Last Update 8:26 PM February 28, 2021 (UTC)

Organizations | Identosphere Blogcatcher

Brought to you by Identity Woman and Infominer.
Support this collaboration on Patreon!!

Sunday, 28. February 2021

Nyheder fra WAYF

Rigsarkivet nu med i WAYF som brugerorganisation

I dag er Rigsarkivet indtrådt i WAYF som brugerorganisation. Ansatte her kan derfor nu identificere sig som Rigsarkivet-brugere over for de mange webtjenester i WAYF og eduGAIN af relevans for forskning og uddannelse. Language Danish Read more about Rigsarkivet nu med i WAYF som brugerorganisation

I dag er Rigsarkivet indtrådt i WAYF som brugerorganisation. Ansatte her kan derfor nu identificere sig som Rigsarkivet-brugere over for de mange webtjenester i WAYF og eduGAIN af relevans for forskning og uddannelse.

Language Danish Read more about Rigsarkivet nu med i WAYF som brugerorganisation

Friday, 26. February 2021

Elastos Foundation

Elastos Bi-Weekly Update – 26 February 2021

...

Digital ID for Canadians

Spotlight on Everlink

1.What is the mission and vision of Everlink? Vision – To be the leading provider of Comprehensive, Innovative and Integrated Payment Solutions and Services for…

1.What is the mission and vision of Everlink?

Vision – To be the leading provider of Comprehensive, Innovative and Integrated Payment Solutions and Services for credit unions, banks and SMEs in Canada.

Mission – CLIENT-CENTRICITY ABOVE ALL

• Continue to DIVERSIFY as a comprehensive, innovative and integrated Payment Solutions Provider, extending our core products and services and Expanding our Lines-of-Business, in alignment with a clear, understood and communicated Solution Roadmap.

• Continue to DIFFERENTIATE as a recognized Leader in the Payments Industry with Best-in-Class Performance, Innovative Solutions and Outstanding Client Service & Support.

• Continue to GROW through Expanded Market Focus, Joint-Ventures, Alliances and Partnerships.

2. Why is trustworthy digital identity critical for existing and emerging markets?

Since we live in a digitally connected world where digital interaction becomes the de facto mode of connection between 2 parties, it is essential that we have standards around how parties could identify themselves in a digital mode. This is beneficial to all markets and would become the cornerstone of the future digital economy. As digital identity becomes a norm globally, we become positioned for inclusive growth across all sectors and aspects of life.

3. How will digital identity transform the Canadian and global economy? How does your organization address challenges associated with this transformation?

In the financial sector, identity is an important component that allows transactions to happen in a compliant fashion. An identity standard would help the global financial sector innovate much further in an accelerated manner.

Everlink is one of the largest payment services firms in Canada. A digital identity framework upon which Everlink can develop new payment solutions will allow us to offer better solutions to our clients who do business worldwide.

4. What role does Canada have to play as a leader in this space?

Canada is already playing a thought leader role through many collaborative initiatives between the public and private sector, like the DIACC initiative. The adoption of digital identity by federal and provincial governments is not only an impetus to the Canadian private sector but to the different industry verticals and governments across the world. It is vital that the Canadian government projects initiatives like DIACC as Canada’s identity success brand and offer the rest of the world the offer to assist them and or collaborate with other similar initiatives globally.

5. Why did your organization join the DIACC?

Identity is an integral part of the payment ecosystem. Everlink is in the business of providing innovative payment solutions to the Canadian financial service ecosystem. We want to be part of developing and incorporating the Pan-Canadian Trust Framework DIACC into the products and services we offer to our clients.

6. What else should we know about your organization?

Everlink’s 4 Cornerstones:

1. Client-Centricity

2. Operational Performance

3. Innovation

4. Strength

Everlink’s Guiding Principles:

• We are Client-Centric – Above all.

• We must Earn Our Clients’ Business every day – There is no such thing as “entitlement”.

• We get things DONE – Urgency.

• We do What We Say, When We Say; We get it Right the First Time – Quality.

• We are Focused on the Future – But respectful of the past.

About Everlink Payments Services Inc. – Everlink Payment Services Inc. is a leading provider of comprehensive, innovative and integrated payments solutions and services for credit unions, banks, and SMEs across Canada. In addition to supplying best‐in-breed technology infrastructure and payment network connectivity, we offer a comprehensive range of integrated payments Lines of Business including: Payment Network Gateway, ATM Managed Services, Card Issuance & Management, Fraud Management Solutions, Mobile Payments, Professional Services and SME Solutions.

Visit us at www.Everlink.ca


Hyperledger Aries

Hyperledger Aries Graduates To Active Status; Joins Indy As “Production Ready” Hyperledger Projects for Decentralized Identity

The Hyperledger Technical Steering Committee (TSC) has approved Hyperledger Aries as the latest of Hyperledger’s projects to graduate from incubation to active status. Hyperledger Aries provides reusable, interoperable tool kits... The post Hyperledger Aries Graduates To Active Status; Joins Indy As “Production Ready” Hyperledger Projects for Decentralized Identity appeared first on Hyperledger.

The Hyperledger Technical Steering Committee (TSC) has approved Hyperledger Aries as the latest of Hyperledger’s projects to graduate from incubation to active status.

Hyperledger Aries provides reusable, interoperable tool kits designed for initiatives and solutions focused on creating, transmitting and storing verifiable digital credentials. The Aries project grew out of the need for protocols, open source tools and interoperability test suites that leverage networks enabling verifiable credentials, such as those supported by Hyperledger Indy.

This major milestone shows that Hyperledger’s technical leadership recognizes the maturity of the Aries community and project. The TSC applies rigorous standards to active projects including code quality, security best practices, open source governance, and a diverse pool of contributors. Becoming an active Hyperledger project is a sign that Aries has grown in both community and code and is a big step forward for the decentralized digital identity community.

“This approval is further evidence that Hyperledger Aries is a breakout success for the Hyperledger community,” said Brian Behlendorf, General Manager for Blockchain, Healthcare and Identity at the Linux Foundation. “Convergence on common libraries for the exchange of credentials will help speed the development of urgently-needed solutions and systems, ranging from education to finance to the fight against the pandemic. Aries is key to that convergence.” 

The TSC’s endorsement of Hyperledger Aries as out of incubation and into active project status is particularly important as the world grapples with finding trusted ways for people to prove their COVID-19 vaccination or test results. Aries’ maturity and protocol-driven approach to issuing verifiable credentials and presenting verified proofs has meant that Aries is a part of every technical discussion in that domain, and a core component of many of the technical stacks being deployed.

Key components of an Aries solution are:

Agent Frameworks: In the digital world, humans, organizations and things need a way to store, manage and exchange verifiable data, including the crypto that decentralized identity demands. Agents do this work in a decentralized environment, and Aries Frameworks make it easy for anyone to build agents tied to specific business needs. DID communications (DIDComm): Agent-like things have to interact with one another to get work done. How they talk in general is DIDComm. DIDComm was born in the Aries project, and work on the next version continues within a working group at the Decentralized Identity Foundation. Protocols: The Aries protocols run on top of DIDComm and enable peer-to-peer application-level interactions among agents, and shows how they should be designed and documented. The Aries community has developed an approach called Aries Interop Profiles (AIP) that formalizes specific sets of protocols that any agent-maker must use to be interoperable across the community, and a test harness that verifies interoperability across disparate implementations using the protocols that make up an AIP.

A Wallet is a common term for a mobile agent used by a person. Wallets are the important link that enables people to manage their connections, credentials, and other aspects of involvement in the decentralized identity ecosystem. This important area of work has just recently received another boost with the community organization of work around creating an open source mobile agent using the Aries Framework Javascript and React Native.

Aries also has close community ties with the Trust Over IP (ToIP) project, which is also housed at the Linux Foundation. Both projects are working on the issuing, holding, and presenting of cryptographically-verifiable digital credentials without the necessity of intermediaries. While Aries is focused on the tools required for verifiable credential exchange, the Trust over IP Foundation is a project working to define a complete architecture, or stack, that combines both cryptographic trust and human trust relating to decentralized identity.

The TSC commended the Aries project during the meeting for the project’s highly diverse contributors. Achieving a high number of organizations contributing to a project at Hyperledger is often a challenge. Congratulations are due to those participating in and supporting the Aries Project.

What to learn more about Identity and Hyperledger Aries?

Hyperledger offers free introductory training courses in partnership with The Linux Foundation and edX.org including:

Introduction to Hyperledger Sovereign Identity Blockchain Solutions: Indy, Aries & Ursa

Becoming a Hyperledger Aries Developer

Do you want to get involved in Hyperledger Aries?If you’d like to support Aries, join our community and contribute! Your contributions will help to fix digital identity for everyone. You can participate in the discussions or help write the code powering Aries. Together, we will build a better platform for digital identity.

The post Hyperledger Aries Graduates To Active Status; Joins Indy As “Production Ready” Hyperledger Projects for Decentralized Identity appeared first on Hyperledger.


GS1

THIS

Next Version Planned February, 2021 Standard TLS Implementation Guide for EPC/RFID and EPCIS Version number 2.0 Latest version? 1 Publication date February, 2021 Asset Type Guideline ICSU Identify Industry Retail
Next Version Planned February, 2021 Standard TLS Implementation Guide for EPC/RFID and EPCIS Version number 2.0 Latest version? 1 Publication date February, 2021 Asset Type Guideline ICSU Identify Industry Retail Apparel Current version? Hide From Overview Language:  English

ttttttttttt

Next Version Planned February, 2021 Standard TLS Implementation Guide for EPC/RFID and EPCIS Version number 2.0 Latest version? 1 Publication date February, 2021 Asset Type Guideline ICSU Capture Industry Retail
Next Version Planned February, 2021 Standard TLS Implementation Guide for EPC/RFID and EPCIS Version number 2.0 Latest version? 1 Publication date February, 2021 Asset Type Guideline ICSU Capture Industry Retail General Merchandise Current version? Hide From Overview Language:  English

Own Your Data Weekly Digest

MyData Weekly Digest for February 26th, 2021

Read in this week's digest about: 6 posts, 1 Tool
Read in this week's digest about: 6 posts, 1 Tool

Thursday, 25. February 2021

GS1

GS1 Fresh Fruit and Vegetable Traceability Guideline

Standard TLS Implementation Guide for EPC/RFID and EPCIS Version number 2.0 Latest version? 1 Publication date February, 2021 Asset Type Guideline ICSU Capture Industry Retail Fresh foods Theme Recall
Standard TLS Implementation Guide for EPC/RFID and EPCIS Version number 2.0 Latest version? 1 Publication date February, 2021 Asset Type Guideline ICSU Capture Industry Retail Fresh foods Theme Recall Technologies Capture Current version? Hide From Overview Language:  English

GS1 Fresh Fruit and Vegetable Traceability Guideline

Next Version Planned February, 2021 Standard TLS Implementation Guide for EPC/RFID and EPCIS Version number 2.0 Latest version? 1 Publication date February, 2021 Asset Type Guideline ICSU Use Industry Retail Fre
Next Version Planned February, 2021 Standard TLS Implementation Guide for EPC/RFID and EPCIS Version number 2.0 Latest version? 1 Publication date February, 2021 Asset Type Guideline ICSU Use Industry Retail Fresh foods Theme Recall Technologies Capture Current version? Hide From Overview Language:  English

Digital Scotland

Estonia – The Baltic Tiger

A film by Lesley Riddoch, documenting the inspiring story of how E-Estonia became a global phenomenon. The post Estonia – The Baltic Tiger appeared first on DigitalScot.net.

A headline theme of our Digital Nation webinar series is the inspiring story of E-Estonia, and how Scotland may emulate their success. Lesley Riddoch and filmmaker Charlie Stuart travelled to Estonia in late February 2020 to make a film about this story, about one of the most recent small north European states to become independent.

Tiny Estonia (pop similar to Wales) sees itself as a forgotten Nordic nation, sharing its language, forest and bog-covered topography and Baltic location with Finland.

And it’s widely regarded as Europe’s Digital Tiger economy, performing an incredible transformation from terrible poverty in the wake of reestablishing independence just 30 years ago.

Thirty years ago, Estonia became the latest small European nation to declare independence. Faced with terrible winters, they struggled to even find petrol for ambulances and the supermarket shelves were empty. But today, Estonia is one of the most successful small countries in the EU. How did they do it?

Video Summary

The Estonian people were preparing themselves for independence all their lives, and they actually planned a lot of this transformation ahead since they had a firm belief that they would become independent.

A wave of young people took over dismantling everything. So they said those people who have been working for the Soviet Union and have been supporting this kind of things have to leave now. They need to clean the entire state.

And by cleaning the state, it means everything. The first years were tough for this new Baltic nation. They literally had nothing on the shelves of grocery stores in Tallinn or elsewhere in Estonia. They were in a very difficult situation. But Estonia embraced the new digital world, and in just 20 years, its GDP has increased fivefold. It’s nothing short of extraordinary. This transition happened within a generation. The Estonians have adopted their independence day as the 24th of February. It’s a holiday, everyone gathers together on this day.

Estonia first proclaimed independence in 1918 after two centuries of Russian rule, but soon the country was occupied, first by the Soviets, then the Nazis, then the Soviets again, who ruled for almost 50 years. In March 1949, 20000 people were deported, most to Siberia by the KGB. Two thirds were women and children under the age of 16.

In 1986, there was a seismic shift at the Kremlin. President Gorbachev introduced Glasnost to modernize and refresh the communist bloc. But in the Baltic states, the newfound political freedom gave the chance for dreams of nationhood to be rekindled. The Estonian people were preparing themselves for independence, all their lives through whole time in Soviet Union and then especially, intensely, during those three years they had the singing revolution, they were prepared.

Throughout the years of repression, huge singing events continued, the choirs were a symbol of Estonia’s unique culture. As freedom can’t be achieved by only movements, they not only were singing and shouting and streets, but they were undertaking hard legislative work too. In August 1989, the movements of Estonia, Latvia and Lithuania combined to form a 400 mile chain of two million people demonstrating their unity for freedom. This was to catch media’s attention to pressurize Gorbachev. After all this, Estonia got its independence.

Estonia set up its own currency pegged to the Deutschmark, but the country had traded almost exclusively with Russia and so the economy collapsed. It was a government in crisis from the start. In 1993, in the midst of a Baltic winter with daytime temperatures below minus 10, the state coffers are empty, businesses face bankruptcy, pensions might not be paid.

There was a struggle to find petrol for ambulances and the shops were empty. Mart Laar became the first formally elected prime minister at the age of just 32. The unemployment rate was 40-50%. No countries were buying anything from Estonia as their production was really bad. The changes were really very, very harsh because they didn’t have money. People were patient, expecting that the country will grow up, will improve. And after this harsh time, there will be better times. The Estonians people had hope that Estonia will again flourish someday.

Very soon help and investment came from Nordic neighbors. There was were even food and clothing parcels from abroad. Very quickly, Estonia began to grow as Europe’s newest democracy. It was a society shaped by a new generation without baggage from the communist era, with new ideas and a blank canvas.

E-Estonia

Estonia’s main claim to fame today is the Digital Economy. Estonian education has fueled 20 years of digital innovation, 90 percent of schools deliver subjects using digital technology by choice, not compulsion, and 70 percent of kindergartens have access to robotics. Scottish education was once the envy of the world. Now a different small country is turning educational heads.

The education system has spawned a nation of digital entrepreneurs and innovators. Three Estonian engineers have built Skype with almost 700 million worldwide users.

In Estonia, everyone must have a digital ID. This is a compulsary document for absolutely every person who lives in Estonia. The citizens of Estonia use this smart electronical id card as their driving license also. They also get discounts from various shops by using this id card. This card is also essential for medical care because they need this card at hospitals and health care centre for their medical prescriptions.

This card is also used by the citizens for tax payment system. With the aid of this card it takes only one minute in order to declare citizens’ taxes. The citizens of Estonia have a great faith on their state law authority as they provide their all information of themselves to one institution. Only one percent of entire state budget is used in order to keep up the system. The citizens’ get back two percent of their GDP by using this one single solution.

It took three years after independence for the last Russian military to leave. Now, Estonia has an army of its own and an international peacekeeping role. It has 3000 full time soldiers with 20000 in reserve and the support of its Nato Family since it joined in 2004. Joining the NATO has cultural, economic, social and mostly political consequences on Estonia.

In Estonia 2/3 of the population live in the traditional country. They tried to keep alive their cultural heritage even when they were part of the Soviet Union. The country celebrates its traditions and identity big time.

The country has been criticized for a flat tax regime that leaves the well off paying the same as the lowest earners, just 20 percent. And corporations can skip tax altogether if they reinvest. One man well-placed to make international comparisons is the Estonian TV journalist Johannes Tralla, he is a former EU correspondent.

According to him oligarchy does not exist in the Estonia every taxi driver here is an entrepreneur and the low tax system is really beneficial for the citizens. In Estonia there is no dramatic class gap in society. The taxation framework in Estonia is really appreciable in the whole Europe.

This is the inspiring story of how within a short period of time Estonia grew from the post Independence early challenges to become the world’s leading digital nation.

Video Timeline

0:00 – 11:35 – History of Struggle and Independence of Estonia
11:35 – 15:36 – Post-Independence Challenges
15:36 – 18:45 – Digital Growth and Development in Estonia
18:45 – 22:48 – Digital Education System of Estonia
22:48 – 25:18 – Electronic Id Card System in Estonia
25:18 – 27:55 – Digital Taxation and Ticket System
27:55 – 30:06 – Joining NATO and consequences
30:06 – 33:08 – Traditional Culture of Estonia
33:08 – 38:46 – Taxation Framework and Digital Economic Development

The post Estonia – The Baltic Tiger appeared first on DigitalScot.net.


WomenInIdentity

NZ Members Featured Discussing NZ Contact Tracing App and Public Education Approach

New Zealand Women in Identity members Tamara Al’ Salim and Andrew Weaver were featured on a panel discussing Contact Tracing and Data Ownership. They spoke to the members of the… The post NZ Members Featured Discussing NZ Contact Tracing App and Public Education Approach appeared first on Women in Identity.

New Zealand Women in Identity members Tamara Al’ Salim and Andrew Weaver were featured on a panel discussing Contact Tracing and Data Ownership. They spoke to the members of the National Association for Public Health Statistics and Information Systems (NAPHSIS), a nonprofit based in Washington, DC, whose members are vital records professionals across the U.S. as well as other countries. Tamara and Andrew discussed their view of New Zealand’s response to the pandemic and the impact it had on the community’s behavior when it came to contact tracing.

Andrew described how New Zealand took a pragmatic and expert led approach to the pandemic, driven by medical recommendations and based on statistics and scientific data modeling, wrapped up with the message of kindness. With the continuing change in the pandemic’s landscape, and quoting Maya Angelou, New Zealand took the approach of “Do the best you can until you know better. Then when you know better, do better.”

Tamara walked the audience through graphs that told a story about the New Zealand COVID-19 Tracer App including how its early inception didn’t have much uptake as New Zealand left lockdown with no community cases. The perception was , no community cases meant no need to keep track of our movements. As travel increased into the country, cases at the border increased as well, still yet, people didn’t feel the pressure to keep track of their movements. 

Tamara went on to describe how the trend shifted dramatically when a community case linked to a ship at the ports got into the community, with a household of four people testing positive, the whole country had restriction levels changes, and the city the cases were in went into even high restrictions. This saw a significant uptake and a consistent trend of use of the app since then. New Zealand continues to report daily to its community on the number of border and community cases with none in the community since November 2020. 

Tamara observed that complacency is natural and will continue to happen as people feel safe and not have the need to keep track of their movements. If there is any trend that is guaranteed, it would be the one when cases are discovered in the community people become more vigilant and keep track of their movements. That is possible the new normal in New Zealand. In the meantime, the message, is that is a collective responsibility, we all want to safe and be able to celebrate holidays safely, act like you have the virus, wear your mask on public transport and stay home if you are unwell. 

Tamara is one of the Ambassadors for New Zealand and Andrew as an active member and supporter of Women in Identity encouraged the NAPHSIS members and especially many of the men to join the organization and support our work.

In addition, Kay Chopard spoke in the closing plenary about the Women in Identity organization and encouraged the NAPHSIS membership to become part of the organization and the mission. The conference took place virtually on November 30 to December 2, 2020.

The post NZ Members Featured Discussing NZ Contact Tracing App and Public Education Approach appeared first on Women in Identity.


Energy Web

It’s coming: quality-of-service guarantees for decentralized technologies

Coming soon: quality-of-service guarantees for decentralized technologies Why escrow-based service-level agreements (SLAs) are the secret to enterprise adoption of blockchain During my entire career I have been responsible for delivering, operating, and improving enterprise-grade services — telecommunications, IT, banking — to global customers. I have learned two important lessons when operating
Coming soon: quality-of-service guarantees for decentralized technologies Why escrow-based service-level agreements (SLAs) are the secret to enterprise adoption of blockchain

During my entire career I have been responsible for delivering, operating, and improving enterprise-grade services — telecommunications, IT, banking — to global customers. I have learned two important lessons when operating the services in more than 65 countries around the world:

Although the consistent delivery of platform service levels globally is key, the service experience is always local to the country. What matters is the service experience that happens in the real world, not the virtual one that exists on paper in contracts. The real world is where people live their (working) lives and services are consumed. Transparency in service reporting, the ability to learn and improve from under / over performance, and a fair penalty / reward system are all essential to a sustainable and successful long-term partnership in the enterprise environment.

For decades, service-level agreements (SLAs) have been central to enterprise outsourcing to IT and network providers, including software-as-a-service (SaaS) solutions. Managed services in particular come in many shapes and forms: from managing the multi-vendor environment to providing service guarantees on a specific technology stack. Managed services governed by one or more SLAs can be unbundled and agnostic to any underlying tech or they can be bundled with a certain tech platform (in part of boost enterprise confidence and reduce risk in adopting that platform). Both of these approaches matter for blockchain.

SLAs are understandably popular, because they provide enterprise customers with guaranteed availability and performance at agreed cost levels, and vendors with a stable revenue stream. This is critical when it comes to widespread adoption of new technologies. Being a good vendor is one thing; being a good customer is just as essential. Both are investing and committing to a longer-term relationship, so it has to be fair and balanced.

Yet the conventional SLA-based procurement model is not without its drawbacks. Contracting cycles often range from months to years, requiring major upfront investment on the part of both customers and vendors into requests for proposals (RFPs), solution engineering, legal, and implementation. Once a contract is in place and services are up and running, customers and vendors frequently face change management processes due to the nature of ever-evolving technologies and business requirements. In the event of contractual disputes, compliance and enforcement also take up significant resources. The biggest challenge I have seen in my career is that often these longer-term contracts can become a burden to staying agile and innovative. With the rapid pace of innovation, it is just not possible to predict how the market will look years from now. At the same time, a provider of the services needs to make a fair return on investment (ROI) too and requires a multi-year lock in.

Fast forward to 2021. More and more enterprises are exploring blockchain and other decentralized digital technologies and their governance mechanisms. Many are willing to actively experiment with open, public networks for pilots and proof-of-concept applications. But when it comes to deploying business-critical systems in production, they tend to default to existing operational practices and habits.

I see many companies turn to the larger consultancies and service providers to step in and provide advice and potentially managed services around the technology of choice. It can be a good way to manage risk — career risk mainly, as the operational risks have not gone away. This is of course also true in the energy sector, where reliability is paramount and system failures can impact millions of customers and result in billions of dollars of damages. So availability and quality of service are essential. How to deliver on these requirements with an open-source decentralized platform is the next big challenge that needs to be solved.

The answer is not to put a third party in between an enterprise customer and the decentralized technology solution to monitor performance and guarantee uptime. Of course this may provide some benefits, but it is an odd way to approach fundamentally new technologies. Indeed, one of many appeals of open-source tech and open architectures is that it reduces or even obviates the need for third-party intermediaries that add cost, process complexity, and opacity to markets.

In this new dawning era of enterprise blockchain, two big questions are emerging that matter for the sector’s future:

Can decentralized solutions actually deliver enterprise-grade services with high availability and guaranteed levels of service? Could SLAs that don’t rely on single vendors or require bilateral contracts be the secret to bridging from limited pilots and proofs of concept to full-blown commercial deployments?

At Energy Web we believe the answer is yes, to both questions, but we need to stretch our thinking into a new space though where we enter into decentralized service operations.

The rise of the escrow-backed decentralized SLA

Conventional SLAs work well because there is a single counterparty to a given contract. That counterparty is known and contracted (and therefore ‘trusted’) to deliver the services. By contrast, public networks like EW-DOS run on a distributed network of nodes, operated by multiple organizations, that collectively run services and maintain data integrity via a common protocol. There is no single vendor with which an enterprise user can enter into an SLA contract, but rather a network of vendors that collectively provide services. So how should we rethink the idea of the traditional SLA? How can we make chief information officers (CIOs) of enterprises, including energy companies, as comfortable relying directly on decentralized technologies as they are with existing IT and network vendors?

The answer lies in a decentralized SLA. And the basis of this new type of SLA — for enterprises and vendors alike — is distributed, multilateral trust that the services will be delivered according to the agreed SLA.

We expect that engendering that trust in a decentralized environment should involve posting collateral (often called staking in blockchain circles). This idea isn’t new; anyone who has ever rented an apartment has likely experienced the concept in the form of a security deposit. In the context of public blockchains, staking keeps actors honest and provides strong assurances that the blockchain holds a shared truth, not a compromised version of the truth (since staked companies are incentivized to follow the rules to maximize their rewards and simultaneously disincentivized from bad behavior, for fear of losing their staked collateral in escrow).

When it comes to the idea of a decentralized SLA, a key mechanism is the staking of crypto tokens into a kind of escrow account. Particularly when native tokens are used (such as EWT), this can be easily done via blockchain-based smart contracts. Staking mechanisms are already being used to guarantee trust at the blockchain level. Why not use the same mechanism to define and enforce the terms that are typically found in SLAs at the services layer? While this is an arguably groundbreaking idea for enterprise IT procurement, it’s already becoming a standard practice for blockchain operational and governance mechanisms.

By extending the concept of token staking beyond the trust layer of blockchains (i.e., the maintenance of the distributed ledger database itself) into the services and application layers of the technology stack, it is possible to provide guaranteed uptime, latency, throughput, and other performance measures that are customarily defined in service levels. This approach has the potential to unlock the full potential of decentralized technologies for enterprise customers and service providers alike.

For enterprise customers: A decentralized SLA allows you to easily procure IT and network services by opting into a pool of services provided by multiple vendors at once, and automatically enforce contractual terms in a trusted way. Not only would this approach reduce procurement costs, but it can also improve overall performance and reliability relative to the status quo thanks to the inherent resilience of a decentralized network. Just as it’s generally better to invest in an index fund instead of picking individual stocks, why bet on specific companies (with vendor lock-in) when you can hedge your bet across the entire market?

For vendors: While in some respects an open-source protocol may commoditize certain IT infrastructure services, it also lowers the barrier for customer acquisition and simplifies service delivery. It’s hard to make a profit on managed services today due to the aforementioned upfront contract costs, fierce competition, and commoditization of IT infrastructure. In a decentralized SLA approach, vendors have much wider reach and fewer liabilities (e.g., you can stop any given service and focus on others, while the overall network keeps going).

Service providers would operate nodes that provision various services to enterprise users. They will get paid for the delivery of the services by the enterprise customers. In return these decentralized service providers would stake tokens against performance guarantees (e.g., uptime, latency) to the enterprises using their services. In the event of performance failures, network and service users impacted by degraded performance or outages would be paid out of the staked tokens through slashing part of the staked tokens.

Bringing the decentralized SLA to the Energy Web tech stack and ecosystem

Our goal is to put this theory into practice with EW-DOS, starting with the Utility Layer services. This approach will deliver all the benefits of conventional SLAs (i.e., pre-defined performance requirements and penalties), while remaining vendor- and technology-neutral, highly flexible, more resilient, and lower cost (e.g., by reducing complexity and point-to-point integrations, automating compliance and enforcement) than conventional bilateral arrangements. The payment by the enterprise customer and the staking of the services providers will be done with native token EWT, which is seamlessly integrated into the open-source technology stack.

For example, consider a grid operator who builds an application that enables distributed energy resources (DERs) to participate in an energy market. The application leverages the power of decentralized identifiers (DIDs) to not only streamline the enrollment of customers and assets, but also manage permissions and coordinate data exchange among market participants. Depending on the size of the market, there might be dozens to hundreds of asset types, and thousands to millions of customers and assets. In this scenario, the application might require multiple Utility Layer services like the Key Manager (for distributed key generation and recovery) and Identity and Access Management Cache Server (for high-performance data structuring and availability for DID verifiable credentials).

Instead of locking themselves into a single vendor or product up front (when there is perhaps uncertainty about uptake), the Utility Layer offers a pay-as-you-go solution that allows the grid operator to procure identical services (in terms of cost, performance, etc.) from multiple vendors at once without having to manage separate bilateral contracts — akin to universal roaming for mobile phones, but for enterprise applications.

A natural skeptic might ask: How is this possible? How do you provide multilateral, guaranteed service levels (in terms of both quantity and quality) without direct engagement and contracts between parties?

I think it is possible, and when it works it will address the two main challenges I referenced at the start of this article. This new type of architecture will enable very transparent reporting on actual service quality and be delivered extremely close to the customer who consumes the service in the real world.

Also remember the famous point that was raised in 1880 by Henry Morton, president of the Steven’s Institute of Technology on the Edison light bulb: “Surely, everyone that is acquainted with the subject will recognize it as a conspicuous failure?”

And so to those who stay skeptical I would say, join the trials and experience it yourself. Expect to hear more from Energy Web on this soon.

Walter Kok is the CEO of Energy Web.

It’s coming: quality-of-service guarantees for decentralized technologies was originally published in Energy Web Insights on Medium, where people are continuing the conversation by highlighting and responding to this story.

Wednesday, 24. February 2021

Oasis Open

AMQP Request-Response Messaging with Link Pairing v1.0 and Message Annotations for Response Routing v1.0 approved as Committee Specifications

AMQP is a vendor-neutral, platform-agnostic protocol for passing real-time data streams and business transactions. The post AMQP Request-Response Messaging with Link Pairing v1.0 and Message Annotations for Response Routing v1.0 approved as Committee Specifications appeared first on OASIS Open.

Two AMQP specifications now ready for testing and implementation

OASIS is pleased to announce that AMQP Request-Response Messaging with Link Pairing Version 1.0 and Message Annotations for Response Routing Version 1.0 from the OASIS Advanced Message Queuing Protocol AMQP TC [1] have been approved as OASIS Committee Specifications.

AMQP is a vendor-neutral, platform-agnostic protocol for passing real-time data streams and business transactions. The goal of AMQP is to ensure information is safely and efficiently transported between applications, among organizations, across distributed cloud computing environments, and within mobile infrastructures by enabling a commoditized, multi-vendor ecosystem.

About AMQP Request-Response Messaging with Link Pairing:

AMQP defines links as unidirectional transport for messages between a source and a target. A common messaging pattern is that of “request-response”, that is, two parties partaking in a bidirectional conversation using messages. This document defines a common pattern for pairing two unidirectional links to create a bidirectional message transport between two endpoints.

About Message Annotations for Response Routing:

Large scale messaging networks may consist of multiple distinct sub-networks where addresses visible at one point in the network are not visible at other points. Where messages are transferred across network boundaries, addresses contained within the message (such as those in the reply-to field) may no longer be valid. This document defines mechanisms to allow messages which transit such boundaries to be annotated with sufficient information to allow responses to be directed back to the intended recipient.

These Committee Specifications are OASIS deliverables, completed and approved by the TC and fully ready for testing and implementation.

