll.

The city sleeps. Metros come to halt. Signs of human existence disappear. But thousands of people continue with the calls in each floor of these buildings answering queries and collecting unpaid amounts catering to a different time zone altogether.Different floors and different corners of the same floor cater to different clients across the globe. After-Call Wrap-Up (Remains of the Flirtatious Feedback)

I-cards hung like nameplates around the neck all the time along with codes that were generated from the distant land. Punching these plastic cards ensured automated entry, strictly confined to those floors where we had some business. Forgetting to carry them required prolonged human intervention to convince the security that we did deserve to get in. Losing it lead to penalty. Hiding/absconding beneath one of the many call center note-pads I found the Separation Clause 4b: “upon separation from the company, you will be required to immediately return to the company, all assets and property including documents, files, book, papers and memos in your possession.”

The termination clause 6.b.i. of one of the appointment letters stated — “During the probation period you are liable to be discharged from the company’s service at any time without any notice and without assigning any reason”. But I guess the employees left the company more often without any notice or assigning any reasons. The company, most often, had no answers for this unwanted discharge to its owners across the oceans. IT abroad/onboard was not advanced enough to predict/prevent people who made the industry look like a make-shift arrangement; a probation that would rarely lead to permanence.

A common sight of fleet of cabs (a service which is outsourced to external vendors) outside the building waiting for scheduled drops and pick-ups. Is There Anything Else That I Can Do to Help You/Me As the piling debris suggest infrastructural work perennially in progress.

Between the cafeteria cleaned once every hour and the adjacent murky road side dhaba; between the latest cars in the parking lot and the rickshaws waiting for those who couldn’t yet afford to pay the car-installment; between the fiber-glass windows and the jhopris (visible once the curtains were lifted) — new heights were achieved and new targets were set that were globally connected, locally disconnected.

In a site, which is otherwise devoid of consistent water supply, electricity and public transport (running it servers on generators 24X7), the vertical-limits of the translucent fiber glass and false roofs prepare the suburbs. The soothing cubicles confirm to the global standards of ‘how a city ought to look’ from a distance.

Just like the enormous demands of the IT industry, which has created its support sectors (catering, security, transport, house-keeping etc) to stray around the BPOs trying to extract their share of profit, I moved around its orbit as well for some time. Why and how there is a bit of BPO in most my creative endeavors and in the purchase of digital devices between 2003–2008 doesn’t require any further explanation.

I got better and better with my mock-calls.

Surrounded by the debris of development and standing tall with its emphatic presence, such an imposing architecture seems like a myth that constantly challenges the harsh realities that envelop it. The pillared peak is so representative of its desire to remain connected with the ‘distant-­impossible’ 24x7. Endnote

[1] The protagonist in the film violently revolted against the lack of basic amenities in the interview-space and against the idea of calling so many people for just a couple of vacancies, when people were expected to be selected not on the basis of merit, anyway.

Author

Sreedeep is a sociologist and a fellow with the Centre for Public Affairs and Critical Theory (C-PACT)Shiv Nadar University, Noida.

This post was originally published on the CIS website as part of the ‘Studying Internets in India’ series. It is re-published here under Creative Commons Attribution 4.0 International license, and copyright for the text and photographs is retained by the author.

Mock-Calling — Ironies of Outsourcing and the Aspirations of an Individual was originally published in r@w blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Friday, 31. January 2020

Oasis Open

Invitation to comment on Universal Business Language v2.3 from the UBL TC - ends February 15th

Thursday, 30. January 2020

SSI Meetup

Why Self-Sovereign Identity is important - CIO brief - Steve Magennis

https://ssimeetup.org/self-sovereign-identity-explained-cios-steve-manning-webinar-44/ Identity on the internet has been missing since the beginning. For all the amazing ways in which the internet has come to enhance our daily business, social, and personal lives, it was originally designed to simply connect digital endpoints. Networking protocols were built so that computers could identify one a

https://ssimeetup.org/self-sovereign-identity-explained-cios-steve-manning-webinar-44/ Identity on the internet has been missing since the beginning. For all the amazing ways in which the internet has come to enhance our daily business, social, and personal lives, it was originally designed to simply connect digital endpoints. Networking protocols were built so that computers could identify one another, prove themselves, and safely establish a flow of bits between them. What those bits represent was never a primary concern of the architecture. Despite this limitation, for nearly 3 decades we have been creatively injecting the human narrative into the digital conversation between computers; all the while struggling with the lack of certainty about who the human is who is initiating the process. Self-Sovereign Identity (SSI) and Verifiable Credentials (VCs) have emerged as a way to address the question: “Who is really behind the other end of my digital interaction?” Together, the pair of technologies are able to do this at scale while enhancing personal privacy, increasing trust between parties, and promoting practical models of anonymity in a world where all too often our identity becomes a commercial commodity. This presentation is for people who are thinking about how identity and trust relate to their employees, customers, partners, and competitors, and the bespoke way in which we are forced to deal with the issue. Those looking for a better understanding of the benefits afforded by SSI and VCs as well as the technical and governance underpinnings required to support solutions should attend. Steve Magennis is a former Senior Director with Avanade and has worked closely with Accenture and Microsoft over the years to develop transformational initiatives for many Fortune 100 enterprise clients. Decentralized design is a key focus of his as it enables creating entirely new classes of solutions that can be applied to persistent, entrenched business and social problems.

Wednesday, 29. January 2020

Oasis Open

TAXII Version 2.1 from CTI TC approved as a Committee Specification

Thursday, 23. January 2020

Oasis Open

Service Metadata Publishing (SMP) v2.0 from BDXR TC approved as a Committee Specification


#UBL TC publishes Guidance regarding the use of the OASIS UBL logo v1.0

Friday, 17. January 2020

Oasis Open

Four PKCS #11 specifications from PKCS11 TC approved as Committee Specifications

Friday, 10. January 2020

Oasis Open

Open Document Format for Office Applications (OpenDocument) v1.3 from the OpenDocument TC approved as a Committee Specification

Saturday, 21. December 2019

Oasis Open

60-day Public Review for Static Analysis Results Interchange Format (SARIF) v2.1.0 COS01 - ends 18 February 2020