The specifications and related files are available here:

AMQP Request-Response Messaging with Link Pairing Version 1.0
Committee Specification 01
16 February 2021

Editable source (Authoritative):
https://docs.oasis-open.org/amqp/linkpair/v1.0/cs01/linkpair-v1.0-cs01.docx
HTML:
https://docs.oasis-open.org/amqp/linkpair/v1.0/cs01/linkpair-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/amqp/linkpair/v1.0/cs01/linkpair-v1.0-cs01.pdf
ZIP (complete package of the prose specification and related files):
https://docs.oasis-open.org/amqp/linkpair/v1.0/cs01/linkpair-v1.0-cs01.zip

Message Annotations for Response Routing Version 1.0
Committee Specification 01
16 February 2021

Editable source (Authoritative):
https://docs.oasis-open.org/amqp/respann/v1.0/cs01/respann-v1.0-cs01.docx
HTML:
https://docs.oasis-open.org/amqp/respann/v1.0/cs01/respann-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/amqp/respann/v1.0/cs01/respann-v1.0-cs01.pdf
ZIP (complete package of the prose specification and related files):
https://docs.oasis-open.org/amqp/respann/v1.0/cs01/respann-v1.0-cs01.zip

Members of the AMQP TC [1] approved these specifications by Special Majority Vote. The specifications had been released for public review as required by the TC Process [2]. The votes to approve as Committee Specifications passed [3], and the documents are now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] Advanced Message Queuing Protocol (AMQP) TC
https://www.oasis-open.org/committees/amqp/

[2] Public reviews:
Timeline for “linkpair”:
– https://docs.oasis-open.org/amqp/linkpair/v1.0/csd01/linkpair-v1.0-csd01-public-review-metadata.html
30-day public review of “respann”:
– started 08 May 2020 and ended 06 June 2020:
– https://lists.oasis-open.org/archives/members/202005/msg00001.html
Comment resolution logs:
– https://docs.oasis-open.org/amqp/linkpair/v1.0/csd01/linkpair-v1.0-csd01-comment-resolution-log.txt
– https://docs.oasis-open.org/amqp/respann/v1.0/csprd01/respann-v1.0-csprd01-comment-resolution-log.txt

[3] Approval ballots:
https://www.oasis-open.org/committees/ballot.php?id=3568
https://www.oasis-open.org/committees/ballot.php?id=3569

The post AMQP Request-Response Messaging with Link Pairing v1.0 and Message Annotations for Response Routing v1.0 approved as Committee Specifications appeared first on OASIS Open.


EdgeSecure

Get Access To: Breaking Up with your OPM: How One Institution Moved to a More Independent Enrollment & Revenue Growth Model

The post Get Access To: Breaking Up with your OPM: How One Institution Moved to a More Independent Enrollment & Revenue Growth Model appeared first on Edge.
Complete this form to access these resources: First Name* Last Name* Position Title* Organization* Email* Phone* Would you like to sign-up for our email updates? Yes Comments This field is for validation purposes and should be left unchanged.

The post Get Access To: Breaking Up with your OPM: How One Institution Moved to a More Independent Enrollment & Revenue Growth Model appeared first on Edge.


Elastos Foundation

2021 Team Outlooks: Carrier, Hive, DID

...

EdgeSecure

Breaking Up with your OPM: How One Institution Moved to a More Independent Enrollment & Revenue Growth Model

The post Breaking Up with your OPM: How One Institution Moved to a More Independent Enrollment & Revenue Growth Model appeared first on Edge.

Ceramic Network

The evolution of digital identity

Michael talks about the evolution of digital identity from servers to key pairs to DIDs and IDX. A presentation at ETHDever 2021.


GS1

5.2 Descriptions – Business Process Notes

BMS ID ADB Name​ ​ ADB Business Definition​ Business Process Notes 3506 Short Product Name The shortened product name for the consumer product. This is typically a very abbreviated form of the Product Description, with the intention that it would fit in a small space, such as a shelf tag or receipt. This is typically not used in e-commerce. The abbreviations used

BMS ID

ADB Name​

ADB Business Definition​

Business Process Notes

3506

Short Product Name

The shortened product name for the consumer product.

This is typically a very abbreviated form of the Product Description, with the intention that it would fit in a small space, such as a shelf tag or receipt. This is typically not used in e-commerce. The abbreviations used by the seller should be consistent across all the seller’s products and ideally be recognizable to the consumer. (Note that there is currently no standardised abbreviation list.) In some instances, this could include the full brand name. Product variations (e.g. flavour, scent, etc.) and bundled variations need to be uniquely identified. Net content may not be included in some markets.

3508

Product Type Description

The generic description provided by the seller to describe the type, form or function of the product or service.

This does not include information such as brand, net content, colour, flavour, scent, etc. For example for Product Description “GS1 Brand Hair Colour Liquid Light to Medium Blonde 32 fl oz.”, Product Type Description could be “hair colour”.

3517

Product Description

An understandable and useable description of a product using a combination of key elements such as Brand Name, Sub-Brand (if applicable), Functional Name, Variant, and Net Content. The description should be unique and meaningful for the Retailers to manage the product through their business and describe the product to their consumers e.g. Brand, flavour, scent etc. Examples: • GS1 Brand Base Invisible Solid Deodorant AP Stick Spring Breeze 3.4oz • GS1 Brand Laundry Detergent Liquid Compact Regular Instant Stain Unscented 100 mL • GS1 Brand Hair Colour Liquid Light to Medium Blonde 32 fl oz.

The Product Description at the consumer unit level may be used by some recipients and manufacturers across all hierarchy levels. The text may need to be modified to adhere to the character limit restricted by your technical implementation. Note that the “elements” described in the definition are business elements as determined by the manufacturer and do not necessarily reflect attribute values.

3541

Brand Name

The name provided by the brand owner that is intended to be recognised by the consumer as represented on the product.

In addition to being found on the product, these names may be found on web sites and for other e-commerce uses. Brand Name and Sub Brand Name are determined by the brand owner. For detailed guidance on assigning these attributes, refer to the GS1 Trade Item Implementation Guide [https://www.gs1.org/standards/gdsn/trade_implementation_guide].

3546

Sub Brand Name

The name provided by the brand owner that allows the consumer to further differentiate the product beyond brand name.

3504

additionalTradeItemDescription

(GDD Name)

Additional variants necessary to communicate to the industry to help define the product. Multiple variants can be established for each GTIN. This is a repeatable field, e.g. Style, Colour, and Fragrance.

(GDD Definition)

A common practice is to use this attribute to extend the Product Description with additional information when the seller feels it is needed. This attribute may be used differently in other sectors (e.g. Healthcare).


5.1 Examples of How to Populate Description Attributes

The following examples provide specific instances of how the description group of attributes may be populated. Please see the GS1 Trade Item Implementation Guide [https://www.gs1.org/standards/gdsn/trade_implementation_guide], Section 29, for additional examples. 5.1.1 Food Example Attribute Example Value

The following examples provide specific instances of how the description group of attributes may be populated. Please see the GS1 Trade Item Implementation Guide [https://www.gs1.org/standards/gdsn/trade_implementation_guide], Section 29, for additional examples.

5.1.1 Food Example

Attribute

Example Value

Brand Name

Antonio’s

Sub Brand Name (example 1)

Extreme

Sub Brand Name (example 2)

Antonio’s Extreme Fried Chicken made with Jumping Joe’s 36 oz/1 kg

Product Description

Antonios Extrm Frd Chk Jmp Jos 1k

Short Product Name (example 1)

Antonios Extrm Frd Chk Jmp Jos 36oz

Short Product Name (example 2)

Fried Chicken

Product Type Description

Antonio’s

5.1.2 Cleanser Example

Attribute

Example Value

Brand Name

Foodservice

Sub Brand Name (example 1)

Capblock

Sub Brand Name (example 2)

Pot and Pan

Product Description

Capblock Foodservice Pot and Pan spray cleaning detergent 24 fl oz/0.7 L

Short Product Name (example 1)

CB FS Pt&Pn spr dtrgnt 24floz/0.7L

Short Product Name (example 2)

Capblock FS Pot and Pan spr dtrgnt

Product Type Description

Detergent


5 Descriptions

The Descriptions group of attributes provides sellers and consumers with information that is useful in identifying and differentiating products. This information may be used in store communications, promotions or e-commerce. The responsibility for populating this information is largely with the manufacturer. The retailer may utilise (and sometimes modify) this information in consumer communicat

The Descriptions group of attributes provides sellers and consumers with information that is useful in identifying and differentiating products. This information may be used in store communications, promotions or e-commerce. The responsibility for populating this information is largely with the manufacturer. The retailer may utilise (and sometimes modify) this information in consumer communications to better align with their marketing strategy. Because there are so many variations in the ways these attributes may be populated, it is recommended that the GS1 Trade Item Implementation Guide be referenced when determining your approach to creating this information.


4.2 Notes on GTIN and GLN use in Master Data Exchange

The management of identifiers such as GLNs and GTINs includes rules on allocation, re-use and retirement. ■ For more information on GTIN management please refer to the GS1 GTIN Management Standard: [https://www.gs1.org/1/gtinrules//en/]. ■ For more information on GLN management please refer to the GS1 GLN Allocation Rules Guidelines: [https://www.gs1.org/docs/barcodes/GS1_GLN_Allocation_Gui

The management of identifiers such as GLNs and GTINs includes rules on allocation, re-use and retirement.

■ For more information on GTIN management please refer to the GS1 GTIN Management Standard: [https://www.gs1.org/1/gtinrules//en/].

■ For more information on GLN management please refer to the GS1 GLN Allocation Rules Guidelines: [https://www.gs1.org/docs/barcodes/GS1_GLN_Allocation_Guidelines.pdf].

GLNs serve different purposes depending on the way an organisation conducts its business. For example, a multi-national manufacturer could have multiple GLNs representing different business applications (e.g. brand, manufacturer, distributor, importer).

■ It is necessary to examine the definition of each GLN attribute to determine the appropriate GLN for use in the master data exchange for an item.

■ More information on the purposes for which GLNs are used may be found in the GS1 General Specifications [https://www.gs1.org/standards/barcodes-epcrfid-id-keys/gs1-general-specifications].

Important! For more information about obtaining GS1 identification numbers (GTINs and GLNs) please refer to the following GS1 web page for Member Organsisation contact information: [https://www.gs1.org/contact].


4.1 Identifiers – Business Process Notes

BMS ID ADB Name​ ​ ADB Business Definition​ Business Process Notes 40 Authorised Receiver of Product Information GLN (Global Location Number) The Global Location Number (GLN) that uniquely identifies the authorised receiver of the product information. This is the recipient GLN (e.g., retailer, hospital) to which product information is sent. This is normally suppl

BMS ID

ADB Name​

ADB Business Definition​

Business Process Notes

40

Authorised Receiver of Product Information GLN (Global Location Number)

The Global Location Number (GLN) that uniquely identifies the authorised receiver of the product information.

This is the recipient GLN (e.g., retailer, hospital) to which product information is sent. This is normally supplied by the recipient but might be communicated by their GS1 Member Organisation or data service provider. For more information on obtaining a GLN, please refer to the GS1 General Specifications [https://www.gs1.org/standards/barcodes-epcrfid-id-keys/gs1-general-specifications] and the GLN Allocation Rules Guidelines [https://www.gs1.org/docs/barcodes/GS1_GLN_Allocation_Guidelines.pdf].

67

GTIN (Global Trade Item Number)

The global number that uniquely identifies a product and its various packaging levels (e.g. item, case, pallet) physical or non-physical.

This is the identification number, represented in up to 14 digits, allocated to an item or service that is utilised throughout the entire value chain (e.g. purchasing, invoicing, shipping). It shall always be stored in a manner to retain its uniqueness. For more information on GTIN allocation and management, please refer to the GS1 General Specifications [https://www.gs1.org/standards/barcodes-epcrfid-id-keys/gs1-general-specifications] and the GS1 GTIN Management Standard [https://www.gs1.org/1/gtinrules].

68

Additional Product Identification

An identifier, other than the GTIN, which provides an additional identification for the product.

If these attributes are provided, they should always be used together as a pair with the GTIN (Global Trade Item Number), never as a standalone. It provides the ability to create a relationship between different identification systems.

69

Additional Product Identification Type Code

The code indicating the type of Additional Product Identification used.

75

Brand Owner GLN (Global Location Number)

The Global Location Number (GLN) that uniquely identifies the Brand Owner of the product.

This is the GLN of the entity that owns the brand of the product. For more information on obtaining a GLN, please refer to the GS1 General Specifications [https://www.gs1.org/standards/barcodes-epcrfid-id-keys/gs1-general-specifications] and the GLN Allocation Rules Guidelines [https://www.gs1.org/docs/barcodes/GS1_GLN_Allocation_Guidelines.pdf].

77

Brand Owner Name

The name of the Brand Owner.

This is the business entity name that is associated with the Brand Owner GLN.

83

Data Provider GLN (Global Location Number)

The Global Location Number (GLN) used to uniquely identify the party providing the product information.

This is the GLN of the entity that is responsible for providing the master data. For more information on obtaining a GLN, please refer to the GS1 General Specifications [https://www.gs1.org/standards/barcodes-epcrfid-id-keys/gs1-general-specifications] and the GLN Allocation Rules Guidelines [https://www.gs1.org/docs/barcodes/GS1_GLN_Allocation_Guidelines.pdf].

85

Data Provider Name

The name of the party providing the product information.

This is the business entity name that is associated with the Data Provider GLN.

91

Manufacturing GLN (Global Location Number)

The Global Location Number (GLN) that uniquely identifies the party who owns the manufacturing process of the product.

This is the GLN of the entity that manufactures the product. For more information on obtaining a GLN, please refer to the GS1 General Specifications [https://www.gs1.org/standards/barcodes-epcrfid-id-keys/gs1-general-specifications] and the GLN Allocation Rules Guidelines [https://www.gs1.org/docs/barcodes/GS1_GLN_Allocation_Guidelines.pdf].

93

Manufacturer Name

The name of the manufacturer.

This is the business entity name that is associated with the Manufacturing GLN.

115

Referenced GTIN Type Code

The code indicating the relationship to the referenced GTIN such as substituted or replaced.

If these attributes are provided, they should always be used together as a pair with the GTIN (Global Trade Item Number), never as a standalone.

The Referenced GTIN Type Code is a code value that identifies the intention for how the product identified by the Referenced GTIN is to be used.

The Referenced GTIN may be used to identify a similar, alternative product. A Referenced GTIN may help identify replacement products that can be used, for example, in cases of temporary inventory outages or when transitioning to a new or enhanced product.

The Referenced GTIN is subject to the same creation and formatting rules as the GTIN. For more information on GTIN allocation and management, please refer to the GS1 General Specifications [https://www.gs1.org/standards/barcodes-epcrfid-id-keys/gs1-general-specifications] and the GS1 GTIN Management Standard [https://www.gs1.org/1/gtinrules//en/].

116

Referenced GTIN

The GTIN of a product where a permanent or temporary change to the product needs to be referenced.

161

Global Product Category Code

The code used to group products based on similar characteristics according to the GS1 Global Product Classification (GPC).

This is GS1’s primary classification, used globally, outside of business process or other considerations. For more information on GPC, refer to the GS1 GPC web page [https://www.gs1.org/standards/gpc].


4 Identifiers

Identifier attributes enable accurate identification. They provide uniqueness and promote clarity in identity and differentiation for: ■ business entities ■ business locations ■ products ■ classifications

Identifier attributes enable accurate identification. They provide uniqueness and promote clarity in identity and differentiation for:

■ business entities

■ business locations

■ products

■ classifications


SelfKey Foundation

HKVAX Joins Selfkey Exchanges Marketplace

We’re delighted to announce that the Hong Kong Virtual Assets Exchange is the latest addition to the SelfKey Exchanges Marketplace. The post HKVAX Joins Selfkey Exchanges Marketplace appeared first on SelfKey.

We’re delighted to announce that the Hong Kong Virtual Assets Exchange is the latest addition to the SelfKey Exchanges Marketplace.

The post HKVAX Joins Selfkey Exchanges Marketplace appeared first on SelfKey.

Tuesday, 23. February 2021

Oasis Open

Call for Participation: Rechartered OASIS Code List Representation TC

The Technical Committee has updated its charter to further advance its IT-enabling standards supporting the machine expression, interchange, documentation, management, processing, and validation of code lists for use in any information technology context. The post Call for Participation: Rechartered OASIS Code List Representation TC appeared first on OASIS Open.

The Technical Committee has updated its charter to further advance its IT-enabling standards supporting the machine expression, interchange, documentation, management, processing, and validation of code lists for use in any information technology context.

The OASIS Code List Representation Technical Committee has approved [1] a revised charter, included below. The TC name, statement of purpose, scope, list of deliverables, audience, IPR mode and language specified in the revision below will constitute the TC’s official charter.

The TC will hold its first meeting under the revised charter on 05 March 2021 at 15:00 UTC. Submissions of technology for consideration by the TC and the beginning of technical discussions under the revised charter may begin no sooner than this first meeting.

OASIS and the TC welcome participation by all interested parties. The eligibility requirements for becoming a participant in the TC at the first meeting are:

(a) you must be an employee of an OASIS member organization or an individual member of OASIS, and

(b) you must join the Technical Committee after the revised charter is published to the TC’s home page on 27 February 2021, which members may do by using the Roster “join group” link on the TC’s home page at [2].

Note that everyone who wishes to participate must explicitly join the TC as described in (b) above. Membership under the original charter does not automatically carry over.

Non-OASIS members who wish to participate may contact us about joining OASIS [3]. Instructions for joining the Technical Committee can be found at the “Join This TC” link on the TC’s public home page [4]

Please feel free to forward this announcement to any other appropriate lists. OASIS is an open standards organization; we encourage your participation in our work.

[1] Recharter ballot:
https://www.oasis-open.org/committees/ballot.php?id=3572

[2] TC web page:
https://www.oasis-open.org/apps/org/workgroup/codelist/index.php

[3] https://www.oasis-open.org/join

[4] https://www.oasis-open.org/committees/codelist

Revised Charter Section 1: TC Charter

(1)(a) TC Name
Code List Representation (codelist)

(1)(b) Statement of Purpose

Many communities (for example business sectors and public authorities) exchange and process information in which commonly accepted semantic concepts can be expressed using concise mnemonics or abbreviations called “codes”. Choosing a collection of these codes can constrain the expression of information to an agreed-upon set, requiring the exchange to reference one or more members from only a limited list of such codes, variously called “code lists”, “enumerations”, or “controlled vocabularies”.

Code lists then can be defined as controlled vocabularies or coded value enumerations.

Examples of standardized code lists include country abbreviations, currency abbreviations, shipping container descriptors, and airport codes. Examples of nonstandardized code lists used between trading partners include financial account types, workflow status indicators, and any set of values representing the semantics of related concepts known between the parties involved in information interchange. An advantage of using a controlled set of semantic concepts is in localization where the associated documentation for the coded values can include descriptions in different languages, thus not requiring the coded values themselves to be translated, or where translation is desired, the semantic equivalence of values can be described.

Code lists have been used for many years, and they have been published and disseminated in manners that have not been IT-enabled for ease of computer processing. To date no standardized IT-enabled representation exists.

The Code List Representation TC purpose is to develop IT-enabling standards that support the machine expression, interchange, documentation, management, processing, and validation of code lists for use in any information technology context.

Business Benefits

The standards developed by the Code List Representation TC aim to be beneficial for any community that needs to disseminate IT-enabled expressions of code lists for the exchange and processing of enumerated values.

Key stakeholders are standardization bodies that need to specify code lists and their representation for exchange and automatic process, registration and source authorities that publish code lists, business sectors and public authorities that use code lists in their business exchanges, and implementors of software and services that process code lists.

(1)(c) Scope

Define, develop and maintain a semantic library for code lists (genericode) and related syntax bindings to represent code lists in XML and other machine processable formats for their interchange, documentation and management in any machine-processing context.

Develop any related technical specifications to support the use of code lists.

Promote genericode as the international standard for the IT-enabled representation of code lists.

Should the TC decide so, submit genericode and any other standard developed by the TC as publicly available specification to external standard development organizations (SDOs) and, where possible, fulfill their associated responsibilities of being their designated maintenance authority.

The publication of code lists is out of scope of this TC.

(1)(d) Deliverables

The Code List Representation TC maintains the existing genericode Committee Specification and oversees its evolution to the following set of deliverables:

a semantic model / meta-model of genericode an XML serialization of the genericode semantic model, with the intent of backward compatibility (or even no changes) to the existing genericode prepare examples of the use of and the reference to genericode resources possibly develop new specifications such as operations on a code list e.g. create, add, delete, update possibly develop new syntax serializations and schemas, such as JSON possibly include sample non-normative software for transliteration between syntaxes possibly develop a Schematron value validation script possibly document the use of genericode as a sparse-table serialization, including concepts such as joining tables and foreign keys

(1)(e) IPR Mode

RF on limited terms

(1)(f) Audience

Anyone who works with code lists and has a requirement to transmit and process an IT-enabled expression of the code list values and/or their metadata between systems.

Also source authorities and publishing authorities who create, publish, and disseminate code lists, based on specific business sector or public authority requirements, including those with pre-existing or 3rd party code lists.

Users and consumers of code lists, who may also find a standardized IT-enabled deployment format for such lists easier to employ.

Those who are responsible for defining XML vocabulariesvmay be interested in describing a constrained set of values to represent agreed-upon semantic concepts in order to control information items.

(1)(g) Language

English

Section 2: Additional Information

(2)(a) Identification of Similar Work

ISO/IEC JTC 1/SC 32 has developed ISO/IEC 15944-10 that defines the business operational view of and the need for code lists, without the functional services view of syntax serializations that are in scope of this TC.

(2)(b) First TC Meeting

The first meeting under the revised charter will be held Friday, 05 March 2021 at 15:00 UTC/10:00 EST/16:00 CET/02:00 AEDT via Zoom. The meeting will be sponsored by Crane Softwrights Ltd.

(2)(c) Ongoing Meeting Schedule

It is expected a weekly or bi-weekly meeting online and occasionally face-to-face meetings when needed and where a TC member can assume the responsibility for hosting the meeting.

(2)(d) TC Proposers

N/A

(2)(e) Primary Representatives’ Support

N/A

(2)(f) TC Convener

Andrea Caccia, andrea.caccia@studiocaccia.com, Individual member

(2)(g) OASIS Member Section

N/A

(2)(h) Anticipated Contributions

The current deliverables of the Code List Representation TC, feedback from existing code list Source Authorities and Publishing Authorities.

(2)(i) FAQ Document

N/A

(2)(j) Work Product Titles and Acronyms

genericode

The post Call for Participation: Rechartered OASIS Code List Representation TC appeared first on OASIS Open.


omidiyar Network

The Dawn is Ours: Gen-Z & the Fight for Social Justice

By Jozette Allah-Mensah and Nicole Allred, Strategic Communications, Omidyar Network Illustration by Superside. “When day comes, we ask ourselves, where can we find light in this never-ending shade? And yet the dawn is ours before we knew it. Somehow we do it.” These are the words of 22-year-old Amanda Gorman — the first National Youth Poet Laureate in American history. The opening line

By Jozette Allah-Mensah and Nicole Allred, Strategic Communications, Omidyar Network

Illustration by Superside.

“When day comes, we ask ourselves, where can we find light in this never-ending shade? And yet the dawn is ours before we knew it. Somehow we do it.”

These are the words of 22-year-old Amanda Gorman — the first National Youth Poet Laureate in American history. The opening lines from her poem, “The Hill We Climb,” were first heard at President Biden’s inauguration and inspired millions around the world. Amanda Gorman was one of several youth who participated in inaugural events that day. They represent the next generation of activists meeting today’s challenges head on.

This group has experienced and persevered through cataclysmic terrorist attacks, economic disruption, the ever-present threat of police violence against Black and brown bodies, and politics that further divides us with every news cycle. Add to all of this the accelerants of the internet and social media.

However, young people leading the way is not a new phenomenon.

In the latter half of the 20th century and the first two decades of the 21st, youth have been conscientious revolutionaries working to ensure the words of our nation’s Constitution apply to all within our borders. Indeed, Martin Luther King, Jr., a 25-year-old Baptist preacher at the time he led the bus boycott in Montgomery, would be considered a member of Generation Z today. King and his generation of civil rights leaders, the people whose names we hear most often during Black History Month, serve as an inspiration to the current class of emboldened youth activists.

Viewed from this perspective, the voices of young people must be recognized and actively engaged in our fight for social justice in America and throughout the world. Those voices include the likes of anti-gun activists and Parkland school shooting survivors David Hogg and Emma Gonzalez, global environmental activists Greta Thunberg and Flint, Michigan native Mari Copeny, known as “Little Miss Flint,” and now Gorman. It’s not only important to recognize their activism but to appreciate that without it, we will fail to reach the next rung on the ladder of equity, opportunity, and justice in America.

Without the activism of Gen-Z, we fail to reach the next rung on the ladder of equity, opportunity, and justice in America.
Generation Z: The Leaders We Need

Against the backdrop of the pandemic and economic devastation, the summer of 2020 forced us to reckon with the horrific murders of Ahmaud Arbery, Breonna Taylor, Elijah McClain, George Floyd, and so many others at the hands of police. We marched, protested for change, and the surge of the Black Lives Matter movement spanned oceans. We called for legislative action to strike down the pillars of white supremacy undergirding the foundation of the United States. We forced the start of difficult conversations. And at the forefront of this cultural shift was Gen Z.

This generation has called for expediency in eradicating inequities across the map. They have refused to accept silence from brands that have the platforms to speak up and make a difference, and pushed back against those whose words are solely performative. For Gen Z, a crucial requisite for justice is intention and purposeful action.

As younger people continue to step up and speak out, we must ask ourselves: How can we learn and leverage their activism to effect change more broadly? What does letting Gen Z lead really look like?

When we think of dynamic futurism and the forward-thinking solutions to the ever-growing problems plaguing our world, Gen Z voices can be the most powerful ones at the podium.

And when Amanda Gorman spoke on inauguration day, her words acknowledged the past and inspired future possibilities. In referencing the “shadows” rather than the darkness, she may have been referencing the work of those freedom fighters for justice from generations ago. It’s not completely dark, but there still remains important work to be done. Her final refrain tells us inherently what Generation Z is already doing, and how we can emulate their example to bring about positive change.

“For there is always light, if only we’re brave enough to see it. If only we’re brave enough to be it.”

The Dawn is Ours: Gen-Z & the Fight for Social Justice was originally published in Omidyar Network on Medium, where people are continuing the conversation by highlighting and responding to this story.


Oasis Open

XACML v3.0 Related and Nested Entities Profile v1.0 approved as a Committee Specification

This XACML profile defines the means to reference attributes that are properties of entities which are related to the access subject or resource from within XACML policies, for processing by a policy decision point. The post XACML v3.0 Related and Nested Entities Profile v1.0 approved as a Committee Specification appeared first on OASIS Open.

Approved by the TC and fully ready for testing and implementation

OASIS is pleased to announce the approval and publication of a new Committee Specification by the members of the eXtensible Access Control Markup Language (XACML) TC [1]:

XACML v3.0 Related and Nested Entities Profile Version 1.0
Committee Specification 02
16 February 2021

Overview:

It is not unusual for access control policy to be dependent on attributes that are not naturally properties of the access subject or resource, but rather are properties of entities that are related to the access subject or resource. This profile defines the means to reference such attributes from within XACML policies for processing by a policy decision point.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Editable source (Authoritative):
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs02/xacml-3.0-related-entities-v1.0-cs02.docx
HTML:
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs02/xacml-3.0-related-entities-v1.0-cs02.html
PDF:
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs02/xacml-3.0-related-entities-v1.0-cs02.pdf
XML schemas:
https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs02/schemas/

Distribution ZIP file

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:

https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/cs02/xacml-3.0-related-entities-v1.0-cs02.zip

Members of the eXtensible Access Control Markup Language (XACML) TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references

[1] eXtensible Access Control Markup Language (XACML) TC
https://www.oasis-open.org/committees/xacml/

[2] Details of public reviews:
– https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/csd02/xacml-3.0-related-entities-v1.0-csd02-public-review-metadata.html

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3567

The post XACML v3.0 Related and Nested Entities Profile v1.0 approved as a Committee Specification appeared first on OASIS Open.


Berkman Klein Center

Provocations for a better internet

There’s a renewed interest in a more contextual, associative, networked future for the internet. One that breaks us from restrictive digital gardens. One that’s healthier, freer and safer. This piece includes a curated set of provocations based on community discussions in a limited working group focused on why the internet is broken and what needs to change. Weavings by Rafaël Rozendaal Today

There’s a renewed interest in a more contextual, associative, networked future for the internet. One that breaks us from restrictive digital gardens. One that’s healthier, freer and safer. This piece includes a curated set of provocations based on community discussions in a limited working group focused on why the internet is broken and what needs to change.

Weavings by Rafaël Rozendaal
Today’s digital public spaces amplify the inequities of physical public space. It’s a game of the top 1% driven by who can generate the most “viral” content. Systems that rely on the virality of user-generated content fundamentally lead to an even more skewed and inequitable future.

-Jad Esber

Today’s content platforms have a back-catalog problem. The content is delivered in ephemeral formats and creators lose out on opportunities to monetize their back catalogs. Incentivizing more discoverability and search within the archives will lead to more evergreen content and less content designed for virality or disposability.

-Sari Azout

The web is not finished. We have forgotten that the web was built only yesterday by a small, bold group of privileged men. They are not magical men. They are not distinctly different to anyone reading this, despite the grand technological-saviour narratives we spin about them. They had access to the right information and resources at the right time. They were told they had the right to build whatever they wanted.
If you don’t look, sound, and act like them, it’s likely no one is going to tell you that you also have the right to build whatever you want. You don’t fit into our current cultural narratives. Until we start telling different stories about who gets to edit, revise, and expand the web, the right people won’t show up to do it.

-Maggie Appleton

Metaphors have a deep impact on the interaction constraints between us and the technology we use. To evolve to more meaningful and equitable digital interactions, we must be cautious in choosing better ones, as a collective.

-Prakhar Shivam

Building a better relationship between the internet, computing and people presupposes an inner revolution. As in M. C. Escher’s “Drawing Hands,” the riddle guarding the threshold is: where is the creative agency? The internet is a tool that reflects us, its creators. It is a tool that reflects the current state of our (consensus) knowledge — of, for instance, the nature of the human being, the value and meaning of human existence, the role of institutions vis a vis the individual. Our creations reflect and reinforce a worldview in which the creative faculties of the human being are placed in service of the accumulation of power. Imagine a socio-economic architecture in which the potential of the human being is consecrated as the greatest asset! Our conception of the human being would need to be other than what it is. The creative agency must first be seen, and seen clearly. (“By whom?” asks Escher.) Otherwise, its creations will take on the status of idols.

-Caroline Nguyen

Today’s platforms practice UCD (User-Centered Design) — where the user is a consumer, not a creator. Platforms over-optimize around the consumer experience and force creators to adapt their work to cater to the platform. It should be the opposite. Creators often struggle with the extra work on top of their practice: visual artists should not have the burden to adapt their work to perform well on Instagram. We must shift from User-centered Design to Creator-First Design.

-Kirill Noskov

The future of the internet has the potential to determine the future of humanity. Our lives are increasingly shifting to digital realms and spaces. VR and AR are set to become mainstream in the coming decade. And so will the metaverse.
Like their physical counterparts, these virtual landscapes stand to influence and mold all of us. This is a big opportunity in many ways, but it is also a danger. Will the metaverse also be built to exploit our insecurities and promote divisiveness for financial and power gains? What is going to be our guiding principle?

-Sai Arunachalam

When Alice ventured into Wonderland, she was asked by a haughty Caterpillar, “Who are you?”. Hesitant in her reply, Alice struggled to explain herself. After consuming several reality-altering potions, she no longer was sure if she was her ‘true’ self.
As venturers of the Internet, we similarly teeter along a shifting sense of our own identity. Our Internet-selves exist within various narrative threads from fake authenticity, herd logic to genuine connections. We oscillate along a precipitous path between being data-driven in the knowledge we find to a form of informational madness. Each byte of information we take in alters our thinking. We should be more careful about what we consume. We must find the equilibrium between chaos and rigidity, lest we find ourselves becoming the Red Queen we didn’t want to be.

-Daniel Jiang

Provocations for a better internet was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.


OpenID

OpenID Foundation Certification Program Update, Program Expansion and Fees Increases

The increasing importance of certification to global adoption is being shown by the participation of government and regulator representatives in OpenID Foundation working groups and in our membership. It is also quantified in the uptick in certification services. The OpenID Certification Program continues its success in 2021 with over 500 certifications of almost 200 implementations […] The post

The increasing importance of certification to global adoption is being shown by the participation of government and regulator representatives in OpenID Foundation working groups and in our membership. It is also quantified in the uptick in certification services. The OpenID Certification Program continues its success in 2021 with over 500 certifications of almost 200 implementations and counting.

The program’s increase in Financial-grade API (FAPI) certifications in 2020 with banks and fintechs in the UK, Australia and other jurisdictions increasing involvement in how conformance to the FAPI specification is displayed in the Foundation’s listing of certifications. The Foundation anticipates a continued increase of certifications in 2021 with jurisdictions including the US, Canada, Bahrain and Brazil adopting the FAPI standard and leveraging FAPI conformance and certification.

The certification program will continue to expand with the implementation of eKYC & IDA conformance tests and certification in 2H 2021. The evolution is supported in part by directed funding led by Foundation member, yes.com. The Foundation anticipates other members following yes’ lead to support program extensions and encourages other members to join support for international expansion.

The fifth year of the certification program has seen a significant need for the in depth technical knowledge and experience that is required to process certification requests. The process often includes team members helping many through the conformance testing and the certification process. As FAPI certifications have increased, these requests require additional time as an increasing international set of testers are new to self-certification.

The OpenID Foundation continues to heavily subsidize the certification program exceeding 70% in 2020. The Foundation’s board of directors understand the strategic importance of the certification program in ensuring robust, conformant implementations. But they also have a duty to ensure the financial viability of the program and the Foundation.

At the OpenID Foundation’s annual board of directors meeting on Thursday, February 18, 2021, the directors reviewed and considered the current state of the program and unanimously approved increases to the certification fees. These increases will go into effect March 1, 2021 with the goal to drive towards a self-sustaining program in 2021 and beyond.

Certification fees will be as follows as of March 1, 2021:

Connect Certifications

Member $700 Non-member $3,500

Financial-grade API (FAPI) Certifications

Member $1,000 Non-member $5,000

The Foundation will continue to expand its outreach efforts in 2021 via practical technical workshops to provide education and guidance on FAPI conformance and certifications to best reach the community at large. The Foundation successfully hosted a series of these workshops in the UK with the Open Banking Implementation Entity (OBIE) in 2020. We’ll use these prior successes as templates in hosting workshops in new jurisdictions with partners and sponsors in 2021 with workshops soon to be announced and published on the Foundation’s “events” page.

Any questions or comments can be directed to director@openid.net. Thank you for your continued support of and contributions to the OpenID Foundation.

 

 

 

 

The post OpenID Foundation Certification Program Update, Program Expansion and Fees Increases first appeared on OpenID.

Digital Scotland

Service Design in Scottish Local Government

A Digital Office webinar with Steven Kyle of Dundee City Council, explaining Service Design and it's application in Scotland. The post Service Design in Scottish Local Government appeared first on DigitalScot.net.

In this video Stephen Kyle, the Changing for the Future program manager from Dundee City Council talks about Service Design in Scottish Local Government.

Before summarizing the video, let’s talk about what is service design and what does service design do?

What is service design?

Service design is a process where designers create sustainable solutions and optimal experiences for both customers in unique contexts and any service providers involved. Designers break services into sections and adapt fine-tuned solutions to suit all users’ needs in context—based on actors, location and other factors. Service design originated from the combination of marketing, service operations, and user-centered design.

Marc Stickdorn and Jakob Schneider, authors of This is Service Design Thinking, identify five key principles—for service design to be:

User-centered – Use qualitative research to design focusing on all users. Co-creative – Include all relevant stakeholders in the design process. Sequencing – Break a complex service into separate processes and user journey sections. Evidencing – Envision service experiences to make them tangible for users to understand and trust brands. Holistic – Design for all touchpoints throughout experiences, across networks of users and interactions

Service design concepts and ideas are typically portrayed visually, using different representation techniques according to the culture, skill and level of understanding of the stakeholders involved in the service processes. Services unfold over time. Some parts of services are visible to the service user; these parts are called front stage. Some part of services are not visible to the service user; these parts are called back stage.

What does service design do?

Service designers design the end-to-end journey of a service. This helps a user complete their goal and government deliver a policy intent. In this role, your work may involve the creation of, or change to, transactions, products and content across both digital and offline channels provided by different parts of government.

Video Summary

In this video Stephen Kyle will talk about the service design in Scottish Local Government. He is the Changing for the Ffuture program manager from Dundee City Council.

Firstly, he talked about the definition of service design. Service design is one of the methodologies for transformation and it is quite a new thing in Scotland, and is gaining a lot interest. Service design thinking is an iterative process that involves discover, define, develop and deliver.

This process is like unpacking a problem such as exploration, creation, reflection and implementation. In exploration phase the problem is being explored widely. In this phase they interact with people and listen to their issues then they come up with an idea to solve it. Service design is about understanding the reality, not just the planned process.

This process is designed one-way but it has many dimensions. Customer’s experience regarding the process and mapping the model what’s going on is very important in this process. Back stage of a problem is the internal processes. Front stage is about customer.

Service design is a reminder that needs to think about the front stage that is the customers. Customer’s viewpoint about how they are using a service is more important that service designer’s viewpoint who is actually designing it. Citizen/Customer engagement is at the heart of the service design. Service design is built for the needs of the citizen.

The continuous improvement cycle of this process involves identification of opportunities in the process workflow, planning about how can the current process be improved, execution that is implementing the changes and lastly reviewing how changes are working for the team. The cycle of continuous service design includes current state analysis and customer insights, current customer journey and pain points, target state, re-designing touch points, prototype and organizational experiments lastly management and iteration.

There are two tools that are used in the service design. One is UX Wrench and other is Service Design Chain Show. In UX Wrench there are digital and physical experience design wrench that lets a person adjust user engagement. In Service Design Chain Show there is service innovation and management chainsaw that helps shred through business model design.

The Scottish approach towards the service design is seeding, growing and flourishing. The seeding started in 2016 which involves finding works, building networks and championing programs. The growing started in 2017-2018 which involves co-producing principles, tools and methods of the Scottish approach to service design and building capacity.

The flourishing started in 2020 which includes establishment of the ability to scale and continuous improvement. The citizen journey of service design is not straight forward. Citizen journey in public sector is usually very complicated. Citizens re-explaining and message lost between departments and organizations is pretty complex.

The principles of Scottish approach to services designs are:

Using public services should be simple. Users should be in the room when design decisions that affect them are made. All the people of Scotland should be able to join the service design. Learn, understand and envision make the test and deliver together. The reasons behind this Scottish Approach are design for policy, design as capability and design for discrete problems.

Snook is a service design agency based in Glasgow, London and it helps organizations make their service better. Livework is a research and design consultancy and a global pioneer of service design. Futuregov is helping global and local authorities across four continents to make their public service better. Snook, Livework,

Futuregov and Design for Europe are examples how good service design looks like. Hazel White and Mikepress are the strong advocates of design for public service. They are building capacity across the Scotland to improve public policy and services. Cat Macaulay is the chief designer for the Scottish government. The digital director has got a whole team underneath her within the office of the chief designer which is consist of numerous service design within the team looking at a number of challenges that the Scottish government are delivering and are actually working in this method of service design.

Some of the service design tools are task analysis grid, service image, touchpoints matrix, mockup, poster, system map, group sketching, roleplay, actors map, motivational matrix, story telling etc. The digital office playbook aims at beginners not experts. It is a combining best practice in service design, agile, lean six sigma, open innovation and benefit realization. Digital office playbook fits with other tools through three methods namely, decision thinking, lean startup and agile software dev. There are four stage of project in digital office playbook.

These stages work in a complex process through case studies, advice, service design, agile, lean six stigma, open innovation and benefits realization.

Service design course is designed for anyone involved in the transformation of public services, digital and non-digital. It will benefit those interest in learning about new ways of thinking about solving problem, policy making and organization design. This course will give an overview about how user-centered design works and how service design approaches applied to real work.

Video Timeline

0:00 – Intro
3:47 – What is service design?
13:26 – What is the Scottish approach?
20: 32 – Why a Scottish Approach?
22:40 – What does a good service design look like?
27:57 – Service Design Tools
34:22 – Service Design Champion
36:15 – Q&A

The post Service Design in Scottish Local Government appeared first on DigitalScot.net.


Energy Web

Catalonian Grid Operator Electra Caldense, Energy Web, and Bamboo Energy Announce Grid Flexibility…

Catalonian Grid Operator Electra Caldense, Energy Web, and Bamboo Energy Announce Grid Flexibility Project Strategic collaboration will leverage open-source EW-DOS tech stack and Bamboo flexibility platform to enable battery energy storage, electric vehicles, solar photovoltaic plants, and industrial companies to provide flexibility services to the distribution grid. Electra Caldense will also jo
Catalonian Grid Operator Electra Caldense, Energy Web, and Bamboo Energy Announce Grid Flexibility Project Strategic collaboration will leverage open-source EW-DOS tech stack and Bamboo flexibility platform to enable battery energy storage, electric vehicles, solar photovoltaic plants, and industrial companies to provide flexibility services to the distribution grid. Electra Caldense will also join Energy Web as a new member.

Caldes de Montbuí, Barcelona and Zug, Switzerland — 23 February 2021 — Today Catalonian grid operator Electra Caldense Distribució, energy retailer Electra Caldense Energia, Energy Web, and Bamboo Energy announced the launch of the joint initiative ElectraFlex. The initiative will focus on the deployment of a digital platform that will allow Electra Caldense to utilize the flexible capacity of assets connected to their electricity network. Other project partners include energy storage company CEGASA, electric vehicle charge point provider Vega Chargers, and industrial customers Top Cable and Recam Laser.

Oriol Xalabarder, CEO of Electra Group, stated: “We are very excited to join Energy Web and Bamboo Energy on this amazing project together with all other partners and are convinced that we will be generating the necessary innovation and knowledge in order to face energy transition challenges as both a 100% renewable energy retailer and a distribution system operator.”

For more than 100 years, Electra Caldense has been the distribution system operator for a region of the Spanish power grid just north of Barcelona. Today it serves more than 12,400 customers. In recent years, Electra Caldense has undertaken a number of innovation projects, including involvement in the RIS3CAT Energy Community. Electra Caldense is the lead coordinator for the NAenCAT project within RIS3CAT, which aims to be a smart grid benchmark by providing distributed sensor, remote control, and automation systems. The new ElectraFlex project announced today takes such efforts even further, by leveraging open-source, digital technologies.

ElectraFlex is the world’s first decentralized flexibility platform tailored for the specific needs of a distribution system operator (DSO). The multi-faceted flexibility platform will use Energy Web’s EW-DOS technology stack to assign digital identities to all connected assets and flexibility market participants, allowing them to self-register in energy markets, and offer services to Electra Caldense as well as the Spanish transmission system operator (REE) on behalf of their owners.

Further, Bamboo Energy’s software solution for demand aggregation will also be deployed to manage and optimize demand flexibility for two industrial companies, Top Cable and Recam Laser, a PV farm with batteries from CEGASA, and, in a second phase, a bidirectional electric vehicle charging station from Vega Chargers.

“Electra Caldense is emerging as a beacon of innovation for European grid operators,” explained Jesse Morris, chief commercial officer of Energy Web. “They’re showing how residential, commercial, and industrial customers — as well as their grid-edge energy assets — can become truly integrated parts of a dynamic, low-carbon electricity system.”

Xavi Bou, Deputy Manager at Electra Group, added: “The combination of an energy aggregation platform with a blockchain technology will allow us to broaden the scope of our services by offering innovative solutions to our clients in Spain so that we can unlock the transactive energy concept not only through demand flexibility markets but soon also on peer-to-peer energy transactions within renewable energy communities or other ecosystems.”

In the context of the ElectraFlex project, Energy Web will develop and deploy the EW SunSpec Gateway, an open-source toolkit for industrial single-board computers that will allow any distributed energy resource (DER) compliant with the SunSpec Modbus Specification to have its own digital identity on EW-DOS. “These gateways will be integrated into Bamboo energy’s demand aggregation software to model the resilience of each energy asset to enable the best strategy to maximise the value of their asset portfolio,” said Alex Gomar, CEO of Bamboo Energy. SunSpec is a trade alliance of roughly 100 solar and storage companies spanning Asia, Europe, and North America. Energy Web and SunSpec Alliance announced a strategic partnership in August 2020.

The ElectraFlex project started January 2021 and is expected to be completed by the end of July 2021.

In addition, on 17 February 2021, Electra Caldense became the newest official member of Energy Web. Electra Caldense will be hosting an EW Chain validator node and be an active part of the world’s largest energy blockchain ecosystem together with other utilities, grid operators, renewable energy developers, corporate energy buyers, and others.

About Electra Caldense (DSO)
Electra Caldense is a distribution system operator founded in 1917 and since then guaranteeing power supply to more than 12,400 users within 10 municipalities in the Vallès Oriental and Occidental regions (Barcelona), among other regions in Catalonia.

For more, please visit https://electracaldensedistribucio.com/es/

About Electra Caldense Energia (Energy Retailer)
Electra Caldense Energia is an energy retailer within Electra’s same group of companies, which commercializes 100% certified green energy to more than 12,800 clients, including residential and industrial customers.

For more, please visit https://electracaldenseenergia.com/es/

About Energy Web
Energy Web is a global, member-driven nonprofit accelerating the low-carbon, customer-centric energy transition by unleashing the potential of open-source, digital technologies. Our Energy Web Decentralized Operating System (EW-DOS) enables any energy asset, owned by any customer, to participate in any energy market. The Energy Web Chain — the world’s first enterprise-grade, public blockchain tailored to the energy sector — anchors the EW-DOS tech stack. The Energy Web ecosystem comprises leading utilities, grid operators, renewable energy developers, corporate energy buyers, IoT / telecom leaders, and others.

For more, please visit https://energyweb.org

About Bamboo Energy
Bamboo Energy offers a customized and flexible SaaS solution to independent aggregators and retailers to efficiently manage distributed flexibility resources. Bamboo Energy improves the aggregator operation using artificial intelligence, sophisticated mathematical models and cloud computing. At its core, it relies on the combination of advanced machine learning techniques to predict the flexibility of its clients’ portfolio and the market conditions, robust mathematical modelling and optimization algorithms for optimal portfolio management and behavior analysis. These characteristics are not present in any other aggregator software solution in the market.

For more, please visit https://bambooenergy.tech/

About CEGASA Energía
Cegasa was founded in 1934 and from the beginning we have always been a company related to electrochemical energy storage. We are manufacturers of industrial zinc-air batteries, lithium-ion batteries and energy storage solutions. Our products are developed and manufactured entirely in Europe. CEGASA has a wide range of batteries in different formats and in different energy ranges. Lithium-Ion is the rechargeable technology with the highest performance in terms of density and cycles. Added to the fact that it does not require any type of maintenance, it is the best cost-performance solution. CEGASA designs and manufactures products and solutions based on Lithium-Ion to meet the needs of energy accumulation, applied to industrial traction, mobility, stationary systems and renewable energies.

For more, please visit www.cegasa.com/en/

About Vega Chargers
Vega Chargers is a company specialized in the design of Quick Chargers (DC) for electric vehicles. At Vega Chargers we work every day to make possible a more sustainable present and future in terms of mobility, for this we analyze the needs of our clients and provide flexible and scalable charging solutions for electric vehicles, starting with conception and design and going through manufacturing and distribution. In addition, we develop comprehensive software systems that together with our charging stations are the perfect pairing to accelerate the adoption of the electric vehicle.

For more, please visit www.VegaChargers.com

Catalonian Grid Operator Electra Caldense, Energy Web, and Bamboo Energy Announce Grid Flexibility… was originally published in Energy Web Insights on Medium, where people are continuing the conversation by highlighting and responding to this story.

Monday, 22. February 2021

Digital ID for Canadians

Decentralized Identity and DIACC PCTF Authentication

While the Authentication component may have been mostly developed before Decentralized Identity approaches emerged, this document demonstrates that Authentication is applicable in the context of…

While the Authentication component may have been mostly developed before Decentralized Identity approaches emerged, this document demonstrates that Authentication is applicable in the context of Decentralized Identity systems and encourages service providers not to lose sight of good security practice even in the face of new approaches.

Download the paper.

Decentralized-Identity-and-DIACC-PCTF-Authentication


Digital ID, the next step to easier, more convenient government services for citizens

Contributions made by members of the DIACC’s Outreach Expert Committee Across the country, governments are grappling with digital transformation, in an effort to offer services…

Contributions made by members of the DIACC’s Outreach Expert Committee

Across the country, governments are grappling with digital transformation, in an effort to offer services to citizens and businesses with greater flexibility and ease of access. With COVID-19, these efforts are all the more pressing to enable service at a distance and recognize that many people have settled into a new, more remote way of operating.

Moving governments online is not a new focus. Governments have been tackling this transformation for well over 10 years. As technology has advanced and people have grown comfortable transacting digitally, government efforts have also increased to put more information and services online. Yet, the more complex services, (i.e., ones that deal with sensitive data, require multi-ministry involvement, or involve large payouts by way of grants or loans), still generally remain offline, largely due to one key problem: proving that the person behind the computer is who they say they are. The answer to this problem is digital ID.

Digital ID is the ability to identify someone electronically and confirm that they are the right person for a specific activity. When coupled with program information, a Digital ID can help confirm that the person has permission or authorization to carry out a transaction or activity. When delivered well, it offers citizens and businesses improved data security, increased flexibility to access government services when and how they want, and ultimately is a key foundation for accelerating our digital economy. Just think of all the times in banking, education, health and even buying alcohol where you’re required to produce a physical ID.

In a digital ID world, improved privacy and security can complement convenience, rather than inhibit it. The old ways ask us to show up in person for a signature or to show ID, or to fill out a form with all sorts of personal information that is then collected and stored where it’s left susceptible to hacks, and frankly, simply becoming out of date. Digital IDs allow us to confirm information without storing it. Governments can ask you for personal information – an address, birthdate, or even your photo – and compare it against sources of truth like vital stats or the driver’s license database. But then, critically, that information is discarded. No additional storage and you’ve proven it’s you without leaving your own home.

The promise has been significant, but until recently it has been inhibited by immature technology, a lack of standards to build trust and safeguard Canadians, and with few exceptions, a lack of public-sector investment to dig in and get digital IDs delivered across the country. Fortunately, in the last few years that’s all started to change.Both Alberta and British Columbia have launched digital IDs, with BC including a mobile card and a Verify by Video option. Provinces like Quebec have madesignificant investments, and other jurisdictions likeOntario, Saskatchewan, Yukon, Nova Scotia, Newfoundland, Prince Edward Island, and New Brunswick are nudging into the space with pilots, proofs of concepts and digital ID components offered through their single-sign ons. Enabling the broader digital economy is also on the horizon. Digital documents, such as government-issued licences, permits, and education credentials, are envisioned to support digital trade and commerce, and to enable individuals and organizations to participate in the digital economy and society.

In short, federal, provincial, territorial and municipal collaboration is coalescing like never before, with strong leadership and a sense of purpose. Digital ID solution providers are emerging in Canada’s tech sector, thanks in part to creative challenges, pilot projects and investment from the public sector. The Pan-Canadian Trust Framework, and its public sector counterpart, the Public Sector Profile, have emerged to provide the blueprints for digital ID in Canada and are being accelerated with the increasing realization that social distancing is here to stay, for a while.

Once we have the confidence that the person on the internet is truly who they say they are, that they are a legitimate, verified person, it opens up a whole new world of possibilities. We can start to attach proofs to digital ID, like proof of vaccination or essential worker status. We can use digital IDs to prove online that we’re the correct person to write an exam, sign a mortgage or contract, or stamp blueprints.

We can use digital IDs to speed up lines at the airports, borders and other secure access points with trusted, reliable ‘scan and go’ systems, and we can use digital ID to help maintain that all important social distancing, protecting the safety of workers and citizens by not having to hand over your physical ID card and instead presenting your phone to be scanned. Digital ID offers Canadians improved data security, enhanced access and increased flexibility when dealing with governments, and ultimately will support ushering in an enhanced digital economy.

Governments across the country are working harder than ever to make digital ID a reality. The necessary investment, focus, and accelerators that allow governments to move with trust and confidence are finally starting to come together. With COVID-19 still very much present, now more than ever is the time to make the shift. Look to the DIACC to learn more about digital ID and primary accelerators like the Pan-Canadian Trust Framework and the ever growing vendor community working to verify identity online.


Spotlight on Vaultie

1.What is the mission and vision of Vaultie? At Vaultie our mission is to allow physical people to both provide, and control, indisputable links to…

1.What is the mission and vision of Vaultie?

At Vaultie our mission is to allow physical people to both provide, and control, indisputable links to their digital documents (and other assets) while providing complete user control over their documents privacy. From legal documents to payments to driver’s licenses, we strive to let people stand beside their actions and intent. We do this by building secure, easy-to-use software based on verifiable credentials, blockchain, and ethical facial recognition. All of which have incredible power to enable this technology and together are creating the ability to provide a safer and more efficient future.

2. Why is trustworthy digital identity critical for existing and emerging markets?

A trustworthy digital identity is critical for existing and emerging markets because it breaks down barriers and allows business to be conducted regardless of location and economic circumstances. The ability to trust a person, despite not having them physically present is necessary to allow cross-border cooperation on business activities and this software facilitates this.

3. How will digital identity transform the Canadian and global economy? How does your organization address challenges associated with this transformation?

Digital identity will streamline the way Canadians access their most important services, from government services to banking, to legal documents. Most importantly, digital identity and authentication shift control of that information to the user which is more secure and protects their privacy.

Digital identities will become a critical compliance tool for many businesses, particularly banking, law, government services, and insurance by facilitating trust between the person and a “Verifier”. On the most relatable level, the trust that can be facilitated by digital identity enables Canadians to spend less time physically having to go somewhere to show credentials or sign documents and more time on their own projects or with their families.

4. What role does Canada have to play as a leader in this space?

Canada has already demonstrated its ability to lead the charge in digital identity and services. It has an educated user base who are demanding frictionless interactions with industries that seem to be willing to adopt them. DIACC plays a central role in bringing all of those players to the table and creating a unified landscape which we can use to facilitate digital identity standards across various industries. We’re thrilled to be joining the conversation on how to best make that a reality.

5. Why did your organization join the DIACC?

We think Verifiable Credentials and digital ID play an important role in shaping the way Canadians access their services and conduct business. There’s a lot of industries that need to collaborate in order to facilitate that reality. We joined DIACC to be part of that conversation, offer our expertise on Identity linked documents, and learn how we can facilitate the adoption of digital ID and authentication through conversations with other industry players.

6. What else should we know about your organization?

We’re a group of young energized technologists, with backgrounds in financial services and blockchain, and access to a coffee machine! We’re driven by allowing people to show transparency in their business dealings, while maintaining their privacy. Vaultie started off with a goal of creating a fraud-proof digital signature, which could show indisputable proof that a person, and not just their account, signed a document. We’re really proud of our Vaultie digital signature product, which can be verified and trusted by any third party the signatory chooses to share it with. We could not have dreamed about the opportunities that now exist with digital credentials and are excited to be working on the future of trustless interactions.


Oasis Open

Invitation to comment on STIX™ V2.1 and TAXII™ V2.1 before Call for Consent as OASIS Standards – ends April 23rd

The specifications, defining a free, open language for describing and exchanging cyber threat intelligence, enters the 60-day public review that precedes the call for consent as an OASIS Standard. The post Invitation to comment on STIX™ V2.1 and TAXII™ V2.1 before Call for Consent as OASIS Standards – ends April 23rd appeared first on OASIS Open.

The specifications, defining a free, open language for describing and exchanging cyber threat intelligence, enters the 60-day public review that precedes the call for consent as an OASIS Standard.

OASIS and the Cyber Threat Intelligence (CTI) TC [1] are pleased to announce that STIX Version 2.1 and TAXII Version 2.1 are now available for public review and comment. General information and background about these public reviews can be found in https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02-public-review-metadata.html and https://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01-public-review-metadata.html.

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence. STIX enables organizations and tools to share threat intelligence with one another in a way that improves many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

The TC received 3 Statements of Use from Accenture Security, Fujitsu, and New Context [2].

TAXII is an application layer protocol for the communication of cyber threat information in a simple and scalable manner. it is specifically designed to support the exchange of CTI represented in STIX, but is not limited to STIX.

The TC received 5 Statements of Use from Fujitsu, Celerium, LookingGlass Cyber Solutions, Cyware Labs, and FreeTAXII [3]

The candidate specifications and related files are available here:

STIX Version 2.1
Committee Specification 02
25 January 2021

Editorial source (Authoritative):
https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.docx

HTML:
https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.html

PDF:
https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.pdf

TAXII Version 2.1
Committee Specification 01
27 January 2020

Editorial source (Authoritative):
https://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01.docx

HTML:
https://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01.html

PDF:
https://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP files at:

STIX: https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.zip

TAXII: https://docs.oasis-open.org/cti/taxii/v2.1/cs01/taxii-v2.1-cs01.zip

Public Review Period

The 60-day public reviews start 23 February 2021 at 00:00 UTC and end 23 April 2021 at 23:59 UTC.

This is an open invitation to comment. OASIS solicts feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility as explained in the instructions located via the button labeled “Send A Comment” at the top of the TC public home page, or directly at:

https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=cti

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:

http://lists.oasis-open.org/archives/cti-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with these public reviews of “STIX V2.1″ and “TAXII V2.1,” we call your attention to the OASIS IPR Policy [4] applicable especially [5] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information

[1] OASIS Cyber Threat Intelligence (CTI) TC
https://www.oasis-open.org/committees/cti/

[2] STIX statements of use

Accenture Security:
https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202102/msg00006.html Fujitsu:
https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202102/msg00005.html New Context:
https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202101/msg00027.html

[3] TAXII statements of use

Fujitsu:
https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202102/msg00005.html Celerium:
https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202007/msg00002.html LookingGlass Cyber Solutions:
https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202006/msg00019.html Cyware Labs:
https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202007/msg00033.html FreeTAXII:
https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202101/msg00028.html

[4] https://www.oasis-open.org/policies-guidelines/ipr

[5] https://www.oasis-open.org/committees/cti/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode
Non-Assertion Mode

The post Invitation to comment on STIX™ V2.1 and TAXII™ V2.1 before Call for Consent as OASIS Standards – ends April 23rd appeared first on OASIS Open.


WomenInIdentity

Women in Identity’s 2020 Annual Report is out now!

Women in Identity continues to grow, in terms of membership, sponsorship and all the opportunities that have been created. Our progress is true testament to how important the topic of… The post Women in Identity’s 2020 Annual Report is out now! appeared first on Women in Identity.

Women in Identity continues to grow, in terms of membership, sponsorship and all the opportunities that have been created. Our progress is true testament to how important the topic of Diversity and Inclusion (D&I) is within our industry. And how passionately so many of us feel about it.

Download the report here (opens in new tab)

The post Women in Identity’s 2020 Annual Report is out now! appeared first on Women in Identity.

Saturday, 20. February 2021

OpenID

Resolution Thanking Don Thibeau for his Service

The OpenID Foundation Board of Directors unanimously approved the following resolution, proposed by Mike Jones and seconded by John Bradley, thanking Don Thibeau for his service: Resolved: The OpenID Foundation board thanks Don Thibeau for his exemplary service to the OpenID Foundation and the worldwide identity community during his decade-long service as Executive Director. The […] The post Reso

The OpenID Foundation Board of Directors unanimously approved the following resolution, proposed by Mike Jones and seconded by John Bradley, thanking Don Thibeau for his service:

Resolved:

The OpenID Foundation board thanks Don Thibeau for his exemplary service to the OpenID Foundation and the worldwide identity community during his decade-long service as Executive Director. The board looks forward to working with Don in his new role as Non-Executive Director with the OpenID Foundation. The board appreciates Don’s ongoing commitment to the success of the OpenID Foundation, including continuing to participate in strategic decision-making, continuing to engage with key liaison partners, and mentoring the new Executive Director, when hired. The post Resolution Thanking Don Thibeau for his Service first appeared on OpenID.

Friday, 19. February 2021

SelfKey Foundation

KEY & KEYFI Airdrop for KEY Token HODLers on Binance

Two airdrops are better than one! SelfKey and KeyFi, together with Binance, are bringing you not one but TWO airdrops for KEY token hodlers on Binance.com. The post KEY & KEYFI Airdrop for KEY Token HODLers on Binance appeared first on SelfKey.

Two airdrops are better than one! SelfKey and KeyFi, together with Binance, are bringing you not one but TWO airdrops for KEY token hodlers on Binance.com.

The post KEY & KEYFI Airdrop for KEY Token HODLers on Binance appeared first on SelfKey.


Own Your Data Weekly Digest

MyData Weekly Digest for February 19th, 2021

Read in this week's digest about: 9 posts
Read in this week's digest about: 9 posts

Thursday, 18. February 2021

SelfKey Foundation

Something Huge is Coming your Way 📢🚀

SelfKey Weekly Newsletter Date – 17th February, 2021 Stay tuned! An announcement is coming your on 19th February, 2021. The post Something Huge is Coming your Way 📢🚀 appeared first on SelfKey.

SelfKey Weekly Newsletter

Date – 17th February, 2021

Stay tuned! An announcement is coming your on 19th February, 2021.

The post Something Huge is Coming your Way 📢🚀 appeared first on SelfKey.

Wednesday, 17. February 2021

Oasis Open

Service Metadata Publishing (SMP) Version 2.0 OASIS Standard published

Standard describes the request/response exchanges between a Service Metadata Publisher and a client wishing to discover endpoint information in a 4-corner network The post Service Metadata Publishing (SMP) Version 2.0 OASIS Standard published appeared first on OASIS Open.

Standard describes the request/response exchanges between a Service Metadata Publisher and a client wishing to discover endpoint information in a 4-corner network

OASIS is pleased to announce the publication of its newest OASIS Standard, approved by the members on 14 February 2021:

Service Metadata Publishing (SMP) Version 2.0
OASIS Standard
14 February 2021

Overview

SMP v2.0 describes a protocol for publishing service metadata within a 4-corner network.

In a 4-corner network, entities are exchanging business documents through intermediary gateway services (sometimes called Access Points). To successfully send a business document in a 4-corner network, an entity must be able to discover critical metadata about the recipient of the business document, such as types of documents the recipient is capable of receiving and methods of transport supported. The recipient makes this metadata available to other entities in the network through a Service Metadata Publisher service.

This specification describes the request/response exchanges between a Service Metadata Publisher and a client wishing to discover endpoint information. A client can either be an end-user business application or a gateway/access point in the 4-corner network. This specification also defines the request processing that must happen at the client.

The TC has received four Statements of Use from IBM, Philip Helger, the Federal Reserve Bank of Minneapolis, and Efact.

URIs

The OASIS Standard and all related files are available here:

Editable source (Authotative):
https://docs.oasis-open.org/bdxr/bdx-smp/v2.0/os/bdx-smp-v2.0-os.docx

HTML:
https://docs.oasis-open.org/bdxr/bdx-smp/v2.0/os/bdx-smp-v2.0-os.html

PDF:
https://docs.oasis-open.org/bdxr/bdx-smp/v2.0/os/bdx-smp-v2.0-os.pdf

XML schemas and documentation:
https://docs.oasis-open.org/bdxr/bdx-smp/v2.0/os/xsd/
https://docs.oasis-open.org/bdxr/bdx-smp/v2.0/os/xsdrt/
https://docs.oasis-open.org/bdxr/bdx-smp/v2.0/os/mod/

Distribution ZIP files

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:

https://docs.oasis-open.org/bdxr/bdx-smp/v2.0/os/bdx-smp-v2.0-os.zip

Our congratulations to the members of the OASIS Business Document Exchange (BDXR) TC on achieving this milestone.

The post Service Metadata Publishing (SMP) Version 2.0 OASIS Standard published appeared first on OASIS Open.


Kantara Initiative

Kantara Approves Neustar Caller Authentication, Identity Verification and Digital Identity Risk as a Component Service

Neustar’s digital and call center identity service is conformant with NIST SP 800-63 rev.3 (Technical) Class of Approval at IAL2 and AAL2  Feb. 17, 2021 – STERLING, Virginia – Neustar Inc., a global information services and technology company and leader in identity resolution, today announced its Caller Authentication, Identity Verification and Digital Identity Risk service has been approved

Neustar’s digital and call center identity service is conformant with NIST SP 800-63 rev.3 (Technical) Class of Approval at IAL2 and AAL2 

Feb. 17, 2021 – STERLING, Virginia – Neustar Inc., a global information services and technology company and leader in identity resolution, today announced its Caller Authentication, Identity Verification and Digital Identity Risk service has been approved by Kantara Initiative as a Component – Partial Service, conformant with NIST SP 800-63 rev.3 (Technical) Class of Approval at Identity Assurance Level 2 (IAL2) and Authenticator Assurance Level 2 (AAL2). Kantara is the leading global consortium improving trustworthy use of identity and personal data through innovation, standardization and good practice. As the provider of a Credential Service, approved by Kantara Initiative, Neustar can more effectively serve the federal market and address digital identity proofing and authentication service requirements with accurate, frictionless identity verification. 

NIST 800-63-3 guidelines aim to decrease the risks of unauthorized access to individuals’ information by standardizing the security requirements for all citizen-facing applications that require a high degree of trust, beginning with digital identity verification. Designated within the Kantara NIST 800-63 rev.3 (Technical) Class of Approval, Neustar’s approval offers a trusted service to federal agencies.

“From coordinating complex federal initiatives, like contact tracing, to fielding daily service calls involving the transfer of personal and financial information, it is critical that governments have the proper tools in place to verify the identity of the person on the other end of the interaction with confidence, speed and accuracy,” said Tom McNeal, vice president of partner channel and public sector for Neustar. “These solutions have been reducing customer friction and fraud across multiple private sector industries, like finance and healthcare, for years. This approval gives an essential third-party validation to our exceptional identity authentication and resolution solutions and signals the unique value our solutions bring to improving government and customer experience in the phone and digital channels. These solutions will enable an omni-channel customer experience for governments akin to those provided in the private sector, at the moments that matter most.”

Neustar authentication solutions accurately and seamlessly identify and authenticate the person on the other end of every interaction. For call center agents, Neustar Inbound Authentication securely verifies and authenticates an inbound caller’s identity before a government agency’s IVR system engages with the caller. For web users and those accessing digital services, Neustar Digital Identity Risk authenticates the consumer behind the device by automatically comparing the applicant’s submitted PII to device-based observations and corroborating the device information with the person’s offline identity data. Powered by Neustar’s OneID® – an unrivaled identity graph platform that enables resolution of virtual and physical identifiers by responsibly connecting people, location, and device data – Neustar authentication solutions reduce risk exposure and maximize efficiencies for government agencies, while also removing friction and improving the citizen experience for legitimate customers. 

“As part of Kantara’s mission to improve the trustworthy use of identity and personal data in a secure, privacy-enabled connected world, we’ve developed criteria to assess an organization’s ability to meet the security and privacy controls for all U.S. federal information systems,” said Colin Wallis, executive director of the Kantara Initiative. “Neustar’s Caller Authentication, Identity Verification and Digital Identity Risk service has been assessed against Kantara service assessment criteria under NIST SP 800-63 rev.3 (Technical) Class of Approval, at IAL2 and AAL2, and it is approved as a Component – Partial Service. This Kantara Trust Mark provides assurance about Neustar’s digital and call center identity service to federal agencies and others looking to improve their authentication and fraud prevention strategies.” 

Neustar’s NIST SP 800-63-3 certification is available for the public to view here. For more information about Neustar and its authentication and identity resolution solutions, visit https://www.risk.neustar. To learn more about Kantara Initiative, visit https://kantarainitiative.org.

About Neustar
Neustar is an information services and technology company and a leader in identity resolution providing the data and technology that enables trusted connections between companies and people at the moments that matter most. Neustar offers industry-leading solutions in Marketing, Risk, Communications and Security that responsibly connect data on people, devices and locations, continuously corroborated through billions of transactions. Neustar serves more than 8,000 clients worldwide, including 60 of the Fortune 100. Learn how your company can benefit from the power of trusted connections here: https://www.home.neustar.

About Kantara

The Kantara Initiative is the leading global community commons improving trustworthy use of identity and personal data through innovation, standardization and good practice. Kantara nurtures ground-breaking R&D, develops specifications and operates conformity assessment programs for the digital identity and personal data ecosystems. Kantara provides its coveted eID assisting Identity Assurance Trust Mark and ground-breaking specifications for User Managed Access, and the privacy enabling Consent Receipt. More information is available at https://kantarainitiative.org/.

Follow Kantara Initiative on Twitter — @KantaraNews.

The post Kantara Approves Neustar Caller Authentication, Identity Verification and Digital Identity Risk as a Component Service appeared first on Kantara Initiative.


Me2B Alliance

Rebuilding Respectful Relationships in the Digital Realm

Our reliance on digital technologies has never been greater. At the same time, the relationships we have with digital products and services are increasingly complex and multi-dimensional while our legal protections lag behind and put us at risk. Find out what policymakers should do in order to address these vulnerabilities and help us rebuild respectful digital relationships.

Thursday, March 4th at Noon Pacific / 3pm Eastern

Read More

Elizabeth Renieris
Founder & CEO, HACKYLAWYER

Elizabeth M. Renieris is the Founding Director of the Notre Dame-IBM Technology Ethics Lab, the applied research and development arm of the University of Notre Dame’s Technology Ethics Center. She is also a Technology and Human Rights Fellow at the Carr Center for Human Rights Policy at Harvard’s Kennedy School of Government, a Practitioner Fellow at Stanford’s Digital Civil Society Lab, and an Affiliate at the Berkman Klein Center for Internet and Society. Elizabeth’s work is focused on cross-border data governance frameworks, as well as the ethical challenges and human rights implications of digital identity, blockchain, and other emerging technologies. As the Founder & CEO of HACKYLAWYER, a consultancy focused on law and policy engineering, Elizabeth has advised the World Bank, the U.K. Parliament, the European Commission, and a variety of international organizations and NGOs on these subjects.

Read Less

Tuesday, 16. February 2021

Digital Identity NZ

Join the action!

As summer progresses we have much to be thankful for in Aotearoa, even as we are in the middle of another jarring disruption.  The workers at the frontline of our prevention efforts are demonstrating incredible stamina as they remain vigilant, while our Health sector continues to deliver ever-improving contact-tracing capabilities and prepare for the massive … Continue reading "Join the actio

As summer progresses we have much to be thankful for in Aotearoa, even as we are in the middle of another jarring disruption.  The workers at the frontline of our prevention efforts are demonstrating incredible stamina as they remain vigilant, while our Health sector continues to deliver ever-improving contact-tracing capabilities and prepare for the massive logistical exercise that will come as supplies of the vaccine arrive.  

Technology has the potential to be a powerful and inclusive enabler, if we develop and deploy it with those principles in mind.  In that vein our work for 2021 is well underway.  We have two active initiatives underway, each supported by working groups of members.  One group is tackling the challenge of educating the non-technologists among us about digital identity (work that came out of our annual Trust & Identity research), while the other is looking at making the complex world of trust and Anti-Money Laundering (AML) compliance less so!  Each is meeting via Zoom on a fortnightly basis to connect on progress and priorities.  You can register to participate here:Education (Trust and Identity Research findings)AML RelianceAlso on a fortnightly basis we have our Coffee Chat – an unstructured drop-in session where you can learn more about what’s happening in digital identity, and/or come with a particular problem or issue you would like to explore.

This month sees the recommencement of our monthly webinar series.  Tomorrow we’re delighted to be joined by an expert panel who will share their thoughts on the challenges and opportunities ahead of us in 2021.  You can register for the event here.   Our March session will be the Summer edition of our quarterly Member Showcase.  We have five slots available for members to share a case study or present a collaborative opportunity.  Please contact us if you have a story to tell and would like to be featured.  

Finally, if you haven’t already, I encourage you to read the update from our Executive Council.  I will be moving on from my role with DINZ at the end of March.  I’m excited by the greenfield opportunities ahead for myself, and also the prospect of handing over to the person who will lead the next phase of DINZ’s journey.  Details of the role are here, so please spread the word if it describes someone you know!

Ngā Mihi,

Andrew Weaver
Executive Director

To receive our full newsletter including additional industry updates and information, subscribe now

The post Join the action! appeared first on Digital Identity New Zealand.


Oasis Open

Service Metadata Publishing (SMP) v2.0 approved as an OASIS Standard

The standard describes a protocol for publishing service metadata within a 4-corner network The post Service Metadata Publishing (SMP) v2.0 approved as an OASIS Standard appeared first on OASIS Open.

The standard describes a protocol for publishing service metadata within a 4-corner network

OASIS is pleased to announce that the call for consent has closed and, effective 14 February 2021, Service Metadata Publishing (SMP) v2.0 CS03 is an OASIS Standard. OASIS TC Administration is now publishing the final standards documents.

The ballot was held under the OASIS call for consent procedure. In the ballot, the Committee Specification received 11 affirmative consents. No objections were received.

Our congratulations to the members of the BDXR TC and to the community of implementers, developers and users who have brought the work successfully to this milestone

Additional information

[1] Call for Consent
https://www.oasis-open.org/committees/ballot.php?id=3563

[2] OASIS Call for Consent procedure
https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26#OScallForConsent

The post Service Metadata Publishing (SMP) v2.0 approved as an OASIS Standard appeared first on OASIS Open.


Digital ID for Canadians

Covid has accelerated Canadians’ demand for digital ID

Digital ID and Authentication Council of Canada research finds that three-quarters of Canadians feel it’s important to have a secure, trusted, and privacy-enhancing digital ID…
Digital ID and Authentication Council of Canada research finds that three-quarters of Canadians feel it’s important to have a secure, trusted, and privacy-enhancing digital ID to safely and securely make transactions online

Access the full Canadian Digital Identity Research 2020 Report

Access the Multi-page Synopsis

Access the One-page Synopsis

Toronto, February 16, 2021 —   As more Canadians and businesses are moving online throughout the COVID-19 pandemic, three-quarters of the population feels it’s important to have a secure, trusted and privacy-enhancing digital ID to safely and securely make transactions online. 

“From receiving emergency pandemic benefits to ensuring health records are correct and helping children and youth with online education, there are many ways in which a secure digital ID is essential to the functioning of daily life during a pandemic,” said Joni Brennan, President of the Digital ID and Authentication Council of Canada (DIACC). “The pandemic has put a spotlight on the need for governments to move with urgency to invest in the digital infrastructure needed to ensure that Canadians receive the services they need and that Canadian businesses can participate fully and securely in the global digital economy.”   

The majority of Canadians believe it is important for federal and provincial governments to move quickly on enabling digital ID in a safe and secure manner, according to the survey. It also shows that collaboration between governments and the private sector continues to be considered the best approach to create a pan-Canadian digital ID framework. 

“As policymakers consider how best to invest to support Canada’s post-pandemic economic recovery, prioritizing the issuance of trusted digital ID credentials to all Canadians must be a priority,” stated Dave Nikolejsin, the DIACC’s Board Chair. 

As the federal government focuses on post-pandemic recovery, investing in digital ID makes economic sense, especially for small and medium-sized businesses. For SMEs, the impact of digital identity could be used to improve processes that are difficult today. This is especially true in situations where businesses need to provide proof of identity to another business. Considering SMEs account for approximately 30 per cent of Canada’s overall GDP ($450 billion), if we assume that the average SME could be just one per cent more efficient with access to trusted digital identity, this results in a potential $4.5 billion of added value to SMEs and reinvestments in the Canadian economy.

Digital ID critical to privacy in Canada

Survey respondents identified security, efficiency and privacy as the top three benefits of digital ID. Further, an overwhelming number of Canadians are looking for solutions that address both the public and private sectors. 

“As Innovation, Science and Industry Minister Francois-Philippe Champagne ushers through Bill C-11, the Digital Charter Implementation Act, to introduce private sector protections for consumer data, it’s imperative that public sector data also be considered in the legislation,” said Brennan.

A digital ID would help to keep Canadians’ data secure and pan-government services easier to access as we move through the pandemic to recovery. This means adopting the Pan-Canadian trust framework.

With new research and compelling data, it’s clear there is no better time for governments to invest in making digital ID a national public policy priority.

ABOUT DIACC
DIACC is a growing coalition of public and private sector organizations who are making a significant and sustained effort to ensure Canada’s full, secure, and beneficial participation in the global digital economy.  By solving challenges and leveraging opportunities, Canada has the chance to secure at least 3% of unrealized GDP or $100 billion of potential growth by 2030. Seizing this opportunity is a must in a digital society as we work through the COVID pandemic challenges. Learn more about the DIACC mandate
DIACC was created as a result of the Minister of Finance’s Electronic Payments Task Force that recommended that Canada needs a framework for digital identity and authentication that a self-governing body of experts must create.

ABOUT THE STUDY
Burak Jacobson Research Partners is a full-service market research consulting firm headquartered in Toronto, Ontario. Founded in 1981, Burak Jacobson has conducted over 4,000 research projects in 39 countries across various industries.

Monday, 15. February 2021

Ceramic Network

Standards for encrypted and mutable data on IPFS

Joel talks about new standards for signed, encrypted, mutable data on IPFS. This is a talk from ETHDenver 2021.

Learn how to manage user data in a Web3 app with IDX

Learn how to manage user data for your Web3 application with IDX. This talk is a workshop from ETHDenver 2021.

ETHDenver 2021 Opening Ceremonies: Ceramic Network

Michael Sena talks about Ceramic Network, IDX, and the transition from 3Box to 3Box Labs at ETHDenver 2021.

Friday, 12. February 2021

Hyperledger Aries

Working Together on What “Good” Looks Like

On Tuesday, the Good Health Pass Collaborative (GHPC) launched. This initiative is intended to define, in the context of test results and vaccination records for opening up borders for travel... The post Working Together on What “Good” Looks Like appeared first on Hyperledger.

On Tuesday, the Good Health Pass Collaborative (GHPC) launched. This initiative is intended to define, in the context of test results and vaccination records for opening up borders for travel and commerce, a high bar for implementations of identity and credentialing systems to meet with regards to privacy, ethics and portability. They will also work with the implementers of such systems to converge towards common standards and governance.       

A set of Linux Foundation organizations – TrustOverIP, Hyperledger, Linux Foundation Public Health, and its Covid Credentials Initiative – have engaged as supporting organizations and were part of the announcement. We did this based on very encouraging signs during formation discussions that GHPC would not only help bring many of the organizations emerging into the self-sovereign identity space into alignment on platforms and standards we have long championed, but would also give us an external reference point for our position on the importance of privacy in the design and implementation of such systems.

Hyperledger has been home to the pioneering digital identity ledger Indy and agent toolkit Aries, which form the basis of so many production privacy-preserving digital identity systems and, now, are serving as the basis for many of these emerging health pass solutions. The TrustOverIP Foundation led the formal recognition of the need and role for governance organizations in the digital identity landscape – showing how we can get both optionality and interoperability when we weave global identity and credentialing systems together in a decentralized way. 

The Covid Credentials Initiative, starting way back in March 2020, recognized the potential for credentials of all sorts in the fight against this and future pandemics, and have pulled together an amazing community of technologists and entrepreneurs working together on this. Now, as part of Linux Foundation Public Health, we are working to bring together a set of software projects that can implement credential systems and help accelerate adoption of these globally, centered on the needs of public health authorities.

On Thursday’s GHPC webinar, Charlie Walton from Mastercard said GHPC is “in the business of describing what good looks like.” We will be working with GHPC to bring our own communities’ views of not just what good looks like, but how we’re already working together to standardize and implement this work. Furthermore we’ll see if our processes can directly support GHPC’s efforts to harmonize this domain.

We recognize there are quite a few of these initiatives now, reflecting just how broadly this issue is felt across society. We can play – we must play – a key role in channeling all this market activity and good-faith sharing of expertise into applications directly in people’s hands, so we can get back to travel and re-opening workplaces and schools in a safe and equitable way. Our key levers to move the world are open source software and open public engagement, and we will double-down on those tools to have a unique and substantive impact.

Look for more on this soon within our communities. We’re incredibly excited to be a part of this global effort.

The post Working Together on What “Good” Looks Like appeared first on Hyperledger.


Elastos Foundation

Elastos Bi-Weekly Update – 12 February 2021

...

KABN Network

Valuations in our sector are rocking — with no signs of slowing down.

Valuations in our sector are rocking — with no signs of slowing down. Best-in-class, scalable technology solutions that exceed customer expectations are in high demand. Precis 2020 saw a rush of adoption and evolution in eCommerce and online presence, not created by but fuelled in pace by the advent of the COVID-19 pandemic. By sector we are referring to technology, and fast-growing
Valuations in our sector are rocking — with no signs of slowing down.

Best-in-class, scalable technology solutions that exceed customer expectations are in high demand.

Precis

2020 saw a rush of adoption and evolution in eCommerce and online presence, not created by but fuelled in pace by the advent of the COVID-19 pandemic.

By sector we are referring to technology, and fast-growing subsectors digital identity and verification needs and facilitations, the financial technology space, and all eCommerce interactions in this next internet era. Fintechs are consistently part of challenger banking now, or neobanking, upending the oligopolistic traditional financial services practice. This sector is bringing along fast-moving partners and symbiotic cutting-edge solutions that meet and drive customer expectations and behaviour. For clear reasons, the need for safe and trusted digital tools is quickly spreading to all arenas, including verified identity.

Safe Harbour

Tom Kennedy has been remunerated by KABN Systems NA in the past twenty-four months. He holds a long position in KABN (CSE:KABN) at the time of publication.

His research is intended for the sophisticated investor to assess market developments and company performance and make insights. His comments are in no way intended as a solicitation to trade in any securities. All comments are subject to Risks and Uncertainties outside of the control of the author.

Please see the Disclosure Statements at the end of document.

The US and Canadian tech sectors are in favour right now, sped up by the pandemic

In Canada and the US, and in fact across the globe, technology is a sector in significant favour and flux, and is attracting a lot of interest right now.

Dozens of new companies over the past few months have found private investor groups in multiple seed rounds, and many are hitting the public markets via IPOs and RTOs for more exposure and access to capital. The M&A cycle is seeing a lot of activity too. Incumbent players are moving fast on new developments to bolster their product offerings and keep up with the customer and market demands. Financial investors are searching for the next unicorn, or more likely a puzzle piece positioned to be gobbled up at handsome valuations by leveraging vertical integrations or amalgamating user bases into their own.

Internet deals in the US led the way in Q4/20, with almost double the dealflow Healthcare saw in second place. While we do not expect this pace to continue its linear growth, we do expect that 1) Canada typically lags the US markets, and 2) the horse has already left the barn. While KABN’s timing appears to have been excellent, execution demand will only increase as these players are expected to demonstrate they are worth premium valuations.

Figure 1: Q4/20 was all about internet deals

Source: PwC/CB Insights MoneyTree™ Report Q4 2020. The stock market is supportive of valuations

The stock market is very useful for valuation as buyers and sellers commit to pricing every day trading is open. Over the past two years, we have seen a cyclical shift away from certain sectors like commodities, consumer goods, and traditional financial services towards technology.

There are many ways to illustrate this point. We compare the Dow Jones industrial Average, a metric of the broad US markets, against the Technology subsector, over the past two years, in Figure 2:

Figure 2: Tech Stocks are just beginning to outperform

Source: Investing.com; Tom Kennedy. The pandemic didn’t create this upcoming Tech Boom — but it didn’t hurt

While the COVID-19 pandemic has undoubtedly had huge exogenous impacts on markets and consumer habits, we contend it did not create this evolution. That said, it has clearly sped things up.

One anecdotal way to explain adoption is that inevitably the customer is likely to embrace a more convenient, safer, cheaper, or better alternative brought on by technology eventually. The exact timing however is often difficult to pinpoint. During the pandemic, many people chose to or were strongly encouraged to purchase food online. This may be an activity they had never engaged in before and might not even have the technology. So they end up buying groceries that arrive at their door in good time and good order, or a prepared meal, and they enjoy it, and are now committed online shoppers. According to 451 Research, a boutique eCommerce research firm in the US, eCommerce spending rose by 23% year over year in 2020 over 2019. These kinds of numbers represent rapid adoption that will not reverse to pre-COVID levels.

We would note the broader market has also done very well during the pandemic, which is helpful to enhancing access to capital for any subsector.

A different way to look at the relative performance of tech versus the broader market is seen comparing the value of $1 invested (all figures USD for this point) on 23 March, 2020 to 22 January, 2021. That dollar would be worth $1.95 now, relative to $1.67 for a buck in the broader Dow Jones Industrial Average.

This represents an alpha, or relative outperformance, of the tech subsector, at 16.8% over that timeframe which is approximately 10 months of data. A couple of caveats are that we have chosen the US market for more robust data but further believe the US market is an excellent proxy for Canada. That said we have not normalized for the exchange rate, but there are so many things from elections to interest rate movements and virtually infinite economic minutiae that affect all durations of currency fluctuation. In addition, Canada typically lags the US, particularly in market developments. This element enhances our point if true and furthermore contributes to the benefits of obtaining a wider US investment audience both from a valuation and adoption perspective.

Figure 3: Value of $1 invested at pandemic market bottom

Source: Investing.com; Tom Kennedy. The Customer will ultimately drive adoption — and that’s where we believe KABN can excel

Global professional services firm Accenture surveyed 47,000 customers on their digital banking practices in their Accenture 2020 Global Banking Consumer Study. Our interpretation is that the customers can be segmented logically by range of adoption, from Traditionalists to Pioneers, and they are rapidly adopting digital interactions with a focus on humanized elements (“Congratulations, your loan is approved!”) with security and online threats being a major theme. Note that ‘humanized’ and ‘personalized’ are two different important factors. Humanized means counteracting the user feeling their requests are being served by a computer program, while personalized refers to a customized experience with their online interactions that feels tailored to their needs, attitudes, and utility rather than fees seemingly for a beige product suite with few alternatives. Well, guess what incumbents: there are fast-moving disruptors with better and better mousetraps.

Trust in interactions has also fallen precipitously as seen in by the survey’s results, led by bank institutions and insurance, but broadly across all major categories. Trust in banking fell to 37% in 2020 (from 51% of customers trusting their bank in 2018), Insurers fell to 32% (40% — 2018) and Online Payments to 21% (from 30% Trust in 2018).

KABN is uniquely placed to play a role in all these personalized, customer-centric interactions. The customer stands to gain online safety and confidence, the customer owns and can transparently monetize their own identity, and Liquid Avatar stands to be a customized key, wallet, and armour to open empowered and expanded online presence and functionality.

Two recent transactions — the announced sales of Kount and SoFi — indicate takeout valuation goalposts

Two relevant transactions were announced thus far in 2021. The first was Kount, which announced an acquisition for US$640 MM in cash by Equifax (EFX:NYSE). The second was the acquisition of fintech startup SoFi for US$8.65 BB by one of Social Capital’s special purpose acquisition corporations.

So to valuation: in each of these cases, the takeout premiums were impressive, and de-emphasize revenues in favour of what SoFi refers to as “WINNER TAKES MOST.” We know what this means. My thesis is that the firms with best-in-class products that are in a position to respond to the massive growth in online eCommerce are going to share a huge pie, not take the whole thing. And the value they are in a position to create is driving buyers to pay up for years of as-yet unrealized performance.

Take Kount, a leading provider of anti-fraud solutions to thousands of North American brands.

They have two significant assets, one being a robust proprietary data library and the other being a “secret shopper” type process whereby they test your company’s system for fraud protection. Kount then operates as a high end security consulting firm with bespoke solutions for clients’ eCommerce suites.

This drove a valuation we estimate at >13x trailing twelve months’ (TTM) revenue, a number that obviously demonstrates the value of their non-revenue performance. They appear cash flow breakeven for at least another full year, as Equifax speaks to the value they will add in over two years of future performance as part of the basis of their purchase price. Equifax constantly runs the risk of becoming a dinosaur every passing day and needs the shot in the arm that is found in new and promising technology. That said, they have the liquidity to acquire new products and teams rather than build them in-house so they can quickly leverage for their existing customers and cross-sell for internal use and customer acquisition alike. Equifax is no stranger to security challenges across their own customers, being dealt a blow in 2017 over a security breach that exposed over 150 million customers’ private data.

Social Capital’s offer to acquire SoFi represents a significant going-public premium. SoFi is widely recognized as a central market disruptor in financial services right now. This transaction represents an acquisition by a Special Purpose Acquisition Company, not dissimilar to an RTO (reverse takeover) method of going public. This is effectively a financial transaction with a lofty premium in spite of the lack of any synergies or strategic development other than going public.

SoFi is a fintech pioneer that is disrupting the banks, being vastly more customer friendly and customer focused, and offering a far lower cost model given the internet infrastructure rather than bricks and mortar banking. The valuation being paid by venture capital firm Social Capital implies 13.6x 2025E forecast Adjusted Net Income on figures released by Social Capital. To provide a nearer term perspective, this implies a valuation of 13.9x 2020E Adjusted Net Revenue.

This means the buyer has already pre-paid for five full years of success culminating in projected results to be announced around now in 2026, at a 50%+ percent premium to current banking institutions’ one-year forward earnings. In the case of SoFi, the SPAC shell saw its value soar, meaning investors see more room above and beyond the premium’s baked in accomplishments. We would also note there are normal considerable growth milestones yet to be accomplished by SoFi that their growth relies upon, notably the receipt of a federal banking license.

Summary

In summation, we believe the market is entering a new period of non-standard valuations for best-in-class technology that delivers on customer expectations. We expect this will continue all through 2021 and into the foreseeable future.

We will leave with a parting thought: Merriam-Webster Dictionary has added the word “crowdfunding” for 2021. Things are developing so fast even the dictionary is trying to stay relevant.

KABN is potentially well-positioned to thrive in this fast-paced environment.

© 2021 Thomas Kennedy. All rights reserved. See Disclosure Statement

Disclosure Statements: Please view the Disclaimer

This report has been prepared on behalf of KABN Systems NA Holdings Corp. and it’s subsidiary, KABN Systems North America Inc, effectively “KABN” or the “Companies” and is confidential and proprietary. It does not purport to contain all the information that a prospective investor may require in connection with any potential investment in the Companies or related program(s). You should not treat the contents of this report, or any information provided in connection with it, as financial advice, financial product advice or advice relating to legal, taxation or investment matters.

This report does not include all available information in relation to the business, operations, affairs, financial position or prospects of the Companies. No representation or warranty (whether express or implied) is made by the Companies or any of its shareholders, directors, officers, advisers, agents or employees as to the accuracy, completeness or reasonableness of the information, statements, opinions or matters (express or implied) arising out of, contained in or derived from this report or provided in connection with it, or any omission from this report, nor as to the attainability of any estimates, forecasts or projections set out in this report.

This report is provided expressly on the basis that you will carry out your own independent inquiries into the matters contained in the report and make your own independent decisions about the business, operations, affairs, financial position or prospects of the Companies. The Companies reserves the right to update, amend or supplement the information contained in this report at any time in its absolute discretion (without incurring any obligation to do so) without any obligation to advise you of any such update, amendment or supplement. The delivery or availability of this report shall not, under any circumstance, create any implication that there has been no change in the business, operations, affairs, financial position or prospects of the Companies or that information contained herein is correct after the date of this report.

Neither the Companies nor any of its shareholders, directors, officers, advisors, agents or employees take any responsibility for, or will accept any liability whether direct or indirect, express or implied, contractual, tortuous, statutory or otherwise, in respect of the accuracy or completeness of the information contained in this report, for any errors, omissions or misstatements in or from this report or for any loss howsoever arising from the use of this report. Any such responsibility or liability is, to the maximum extent permitted by law, expressly disclaimed and excluded.

This report does not constitute, or form part of, any offer or invitation to sell or issue, or any solicitation of any offer to subscribe for or purchase, any securities of the Companies, nor shall it form the basis of or be relied upon in connection with, or act as any inducement to enter into, any contract or commitment whatsoever with respect to such securities. Under no circumstances should this report be construed as a prospectus, advertisement or public offering of securities.

Future Matters

This report may contain reference to certain intentions, expectations, future plans, strategy and prospects of the Companies. Those intentions, expectations, future plans, strategies and prospects may or may not be achieved. They are based on certain assumptions, which may not be met or on which views may differ and may be affected by known and unknown risks. The performance and operations of the Companies may be influenced by a number of factors, many of which are outside the control of the Companies. No representation or warranty, express or implied, is made by the Companies, or any of its shareholders, directors, officers, advisers, agents or employees that any intentions, expectations or plans will be achieved either totally or partially or that any particular rate of return will be achieved.

Given the risks and uncertainties that may cause the Companies actual future results, performance or achievements to be materially different from those expected, planned or intended, you should not place undue reliance on these intentions, expectations, future plans, strategies and prospects. The Companies do not represent or warrant that the actual results, performance or achievements will be as intended, expected or planned.

The information contained in this report includes some statement that are not purely historical and that are “forward-looking statements.” Such forward-looking statements include, but are not limited to, statements regarding our and their management’s expectations, hopes, beliefs, intentions or strategies regarding the future, including our financial condition, results of operations. In addition, any statements that refer to projections, forecasts or other characterizations of future events or circumstances, including any underlying assumptions, are forward-looking statements. The words “anticipates,” “believes,” “continue,” “could,” “estimates,” “expects,” “intends,” “may,” “might,” “plans,” “possible,” “potential,” “predicts,” “projects,” “seeks,” “should,” “would” and similar expressions, or the negatives of such terms, may identify forward-looking statements, but the absence of these words does not mean that a statement is not forward-looking.

The Companies seek Safe Harbor.


Oasis Open

Invitation to comment on Open Document Format for Office Applications (OpenDocument) Version 1.3 – ends April 12th

The specification, defining a free, open document file format for office applications, enters the 60-day public review that precedes the call for consent as an OASIS Standard. The post Invitation to comment on Open Document Format for Office Applications (OpenDocument) Version 1.3 – ends April 12th appeared first on OASIS Open.

The specification, defining a free, open document file format for office applications, enters the 60-day public review that precedes the call for consent as an OASIS Standard

OASIS and the OASIS Open Document Format for Office Applications (OpenDocument) TC [1] are pleased to announce that Open Document Format for Office Applications (OpenDocument) Version 1.3 Committee Specification 02 is now available for public review and comment in preparation of the call for consent as an OASIS Standard.

The OpenDocument Format is a free, open XML-based document file format for office applications, to be used for documents containing text, spreadsheets, charts, and graphical elements. OpenDocument Format v1.3 is an update to the international standard Version 1.2, which was approved by the International Organization for Standardization (ISO) as ISO/IEC 26300 (2015). OpenDocument Format v1.3 includes improvements for document security, clarifies under-specified components, and makes other timely improvements.

The OpenDocument Format specifies the characteristics of an open XML-based application-independent and platform-independent digital document file format, as well as the characteristics of software applications which read, write and process such documents. It is applicable to document authoring, editing, viewing, exchange and archiving, including text documents, spreadsheets, presentation graphics, drawings, charts and similar documents commonly used by personal productivity software applications.

The TC has received 3 Statements of Use from The Document Foundation, CIB labs GmbH, and Collabora Productivity [3].

The candidate specification and related files are available here:

Open Document Format for Office Applications (OpenDocument) Version 1.3
Committee Specification 02
30 October 2020

Part 1: Introduction
https://docs.oasis-open.org/office/OpenDocument/v1.3/cs02/part1-introduction/OpenDocument-v1.3-cs02-part1-introduction.odt (Authoritative)
https://docs.oasis-open.org/office/OpenDocument/v1.3/cs02/part1-introduction/OpenDocument-v1.3-cs02-part1-introduction.html
https://docs.oasis-open.org/office/OpenDocument/v1.3/cs02/part1-introduction/OpenDocument-v1.3-cs02-part1-introduction.pdf

Part 2: Packages
https://docs.oasis-open.org/office/OpenDocument/v1.3/cs02/part2-packages/OpenDocument-v1.3-cs02-part2-packages.odt (Authoritative)
https://docs.oasis-open.org/office/OpenDocument/v1.3/cs02/part2-packages/OpenDocument-v1.3-cs02-part2-packages.html
https://docs.oasis-open.org/office/OpenDocument/v1.3/cs02/part2-packages/OpenDocument-v1.3-cs02-part2-packages.pdf

Part 3: OpenDocument Schema
https://docs.oasis-open.org/office/OpenDocument/v1.3/cs02/part3-schema/OpenDocument-v1.3-cs02-part3-schema.odt (Authoritative)
https://docs.oasis-open.org/office/OpenDocument/v1.3/cs02/part3-schema/OpenDocument-v1.3-cs02-part3-schema.html
https://docs.oasis-open.org/office/OpenDocument/v1.3/cs02/part3-schema/OpenDocument-v1.3-cs02-part3-schema.pdf

Part 4: Recalculated Formula (OpenFormula) Format
https://docs.oasis-open.org/office/OpenDocument/v1.3/cs02/part4-formula/OpenDocument-v1.3-cs02-part4-formula.odt (Authoritative)
https://docs.oasis-open.org/office/OpenDocument/v1.3/cs02/part4-formula/OpenDocument-v1.3-cs02-part4-formula.html
https://docs.oasis-open.org/office/OpenDocument/v1.3/cs02/part4-formula/OpenDocument-v1.3-cs02-part4-formula.pdf

XML/RNG schemas and OWL ontologies
https://docs.oasis-open.org/office/OpenDocument/v1.3/cs02/schemas/

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:

https://docs.oasis-open.org/office/OpenDocument/v1.3/cs02/OpenDocument-v1.3-cs02.zip

Public Review Period

The 60-day public review starts now and ends 12 April 2021 at 23:59 UTC.

This is an open invitation to comment. OASIS solicits feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility as explained in the instructions located via the button labeled “Send A Comment” at the top of the TC public home page, or directly at:

https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=office

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:

http://lists.oasis-open.org/archives/office-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review of Open Document Format for Office Applications (OpenDocument) Version 1.3, we call your attention to the OASIS IPR Policy [4] applicable especially [5] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information

[1] OASIS Open Document Format for Office Applications (OpenDocument) TC
https://www.oasis-open.org/committees/office/

[2] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3562

[3] Statements of Use:

The Document Foundation – https://lists.oasis-open.org/archives/office-comment/202101/msg00003.html DIB labs GmbH – https://lists.oasis-open.org/archives/office/202012/msg00020.html Collabra Productivity – https://lists.oasis-open.org/archives/office-comment/202101/msg00000.html

[4] http://www.oasis-open.org/policies-guidelines/ipr

[5] http://www.oasis-open.org/committees/office/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#RF-on-Limited-Mode
RF on Limited Terms Mode

[6] TC Process for OASIS Standard
https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26#OASISstandard

The post Invitation to comment on Open Document Format for Office Applications (OpenDocument) Version 1.3 – ends April 12th appeared first on OASIS Open.


Own Your Data Weekly Digest

MyData Weekly Digest for February 12th, 2021

Read in this week's digest about: 8 posts, 1 Tool
Read in this week's digest about: 8 posts, 1 Tool

Thursday, 11. February 2021

Nyheder fra WAYF

Fonde.dk ny tjeneste i WAYF

Fundraiseren I/S har i dag gennemført den tekniske tilslutning til WAYF af sin tjeneste Fonde.dk – et online-værktøj som letter institutioners arbejde med fundraising. Fonde.dk indeholder bl.a. en unik fonds- og puljedatabase og en række effektive værktøjer til institutionens fundraising-indsats – fra nyheder til redigerbare skabeloner. Language Danish Read more about Fonde.dk ny t

Fundraiseren I/S har i dag gennemført den tekniske tilslutning til WAYF af sin tjeneste Fonde.dk – et online-værktøj som letter institutioners arbejde med fundraising. Fonde.dk indeholder bl.a. en unik fonds- og puljedatabase og en række effektive værktøjer til institutionens fundraising-indsats – fra nyheder til redigerbare skabeloner.

Language Danish Read more about Fonde.dk ny tjeneste i WAYF

Digital Identity NZ

Executive Council Update and seeking a new Executive Director

Papaki kau ana ngā tai o mihi ki a koutou katoa. As the Kiwi summer rolls on it brings with it a sense of optimism for 2021 and reminds us how truly blessed we are to call Aotearoa New Zealand home. The year ahead for our digital identity ecosystem and DINZ is one of optimism … Continue reading "Executive Council Update and seeking a new Executive Director" The post Executive Council Update and

Papaki kau ana ngā tai o mihi ki a koutou katoa.

As the Kiwi summer rolls on it brings with it a sense of optimism for 2021 and reminds us how truly blessed we are to call Aotearoa New Zealand home.

The year ahead for our digital identity ecosystem and DINZ is one of optimism and progress  too – with our focus squarely set on leading a united approach to digital identity for the benefit of all New Zealanders.  2021 will be a significant year of progress as the work to formalise the DIA’s proposed Trust Framework is gathers momentum.

In the spirit of optimism and progress, I would like to let you know that Andrew Weaver will be leaving DINZ as our Executive Director at the end of March.  Andrew has been a true rangatira and kaitiaki of DINZ since its establishment.  Working together with our members and Executive Council, Andrew has set our association on the path to growth and success and developed significant local and international profile and respect.   Andrew is leaving us to pursue other opportunities and we sincerely thank him for his contribution to DINZ and the ecosystem and wish him all the very best. Prior to the end of March we will take time to acknowledge his significant contribution to DINZ.

Our mission at DINZ is to create a digital identity ecosystem that enhances Kāwanatanga (honourable governance), Rangatiratanga (self-determination & agency) and   Ōritetanga (equity & partnerships) for all people in New Zealand.  We are on a journey to become more tiriti-honouring by enhancing our practice to embody Kāwanatanga, believe digital identity is a taonga and we collectively have a great responsibility as Kaitiaki to treat people’s identity with dignity, respect and care.  We have started the process of looking for a new Executive Director who will drive this mission and kaupapa at DINZ. 

Learn more about the Executive Director role opportunity

I would also like to formally welcome our new Executive Council members who joined in with our first meeting of the year on the 28th January.  Welcome and we look forward to your wisdom and guidance on the Executive Council.

Sat Mandri, JNCTN John Evans, TSB Russell Craig, Microsoft NZ Luke McIntyre, MATTR

In the Government seat on the Executive Council, the DIA will continue to represent the government and we are pleased to welcome Alan Bell replacing Tony Eyles as the government representative.

We look forward to engaging with you throughout 2021 as we shape a new future for digital identity in Aotearoa New Zealand.

He mihi mutunga kore

David Morrison
Executive Council Chair

The post Executive Council Update and seeking a new Executive Director appeared first on Digital Identity New Zealand.

Wednesday, 10. February 2021

OpenID

An Update on the Collaboration of Technology Tools and Legal Rules

The US Federal Reserve is participating in a Committee on Payments and Market Infrastructures (CPMI) Cross-border Payments Task Force to identify ways to promote cross-border payments that are faster, less expensive and more transparent and inclusive. With the CPMI’s initiative to improve cross-border payments (and their upcoming conference https://lnkd.in/dBmT9q6), the Institute of Internati

The US Federal Reserve is participating in a Committee on Payments and Market Infrastructures (CPMI) Cross-border Payments Task Force to identify ways to promote cross-border payments that are faster, less expensive and more transparent and inclusive.

With the CPMI’s initiative to improve cross-border payments (and their upcoming conference https://lnkd.in/dBmT9q6), the Institute of International Finance (IIF) and the OpenID Foundation (OIDF) have submitted input on the important nexus of #identity and #payments. The submission details IIF’s collaboration in the Open Digital Trust Initiative, how this fits with the G20 Payments Roadmap, and some important considerations in #AML. The submission is available at https://lnkd.in/dyMM_Mv, referencing draft Principles for Digital Trust Networks https://lnkd.in/de59CjU, which all sought feedback. We will further build on this in our upcoming Open Digital Trust Initiative interim report.

The joint Institute of International Finance – OpenID Foundation’s Open Digital Trust Initiative has published Draft Principles for Digital Trust Networks, identifying the high level ‘rules of the road’ that digital trust networks should adopt in order to incentivize a high level of digital trust, user centricity and low cost.

The International Institute of Finance Open Digital Trust Initiative has four policy Work Groups.  The Initiative’s two technical Work Groups, the OIDF’s eKYC & Identity Assurance and the Financial-Grade APIs are responsive to the steep rise in the use of fintech apps and services.  In that context, the new eKYC & Identity Assurance Standard responds to the need for trusted online identity verification alternatives to today’s problematic in-person proofing requirements. The Financial-Grade APIs standard helps secure the portability and privacy of personal data held by banks and used by fintech innovators in new online applications.

As OIDF members know well, technical standards are critical components of an ecosystem’s infrastructure. Identity standards like OpenID Connect are key to validating the commercial viability, facilitating multi-vendor interoperability, securing data portability and privacy protections for customers. Promoting the adoption of these technical standards in concert with the IIF’s focus on regulatory requirements expedites the legal compliance needed for the implementation of innovative technologies. It’s an alternative to wasting resources navigating between competing frameworks. It is a market based approach with open technical standards being adopted on criteria such as effectiveness, opportunity cost and enabling compliance with regulatory requirements.

The Report points out to its unique contribution to the global identity ecosystem at a critical time. Put simply, the IIF has advanced a diverse global community’s understanding of both technology “tools” and the governance “rules.” The IIF’s Initiative has triggered a virtuous circle coupling the development of open technical standards with policy development in a time of economic, technical and social disruption. The result is a positive feedback loop between the policy and technical working group that initiated a virtuous circle that can inform a global collaboration strategy for years to come.

While the IIF and the OpenID Foundation do not themselves propose to “police” the Principles, or award or allocate trust marks to particular Digital Trust Networks, we encourage identity attribute verifiers, trust framework operators and others to consider offering these services. In concert with the OpenID Foundation’s technical workshops and pilots, the Open Digital Trust Initiative may also road-test the draft Principles in the first half of 2021, through one or more proof of concept projects.

Thanks to Brad Carr and Laurence White for leading our submission and the many contributions from Rod Boothby, Eugenio (Gene) DiMira, Wendy Callaghan, Angus McFadyen, David R. Hardoon, Gena Boutin, Stéphane Mouy, Nick Mothershaw, Scott David, Conan French, Mina Loldj & Matt Ekberg, and many more.

 

Don Thibeau
Executive Director

The post An Update on the Collaboration of Technology Tools and Legal Rules first appeared on OpenID.

Berkman Klein Center

Why the resignation of the Dutch government is a good reminder of how important it is to monitor…

Why the resignation of the Dutch government is a good reminder of how important it is to monitor and regulate algorithms On January 15, the Dutch government resigned amid a scandal in which the tax authorities unjustly accused more than 26,000 families of mainly low socio-economic background of committing fraud. An overtly strict interpretation of government policy led to any minor inconsistency
Why the resignation of the Dutch government is a good reminder of how important it is to monitor and regulate algorithms

On January 15, the Dutch government resigned amid a scandal in which the tax authorities unjustly accused more than 26,000 families of mainly low socio-economic background of committing fraud. An overtly strict interpretation of government policy led to any minor inconsistency between data, or any failure to sign one of the pages of the form, to be classified as fraudulent. The government, which has pursued a policy of zero tolerance for tax fraud, required those families to return to the state huge sums pertaining not only to the period in which the alleged fraud was committed, but up to 5 years prior to when the alleged fraud was committed. It was later revealed that applications from candidates with more than one citizenship were also automatically flagged as suspects, and so most of the families erroneously accused of fraud were lower-class immigrant families, sparking additional controversy about institutional racism. The draconian way of locating cases and collecting debts has led many families to considerable financial difficulties, declaring bankruptcy, and collapsing the family unit under the burden.

A parliamentary report entitled Unprecedented Injustice, examined the actions of the government and put the blame on tax officials, politicians, judges, and other government officials. Although the report does not mention the use of algorithms as one of the reasons for the failure, given the reliance of the Netherlands and many other countries on algorithms to determine certain benefits, it is plausible that the default would have happened because of an algorithm, therefore the consequences of such occurrence should be considered.

Just a few months ago, a court in The Hague declared illegal one of the algorithms used by the Netherlands Ministry of Social Services to detect and investigate cases of social benefit fraud. The algorithm, named SyRI (which stands for System Risk Indication), was implemented deliberately only in the poorest neighborhoods of the Netherlands where underprivileged and immigrant populations tend to make up a large share of the demographic. SyRI also incorrectly classified many families as involved in fraud and thus blocked their way to receiving social benefits to which they were entitled. In addition, the Dutch Public Broadcasting Company (NOS), in 2019 revealed extensive use of algorithms by many government ministries for determining where criminal offenses are committed, assessing how much social support each person will need and what are the chances a certain student will drop out of school. Government ministries are not always transparent about the use of algorithms and citizens do not always know that a particular decision in their case has been made by computer software. For this reason, the Dutch Data Protection Authority intends to tighten supervision of the use of algorithms in government ministries due to the danger that those algorithms will discriminate against underprivileged groups.

As mentioned, the Netherlands is not the only country that makes extensive use of sophisticated algorithms for ranking and evaluating citizens. A report written by Philip Alston, the UN Special Rapporteur on Extreme Poverty and Human Rights, warns against “stumbling zombie into a digital welfare dystopia”. Alston highlights the fact that technology is often presented as a tool that will increase efficiency, benefit citizens, and provide them with better services. However, in practice, governments use technology mainly to surveil and track citizens, particularly the underprivileged, and also in order to reduce welfare budgets and the number of people eligible for government support.

When the decision to deny eligibility is made by an algorithm, public officials do not always have the option to understand exactly what led to that disqualification and they cannot always intervene and change the decision. Of course, the algorithm directly reflects the policy dictated by the government. So if the overriding goal is to detect as many social benefit scams as possible, the algorithm is calibrated to achieve the same result, and the same decision to tag any failure to sign or fill in a particular field on the form will lead the algorithm to classify the case as fraud, just as tax officials did manually in the Dutch child benefits affair.

Fortunately, the parliamentary committee that examined the state’s conduct regarding the default of child benefits was able to understand precisely what led to many families being mistakenly classified as involved in fraud. The committee examined the procedures and criteria established for the purpose of classifying each case as a fraud, thus exposing the fact that failure to fill one field in the form in good faith, or lack of one signature among many led to the misclassification. As a result, it was possible to have a public debate on the legitimacy of each of the criteria that should lead to the classification of fraud cases and to come to the conclusion that these do not constitute a justifiable reason for denying the benefit and labeling families as fraudulent. If the decision was made by an algorithm, the concern is that due to the technological ambiguity surrounding the operation of the algorithm it would have been much more difficult to point out the government’s failure and to restore the damages done to the victims of the unjust policy.

Hence, the Dutch case clearly demonstrates why it is vital to maintain high standards of transparency and supervision in algorithms that influence individuals’ lives. Principles of transparency and control help in maintaining proper governance and particularly help in holding accountable those who decide to adopt a certain algorithm or those who built it.

This story has been originally published as an op-ed in Globes Israeli Business Journal, 4 February 2021 (in Hebrew)

Why the resignation of the Dutch government is a good reminder of how important it is to monitor… was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.


Oasis Open

Invitation to comment on Exchange Header Envelope (XHE) Version 1.0 – ends 11 April

This protocol, defining a business-oriented exchange header envelope, enters the 60-day public review that precedes the call for consent as an OASIS Standard. The post Invitation to comment on Exchange Header Envelope (XHE) Version 1.0 – ends 11 April appeared first on OASIS Open.

This protocol, defining a business-oriented exchange header envelope, enters the 60-day public review that precedes the call for consent as an OASIS Standard.

OASIS and the Business Document Exchange (BDXR) Technical Committee [1] are pleased to announce that Exchange Header Envelope (XHE) Version 1.0 is now available for public review and comment.

The Exchange Header Envelope (XHE) has been developed jointly by UN/CEFACT and OASIS as the successor to the UN/CEFACT Standard Business Document Header (SBDH) version 1.3 and the OASIS Business Document Envelope (BDE) Version 1.1.

XHE defines a business-oriented artefact either referencing (as a header) or containing (as an envelope) a payload of one or more business documents or other artefacts with supplemental semantic information about the collection of payloads as a whole. An exchange header envelope describes contextual information important to the sender and receiver about the payloads, without having to modify the payloads in any fashion. This vocabulary is modeled using the UN/CEFACT Core Component Technical Specification Version 2.01.

The TC received 4 Statements of Use from IBM, ph-xhe open source project, Chasquis Consulting, and Efact [3].

The Committee Specification and related files are available here:

Exchange Header Envelope (XHE) Version 1.0
Committee Specification 03
13 December 2020

Editorial source (Authoritative)
https://docs.oasis-open.org/bdxr/xhe/v1.0/cs03/xhe-v1.0-cs03.xml

HTML
https://docs.oasis-open.org/bdxr/xhe/v1.0/cs03/xhe-v1.0-cs03-oasis.html

PDF:
https://docs.oasis-open.org/bdxr/xhe/v1.0/cs03/xhe-v1.0-cs03-oasis.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:

https://docs.oasis-open.org/bdxr/xhe/v1.0/cs03/xhe-v1.0-cs03-oasis.zip

Public Review Period

The 60-day public review starts 11 February 2021 at 00:00 UTC and ends 11 April 2021 at 23:59 UTC.

This is an open invitation to comment. OASIS solicts feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility as explained in the instructions located via the button labeled “Send A Comment” at the top of the TC public home page, or directly at:

https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=bdxr

Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:

http://lists.oasis-open.org/archives/bdxr-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review of “Exchange Header Envelope (XHE) Version 1.0,” we call your attention to the OASIS IPR Policy [4] applicable especially [5] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information related to this public review can be found at http://docs.oasis-open.org/bdxr/xhe/v1.0/cs03/xhe-v1.0-cs03-public-review-metadata.html

Additional information

[1] OASIS Business Document Exchange (BDXR) TC
https://www.oasis-open.org/committees/bdxr/

[2] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3560

[3] Statements of Use:

IBM:
https://lists.oasis-open.org/archives/bdxr/202101/msg00015.html ph-xhe open source project:
https://lists.oasis-open.org/archives/bdxr/202101/msg00011.html Chasquis Consulting:
https://lists.oasis-open.org/archives/bdxr/202101/msg00010.html Efact:
https://lists.oasis-open.org/archives/bdxr/202101/msg00009.html

[4] http://www.oasis-open.org/policies-guidelines/ipr

[5] http://www.oasis-open.org/committees/bdxr/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode
Non-Assertion Mode

The post Invitation to comment on Exchange Header Envelope (XHE) Version 1.0 – ends 11 April appeared first on OASIS Open.

Tuesday, 09. February 2021

Oasis Open

Universal Business Language v2.3 from the UBL TC approved as a Committee Specification

UBL is the leading interchange format for business documents. The post Universal Business Language v2.3 from the UBL TC approved as a Committee Specification appeared first on OASIS Open.

UBL v2.3 is ready for testing and implementation

OASIS is pleased to announce that Universal Business Language Version 2.3 from the OASIS Universal Business Language TC [1] has been approved as an OASIS Committee Specification.

UBL is the leading interchange format for business documents. It is designed to operate within a standard business framework such as ISO/IEC 15000 (ebXML) to provide a complete, standards-based infrastructure that can extend the benefits of existing EDI systems to businesses of all sizes. The European Commission has declared UBL officially eligible for referencing in tenders from public administrations, and in 2015 UBL was approved as ISO/IEC 19845:2015.

Specifically, UBL provides:

A suite of structured business objects and their associated semantics expressed as reusable data components and common business documents. A library of schemas for reusable data components such as Address, Item, and Payment, the common data elements of everyday business documents. A set of schemas for common business documents such as Order, Despatch Advice, and Invoice that are constructed from the UBL library components and can be used in generic procurement and transportation contexts.

UBL v2.3 is a minor revision to v2.2 that preserves backwards compatibility with previous v2.# versions. It adds new document types, bringing the total number of UBL business documents to 91.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

Universal Business Language Version 2.3
Committee Specification 01
19 January 2021

Editable source (Authoritative):
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/UBL-2.3.xml

HTML:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/UBL-2.3.html

PDF:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/UBL-2.3.pdf

Code lists for constraint validation:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/cl/

Context/value Association files for constraint validation:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/cva/

Document models of information bundles:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/mod/

Default validation test environment:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/val/

XML examples:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/xml/

Annotated XSD schemas:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/xsd/

Runtime XSD schemas:
https://docs.oasis-open.org/ubl/cs01-UBL-2.3/xsdrt/

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file at:

https://docs.oasis-open.org/ubl/cs01-UBL-2.3/UBL-2.3.zip

Members of the UBL TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

Additional references:

[1] OASIS Universal Business Language TC
https://www.oasis-open.org/committees/ubl

[2] History of publication, including public reviews:
https://docs.oasis-open.org/ubl/csd04-UBL-2.3/UBL-2.3-csd04-public-review-metadata.html

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3552

The post Universal Business Language v2.3 from the UBL TC approved as a Committee Specification appeared first on OASIS Open.


OpenID

2021 OpenID Foundation Board Update

Thank you to all who voted in the 2021 elections for representatives to the OpenID Foundation Board of Directors. As per our bylaws, three individual board members represent the membership and the community at large. As George Fletcher has one year remaining on his 2-year term, I want to thank George for his continued leadership […] The post 2021 OpenID Foundation Board Update first appeared on O

Thank you to all who voted in the 2021 elections for representatives to the OpenID Foundation Board of Directors.

As per our bylaws, three individual board members represent the membership and the community at large. As George Fletcher has one year remaining on his 2-year term, I want to thank George for his continued leadership and service to the OpenID Foundation and the community at large.

Nat Sakimura and John Bradley were re-elected to new two-year terms as community member representatives. Nat and John’s well-known technical expertise and global thought leadership ensures continuity across working groups and as the Foundation transitions to new leadership in 2021.

Each year, Corporate members of the OpenID Foundation elect a member to represent them on the board. All Corporate members were eligible to nominate and vote for candidates. I am very pleased to welcome Ashish Jain, Head of Identity at eBay, to the Board as Corporate Member Representative. Ashish served on the board in the past. He’s been an expert technical contributor over the years and brings a fresh perspective to the Board.

I would like to thank Dale Olds of VMware, who has served as the Corporate board representative for the last few years. Like so many in our community, I’ve benefited from Dale’s support and appreciate his contributions to the Foundation.

Board participation is a substantial investment of time and energy and requires diligent consensus building. Please join me in thanking Nat, John, and Ashish, as well as the other directors, for their service to the Foundation and the community at large. And thanks to all for continuing your investment of time and membership that drives the Foundation’s contributions to the evolving Internet identity layer.

 

Don Thibeau
Executive Director
OpenID Foundation

The post 2021 OpenID Foundation Board Update first appeared on OpenID.

Sovrin (Medium)

Promoting Banking for All—Announcing the Compliance & Inclusive Finance Working Group (CIFWG)

February 9, 2021 1.7 billion adults and millions of organizations do not have access to essential financial services; billions more have bank accounts but are unable to use them. Despite initiatives such as the World Bank’s Universal Financial Access program and governmental and industry encouragement, many remain underserved or entirely excluded from the global financial system. For many, t

February 9, 2021

1.7 billion adults and millions of organizations do not have access to essential financial services; billions more have bank accounts but are unable to use them. Despite initiatives such as the World Bank’s Universal Financial Access program and governmental and industry encouragement, many remain underserved or entirely excluded from the global financial system. For many, the basic societal need to hold monetary value securely, transact for necessities, and transfer money to friends and family is still out of reach.

Regulatory Compliance Is an Enabler for Innovation in Fintech

Thankfully, financial services continue to evolve rapidly, providing new avenues for people and organizations to engage in essential services. Alternative financial technologies (fintech) are bursting into the marketplace, offering innovative products and services to banking participants through direct, smartphone-based, non-traditional channels. The digitization of monetary exchange has also experienced explosive growth, often proving to be faster, more convenient, more privacy-respecting, and more secure than physical transactions.

These trends expand the risk and compliance challenges of money transmission beyond traditional banks to startups, enterprises, and nonprofits/NGOs, which are typically unfamiliar with regulatory scrutiny or essential compliance controls. Global regulators are currently monitoring this transition and looking to ensure existing regulations apply to new fintech players. This transition includes virtual asset service providers (VASPs) and other non-bank financial institutions which act as a conduit for the financially excluded and underserved or those otherwise considered ‘high-perceived-compliance risk.’

Financial Inclusion Needs Identity for All

According to the World Bank’s ID4D, “People with an ID are more likely to own bank accounts and mobile phones, and financial and mobile services are among the most frequently reported uses of one’s ID.”

Identity verification is at the core of essential financial regulations of Know Your Customer (KYC), Anti-Money Laundering (AML), and Counter-Financing of Terrorism (CFT). Financial governance leaders are recalibrating their requirements to keep up with the pace of innovation to ensure that bad actors do not exploit the financial system and that intermediaries of all types have adequate financial crime compliance (FCC) programs in place.

The fundamental right for individuals to participate in society no matter their origins or circumstance has long been at the core of the Sovrin Foundation’s vision. The Foundation promotes control of one’s own identity to utilize digitally stored credentials to access and engage daily services. While decentralized identity has been a barrier in traditional banking, fintech and regtech have introduced the constructs to leverage digital and self-sovereign identity to drive financial inclusion for tens of millions of outliers.

Indeed, these new technologies provide great promise in modernizing finance, payments, and identity management in tandem. But related regulatory compliance is in equal need of modernization. Traditional legal compliance relies on legacy banking infrastructure. Its growth has forced the sector into a false binary choice: provide incentives for universal access or protect financial system integrity with exclusionary compliance controls. This choice has disproportionately impacted those who are in most need of essential financial services, such as low- or moderate-income families, and access to vital services, such as international remittances. The Covid-19 pandemic has reinforced the importance of such entry to small businesses reliant on support and financially underserved or excluded households looking for relief.

Innovation in Governance, Compliance, and Regulation

Since 2019, Sovrin has hosted the Compliance and Payments Task Force (CPTF), an open group of traditional bank and non-bank financial institutions, regulators, policymakers, technologists, ethicists, and legal experts. The CPTF has developed and promoted the Rulebook, an innovative best practices framework that extends traditional banking compliance and payments guidance to emerging fintech and VASP processes.

The Rulebook serves to ensure essential global banking compliance while accommodating fintech’s seamless experience and smooth flow of funds for members and reinforcing the application and intersection with traditional banking rails. The Rulebook defines technical standards for end-to-end transaction flows and service-level agreements between parties to reflect the operational realities of an increasingly decentralized and cross-border financial system.

As part and parcel of regulatory compliance to expand the operational focus of the CPTF to serve the Identity for All mission and advance inclusion, the Group has reimagined into the Compliance and Inclusive Finance Working Group (CIFWG). The CIFWG builds on the tactical efforts of the CPTF, with a robust and ambitious mandate: promoting financial inclusion as a critical enabler. CIFWG will monitor the challenges faced by the financially excluded and underserved, focusing on how economic and regulatory technologies, supported by self-sovereign identity (SSI), can bridge the gap between traditional banking compliance and the associative risks injected by innovation.

With the Rulebook as an anchor framework, the Group will facilitate the advancement of financial inclusion and a modernized application of established global banking requirements and the attendant and necessary FCC protocols. CIFWG is also engaging with other international organizations, initiatives, and regulatory-led groups that advance financial inclusion and modern regulatory compliance solutions. Its ultimate goal is to promote access to traditional and non-traditional financial services and highlight the resulting benefits of building economic resilience and prosperity.

CIFWG believes that SSI is a powerful enabler for security, compliance, and inclusion . “Our bedrock approach recognizes that any institution today can be a financial services provider; our job is enabling their full participation in the global banking system,” says Amit Sharma, CIFWG Chair. “Digital finance is not new, although the cryptographic creation and representation of value show promising applications to democratize finance truly. Innovative and modern FCC approaches must meet market innovation. We encourage all who are interested in joining us in the CIFWG to help facilitate a pathway to a more sustainable economic future for all.”

For more details about the Working Group and instructions on how to join, please see the Compliance and Inclusive Finance webpage or contact cifwg@sovrin.org.

Originally published at https://sovrin.org on February 9, 2021.


MyData

Towards interconnected and human-centric data intermediaries

  MyData Global response to Data Governance Act, Feb 8th 2021 We congratulate the European Commission teams who have been working hard on the Data Governance Act proposal. It is not an easy task to bring forward a groundbreaking regulation. We welcome the regulation as a needed common ground for clarifying the role of data... Read More The post Towards interconnected and human-centric

  MyData Global response to Data Governance Act, Feb 8th 2021 We congratulate the European Commission teams who have been working hard on the Data Governance Act proposal. It is not an easy task to bring forward a groundbreaking regulation. We welcome the regulation as a needed common ground for clarifying the role of data...

Read More

The post Towards interconnected and human-centric data intermediaries appeared first on MyData.org.


WomenInIdentity

Member Interview with Megan McIver

What do you do and what is it about your job that gets you out of bed in the morning? At Equifax, I work with governments across Canada to help… The post Member Interview with Megan McIver appeared first on Women in Identity.
What do you do and what is it about your job that gets you out of bed in the morning?

At Equifax, I work with governments across Canada to help them utilize data, insights and analytics to make policy decisions more data driven. We also have fraud and authentication solutions that tend to work well for government departments administering social assistance programs. We are a member of DIACC and I am a Co-Chair of the Outreach Committee this year. We’re focused on getting lots of identity content out, on topics that might need more explaining like facial recognition technology, for example. It gets me out of bed in the morning because I enjoy the people I am working with and these are problems I really enjoy solving.

How did you get to where you are today?

That is a long story. My Dad was (and still is) the Mayor of the small town I grew up in, so I quite literally grew up in politics. In university, my desire to understand how governments worked was strong so I started doing internships. I got hired at Queen’s Park as my first job out of university and ended up in the Ministry of Finance. That led me to the financial services sector where I first got introduced to the world of identity and authentication as more transactions started happening online.

What is the most important lesson you have learned along the way?

My degree is in Environmental Policy so I always felt like I didn’t belong in financial services or technology. The most important lesson I have learned along the way is that hard work and a strong willingness to learn and execute is just as important as credentials. Work hard, have a growth mindset, and don’t be intimidated.

What’s your pitch to CEOs in the identity space? What do you suggest they START /STOP / CONTINUE doing and why?

There are a lot of solutions out there today and the sector is evolving so fast. What we are starting to do really well and need to continue to do is collaborate. I have been part of many co-pitches now
and it is really fun.

What we need to start to focus on more is how do we better reach the general public and build trust? That’s not any one person or organization’s role, but it is a focus of the DIACC outreach committee because we believe that education will help adoption.

Communication is so important, and one thing I think we should stop doing is speaking too technically about product benefits and features. Let’s talk instead about values and solving customers problems. Identity solves so many customer problems and it will help people and organizations connect the dots.

In one sentence, why does diversity matter to you?

We need different perspectives around the table in order to make informed decisions.

What book/film/piece of art would you recommend to your fellow members?

I recently read The Choice by Dr. Edith Eva Edger. She is a psychologist and one of the last remaining Holocaust survivors. It is one of those life changing books. Although the book is about struggle and suffering, it is an inspiration.

What advice would you give to the teenage ‘you’?

Don’t limit yourself to things that you know, accept failure as part of the skill development process.

Where can we find you on social media?

Twitter 

LinkedIn

The post Member Interview with Megan McIver appeared first on Women in Identity.


ID2020

Good Health Pass: A New Cross-Sector Initiative to Restore Global Travel and Restart the Global…

Good Health Pass: A New Cross-Sector Initiative to Restore Global Travel and Restart the Global Economy Today, ID2020 announced the launch of the Good Health Pass Collaborative along with more than 25 leading individual companies and organizations in the technology, health, and travel sectors — including the Airports Council International (ACI), Commons Project Foundation, COVID-19 Credentia
Good Health Pass: A New Cross-Sector Initiative to Restore Global Travel and Restart the Global Economy

Today, ID2020 announced the launch of the Good Health Pass Collaborative along with more than 25 leading individual companies and organizations in the technology, health, and travel sectors — including the Airports Council International (ACI), Commons Project Foundation, COVID-19 Credentials Initiative, Evernym, Hyperledger, IBM, International Chamber of Commerce (ICC), Linux Foundation Public Health, Lumedic, Mastercard, Trust Over IP Foundation, and others.

The Good Health Pass Collaborative is an open, inclusive, cross-sector initiative to create a blueprint for interoperable digital health pass systems that will help restore global travel and restart the global economy.

The COVID-19 pandemic has impacted every segment of the global economy, but none as profoundly as travel and tourism. Last year, airlines lost an estimated $118.5 billion USD with related impacts across the economy in excess of $2 trillion USD.

In conjunction with the announcement, the Collaborative also released its first white paper, entitled, Good Health Pass: A Safe Path to Global Reopening.

Collaboration Among a New Ecosystem of Players
“There’s one thing the world agrees on — we need to address the health concerns today to support a return to normalcy,” said Ajay Bhalla, President of Cyber & Intelligence at Mastercard. “Delivering a global, interoperable health pass system can only happen if we come together in a way that meets the needs of everyone involved. This Collaborative will be critical in helping to define how we connect the pieces that will bring travel back safely, spark job creation and jumpstart the world’s economic engine.”

Various efforts are currently underway to develop digital health credentials systems — both vaccination and test certificates — for international travel. Yet, despite this race to market, it is unlikely that a single solution will be implemented universally — or even across the entire travel industry. Thus, it is critical that solutions are designed from the onset to be interoperable — both with one another and across institutional and geographic borders.

The Good Health Pass Collaborative is not intended to supplant existing efforts but rather to help weave them together, fill gaps where they may exist, and facilitate collaboration among a new ecosystem of stakeholders, many of whom have never worked together before.

“Fragmentation is a risk we simply cannot ignore,” said ID2020 Executive Director Dakota Gruener. “To be valuable to users, credentials need to be accepted at check-in, upon arrival by border control agencies, and more. We can get there — even with multiple systems — as long as solutions adhere to open standards and participate in a common governance framework. But without these, fragmentation is inevitable, and travelers — and the economy — will continue to suffer needlessly as a result.”
Global Travel & Digital Health Credentials

COVID-19 test results are already required for entry at some airports and at international borders. But existing paper-based certificates are easy to lose, unnecessarily expose sensitive personal information, and are prone to fraud and counterfeiting.

By contrast, digital health credentials can be printed (e.g., as a QR code) or stored on an individual’s mobile phone. They enhance user privacy and “bind” an individual’s identity to their test result or vaccination certificate, thus enabling real-time, fraud-resistant digital verification.

“Our health data consists of the most sensitive personal information, deserving of the strongest privacy,” said Dr. Ann Cavoukian, Executive Director of the Global Privacy & Security By Design Centre. “Release of our health data must be under our personal control. The Good Health Pass does just that: With Privacy by Design embedded throughout, you control the release of your digital health data, and to whom; all de-identified and decentralized. Privacy and functionality: Win/Win!”

The World Health Organization recently convened the Smart Vaccination Certificate Consortium to establish standards for vaccination certificates, but no analogous effort currently exists for test certificates. Given that it is expected to take years for vaccines to be universally available globally, widespread testing will remain an essential public health tool — and one that must continue alongside vaccination to ensure a safe and equitable return to public life.

The Good Health Pass Collaborative has defined four primary requirements that digital health credential systems for international travel must satisfy:

Cross-border: Solutions must work at airports, airlines, ports-of-call, and borders worldwide and comply with international and local regulations. Cross-industry: Solutions will require the collaboration of the travel, health, governments, and technology sectors. Secure & privacy-protecting: Solutions will require the collaboration of the travel, health, governments, and technology sectors. Solutions must comply with all relevant security, privacy, and data protection regulations and must be able to bind the presenter of the credential to the credential itself at the required level of assurance. Frictionless: Solutions must seamlessly integrate into testing and travel processes, thus enhancing and streamlining the experience for individuals and airlines alike. Solutions must not add new material costs for travelers. Optimally, validation processes will be contactless to maintain or enhance hygiene.

The Collaborative welcomes the participation of policymakers and representatives of government agencies; companies in the health, technology, and travel sectors; and civil society organizations who share a commitment to safely restoring international travel and economic activity while simultaneously ensuring that equity, privacy, and other civil liberties are protected.

If you are interested in learning more, please visit the Good Health Pass website at goodhealthpass.org.

Endorsing Organizations Affinidi Airport Council International (ACI) Airside analizA AOKpass Bindle Systems BLOK Solutions CLEAR The Commons Project Foundation Covid Credential Initiative (CCI) Daon Everynym Global Privacy & Security by Design Centre Grameen Foundation Hyperledger IBM idRamp International Chamber of Commerce (ICC) iProov Linux Foundation Public Health Lumedic Mastercard MIT SafePaths National Aviation Services (NAS) Panta PathCheck Foundation Prescryptive Health SITA STChealth Trust Over IP Foundation ZAKA

Good Health Pass: A New Cross-Sector Initiative to Restore Global Travel and Restart the Global… was originally published in ID2020 on Medium, where people are continuing the conversation by highlighting and responding to this story.

Monday, 08. February 2021

Digital Scotland

Covid Vaccinations ‘Data Donor’ Program – A Proposal for the Scottish Government

A proposal to the Scottish Government for a Covid-19 'data donor' technology platform, delivering benefits of £800m a year and savings of £5.4bn to NHS Scotland. The post Covid Vaccinations ‘Data Donor’ Program – A Proposal for the Scottish Government appeared first on DigitalScot.net.

Working with partner digi.me, Digital Scotland is proposing a technology solution to enable a “data donor” program for Covid-19 vaccinations.

Importantly this is not a one-off point solution, an implementation of technology that will only serve this one purpose.

Rather it is a solution will leave behind an infrastructure that can be immediately used for future pandemics, and more generally will enable a patient centric evolution of health care and broader still, install the common data sharing foundations for Scotland’s entire digital economy.

Not only would Scotland be a world leader in health care, in the short-term regarding Covid and in the medium term more generally across all healthcare, but also in ensuring privacy, security and consent are at the heart of the patient experience, a principle that can then be extended to all citizen and business interactions.

The Scottish Council for Development and Industry identified that:

“The Scottish Government must invest in data, digital and technology in health and social care to help Scotland recover from Covid-19. Closing the data gap in the sector could be worth £800m a year and deliver savings of £5.4bn to NHS Scotland. SCD said better data would help to build resilience against future public health challenges, which in turn will drive a healthy economy.”

Our solution provides a platform for achieving exactly this, both in terms of equipping Scotland with a powerful integrated data environment and also through a framework where developers can further build on this with other apps for a myriad of other use cases. It could be tied in with the vaccination scheduling system as an immediate step for example.

Mark Logans Ecosystem Review provides an overall commercial context, with this platform acting to bring together multiple startups in collaboration around a common societal and government need, one of immediate benefit to Scotland and with an obviously large, global market.

Covid-19 Data Donor Platform

Covid vaccines are now being approved for mass use after a rapid, but comprehensive, trials regime. As they are administered to millions of individuals there is a need to ensure their full effectivity in the real world is understood. This requires Real World Evidence (RWE) from patients.

That evidence will need to include, at a minimum:

Vaccination status (Vaccine, date, article no., lot no., …) Current health status (Well, Covid, other illness) Medical records Individual consent

Within any nation capturing this information at scale and being able to link to individuals and gaining their consent – and doing so quickly – is virtually impossible with current systems.

Even if the information is readily available and linkable to an individual, the integration task would take months if not longer and, without the direct involvement of the individual, would fail to gain the consent required for access to this detailed information on an individual basis.

However, there is a solution in the developing arena of patient centricity, where all information is at the individual. Because with patient centricity the data is all held at the individual, integration becomes straightforward – one-to-one links to the individual and a single consent-based request to the individual, with many of these links already in place). Furthermore, consent is direct and understood by the individual – fostering trust in the data collection, and the results obtained (critical for continued adoption of the vaccines themselves).

Therefore it is recommended that RWE for Pharmacovigilance and post-market surveillance is undertaken using a patient-centric approach, and with the world leading patient-centricity “data facilitator” digi.me, which already has many of the interfaces required and has been approved for medical data processing and handling by the health services of the UK, Netherlands and Iceland, and which full meets all stringent data protection provisions such as GDPR, security and safety requirements (see Digi.me – Accreditations and standards). (Digi.me has also implemented US Epic, Cerner, CDA and Blue Button interfaces.)

A system overview of this approach is as follows:

In this system diagram, digi.me already includes Self-Assessments capability, wearables and medical records integration and the full consent API/SDKs. To create a data donor program, three further elements are required:

Integration of vaccine data (if not available via medical records). This is straightforward and can be one or more of the following: Implementation of an API to national/local vaccination records system Direct scan of vaccination certificate/card or scan of QR code if on certificate/card such as UK card below:

Secure Anonymised Data Repository Digi.me is already integrated with a secure SAAS data handling system created by partner DTACT. This system can be run over any cloud repository such as Azure, AWS or other national specific cloud repository. (Note: the capability exists for anonymous data donors to be contacted, anonymously, to provide extra data or to contact directly for clarification – this would use a messaging component based on the anonymous ID sent by digi.me with the individual’s data. Only if the individual responds to such a message request would they disclose their identity (if required). Data donor web site This would be publicised digitally and physically with posters

The site would have relevant information explaining use of data – and detailed anonymised sharing. Should the individual elect to become a data donor, they would be presented with a digi.me Consent Certificate (existing capability) and guided through the set-up process. Presuming Consent is given data sharing would then occur automatically each day. And the individual has full control to cease being a data donor (and where provided request deletion of data in accordance with GDPR rules).

Video demo:

The post Covid Vaccinations ‘Data Donor’ Program – A Proposal for the Scottish Government appeared first on DigitalScot.net.


Glasgow Talks – Mark Logan, author of the Scottish Technology Ecosystem Review

A summary of the Glasgow Chambers talk with Mark Logan, discussing his technology ecosystem review commissioned by Kate Forbes. The post Glasgow Talks – Mark Logan, author of the Scottish Technology Ecosystem Review appeared first on DigitalScot.net.

In this video author and tech entrepreneur Mark Logan is invited by Glasgow Talks to provide the audience an overview of his recommendations to the Scottish Government to stimulate and accelerate the maturity of Scotland’s Technology Ecosystem, with a focus on education, infrastructure and funding.

Commissioned by Kate Forbes, Mark Logan former COO for Skyscanner, has published a report identifying how Scotland might accelerate growth of its tech ecosystem. Mark joins the Glasgow Chamber of Commerce to share his thoughts on the strategy.

What is a technology ecosystem?

Before summarizing the video, let’s talk about what is technology ecosystem and what does it do?

The term “ecosystem” was first used by British ecologist Arthur Tansley back in 1935 to describe the relationship between organisms and their environment.

Fifty-eight years later, business strategist James F. Moore co-opted the word in the Harvard Business Review article to describe the interconnected business world. Moore suggested that companies weren’t members of a single industry, but rather part of a business ecosystem.

Ecosystems now include communities that use shared, scalable resources to pursue challenging objectives and common interests. Ecosystems are about dynamic interactions between people, software, data, systems and services.

Video Summary

The First Minister announced that the people of Scotland must keep pace with digital innovation and by doing so they can help boost economic growth, drive innovation and protect businesses against any future crisis.

With over 25 years experience, Mark is focused on helping to nurture the start-up community in Scotland and the UK as an investor, non-executive director and advisor. Mark is also a Professor in the School of Computing Science at University of Glasgow.

He undertook a review of the Scottish tech sector and delivered a blueprint to raise it to world-class status. The people of Scotland are now working to take forward his ambitious recommendations including the establishment of a national network of hubs for tech startups offering world-class training program, intensive monitoring and access to funding opportunities.

The tech ecosystem has inputs and outputs. The inputs are people, infrastructure, education and funding. The outputs are a stream of business and scaled tech business. To increase the rate of startups we can consider that inside the ecosystem box there is a distinct life-cycle of growth, there are pre-startups, startups, small scale ups and large scale ups.

There is an opportunity gap within this ecosystem box. The report is trying to identify the interventions and to support the inner lines to move forward towards the outer maturity. An ecosystem of a country reaches its tipping point where there’s sufficient critical mass of startups and scale ups that certain virtuous network effects start to operate.

There are three main drivers of this. The first one is attracting talent from outside the ecosystem, second creation of opportunities for them and the by-product is more commercial people. After the tipping point there is investment of money and expertise. The government of Scotland is very close to the tipping point as he sees more talent and ambition in the ecosystem.

Education

Currently Finland has the most high-tech ecosystem in the world, having been an early adopter of a technology ecosystem approach. In his report he has drawn out three foundations of technology ecosystem success, namely talent, education infrastructure and funding.

By increasing the supply of engineers and by creating potential tech entrepreneurs, the growth of tech ecosystem is accelerated. The education infrastructure relates to two core foundations – One is physical infrastructure and the other is social infrastructure. In the report he explains this through a definition of a market square, a place where people come together in different forums small and large and learn from each other and learn internationally and build a sense of community and identity and ability to find each other.

Funding covers different types of investment through different stages of requirements of a company’s growth. He has made 34 recommendations in his report to build these foundations of a tech ecosystem. Some of these recommendations have huge long-term leverage value.

Another key recommendation is to expand the involvement of children in Computer Science from an early age, so that they can be the potential future tech entrepreneurs. This is like planting the seeds for future growth, and Computer Science should be treated in education the same way that math and physics is treated for the growth of tech ecosystem.

It will take some time to teach students Computer Science at initial level and to increase the number of CS teachers at schools. Upscaling and reskilling of the teachers is also essential because CS changes rapidly. Inviting industry people to teach the classes, making room for programming projects and changing the syllabus will contribute to the growth of tech-ecosystem.

Incubators and Accelerators

Incubator and accelerator are the two terms that people have heard of most for startups. An incubator gives indefinite tenure subject to certain criteria and creates like a market square environment where people can learn from each other.

Accelerators tend to be different they tend to be relatively short-lived programs for like 12 weeks to 16 weeks and these tend to have an education element which shares lessons and success stories so.

The primary issue is that the government can do a better job of creating credible high-growth startups that can convince people that Scotland can repeatedly grow global scale up level businesses, and the challenge of education infrastructure, and availability of funding is essential for all stages of the startup life-cycle.

Video Timeline

0:00 Intro
7:00 What is Technology Ecosystem?
15:25 Three Foundations of Technology Ecosystem
29:15 Tech Scaler Network
40:40 Q&A Session

The post Glasgow Talks – Mark Logan, author of the Scottish Technology Ecosystem Review appeared first on DigitalScot.net.

Saturday, 06. February 2021

OpenID

Ministry of Economy, Trade and Industry and OpenID Foundation in Liaison Agreement on eKYC & IDA for Legal Entities

The OpenID Foundation (OIDF), the international standards development organization which maintains the OpenID Connect for Identity Assurance (OIDC4IDA) standard, and the Japanese Government’s Ministry of Economy, Trade and Industry (METI) have signed a liaison agreement to work together. Under the agreement, METI will lead policy efforts to implement identity assurance frameworks for legal entitie

The OpenID Foundation (OIDF), the international standards development organization which maintains the OpenID Connect for Identity Assurance (OIDC4IDA) standard, and the Japanese Government’s Ministry of Economy, Trade and Industry (METI) have signed a liaison agreement to work together.

Under the agreement, METI will lead policy efforts to implement identity assurance frameworks for legal entities in Japanese Government and private sector while the OIDF’s eKYC & Identity Assurance (eKYC & IDA) Working Group continues to advance the technical standards that enable many digital identity solutions. The agreement:

Provides a mechanism to collaborate “about Authentication and Identity Assurance for Legal Entity”, mutually approved white papers, workshops ,podcasts  and other outreach activities; Allows participation of each party’s staff and members in the other party’s meetings, as mutually agreed; Provides for direct  communications to communicate (without obligation and only to the extent each party chooses) about new work and upcoming meetings;  Supports common goals, including where appropriate and mutually agreed, to Specifications of Authentication and Identity Assurance for Legal Entity. 

METI’s digital identity platform for legal entities, ‘gBizID’, facilitates digital transformations in both the government and private sectors by providing verified identities to relying parties to secure online transactions.

The OpenID Foundation’s Working Groups are distinguished by identity domain experts,  security architects, developers representing the interests of a broad range of communities and companies. They have a history of success developing open standards that enable customers to safely interact in digital channels. The OIDF’s eKYC & IDA Working Group has collaborated to produce the OpenID Connect for Identity Assurance, which is an integrated set of schemas, security and privacy recommendations and protocols which enable parties to safely transfer verified claims to verify identities online.

The OIDC4IDA will be the starting point for the government and private sectors in Japanese markets seeking to reduce complexity, risk and engineering costs. The goal is to make it easier for firms to connect and test their APIs. METI’s experience and expertise on the identity assurance for legal entities will help those who design and deploy governance models for digital identity systems at scale worldwide.

 

About Ministry of Economy, Trade and Industry (METI)

METI is a part of Japanese Government to develop Japan’s economy and industry by focusing on promoting economic vitality in private companies and smoothly advancing external economic relationships, and to secure stable and efficient supply of energy and mineral resources. https://www.meti.go.jp/english/index.html

For more information on METI contact Tatsuya Hayashi, hayashi-tatsuya1@meti.go.jp

 

About OpenID Foundation (OIDF)

The OpenID Foundation promotes, protects and nurtures the OpenID community and technologies. It is a non-profit international standardization organization of individuals and companies committed to enabling, promoting and protecting OpenID technologies. Formed in June 2007, the foundation serves as a public trust organization representing the open community of developers, vendors, and users. The OIDF assists the community by providing needed infrastructure and help in promoting and supporting expanded adoption of OpenID. This entails managing intellectual property and brand marks as well as fostering viral growth and global participation in the proliferation of OpenID. https://www.openid.net

For more information on OIDF contact Don Thibeau at director@oidf.org
For more information on OIDF’s eKYC & IDA Working Group contact Naohiro Fujie at naohiro.fujie@eidentity.jp or Mark Haine at mark@considrd.consulting

The post Ministry of Economy, Trade and Industry and OpenID Foundation in Liaison Agreement on eKYC & IDA for Legal Entities first appeared on OpenID.

Friday, 05. February 2021

Good ID

Identity, Authentication and the Road Ahead: Virtual Policy Forum Day 2

Team FIDO Alliance The second and final day of the Identity, Authentication and the Road Ahead: Virtual Policy Forum event on Feb. 5 brought together government officials, tech experts and […] The post Identity, Authentication and the Road Ahead: Virtual Policy Forum Day 2 appeared first on FIDO Alliance.

Team FIDO Alliance

The second and final day of the Identity, Authentication and the Road Ahead: Virtual Policy Forum event on Feb. 5 brought together government officials, tech experts and policy advocates in a packed agenda.

The two-day event was hosted by the FIDO Alliance together with the Better Identity Coalition and the ID Theft Resource Center (ITRC) and had over 1,000 registered attendees. The first day of the event saw sessions that outlined the clear and present need for the government and industry to make identity and strong authentication systems more pervasive, to help protect and serve individuals and businesses alike. The second day in contrast had a strong focus on the need for strong authentication and was highlighted by an expert panel that explained how FIDO authentication was able to help secure the 2020 U.S. election.

The day’s event kicked off with a keynote from Congressman John Katko (R-NY) who emphasized the critical need for secure digital identity.

“Our homeland security, national security, economic security and way of life are threatened in unprecedented ways by highly sophisticated adversaries and simply being vigilant is no longer enough,” Katko (pictured) said. “Today’s threat environment demands a posture of unwavering resilience. This is particularly true for ensuring the sanctity and resilience of our digital identities.”

How FIDO Helped to Secure the 2020 Election

The resilience of digital identity and strong authentication was called into question during the 2016 election cycle when hackers were able to infiltrate the email accounts of Democratic party staffers, notably the attack of Clinton campaign chair John Podesta’s gmail account.

The same type of event didn’t re-occur during the 2020 election cycle, in part thanks to FIDO standards and a concerted effort to make sure that both Democratic and Republican party officials had access to strong authentication. In a panel during the event, Michael Kaiser, President and CEO of Defending Digital Campaigns (pictured) explained that his organization was created to help solve the challenge of political campaigns not having the right cybersecurity resources to defend themselves. As companies cannot directly donate to campaigns, Defending Digital Campaigns was formed to act as an intermediary, that enables political campaigns to get cybersecurity services including FIDO based strong authentication resources, for free or low cost.

Kaiser explained that political campaigns are not like a typical organization in that they are short lived and don’t have long term thinking about a security maturity model. Despite that, political campaigns need to be protected as they sit on incredibly valuable and important information.

“I think we gave away more than 10,000 security keys in the political sector in the 2020 cycle,” Kaiser said. “That’s a lot of people and a lot of accounts as we gave away more than $1 million worth of products to 183 campaigns.”

Bob Lord (pictured), chief security officer of the Democratic National Committee (DNC) noted that after the events of the 2016 election, security was clearly under the microscope.

“Security is a real challenge and everybody really understands the importance of it, but the dollar figures really can get in the way,” Lord said. “Making sure that there was a reliable source for things like security keys was really instrumental in moving forward.”

Within the DNC and across campaigns, Lord and his team strictly implemented the use of FIDO based security keys to provide strong authentication capabilities and limit the risk of potential phishing attacks. 

“Today 100% of the people at the DNC who need to get access to their email and  access to their documents, they’re all using security keys – no exceptions, no executive privilege to opt out of this,” Lord said.

The DNC also benefited from Google’s Advanced Protection Program (APP) which provides additional levels of protection and assurance beyond what a basic gmail account enables. 

“We’re big supporters and real big believers in the combination of FIDO security keys and the APP,” Lord said.

Why DNC Believes in FIDO

Lord noted that there are a number of reasons why he is a big supporter of FIDO standards. For one is the fact that FIDO standards are built into the Google Chrome browser. Lord explained that the DNC was pushing the use of Chromebooks to campaigns and the integrated FIDO capabilities made it easier to deploy strong authentication.

While there are multiple types of two-factor authentication available in the market, for Lord there are really only two categories.

“I think there are really two kinds of multi-factor that are available in the consumer space – I think there are FIDO security keys and then there’s everything else,” Lord stated emphatically. “When I refer to everything else, I refer to those other multi-factors systems as legacy and I do that because I want people to get the mental model that this is something to be contained, minimized and eventually moved out.”

Lord observed that other multi-factor approaches, while better than not using multi-factor at all, have shown weaknesses, which is why in his view as an industry it’s important to really be pushing people pretty aggressively to move down the path of FIDO strong authentication adoption.

While Lord is an advocate for adopting FIDO based strong authentication with security keys, he also noted that there were some usability challenges his team had to work through as well training that was needed to educate and onboard users. The learning from the DNC’s efforts are all now being publicly shared by Lord’s team at https://democrats.org/security/.

“It’s a non-partisan thing so there’s nothing red or blue about these best practices, but you’ll see in there that we really push pretty hard on security keys and the APP in particular,” he said.

Mark Risher, Senior Director of Security and Identity at Google (pictured) emphasized during the panel that in general adding a second factor does still objectively decrease the chances of a user becoming the victim of a phishing attack. That said, he noted that for an attacker, phishing a password, or just phishing a password plus a One Time Password (OTP) PIN code basically just  requires basically one more line of code for an attacker.

“It does not require the funding of the nation state,” Rischer said about the ability to bypass OTP for phishing attacks. “So we need to get the world to understand the distinction, and to move into and start requiring these much more stringent hardware based strong authentication technologies and standards.”

How FIDO is Moving Forward to Enable Digital Transformation

The afternoon keynote at the event was delivered by Andrew Shikiar (pictured) the Executive Director of the FIDO Alliance. Shikiar noted that passwordless authentication is an important cornerstone for digital transformation.

“The security and authentication aspects of digital transformation came to the fore as everything was accelerated due to the pandemic,” Shikiar said.

Shikiar noted that social engineering had kind of a renaissance in 2020 as phishing continued to be successful.

“Simply put, the only way to break this cycle is to eliminate our dependence on server side credentials and password,” Shikiar said. “Anything on a server can and will eventually be stolen so they’re easy to phish, harvest and replay.”

The need to create stronger authentication is why FIDO was born. Shikiar explained that the FIDO Alliance’s mission is to create open standards for simpler, stronger authentication with public key cryptography and asymmetric public key cryptography, which is something that the average consumer should never have to pronounce, let alone know what it means.

Shikiar also outlined some of the FIDO Alliance’s highlights from 2020 including Apple joining the group. He added that Apple joining served as a powerful signal to the industry that really everyone is coalescing around the FIDO Alliance as the organization to collaborate on the standards based user friendly and strong authentication. Another key highlight from 2020 for FIDO was the level of support across operating system and browser combinations with different transport mechanisms for the authenticator. 

“Over 4 billion devices can support FIDO authentication,” Shikiar said. “So in short, you know, we think FIDO is becoming part of the DNA of the web itself, which is a pretty audacious thing.”

“To summarize, FIDO is very much the present and the future of user authentication.”

The Solarwind #Solorigate Attack as an Identity Authentication Issue

A key topic that resonated throughout the second day of the policy forum was the impact of the recent Solarwinds attack which is also commonly referred to as Solorigate.

During a panel about what policies the Biden Administration should consider with regards to Identity, John Miller Senior Vice President of Policy and Senior Counsel at ITI, commented that the Solarwinds attack has been accurately described as a software supply chain attack but it really is also fairly characterized as an identity attack.

“Characterizing Solarwinds as an identity attack presents an opportunity to remind policy makers of how fundamental identity is to not only what we’re doing online as consumers but to, but an enterprise environment,” Miller said.

In the final keynote of the event, Alex Weinert (pictured) Partner Director of Identity Security, at Microsoft, outlined the gory authentication and identity details behind the Solorigate incident and why zero trust principles would help to mitigate many risks.

Weinert noted that the Solorigate attack was a fundamental attack on trust. He also emphasized the clear role that authentication played in the attacks and the need to move to strong authentication.

“What are we doing to encourage explicitly verifiable credentials, we all know passwords are crap, we know they’re incredibly vulnerable,” Weinert said. “Are we doing enough as an industry to push for the end of passwords?”

Today’s sessions (February 5) have been recorded and will be available soon.

The post Identity, Authentication and the Road Ahead: Virtual Policy Forum Day 2 appeared first on FIDO Alliance.


CU Ledger

Credit Union Financial Exchange (CUFX) to be acquired by CULedger

MADISON, Wis., and WASHINGTON 02/04/21 – CUNA announced today a transfer of Credit Union Financial Exchange (CUFX) to CULedger. “CUFX is the result of a grass-roots initiative,” said Chris Seneda, past CUNA Technology Council chair, CUFX steering committee member, and executive vice president and chief operations officer at Virginia CU. “It started with senior IT [...] The post Credit Union Fina

MADISON, Wis., and WASHINGTON 02/04/21 – CUNA announced today a transfer of Credit Union Financial Exchange (CUFX) to CULedger.

“CUFX is the result of a grass-roots initiative,” said Chris Seneda, past CUNA Technology Council chair, CUFX steering committee member, and executive vice president and chief operations officer at Virginia CU. “It started with senior IT credit union executives who recognized a need for credit unions as they were trying to get their different systems to work together. The CUNA Technology Council leadership was instrumental in helping to get CUFX off the ground and continued to provide resources as it progressed into its position today. With the transition to CULedger, CUFX will get added support and continue to work with its users and CUNA Technology Council volunteers to assist with future improvements.”

CUFX continues to thrive and meet the necessities of its credit union users. The latest update, which went live this past fall, included the advancement to support non-unique account ID architectures. This newest advancement was driven and reviewed by three core system providers currently implementing CUFX.

“Since its inception, CUFX has been evolving to meet the needs of credit unions,” said David Rohn, vice president of CUNA Councils.

With its transition to CULedger and continued connection to credit union technology experts, we’re confident that this solution will continue to evolve, expand and assist credit unions.”

CULedger delivers a trusted peer-to-peer services network of verifiable exchange for financial cooperatives. Its solutions include MemberPass, a digital ID held by credit union members that protects credit unions and their members from identity theft and fraud in all banking interactions.

“CULedger is proud to incorporate CUFX into our product offerings for credit unions,” said John Ainsworth, President, and CEO of CULedger. “This solution is already being utilized with other solutions within our portfolio, so we understand its value and support its continued advancements.”

###

About CUNA

Credit Union National Association (CUNA) is the only national association that advocates on behalf of all of America’s credit unions, which are owned by 120 million consumer members. CUNA, along with its network of affiliated state credit union leagues, delivers unwavering advocacy, continuous professional growth, and operational confidence to protect the best interests of all credit unions. For more information about CUNA, visit cuna.org. To find your nearest credit union, visit YourMoneyFurther.com.

About CUNA Councils
CUNA Councils is a member-led, collaborative community of credit union leaders providing vibrant peer interaction, new ideas, and innovation to foster professional development for our members while advocating for the overall success of the credit union movement. There are eight CUNA Councils with a network of more than 7,000 credit union professionals. For more information, visit cunacouncils.org

About CULedger

Denver-based CULedger is a credit union-owned CUSO delivering the world’s premier digital network of one-to-one financial exchange for financial cooperatives. In working through a national consortium made up of credit unions and trusted industry investors, CULedger has pioneered new developments related to global self-sovereign digital identity that will further enhance the trust credit unions have with their members. CULedger provides advantages to credit unions and their members by reducing risks associated with cybersecurity and fraud, improving member experience, streamlining internal processes, and reducing administrative and operational costs. To learn more about CULedger, visit www.culedger.com.

The post Credit Union Financial Exchange (CUFX) to be acquired by CULedger appeared first on CULedger.


Lissi

The Lissi Wallet is now available in 12 languages!

About the Lissi wallet The Lissi wallet is a simple but powerful tool to manage digital interactions. It can be used to establish connections to third parties and to exchange information. You can find a more detailed explanation here or on our website. It’s currently available as an open beta version for iOS and Android. The importance of multi language support Within the identit
About the Lissi wallet

The Lissi wallet is a simple but powerful tool to manage digital interactions. It can be used to establish connections to third parties and to exchange information. You can find a more detailed explanation here or on our website. It’s currently available as an open beta version for iOS and Android.

The importance of multi language support

Within the identity community, we spend considerable time to ensure interoperability between different solutions. We engage in conversations in a variety of standardization bodies to enable a seamless user experience on a global scale. Frankly speaking, we are not there just yet. But we are on a good way to enable access to the services regardless of where an entity is based or which social background an individual has. While regulation as well as technical and educational hurdles remain, it’s crucial to increase the accessibility of products to different cultures and languages.

We have already received feedback from multiple stakeholders from the public and private sector saying that multi-language support is essential for the execution of various use cases. There are several nations, which have multiple official languages. If our end-user facing products are not available in the most common languages, it creates entry barriers so big that not even a piloting of these use cases would make sense. Hence, we took note and worked hard to ensure the Lissi wallet is available in the languages of communities, which currently explore the self-sovereign identity concept.

The Lissi wallet now supports the following languages:

Arabic English French German Italian Korean Polish Portuguese Russian Romanian Spanish, and Turkish. Challenges remain

When designing a wallet, the language is only a small part of the whole user experience. The task is to design a universal cockpit, which people can navigate regardless of their social background. Similar to a dashboard in a car, which doesn’t look too different wherever you go. In order to achieve this, we have to standardize the icons, colours and user-flows to a certain degree. However, on the other hand, they need to be adjusted to the target audience. Let’s take the colour red as an example. In western cultures, red is associated with excitement, danger, urgency and love, whereas the same colour evokes danger and caution in the middle-east. In India, it’s associated with purity, while in China it symbolizes luck and happiness. Finding the right balance between standardization and necessary adjustments for the target audience will require knowledge about the cultural differences, feedback and time. When it comes to language it creates its own set of difficulties. Differences can be observed in the usage of genders, the left-to-right or right-to-left reading, the information density or the usage of tenses, just to name a few. Furthermore, there isn’t a common terminology used within the community, which makes a translation into different languages even more challenging.

Hence, our translation won’t be perfect. While we worked with native speakers, the context is often difficult to explain without demonstrating the user-flow and an actual use-case. Languages also change depending on the use-case or the subject in question. Nevertheless, we are looking forward to making the Lissi wallet even more accessible by adding additional languages and improving our current translation with your feedback. What language would you like to have us support next? We are always looking for translators for additional languages, so reach out to us to get our winter 2021 edition of Lissi Merchandise!

Cheers. The Lissi team.


Good ID

Identity, Authentication and the Road Ahead: Virtual Policy Forum Day 1

Team FIDO Alliance The intersection of identity and authentication and how it can help to improve business as well as people’s lives was a core topic of conversation on the […] The post Identity, Authentication and the Road Ahead: Virtual Policy Forum Day 1 appeared first on FIDO Alliance.

Team FIDO Alliance

The intersection of identity and authentication and how it can help to improve business as well as people’s lives was a core topic of conversation on the first day of the Identity, Authentication and the Road Ahead: Virtual Policy Forum event on Feb. 4.

The FIDO Alliance joined together with Better Identity Coalition and the ID Theft Resource Center (ITRC)  to host the two day event running on Feb. 4-5, which has over 1,000 registered attendees who are gathering to learn more and discuss the current and future state of identity and authentication. The first day of the event had a strong focus on things the U.S. can and is doing to help improve the state identity, while recognizing the many challenges on the road ahead.

Identity is a National Security Issue

In the opening keynote, Michael Mosier (pictured), Deputy Director & Digital Innovation Officer at the U.S. Treasury departments Financial Crimes Enforcement Network (FinCEN), outlined what’s at stake when it comes to digital identity.

“I view identity as a national security issue, and it will take the intellectual power and creativity of all of us to figure out how to secure identities and keep people from harm,”  Mosier said.

Mosier emphasized that digital identity solutions are a key factor to help prevent fraud and financial crime. He added that in order to get payments right, there is a clear need to first get identities done right. The right way in his view, is an approach that preserves privacy while ensuring integrity in the system.

“The ability to detect and address risks is only as good as the ability to determine with whom you’re engaging,” Mosier said. “So the real question for identity related risk is, do you have the information necessary to reliably assess the risk of your counterpart or your customer.”

A key challenge FinCen is seeing is at the account opening stage, with identity proofing and verification. A July 2020 advisory from FinCen highlighted the issue reporting that criminals are undermining identity verification processes, through identity theft and synthetic identity fraud.

“We’re seeing a lot of identity authentication compromise, leading to account takeovers, as  a lack of multifactor and multi step authentication is too prevalent across the financial sector,” Mosier said. 

The costs of those takeovers is far from trivial. FinCEN is seeing around 5,000 account takeover reports each month, reaching approximately $400 million per month over the last two months.

“The bottom line is that many account takeovers and fraud are occurring because of failures to enforce stronger levels of assurance and identity verification in authentication processes,” Mosier said.

Phishing is Top Source of Identity Theft and Cybercrime

The Identity Theft Resource Center (ITRC) is seeing the same trends as FinCEN with phishing and credential theft being the leading source of identity theft, according to the groups recent release 2020 Data Breach Report. In a keynote session, Eva Velasquez, President and CEO and James Lee, Chief Operating Officer (pictured) of the  ITRC outlined the high level findings of the report and its impact.

“Credentials are the coin of the realm today, as opposed to what we have traditionally thought of as being the kind of information that threat actors wanted to collect.” Lee said.

While other failures and vulnerabilities including unpatched software can and do lead to data breaches, Lee emphasized that the majority of the root causes of cyberattacks rely primarily on user logins and passwords

How the Pandemic has Accelerated the Need for Strong Authentication

With tens of millions of Americans looking to the U.S. government for help during the pandemic, there has been a clear need for strong authentication and identity technology.

During a panel, Sanjay Gupta, chief technology officer for the US Small Business Administration (SBA) noted that the SBA has been able to ramp up during the pandemic thanks in part to the deployment of a strong authentication based single sign on technology that makes use of FIDO Alliance standards. The SBA uses the login.gov platform from the U.S Government’s General Service Administration (GSA).

In a keynote session, Congressman Bill Foster (D-IL) (pictured) stated that the COVID crisis has laid bare many of the inadequacies of the identity system in the U.S.

Just to pick one example, Foster noted that over a million stimulus checks were sent to dead people and for millions of others, the stimulus checks were delayed because of challenges in verifying who is eligible based on where they live. While there are challenges, Foster noted that there has also been a lot of relevant technological progress, independent of government action. 

“The use of a secure enclave on a modern cell phone as a FIDO second factor device is a huge step forward,” Foster said.  “The increasing use of privacy preserving biometric sensors on smartphones as a means of providing digital online authentication for human identity is going to be transformative.”

In a panel following the keynote on where the government can help with identity and authentication, Paul Rosenzweig, Resident Senior Fellow, Cybersecurity and Emerging Threat at the R Street Institute commented that good identity is clearly one of those common public goods that economic theory teaches us, is best provided at a governmental level. That’s an idea that panelist Phil Lam (pictured), Executive Director of Identity for the U.S. General Services Administration (GSA) agreed with.

“I think that we as a government are providing a lot of benefits to Americans today and in order to facilitate providing that benefit, we kind of need to know who you are and  are you eligible for a benefit,” Lam said. 

Lam re-iterated that the FIDO-enabled login.gov portal is a critical part of the U.S. government’s authentication strategy and now serves over 25 million users.

The final panel of the day tackled the socially important topic of equity and inclusion when it comes to identity and the individual. Among the panelists was Reverend Ben Roberts (pictured) who runs the ID Ministry, which is an effort to help the underprivileged get their identity so they can qualify for government assistance or even just to get a bank account.

Roberts detailed a number of heart-breaking cases of individuals that have had extreme challenges in getting some form of verified identity. He had a strong message for government policy makers and technology developers alike for how to enable strong authentication and identity systems.

“As we’re bringing things online and as new policies and new systems come into play, really do your level best to ensure that people are not getting left behind,” Roberts said.

Today’s sessions (February 4) have been recorded and can be found here. There’s still time to register for tomorrow’s sessions (February 5). Register here.

The post Identity, Authentication and the Road Ahead: Virtual Policy Forum Day 1 appeared first on FIDO Alliance.


decentralized-id.com

Twitter Collection – 2021-02-05

Decentralized Identity - Curated 2021-02-05

Own Your Data Weekly Digest

MyData Weekly Digest for February 5th, 2021

Read in this week's digest about: 17 posts, 4 questions, 4 Tools
Read in this week's digest about: 17 posts, 4 questions, 4 Tools

Thursday, 04. February 2021

Good ID

Deployments and Government Recognitions on the Rise in Asia: Updates from FIDO APAC Marketing Forum

Joon Hyuk Lee and Atsuhiro Tscuhiya, APAC Market Development Team The reason to put passwords in the rearview mirror is more evident than ever. Our recent survey on consumer behavior […] The post Deployments and Government Recognitions on the Rise in Asia: Updates from FIDO APAC Marketing Forum appeared first on FIDO Alliance.

Joon Hyuk Lee and Atsuhiro Tscuhiya, APAC Market Development Team

The reason to put passwords in the rearview mirror is more evident than ever. Our recent survey on consumer behavior says that 58% of abandoned online purchases are due to the difficulty of managing passwords. The Gartner Group’s research indicates that 20-25% of all helpdesk calls are password reset requests. The World Economic Forum (WEF) assessed that cybercrime costs the global economy $2.9 million every minute; about 80% of the attacks targeted passwords.

But the tide is turning. During our inaugural Authenticate conference, which took place in November 2020, Microsoft announced that they now have more than 150 million people are using their passwordless sign-in each month. That is a 50% increase from last year’s report at Microsoft Ignite back in November 2019.

We have all seen how the global pandemic has drastically accelerated the willingness of and the need for organizations to embrace passwordless FIDO Authentication. It is now a matter of how and with whom, instead of when.

Updates from APAC Marketing Forum

We are happy to share meaningful progress since the first FIDO AllianceAsia Pacific Marketing Forum (AMF) in July. Here are some updates from our members across the region:

Taiwan

Mentioned in our previous post was  the introduction of FIDO’s standards in official documents developed by Taiwan Association of Information and Communication Standards (TAICS) and SEMI (Semiconductor Equipment and Materials International) Taiwan, as well as FIDO’s logo on the app of Taiwan-Cathay United Bank.

Recently, the government of Taiwan has also adopted FIDO’s authentication method for the purpose of citizen’s tax filing, a government service that supports more than 200,000 users. 

India

FIDO2 is now accepted by the CCA (Controller of Certifying Authorities), under India Ministry of Electronics and Information Technology, as an alternative to SMS OTP.  The guidelines have been published on the CCA website (http://cca.gov.in/eSignAPI.html).

FIDO Alliance member Singular Key’s FIDO Certified authentication service is being used by ReBIT, the cybersecurity subsidiary of the Reserve Bank of India.

Additionally, a whitepaper on FIDO authentication for banking space has recently been submitted to ReBIT. Webinars designed to educate the public on FIDO’s standards are also in the works. These efforts will no doubt help to drive up FIDO awareness amongst the India population.

Hong Kong

In Hong Kong, the passion for horse racing continued even as people stayed home and betting branches closed because of the global pandemic.

For the first time ever, the Hong Kong Jockey Club (HKJC) kicked off the horse racing season with all-digital betting. Punters had to log on to HKJC’s mobile betting app, provided by FIDO Alliance member Tradelink.

The betting channels, which are secured by FIDO via biometric authentication on users’ mobile devices, provided a user-friendly and safe experience that helped to secure a record HK$1.376 billion turnover – 6.83% higher than the previous record set in the 2017/2018 season! This was made possible, despite the record low number of attendees at the races in year 2020.

Separately, the Hong Kong Special Administrative Region (HKSAR) government rolled out a new initiative powered by Tradelink’s FIDO Certified authentication – the “iAM Smart” initiative, which enables Hong Kong citizens to authenticate their identities using mobile devices for access to financial services. 

Malaysia

There is a clear transition towards a passwordless future in Malaysia.

The FIDO Certified authentication service from SecureMetric is recently being adopted by a number of public services in the country as part of the government’s Malaysia Cyber Security Strategy 2020-2024. This means that FIDO authentication will play a role in services such as Malaysia Central Bank’s (Bank Negara) Electronic Know Your Customer (eKYC), the Ministry of Science, Technology and Innovation (MOSTI) National Technology as well as Innovation Sandbox (NTIS) from the Ministry of Science.

Vietnam

In Vietnam, the shift away from passwords is accelerating. Currently, there are 32 licensed e-Wallet providers all vying to lead the charge to facilitate the country’s shift to a more cashless society. There is also a major focus on smart city, digital signatures and electronic ID developments.

Earlier this year, FIDO member VinCSS became the first company in the country to develop FIDO2 Certified authenticators. Since then, it has met the FIDO2 standard for the second time, announcing its achievement of FIDO2 Certification for its strong authentication server named VinCSS FIDO2 Server.

This achievement also means VinCSS is currently one of only 13 companies globally with a FIDO2 certified server that can accept any FIDO certified authenticator, irrespective of its manufacturer – an amazing feat!

Other Notable Updates in Asia

Additionally, Japan-based telecommunications operator KDDI recently deployed FIDO2 for its “au ID” and started FIDO authentication service. Instant messaging app LINE, introduced biometric authentication that utilizes FIDO standards for iPad users, eliminating the need to key in passwords. The FIDO Japan Working Group Chair was invited as an expert by the Japan Ministry of Internal Affairs and Communication on their discussions using My Number Card capabilities on smartphones.

Furthermore, in Korea, the Blue House, the executive office and official residence of the president of the Republic of Korea, deployed TrustKey’s login solution powered by FIDO’s standards for remote work and internal security access.

If you wish to take part in these exciting new initiatives, or have any inquiries, please do not hesitate to contact tsuchiya@fidoalliance.org.

By joining AMF, you will not only get to connect with key authentication players in APAC, but also gain benefits of participating in FIDO branded awareness and promotional activities together with global champions.

The post Deployments and Government Recognitions on the Rise in Asia: Updates from FIDO APAC Marketing Forum appeared first on FIDO Alliance.


Ceramic Network

Ceramic testnet and IDX to debut at EthDenver

Decentralized identity and data protocols from 3Box Labs await hackers at EthDenver, along with $10,000 in prizes.

The 3Box Labs team will be back to EthDenver this year, though a lot is different this time around. EthDenver is virtual for 2021, of course, but our team will be manning the digital booth and roaming the virtual halls to meet and mentor hackers. We love this community and can't wait to see you and your projects, whether that's in the Sports Castle or GamerJibe.

The tech we have for hackers has changed too. Last year at EthDenver, our CTO Joel huddled in a corner of the castle to build the first POC of Ceramic. Almost exactly a year later, Ceramic Network has just moved into beta on a live testnet. IDX, the open identity protocol built on Ceramic, is also in beta and ready for use. And 3Box is now 3Box Labs, with our full focus on bringing these protocols to builders across Web3.

Ceramic and IDX offer a massive improvement on previous 3Box products, and EthDenver hackers are the first to get a crack at the beta versions. To celebrate, we've got lots of content, tons of ideas, and nearly $10,000 in bounties up for grabs.

Workshops and Talks

We'll be all over the virtual stage over the next week talking about decentralized identity and data. (Add to your calendar from the full schedule).

Workshop: Using open identity with IDX
Saturday 2/6 at 9am MST/5pm CET

Tech Talk: Standards for encrypted and mutable data on IPFS
Sunday 2/7 at 11am MST/7pm CET

Evolution of Decentralized Identity: A history
Thursday 2/11 at 4pm MST, 12am CET

Identity Legos Panel: The composable Web3 identity stack
Thursday 2/11 at 4:30pm MST/12:30am CET

We'll also be on stage during bounty presentations and opening ceremonies to share more about our prizes and products, and we'll have an informal office hours at 10:30am MT each of Monday-Thursday for hackers who want to drop by with questions.

10,000 DAI in bounties

We've got a huge trove of bounties to celebrate the beta release of 2 protocols: Ceramic is a peer-to-peer dataweb for publishing, linking, and querying verifiable information on the open web.
IDX (identity index) is an open identity protocol built on Ceramic that makes it simple to store, use, and manage decentralized identities and data across any network, platform or application.

We've split the 10,000 DAI in rewards across 5 categories.

Best overall use of IDX (identity index): 3000 DAI across 4 winners Best overall use of Ceramic Network: 3000 DAI across 4 winners Best new tools for Ceramic Network: 1500 DAI to 1 winner Best use of Ceramic for social features: 750 DAI to 1 winner Partner bounties: use Ceramic with Textile (1000 DAI) and with NEAR (1000 DAI) – or go for all 3 together!

The full bounty details are here. We'll be looking for submissions that tackle an original project idea, use Ceramic/IDX well and deeply, provide a wow-worthy demo, and contribute value to the Web3 ecosystem.

Hack ideas we'd love to see

If you are looking for a great idea or a good way to use Ceramic or IDX, here are a few things we know we'd love to see.

Use IDX to manage user identities and data

🧩Cross-chain profiles and identities

If your hack uses an L2 or non-Ethereum chain, make sure you aren't splitting users across multiple accounts. IDX lets you link multiple keys to the same identity and profile, from any chain!

⚙Backup and sync DeFi settings on IDX

In most apps and exchanges, user settings including watched addresses, tokens, currency preferences, and contact lists are stored in local storage. A new device, browser or even cleared cache means everything is gone. Storing these in a user's identity index assures backup, multi-device support, and reusability across applications!

Use Ceramic as an open and auditable content store

🐤Mirror of Crypto Twitter onto Ceramic Network

Our community has put up $15,000 (so far) in donations for a tool that mirrors tweets onto Ceramic Network, paving the way for a new Web3-native social conversation without the need for a mass migration off Twitter. Get started towards this at EthDenver!

🎨Mutable metadata for NFTs

NFTs are unique, but do they have to be static? Mint NFTs with metadata stored on Ceramic and the owner of the Ceramic document can change the properties of the NFT over time.  An artist could keep updating the NFT metadata after it's minted, creating a unique evolving piece.

📝DeFi Annotations and Comments

Create a commenting system with Ceramic that lets users add notes to contracts, addresses, trades or anything else in DeFi. Managed by users directly, these notes could be accessible across any DeFi app. This could be a javascript library for apps to integrate, or a browser extension for users to add themselves.

📤Auditable discussion forums

Use Ceramic documents to create discussion forums that are auditable, flexible and decentralized. Each user can post to their own Ceramic document, with each aggregated and referenced to create the full forum. No server needed, and easy paths to a censorship resistant foundation with moderation layered on.

Use with other dweb tools to open up new use cases

✉P2P chat or comments

Use IDX with Textile's js-threads or another messaging protocol to build fully P2P social features that authenticate directly with a user's key and identity. You could create an embedded support bot, a DeFi trollbox, team chat tools, a "decentralized disqus", or a notification service.

🗄Ceramic as a CMS for content on IPFS, Textile or anywhere else

Ceramic's mutable documents with persistent doc IDs makes it great for managing dynamic information that is stored on IPFS or elsewhere. Use Ceramic to catalogue, index or generally manage the data used in your hack., wherever it's stored. You can publish the definition (schema, etc) of data stored in Textile or other DBs to make private data discoverable and interoperable.

Create tooling for decentralized identity and data

🗺Ceramic document explorer

Create a way to visualize and explore the documents that exist on Ceramic. This could focus on the available definitions that have ben created, all Ceramic documents, individual user identity indexes, or anything else. We'd love to see how you'd like to explore the network!

🖇New crypto or social account links

The 3Box Labs IdentityLink service provides verifications for Discord, Twitter and Github. Add one for Telegram, Matrix, Discourse or a KYC provider.

Or add support for a new blockchain. Ceramic can currently be authenticated by Ethereum, Filecoin, EOS, NEAR or Cosmos keys. It's simple to add support for your preferred chain.

🚛Import of Web2 social data to use on Web3

Many large Web2 apps now have APIs to export user data (with users' permission). Build a mass-export tool that puts valuable data into users' hands by adding it to a their identity index. Create definitions for each export so it is easily discoverable and usable across Web3, and store the data encrypted in Ceramic, Textile or elsewhere.

Resources

To get started building, jump into our docs and tutorials!

Ceramic Developer Documentation IDX Developer Documentation Tutorials on our blog Code for Ceramic and IDX on Github

We'd love to hear from you as you build so please join us in the Ceramic Discord Community. Happy hacking!


Digital Scotland

Scotland’s Digital Care Journey: A Community-Centred Approach

David McKinney, Managing Director of Local Government at Servelec, maps Scotland’s progress towards fully integrated health and social care, and discusses putting community at the heart of the country’s digital care journey. The post Scotland’s Digital Care Journey: A Community-Centred Approach appeared first on DigitalScot.net.


David McKinney, Managing Director of Local Government at Servelec, maps Scotland’s progress towards fully integrated health and social care, and discusses putting community at the heart of the country’s digital care journey.

In 2016, the Scottish Government legislated to bring together health and social care into a single, integrated system.

The legislation created 31 integration authorities who are now responsible for £8.5 billion of funding for local services. This brought about the most significant change to health and social care services in Scotland since the creation of the NHS.

Integration aims to ensure that services are provided in a seamless and co-ordinated way. Ultimately, it’s about securing better outcomes for people in Scotland, and the best way to achieve that is to make sure that everyone has access to the right information, in the right place, at the right time.

Serving the community needs

Public services are complex, so it’s important we work together to provide the best solutions. The very best digital care starts from a deep rooted interest in what communities need – the requirements of their citizens and the professionals and organisations who provide care for them. We must commit to joining up communities digitally by enabling connectivity between health providers, social services, education and charities, an approach with interoperable digital solutions at the heart.

Systems need deep domain knowledge, must be intuitive and easy to use and increasingly be as useful to citizens as they are to the professionals and organisations providing care. We need to strike the right balance between enabling access and protecting data, with a best of breed approach in an open environment where systems can talk to one another.

We’re pioneering this with the current implementation of the National Child Health Record in Scotland using our Rio platform. Our Electronic Patient Record (EPR) system for secondary care can be tailored to an organisation’s specific needs and supports the vision of every patient having one, fully integrated, health record. It operates across child health, mental health and community care settings and interoperates easily with other systems.

Support at a local level

The pandemic has required a rapid response from across Government, and has resulted in one of the most challenging years on record for local authorities. I’ve spent a lot of my time this last year meeting (albeit virtually) with local authority customers – learning about their challenges and common goals. It’s been remarkable to hear from teams who have implemented significant transformational change at record speed, in order to continue providing core public services during the pandemic.

We already provide social care systems to a number of local authorities in Scotland, via Mosaic, our case management software designed to give professionals the time and data they need to achieve more positive outcomes for people in their care. We’ve also been proud to support some of those authorities through our social value work – running digital skills workshops for young people in Dundee for example, as we recognise the importance of making a bigger societal contribution.

We’ve continued to support social workers by developing systems that provide them with all the information they need, at the point of care. Our Mobilise app provides the flexibility to update care records while in the community, providing frontline workers with the tools they need, wherever they are. It enables social workers to make more informed decisions, faster, helping to improve the overall quality of care and outcomes for vulnerable people. This way of working reduces duplication of effort and minimises unnecessary travel, by allowing social workers to complete work steps and update records wherever they are.

More effective digital channels

This last year, we’ve continued to work with clinicians and other care professionals in looking for improvements to health and social care systems to support communities. Especially solutions that enable citizens to increasingly take responsibility for their own care and wellbeing.

We’ve been developing person-centred, self-service systems, designed to help social care teams shift communication and engagement to more effective digital channels. Mosaic Portal allows people to engage with services more effectively, and offers a personalised, digital approach to social care delivery.

It’s a long and uncertain road ahead, but we’re excited to be part of Scotland’s digital care journey and we are committed to making integrated health and social care real by providing joined-up solutions that place people at the heart of public service provision.

The post Scotland’s Digital Care Journey: A Community-Centred Approach appeared first on DigitalScot.net.

Wednesday, 03. February 2021

WomenInIdentity

Member Interview with Haifa Bouraoui, GRTgaz

Tell us a little bit about you and your role in identity?  I’m responsible for Identity and Access Management at GRTgaz the leading gas distribution company in Europe. As a… The post Member Interview with Haifa Bouraoui, GRTgaz appeared first on Women in Identity.
Tell us a little bit about you and your role in identity? 

I’m responsible for Identity and Access Management at GRTgaz the leading gas distribution company in Europe. As a product owner. I lead 2 teams: one for digital identity, looking after passwords, access controls, all that sort of thing. The other team works on active directories – whether it’s on premise or in the cloud. In total, we have about 5,000 people working for the company. We’re a business to business seller so our customers then distribute gas to their own customers. The global conversation about optimizing use of energy is really important, so we have a lot of innovative projects on going as we work out how to tackle climate change and become more efficient.

How did you end up in the world of identity?

I studied at university at Telecom Sud Paris. There were only a few girls in my year as, at that time, cybersecurity didn’t attract many women. I am so happy to see more and more women working in this field. Since then I’ve always worked in cybersecurity. I started out assisting our cybersecurity officers with IAM, and then got super interested in the technical side of Azure AD and how SAML and OIDC work. So I dived in and got to grips with them so I could then simplify it to teach back to my non-technical colleagues!

At work, the most important thing is the people, the culture and how everyone works together, rather than the technology that you’re using to build your organisation

Everyone I worked with had a contagious enthusiasm for IAM. So, 4 years later here I am! When I started out here, there were loads of smaller teams that specialised in different areas of IAM – from multi-factor authentication to customer support to architecture.  Everyone had their own objectives so it was hard to break down the silos and work together. My role was to get everyone to cooperate in delivery in order to get the maximum value for our customers. Introducing self-service was super challenging as we had to change user behaviour stopping them from always contacting the Service Desk! When I was offered the opportunity to lead a team here, I thought “Why Not??!” There are always new challenges, whether it’s new protocols or technologies, to keep me interested and busy.

What does a normal week look like?

Working across two teams I have a good mix of work. A big part at the moment is the global strategy to migrate to cloud from our on-premise infrastructure so I’m working out how to adapt our current processes, documentation and environments. I also create a lot of training videos for users and colleagues to help them use our products more efficiently. It also helps business leaders make informed decisions when investing in IAM.

Why is Women in Identity important to you?

Women are as competent as men so it’s not really a question why women are important in this field. We think through details in different ways and can challenge assumed user needs. Women in Identity provides a great opportunity to gather many voices and listen to the diverse range of experiences that women have in the IT and identity space. It’s so important to support girls to get access to training in IT – it enables them to take advantage of opportunities they wouldn’t have otherwise.

What book/film/piece of art would you most recommend to readers?

Whenever I have a problem I read this book 1 more time – 7 Habits of Highly Effective People by Stephen Covey. It really helps with personal development and being more efficient in everything you do, whether it’s work or relationships. It’s not just about relations with colleagues but also maximising your time in all elements of your daily life. At work, the most important thing is the people, the culture and how everyone works together, rather than the technology that you’re using to build your organisation. You’ve got to understand that to be successful.

 

If you were CEO of a company, what one thing would you make compulsory?

Aside from making Multi-Factor Authentication (MFA) compulsory and banning shared accounts (they’re super risky!) I’d make sure I didn’t introduce change until I was sure we had explored all the alternatives. I would rather introduce changes progressively to end users. Covey’s habit “Seek first to understand than to be understood” would be my mantra: e.g. WHY do teams use shared accounts so that before banning, an alternative could be suggested.

And where would we find you when you’re not working?

Paris is such a beautiful city. I feel very lucky to live . I love cooking (and eating ). When we are allowed to do so again, I can’t wait to chill with friends in the many great bars and restaurants here in Paris. We can literally try food from kitchens from all over the world.

The post Member Interview with Haifa Bouraoui, GRTgaz appeared first on Women in Identity.


Ceramic Network

3Box is now 3Box Labs – A future on Ceramic Network

In this big announcement, we share that 3Box is becoming 3Box Labs to reflect a new focus on the development of the Ceramic Network ecosystem.
Key takeaways

👍  Our mission stays the same
🚀  Ceramic Network and IDX are the future
3️⃣  3Box SDK and plugins will be deprecated, but...
👍  3Box profiles will still work and will be migrated to IDX
🛠  We support Ceramic with development, tooling, and ecosystem building
⚡️  Currently using 3Box? Learn how to migrate

Mission

The mission of 3Box has always been to advance a more open and sustainable web by creating software that breaks down information silos and redefines relationships between users, apps, and data.

We believe that by giving users direct ownership over their digital identity, direct control over their personal data, and by liberating information from centralized database silos and putting it on the open internet, we can correct the asymmetric power structures of the current web and contribute to a more safe and equitable digital future for all. Experience has taught us that the most impactful way to advance this mission is by equipping developers with powerful tools that make it easy to build applications on this new paradigm.

Where we've been

Since early 2018, 3Box has been the leading provider of decentralized identity, user profiles, database storage and messaging capabilities for Ethereum applications. The flagship 3Box SDK has been used by 1,500+ projects including MetaMask, Gitcoin, Snapshot, Rarible, Gnosis, Zerion, and countless others to create and manage 40,000+ decentralized identities and 200,000+ decentralized databases. Our products have helped make decentralized identity and dynamic application data an indispensable pillar of the Ethereum ecosystem.

Introducing, 3Box Labs

Today we're excited to announce that 3Box is evolving to become 3Box Labs in order to more effectively deliver on our mission. Moving forward we will be shifting all efforts to developing the Ceramic Network ecosystem and protocols built on top of it such as IDX. Over the next few months, we will be sunsetting current 3Box products in favor of these new, more powerful alternatives.

3Box Labs: Creators of Ceramic Network, IDX, 3Box.js 3Box Labs creates software that advances a more open, safe, and collaborative web. We’re hiring!

Our evolution in brand and product focus does not mean that we're leaving the Ethereum ecosystem or that we're changing our mission. On the contrary, it enables us to improve our offerings, expand into new markets, further decentralize our technology, and dramatically scale our impact. With Ceramic and IDX, now all developers (not just ETH devs) get much more powerful and robust infrastructure that opens up a whole new set of use cases for decentralized identity and dynamic data management.

Evolving our approach

3Box was a simple, out-of-the-box solution to decentralized identity and data management. Our SDK bundled existing Web3 technologies such as DIDs, OrbitDB, and IPFS into an opinionated, but developer-friendly API that worked with users' existing Ethereum wallets for authentication.

We always knew that abstracting existing solutions at the API layer and not solving the problem at the base protocol layer would have its inherent limitations. Over time these limitations became bottlenecks to growth, decentralization, flexibility, and performance:

Performance: "Why are data syncing and load times slow?" Persistence: "How can I guarantee my data stays available?" Decentralization: "Why are identities stored on 3Box Inc. servers?" Consensus: "How can we anchor identities and data on-chain?" Multi-DID: "How can I use a different DID method?" Multi-chain: "How can I authenticate with a non-Ethereum account?" Multi-account: " How can I connect multiple accounts to my DID?" Flexibility: "How can I use a different database provider?" Customization: "How can I extend the API to do custom things?" Moving to the Ceramic Network

To address the questions above and support many new capabilities, we realized we needed a completely new technology stack from the ground up. This 18-month journey led us to develop Ceramic Network and IDX to be a much more robust and flexible combination of protocols for decentralized identity and dynamic data management.

Ceramic: A decentralized network for mutable content

Ceramic is a public, permissionless, censorship-resistant network for managing mutable content on the open internet. By combining IPFS, libp2p, blockchain, DIDs, and authenticated data standards, Ceramic gives developers the ability to build completely serverless applications using dynamic, verifiable, decentralized data.

Ceramic functions like a global-scale, permissionless NoSQL document database, but guarantees data integrity and ensures strict ordering of document updates by anchoring these updates in a blockchain. Ceramic does not require DB servers or trusted third-parties to host data and perform mutations on content. Learn more about Ceramic in this twitter thread:

The Clay Testnet is now live. 🚀

Starting today you can officially experiment, prototype, and develop applications on top of the Ceramic protocol.

Get started:
- Read the docs: https://t.co/XDREYgv1B4
- Try the demo: https://t.co/5oeXTTkLg3

Thread ↓https://t.co/RrOp1KrZP9

— Ceramic (@ceramicnetwork) January 27, 2021
IDX: A protocol for cross-chain decentralized identity

IDX is a cross-chain protocol and SDK for decentralized identity and interoperable user data. IDX allows developers to attach any kind of data to a user, discover all of a user's data in one place, and share data between applications.

Unlike 3Box which only offered OrbitDB storage and Ethereum-based authentication, IDX can be used with any kind of datastore such as Ceramic, Textile, OrbitDB, Filecoin, IPFS, Sia, Arweave, blockchain registries, or even centralized databases and supports authentication from any kind of Web3 wallet.

IDX is great for associating user profiles, portable social graphs, reputation scores, verifiable claims, user-generated content, application data, settings, domain names, blockchain addresses, and social Web2 accounts to a user in a decentralized way.

IDX: Identity protocol for open applications IDX is an open source multi-platform identity protocol that allows users to build up a unified digital identity and freely share their data between apps. Available on Testnet now

You don't have to wait to get started building on all of these new tools. Last week Ceramic officially launched the Clay Testnet and at the same time, IDX went into beta.

Mainnet will be progressively rolled out over the coming months, beginning with a soft launch for interested projects and then proceeding to a full public release some time after that. If you're interested in deploying your project on the Ceramic mainnet as part of the soft launch, reach out on Discord.

Supporting the Ceramic ecosystem

Ceramic and IDX are decentralized protocols which are independent from 3Box Labs. However 3Box Labs is committed to supporting the Ceramic ecosystem along three key pillars:

Core protocol development Standards, developer tooling, core applications Ecosystem development Core protocol development

3Box Labs develops and maintains the Ceramic JavaScript implementation. If you're interested in writing a client in a new language, reach out in the Ceramic Discord.

Standards, developer tooling, and core applications

The use cases for Ceramic are virtually endless. While this is a positive for the long-term prospects of the network, it is important that a few key use cases are built out early on so developers can immediately use Ceramic without needing to wait for use cases to organically emerge. 3Box Labs is committed to developing decentralized identity tooling on Ceramic, and here's what we've created so far.

IDX SDK: 3Box labs maintains the IDX JavaScript SDK which makes it easy to add IDX to your application. The IDX SDK is the replacement to the 3Box SDK. 3ID DID method: A W3C-compliant DID method that uses Ceramic documents as decentralized, mutable DID documents. 3ID is great for end-user IDs. Ceramic-based 3IDs are the decentralized replacement to current 3Box 3IDs stored on 3Box servers. 3ID Connect: An authentication system for Ceramic that works with all blockchain wallets. 3ID Connect currently supports Ethereum, Cosmos, Filecoin, Polkadot, and EOS with others such as Near and Flow coming soon. This version of 3ID Connect is the cross-chain, Ceramic-compatible replacement to the 3ID Connect currently used in 3Box. Community infrastructure: 3Box Labs provides free and open access to hosted Ceramic nodes so developers can interact with the network during prototyping and development without needing to run their own node. The endpoints for these nodes can be found in the Ceramic documentation. Self.ID (coming soon): A web UI that allows users to manage IDX records for their DID, such as a basic profile, Web2 account links, and Web3 address links from different blockchains. Self.ID will be the sequel to the 3Box profiles hub. IdentityLink: A service that issues verifiable credentials which link a user's DID to their Web2 social accounts. 3Box Labs has funded the development of IdentityLink, and will run an instance of the service for anyone to use. Alternatively, you can also run your own IdentityLink.

If you're interested in building out standards and tooling for identity or new use cases, reach out in the Ceramic Discord.

Ecosystem development

As a nascent protocol, Ceramic needs a lot of support in developing a vibrant ecosystem. 3Box Labs is committed to: developing strategic partnerships, use cases, and collaborations between Ceramic and other projects and ecosystems; funding community development work in the form of bounties and grants; providing Ceramic with financial support until there are self-sustaining token economics on the network; supporting developers through documentation, examples, and educational materials; engaging web standards bodies (i.e. W3C, DIF, IETF, blockchain foundations); and of course, memes and marketing. 😻

If you're interested in any of the opportunities above, reach out in the Ceramic Discord.

Migrating from 3Box

If you're currently using 3Box in your project, you'll want to skim through this related post which outlines various upgrade paths for migrating to Ceramic and IDX.

Upgrading from 3Box to Ceramic and IDX 3Box Labs is sunsetting its current line of 3Box products. Learn how to migrate your integration to Ceramic and IDX. The Ceramic BlogMichael Sena FAQs How will Ceramic be governed?

Ceramic is already 100% open source, peer-to-peer software and anyone can participate in the network by simply running a Ceramic node. Formal governance of the network will progressively decentralize over time, eventually exiting to the community and a standalone foundation once a token is introduced.

Will Ceramic have a native token?

Ceramic does not currently have a native token, and one will not be present upon mainnet launch. In time, it is reasonable to assume token economics will be added to the network.

What is the relationship between 3Box Labs and Ceramic?

While 3Box Labs are the original inventors of the Ceramic Network and have been integral to bootstrapping the Ceramic ecosystem, we're committed to migrating Ceramic to an independently-governed foundation and stepping back to play a reduced role over time. In a way, 3Box Labs is just like any other contributor to an early stage protocol.

What is the corporate structure of 3Box Labs?

3Box Labs is a US corporation registered in Delaware with employees and contractors located across the US and Europe.

What is the business model of 3Box Labs?

There is no charge for the software that we produce. The 3Box Labs organization is able to sustain ourselves and fund development of the Ceramic ecosystem through the generous backing of some of Web3's most active and committed investors, including Placeholder, CoinFund, Collabfund Cryptocurrency, Consensys, Digital Currency Group (DCG), Venrock, Northzone, Underscore, Protocol Labs, and many more who have made equity investments into 3Box Labs. Once Ceramic has a token, 3Box Labs will maintain a modest percent of network tokens. Investors with equity in 3Box Labs will retain a proportion of the 3Box Labs allotment of network tokens. To date, there have been no direct investments in Ceramic Network but there may be an upcoming opportunity for that.

How can I get involved?

There are many ways to get involved. If you're looking to contribute code, write a client in a new language, run Ceramic nodes, write developer docs, help with community development and partnerships, or anything else, let us know in the Ceramic Discord. If you're a developer looking to use Ceramic and/0r IDX in your next project, go ahead and jump into the documentation:

Ceramic documentation IDX documentation Questions?

This is a mega announcement and we're sure you have a lot of questions. If we didn't address something, reach out on Discord. We're always available.


Upgrading from 3Box to Ceramic and IDX

3Box Labs is sunsetting its current line of 3Box products. Learn how to migrate your integration to Ceramic and IDX.

3Box Labs is sunsetting 3Box products in favor of the new and more powerful combination of Ceramic Network and IDX. In this post we provide a timeline and various upgrade paths for projects currently using 3Box.

To learn more about Ceramic, IDX, and the reasons behind the transition, read our previous post:

3Box is now 3Box Labs – A path forward on Ceramic Network In this big announcement, we share that 3Box is becoming 3Box Labs to reflect a new focus on the development of the Ceramic Network ecosystem. The Ceramic BlogMichael Sena Timeline

Ceramic and IDX are currently live on the Clay Testnet, but since it's a testnet they're not yet suitable for production deployments. In the next month or two, we will open a soft launch of the Ceramic mainnet to select partners that require more immediate production deployments. This would include current 3Box integrations. Some time after that, mainnet will be opened to the general public.

We encourage all 3Box developers to begin their setting up and testing their migrations to Ceramic and IDX on the Clay testnet as soon as possible, and reach out to us on the Ceramic Discord if you would like your project to be included in the mainnet soft launch.

Starting today we will begin formally deprecating 3Box products, but we won't immediately turn them off. Some reasonable amount of time after Ceramic mainnet is opened to the general public, we will disconnect the 3Box servers to complete the transition. Your application will need to be migrated to Ceramic and IDX by that date (TBA) or risk losing access to current 3Box data.

Upgrade paths by 3Box product Profiles API

All 40,000+ 3Box profiles will be migrated to IDX. Standard 3Box profile data will now be stored in three different IDX records. Basic profile fields such as those available in the 3Box Profiles app (name, image, background, emoji, etc.) will be stored in a basicProfile record. Social verifications (twitter, github) will be stored in an aka record. Links to blockchain accounts will be stored in a cryptoAccounts record.

If your application is only reading data from the 3Box profiles API, your migration is very simple. The existing 3Box profiles API will continue to work for both legacy profiles stored on 3Box and also for new and/or migrated profiles stored on IDX with no change needed. Eventually though, you will want to upgrade to js-idx and use the idx.get() method for reading basic profiles, social verifications, and crypto account links stored on IDX. This pattern will be mandatory once we disable the 3Box API service.

The migration of the three profile data sets mentioned above will automatically occur behind the scenes the first time a user logs in to any application that uses 3ID Connect. For this reason, we recommend adding 3ID Connect to your sign-in flow even if you do not need to write data to IDX. This will ensure that the profiles for all of your users are migrated during the migration window.

If your application is setting or modifying standard data in a user profile, then you should upgrade from 3box-js to js-idx and use the idx.set() method to write to any of the profile data sets mentioned above.

If your application is storing custom, non-standard data in a user profile or if you created an app-specific profile in a 3Box Space, you will need to manually perform a migration for this data set. First, you need to create a custom definition for your data set. Then, the next time a given user logs in to your site (ideally using 3ID Connect so their standard profile data gets automatically migrated), you need to query their profile from the 3Box API, extract your custom data from their profile, then store this data in an IDX record using idx.set().

Profiles App

The 3Box Profiles app, which provides a simple UI for creating and managing profiles, will eventually be replaced by Self.ID built on Ceramic and IDX. In the meantime, 3Box Hub can continue to be used since all data will be migrated to IDX. Once Self.ID is live on Ceramic mainnet and using 3ID Connect for authentication, we will launch a marketing campaign to get users to sign in which will migrate their standard profiles to IDX.

Spaces and Threads APIs

Projects using 3Box spaces and threads APIs for storage and messaging will now need to replicate this functionality in their application using a combination of IDX for identity and either Ceramic documents or other datastores (such as Textile, OrbitDB, SkyDB, etc.) for content storage.

If you are storing simple JSON content in your space, then we recommend creating a custom definition for your data model, and using the idx.set() and idx.get() methods for interacting with it. For migrating existing data, you should query the data using the 3Box spaces API, then write it to an IDX record after the user has authenticated.

If you are storing large volumes of data in a space, have high transaction throughput, require encryption, or are using messaging, then there are many nuances and directions your integration could take depending on your specific use case. We'd recommend joining the Ceramic Discord for assistance with your migration.

Plugins

3Box UI plugins including Comments, Chatbox, and Profile Hover will be deprecated without replacement. We understand this is less than optimal for existing projects, but we as a team have limited capacity to continue maintaining these with a high bar for quality. Since these components are just a thin UI, these functionalities can easily be replicated by adding IDX and Ceramic to your project and coding some simple HTML/CSS.

Hosting

3Box Labs has provided free hosting and persistence for data stored in 3Box. Moving forward, things will be a bit different due to the decentralized nature of Ceramic.

For historical 3Box data, 3Box Labs will continue to host and persist this content until some reasonable amount of time (TBA) after Ceramic mainnet has launched. This gives you a chance to upgrade your application and replicate the data of your users to Ceramic and IDX. After the migration window is over, we will be turning off our 3Box servers.

For new data stored in Ceramic and IDX, 3Box Labs will offer a few free hosted node options:

3Box Labs node: A full Ceramic node that persists the profile data of users who automatically perform their profile migration via 3ID Connect (from any app) and users who manage their profile data in the Self.ID app. Community gateway: A read-only Ceramic node. Community dev node: A full Ceramic node used for prototyping and development, but does not guarantee data persistence. It will be wiped from time to time beginning at mainnet launch. The endpoints for the gateway and dev node can be found in the Ceramic and IDX docs.

If you are building a production application and need to persist data on Ceramic and IDX, it is recommended that you either run your own Ceramic node or utilize a third-party node hosting service for persisting your data. We are engaging with various hosting providers to offer Ceramic nodes, and we expect these to be available over time.

What to expect from 3Box products during this transition

We are quickly working towards a mainnet release of Ceramic so you can begin to utilize this new powerful infrastructure as soon as possible. However it is likely that you may experience various issues with existing 3Box services in the meantime, such as slowness, loading, syncing issues, or log-in/browser compatibility. We deeply apologize for these inconveniences. The reality is many of these issues are out of our control and are caused from underlying technology dependencies. Normally, we would be working to fix these as soon as possible, but in this case the most impactful thing we can do is ship Ceramic mainnet faster. These are some of the reasons we're excited to move to this new Ceramic-based architecture.

Questions or support?

We're always available to answer any questions and help you through this transition. Reach out to us in the Ceramic Discord for assistance.


SelfKey Foundation

Can DeFi Strike a Balance Between Compliance and User Privacy?

DeFi needs to continually evolve like any other innovative technology in its early days. The immediate path for DeFi might be regarding its regulatory compliance. But applying regulatory compliance on DeFi might not be that easy, and it would be critical that such a solution would need to address any user privacy concerns as well. The post Can DeFi Strike a Balance Between Compliance and User Pr

DeFi needs to continually evolve like any other innovative technology in its early days. The immediate path for DeFi might be regarding its regulatory compliance. But applying regulatory compliance on DeFi might not be that easy, and it would be critical that such a solution would need to address any user privacy concerns as well.

The post Can DeFi Strike a Balance Between Compliance and User Privacy? appeared first on SelfKey.

Tuesday, 02. February 2021

Hyperledger Aries

Once Again, Forbes “Blockchain 50” Shows Enterprise Blockchain’s Footprint and Impact, with Hyperledger Technologies Leading The Pack

Declaring that blockchain has “gone mainstream,” Forbes today released its 2021 “Blockchain 50,” featuring companies that have at least $1 billion in revenues or are valued at $1 billion or... The post Once Again, Forbes “Blockchain 50” Shows Enterprise Blockchain’s Footprint and Impact, with Hyperledger Technologies Leading The Pack appeared first on Hyperledger.

Declaring that blockchain has “gone mainstream,” Forbes today released its 2021 “Blockchain 50,” featuring companies that have at least $1 billion in revenues or are valued at $1 billion or more and “lead in employing distributed ledger technology.” And, once again, half of the companies on the list are using Hyperledger technology. 

Twenty five companies on the list name at least one Hyperledger technology as part of their solution platform. Hyperledger Fabric, specifically, is cited as a platform by 24 of the companies, topping the list as the most widely used technology. Hyperledger Aries, Indy, Grid and Sawtooth are all also deployed by companies on this list. 

The annual list, now in its third year, reflects the growing global impact of blockchain technology with 25 members from the U.S., 13 from Europe and a record 12 from Africa, Asia, the Middle East and Latin America. All in all, there were 21 companies that were new to the list, and 15 of them, including ones from Australia (BHP), India (Tech Mahindra) and Africa (Sappi), use Hyperledger-based platforms. 

Of the 12 companies that have made the list every year, six (Ant Group, Cargill, DTCC, IBM, ING and Walmart) use Hyperledger technologies.

More than just a basic list of companies and technologies, the Forbes Blockchain 50 provides a snapshot of the market-changing deployments these blockchain leaders have deployed. Accompanying stories add even more analysis and context. 

This annual look at the market is a good reflection point for the traction our technologies have in the current market but also a guidepost to what needs to come next. The increasing global adoption of blockchain – public, private, hybrid – and coming shifts in currency adoption and payments as well as uptake in markets as diverse as mining, telecom, pharma and shipping all point to the growing reach of distributed ledger technology. And, in the face of such challenges as the pandemic, climate change and income equality, it is important to put the focus on what we can accomplish building on blockchain as a cornerstone. 

The post Once Again, Forbes “Blockchain 50” Shows Enterprise Blockchain’s Footprint and Impact, with Hyperledger Technologies Leading The Pack appeared first on Hyperledger.


WomenInIdentity

We’re seeking a part-time administrator

  Are you highly organised, efficient and enthusiastic with a passion for diversity & inclusion in our workplaces? We are seeking to hire a part-time Administrator to support the next… The post We’re seeking a part-time administrator appeared first on Women in Identity.

 

Are you highly organised, efficient and enthusiastic with a passion for diversity & inclusion in our workplaces?

We are seeking to hire a part-time Administrator to support the next phase of our growth. For an initial 6 month period, you’ll be a real linchpin, supporting the major functions of the organisation, and with the potential to develop as we do.

Key Responsibilities: Organising Board and Leadership meetings Organisation, including the Board of Directors with administrative tasks Organising sponsorship contracts and following up for signature & sending out renewal reminders Sending out volunteer contracts and following up for signature Basic accounting, sending out invoices, and following up on payments Supporting any procurement required

Working from home, anywhere in the world, this is a paid part-time contract role, initially for 15 hours per week.  Subject to our growth, the role may expand in the future.

Essential skills required: Proficiency with Google applications including Google documents Proficiency with Microsoft applications including Word and Excel Familiarity with accounting software e.g. Xero Basic accounting skills Self-starter with a strong desire to learn and grow Strong interpersonal skills and an excellent team player Minimum 1-2 years administration experience What We Offer: Flexible working hours Position on our Women in Identity leadership team Promotion of your involvement on the Women In Identity website Personal development growth opportunities, and support from the wider team Opportunity to make an impact Interested?  Get in touch with your CV/resume to info@womeninidentity.org

The post We’re seeking a part-time administrator appeared first on Women in Identity.


Digital Scotland

How To Find Product Market Fit – David Rusenko, Founder of Weebly

In this video the founder of Weebly, David Rusenko talks about their journey to find a product market fit for their Weebly web site platform. The post How To Find Product Market Fit – David Rusenko, Founder of Weebly appeared first on DigitalScot.net.

In this video the founder of Weebly, David Rusenko talks about their journey to find a product market fit for their Weebly web site platform.

Before summarizing the video, let’s talk about what is Weebly and what it does.

What is Weebly?

Weebly is a web hosting service, headquartered in San Francisco. Its parent company is Square, Inc. On acquisition in April 2018, Weebly had more than 625,000 paying subscribers.

Weebly was founded in 2006 by CEO David Rusenko, Chief Technology Officer Chris Fanini, and former chief product officer Dan Veltri. At the time, Penn State required all students to maintain an Internet portfolio, so they built upon this idea and created software that made it easy for anyone to build a personal website.

Weebly is an easy way for entrepreneurs to build a website or online store. Weebly’s free online website creator uses a simple widget-based site builder that operates in the web browser.

Time listed Weebly among the 50 Best Websites of 2007. In 2011 Business Insider included Weebly into its “15 Cool New Apps That Are Crushing It On Chrome” list.” Also, in 2011, David Rusenko, Weebly’s CEO and co-founder, earned a spot in Forbes “30 Under 30: social/mobile” list.

What Weebly does?

Weebly automatically generates a mobile version of each website. Storage is unlimited, but the service restricts individual file sizes. Consumers are given the option to have any url ending in weebly.com, .com, .net, .org, .co, .info, or .us. (example.weebly.com)

Android and iPhone apps are available that allow users to monitor their website traffic statistics, update blog posts and respond to comments, and add or update products if the user has an e-commerce online store.

Basic features for blogging and e-commerce are supported in Weebly as of 2018, site owners could develop simple stores with payments through either PayPal, Stripe or Authorize.net.

Users can choose to incorporate advertisements in their pages, and visitor statistics can be tracked through an in-house tracking tool or Google Analytics. Weebly also has integrated newsletter marketing features. As of 2020, Weebly was offered in 15 languages: English, French, Spanish, Italian, German, Portuguese, Polish, Norwegian, Dutch, Danish, Swedish, Chinese, Japanese, Russian, and Turkish.

Video Summary

In February 2016, over 12 years ago Dave wrote the first line of code for Weebly, and from there he grew the company to 50M users and around 350 employees, selling it to Square in May 2018 for $365M. Half of the USA population visits a Weebly site every single month and the key success factor is enabling entrepreneurs to build the websites themselves.

The journey of Weebly

He wrote the first line of code 12 years back In February 2006 at Beaver Stadium and by August 2006, 6 months later there were 12 users per day at Weebly.

In October of 2006, 8 months later they were hustling for the buzz on forums, they had created a sign-up link and 30 users had signed up on the record day. In October 2006 he applied to Y -Combinator on slashdot with the deadline for application being 2 hours to go. David Rusenko along with Dan and Chris who are the co-founders of Weebly moved to San Francisco, got accepted at the YC and started working there.

In January 2007 11 months after writing the first line of code, they were working full time at the YC program. Over a year Weebly didn’t have a product market fit.

In April 2007 they were successful in raising $650k from the investors. In May 2007 after 18 months, they were featured in News Week Magazine. They still didn’t have product market fit yet. In October 2007 after almost 20 months the first real traction happened. Every single day they had thousands of people coming. By February 2010 after 48 months they were off to the races.

What is Product-Market Fit?

The mantra of Y combinator is “Make something people want”. The idea is the initial stage of making a company, with the phases of a startup being: Idea, Prototype, Launch, Traction, Monetization and Growth.

First 4 phases that are between idea and traction are the initial product market fit search. The last 2 phases are continued product market fit refinement. This stage is really tough.

Top early challenges at a startup –

Finding Product Market Fit. Hiring and building a world-class team. Making Money. Later, how to build an organization that scalably and repeatedly launches great products.

Product Market Fit is the hardest challenge.

Step 1 – How can you create a market?

By definition, market research is not going to help because you will create a new market.

Finding a hidden need is the key. What are you a substitute for, what need are you serving better? What job are you being hired for? Where are you getting pulled? Where are people hacking the thing you got and using it in a way you did not intend? Double down on that.

Often what you create will initially seem to fit into an existing market but with less functionality. With the fullness of time, it will become obvious that the job your customers are hiring you for is completely different than the incumbents.

Step 2 – How to build a remarkable product?

The following are necessary to build a remarkable product –

Talk to the customers. Develop a market thesis. Listen to their problems not their solutions. It’s absolutely critical to talk to customers and understand their pain. No amazing product was ever created in a vaccum and delivered perfectly on V1. Listen to their proposed solution but dig deeper. Rapid prototyping & user testing – Building a fully functional product is the most expensive possible way to test your hypothesis. Focus on getting to a functional prototype as quickly as possible that you can get in front of users. Don’t worry about scaling monetizing etc. Expect it will take 10x the number of expected iterations but keep your burn low. Build a team that can do this quickly. Build the solution to their problems. Test the solution with them: Two important rules – i. Make sure you are talking to your target customer.
ii. Don’t overthink it. Anecdotal is okay. Most helpful tools in the early days are i. Customer interviews, and i. UX testing sessions. In UX testing session do the following things:

Get someone to use your app/service in front of you. Encourage them to give open and honest feedback. Ask them to perform a task. Do not say or do anything. Watch in extreme agony as they struggle to figure it out Step 3 – When to Launch?

Minimal viable and remarkable product. It is said by Paul Buchheit that “Launch when your product is better than what’s out there.”

Step 4 – How to Prioritize?

There are two important points here –

Only one thing matters – Focus only on the things that get you to your next milestone (Here that’s product market fit). Optimize for learning – Most people prioritize by creating a list sorted by cost x benefit. Instead, ask yourself “What is our biggest unknown that would rewrite our priority list.” Step 5 – How do I know when I have achieved product market fit?

Three key metrics –

Returning usage (Day 1,3,7,30 retention). NPS. Paying customer renewal rates: Metrics not included – Signups – These are more of a reflection of market fit than product-market fit. You have identified something a lot of people want but did you build the right solution? Conversion Rates – It can often be tactical and unrelated to product-market fit. All conversion rates start low.

When customers start beating a path to your door then you will know you have achieved product-market it.

Beyond Product Market Fit

Three key things a startup needs to do –

Product that is meaningfully better than alternatives. How to acquire customers in a differentiated way that scales. Invent your business model without killing your traction. Step 6 – Scaling the team

Do not scale team past 20 before the product market fit. A moderate amount of micromanagement is healthy at this stage. You should be involved in anything important and know all there is to know about your customers.

This helps you make a fast and high-quality decision. Do not delegate anything important Once you have found product market fit, scale aggressively. Then you have found a new market because you are in a race to capture this new market. Build the team aggressively but thoughtfully

No more micromanaging is needed at this stage.

Step 7 – Building a Brand

Great brands are built on a core consumer insight ideally the same one your product is built on.

Extremely powerful if you can identify and articulate this insight early on to form the basis of all your communications and marketing. More than anything else this is the foundation of your brand.

Video Timeline

0:00 – Introduction
0:25 – What is Weebly and Journey of Weebly
9:31 – What is product-market fit?
11:11 – Top early challenges at a startup
12:25 -How can you create a market?
16:10 – Steps of building a remarkable product
26:20 – When to launch
29:10 -Achieving
33:24 – Beyond Product Market Fit
35:38 – Scaling the team
38:55 – Building a Brand
41:30 – Q&A

The post How To Find Product Market Fit – David Rusenko, Founder of Weebly appeared first on DigitalScot.net.

Monday, 01. February 2021

Oasis Open

STIX Version 2.1 from CTI TC approved as a Committee Specification

STIX is a language and serialization format used to exchange cyber threat intelligence. The post STIX Version 2.1 from CTI TC approved as a Committee Specification appeared first on OASIS Open.

Committee Specification 02 ready for testing and implementation

OASIS is pleased to announce that STIX Version 2.1 from the OASIS Cyber Threat Intelligence (CTI) TC [1] has been approved as an OASIS Committee Specification.

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence. STIX enables organizations and tools to share threat intelligence with one another in a way that improves many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

STIX v2.1 adds new objects and concepts and incorporates improvements based on experience implementing Version 2.0. The objects and features added for inclusion represent an iterative approach to fulfilling basic consumer and producer requirements for CTI sharing. Objects and properties not included in this version of STIX, but deemed necessary by the community, will be included in future releases.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The prose specifications and related files are available here:

STIX Version 2.1
Committee Specification 02
25 January 2021

Editable source (Authoritative):
https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.docx
HTML:
https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.html
PDF:
https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.pdf

For your convenience, OASIS provides a complete package of the prose document and any related files in ZIP distribution files. You can download the ZIP file at:

https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02.zip

Members of the CTI TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

========== Additional references:
[1] OASIS Cyber Threat Intelligence (CTI) TC
https://www.oasis-open.org/committees/cti/

[2] Public reviews:
This Committee Specification contains changes made since its last public review. The changes made are documented in https://docs.oasis-open.org/cti/stix/v2.1/csd05/stix-v2.1-csd05-comment-resolution-log.xlsx. A change-marked PDF document is available at https://docs.oasis-open.org/cti/stix/v2.1/cs02/stix-v2.1-cs02-DIFF.pdf.
Information on earlier public reviews is available at https://docs.oasis-open.org/cti/stix/v2.1/csd05/stix-v2.1-csd05-public-review-metadata.html.

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3556

The post STIX Version 2.1 from CTI TC approved as a Committee Specification appeared first on OASIS Open.


r@w blog

#LiterarySpaces

Arup Chatterjee & Puthiya Purayil Sneha Session The last decade has seen a slow but steady emergence of online literary spaces in India, marked by the ubiquitous nature of the internet and digital technologies, growing mobile phone penetration and increased access to devices such as tablets and e-readers. By literary spaces we refer to online journals, magazines and blogs, as well as re
Arup Chatterjee & Puthiya Purayil Sneha Session

The last decade has seen a slow but steady emergence of online literary spaces in India, marked by the ubiquitous nature of the internet and digital technologies, growing mobile phone penetration and increased access to devices such as tablets and e-readers. By literary spaces we refer to online journals, magazines and blogs, as well as reading groups and discussion spaces focused on writing in English and Indian languages. These range from those exclusively focusing on contemporary literature to others that feature writing on news, culture and arts. These spaces raise some intriguing questions about the growth a new online or digital literary culture, which may be mapped through the evolution of reading and writing practices as very explicitly technologized practices, and the changes in the notion of text and textuality, scholarship and pedagogy, among other things.

Some examples of such spaces that have come up in the recent years are The Little Magazine [1], Muse India [2], Kritya [3], Coldnoon: Travel Poetics [4], Kindle [5], Almost Island [6], The Indian Quarterly [7] and among several others. Many of these journals have both an online and print presence, while some are purely online and seek to reach a diverse audience featuring different genres of writing. While many carry an eclectic mix of creative and critical writing, perceptions about readership on the internet often dictate the form and manner of writing that is featured. The much anticipated and debated ‘disappearance’ of long form writing is one of the questions that may be asked of the emergence of these literary journals, which have in some way re-imagined this form in the digital sphere and have been instrumental in its growth. So even as there are books on twitterature [8], there are interesting ways in which online literary journals have tried to define the space of contemporary writing on the internet in India.

Plan

This panel discussion proposes to examine this phenomenon of the growth of online literary journals to understand the imagination of the ‘digital’ in their practices of writing and publication, whether as medium, content or context, as a way to explore how writing and reading practices today have been shaped by these changes. This also includes questions on methods of literary analysis that may have changed with the advent of the digital, and from a broader perspective, the production of literary scholarship and pedagogy in India. Some questions that could be points of discussion are as follows:

What is the pedagogical role, if any of digital/online journals? Are they simply cost-effective modes of production of knowledge or are they indicative of some other form discrimination? Perhaps a discrimination between what gets read and what does not? Is a voluminous archive of nineteenth century writings of the same pedagogical merit as a list of 100 Hollywood romantic comedies? If the former is arguably much more educational, why then is the latter the source of the greatest traffic? Is pedagogy then a misnomer, and a non-entity in the world of online magazines? Can the rise of online magazines be related with the rise of print culture and the subsequent rise of the novel? The novel was educational and, while English was still a very evolving language in the 17th and 18th centuries, the form helped both shape the language and educate the masses, bourgeoisie, and the aristocracy about the nuances of the still-nascent English language. Can a similar function be said to have been fulfilled by online journals? Or have they failed in playing this radical role of disseminating new language and new vocabulary, which is required to articulate new modes and conflicts within modernity — sexualities, queerness, televised elections, middle-eastern (Syrian, Palestinian, Israeli, Iraqi) mayhem in times of democracy, globalization, urbanization, travel, genocide, partition, terrorism, and so on? Are there any exceptions among the journals in being able to somehow fulfil the criteria of engendering a new language? What are the examples, if any? How popular are they? Is online literature less literary than print? Is it more amenable to news, while print continues to be literary? Or is this only a misconception? Is online literature prone to non-serious, or populist sources of pedagogy, which serve more to titillate through trolling, humour, half-baked information, gossip, or is it playing a serious role too in portions? Apart from those newspapers and journals/magazines which also have print components, which are possibly the portals that create viable, meritorious, and universal categories of knowledge? Or, invocation of ‘merit’ and ‘universal’ essentially a flawed mechanism to judge online literatures?

Addressing some of above questions through a study of two or more online journals, this session will attempt to open them up to a broader discussion on the nature and growth of an online literary culture in India, and the need for and significance of research in this area.

Readings

None.

Notes

[1] See: http://www.littlemag.com/.

[2] See: http://www.museindia.com/.

[3] See: http://www.kritya.in/.

[4] See: http://coldnoon.com/.

[5] See: http://kindlemag.in/.

[6] See: http://almostisland.com/.

[7] See: http://indianquarterly.com/.

[8] See: http://www.penguinrandomhouse.com/books/307055/twitterature-by-alexander-aciman/9780143117322/.

Audio Recording of the Session

IRC 2016: Day 3 #Literary Spaces : Researchers at Work (RAW) : Free Download, Borrow, and Streaming : Internet Archive

Session Team

Arup K Chatterjee is a doctorate in English from the Center for English Studies, Jawaharlal Nehru University. His dissertation is titled ‘Hillmaking: Architecture and Literature from the Doon Valley.’ He has taught English, as Assistant Professor, at colleges in the University of Delhi. In 2014–15 he was the recipient of Charles Wallace fellowship to the United Kingdom. He is the
founding-chief-editor of Coldnoon: Travel Poetics (International Journal of
Travel Writing): www.coldnoon.com.

Puthiya Purayil Sneha is a researcher with the Centre for Internet and Society (CIS), Bangalore. Her training is in English Literature, and she has previously worked in the area of access to higher education. Her areas of interest include methodological concerns in arts and humanities, digital media and cultures, higher education and pedagogy, and access to knowledge.

Note: This session was part of the first Internet Researchers’ Conference 2016 (IRC16) , organised in collaboration with the Centre for Political Studies (CPS), at the Jawaharlal Nehru University, Delhi, on February 26–28, 2016. The event was supported by the CSCS Digital Innovation Fund (CDIF).

#LiterarySpaces was originally published in r@w blog on Medium, where people are continuing the conversation by highlighting and responding to this story.


Digital Scotland

Quibi – The Netflix That Never Was

The story of Quibi shows that vast amounts of money and technology alone will not guarantee startup success. The post Quibi – The Netflix That Never Was appeared first on DigitalScot.net.

This is the story of a video platform hiring a massive amount of A-list actors and creating a bunch of original content only to close down just six months after launching. This platform is called Quibi. You can call it the ‘Netflix that never was’. This story is also about how the differences in generations can affect the world of business.

Before going to the summary of the video, let’s see what is Quibi?

Quibi

Quibi is a subscription-based streaming platform designed to deliver short-form scripted and unscripted content to mobile phones.

The name Quibi is a mash-up of the words “quick” and “bites,” a nod to the fact that episodes of Quibi shows will run roughly five to ten minutes in length. The app is available for both in Android (Google play store) and in iOS (App Store).

Video Summary

Unlike most of the recent startups, the story of Quibi starts with a baby boomer. The Platform was the brainchild of seasoned entertainment media mogul Jeffry Katzenberg. The interesting thing about the Quibi story wasn’t that Jeff didn’t have the experience to lead a great company. In fact, it was the opposite. He was a management genius in the tv and movie industry.

Katzenberg was born in 1950 in New York coming from a well-off background being the son of a stockbroker and an artist. He would start his career at paramount pictures in the 1970s and quickly rose through the ranks. In 1984, He would move to Disney. Disney’s motion picture division at that time was last in box office sales but by 1987 Jeff had led them to number one.

He would go on to oversee hit tv shows like the Golden Girls and Home Improvement. Jeff was only getting started though. When given the opportunity to revive Disney’s flailing feature animation department, he oversaw films like Who Framed Roger Rabbit, Beauty and the Beast, Aladdin and the Lion King.

Basically, he was great at his job and whatever he touched turned to gold. Jeff would then use his professional insight to co-found Dreamworks in 1994 with Steven Spielberg. Fast forward to 2018 and presumably, after seeing the success of both Netflix and mobile video consumption in all forms, Jeff saw an opportunity to carve out a market of his own. The platform would be called Quibi and it launched in April of 2020. Katzenberg teamed up with former eBay CEO Meg Whitman to explore his vision.

Because of Jeff Katzenberg’s previous contacts in the entertainment industry, he managed to attract big names such as Jennifer Lopez, Steven Spielberg, Idris Elba, Dwayne the Rock Johnson, Zac Efron, Kevin Hart, LeBron James, Liam Hemsworth, and the list goes on. NBC Universal, SONY, Viacom, Warner Media, J.P.Morgan, Alibaba, Goldman Sachs, and Disney threw money at the project to invest $1.75 billion in total.

Unlike, Tik Tok and general Youtube, the content was high production, slick, and premium. There were three categories:

Reality TV Show. Documentary. Original movies delivered in 10 minutes chapters.

The core vision of the project was that users would watch these shows on a commute to a bus or train station. They were so confident in this core idea that there was no tv option at launch.

There are many problems with this idea. Betting on mobile commuters made their target market overly specific and relatively small, so it was a huge risk at its core. The main problem was, people could just watch Youtube or Netflix. Youtube has two billion users and you can find almost any content you want.

Quibi viewed their content as premium. But there were already competitions out there like Disney+, HBO, Apple TV, and many more. Users did not need another one. But in Quibi’s eye, they figured a gap in the market that there was no premium short-form content for mobile.

Quibi expected 7 million users in the first year and 250 million dollars in subscription revenue. But there was a massive miscalculation. By July, they had over 1 million active users but only 72,000 people signed up to pay. It was clear that the company was in trouble and needed to change.

In six months, the decision was made to pull the plug and the service was canceled. Jeffrey Katzenberg blamed the catastrophic failure on the coronavirus.

There are many reasons behind this failure. Here are some

Users couldn’t organically share viral moments of video snippets. The marketing of Quibi was the worst. Many people didn’t even know that it existed. One of the biggest failures was in content. Organically grown content is king now but Quibi focused on mainly celebrity-based content.

Some lessons from the failure of Quibi

Quibi didn’t understand the market or the audience. The delivery of Quibi was poor. They had money but couldn’t deliver what the targeted audience expected. Quibi could have postponed the launch or change from mobile-only to tv much earlier. Video Timeline

0:24 – Brief about Quibi
0:54 – How Quibi Started
2:46 – Quibi’s Aim
4:21 – Core Vision
4:37 – Problems with the idea of Quibi
6:16 – Users and Revenue Statistics
7:03 -Pandemic Over Quibi
7:48 – Reasons for Failure
10:08 – Lessons from Quibi

The post Quibi – The Netflix That Never Was appeared first on DigitalScot.net.

Saturday, 30. January 2021

Digital Scotland

Hubspot – From Startup to Scaleup

HubSpot's Co-Founder and CEO Brian Halligan shares the lessons they learned growing from its first few dozen employees to over a thousand. The post Hubspot – From Startup to Scaleup appeared first on DigitalScot.net.

In this video, HubSpot’s Co-Founder and CEO, Brian Halligan talks about HubSpot’s history going from its first few dozen employees to over a thousand, and how to find and step over the “potholes” that derail growth.

He shares insights and experiences that describe the journey of Going from Startup to Scaleup.

About HubSpot

HubSpot is a leading growth platform with thousands of customers around the world. Comprised of a Marketing Hub, Sales Hub, Service Hub, and a powerful free CRM, HubSpot gives companies the tools they need to grow faster.

HubSpot Academy is a worldwide leader in free online training for inbound marketing, sales, and customer service professionals. They specialize in comprehensive certifications, singular topic courses, and bite-sized lessons for professionals looking to grow their career and business.

Video Summary

According to Brain Halligan, companies go through different phases. It’s like an S-curve. They go through the beginning which is the tough part and a challenge of can you get product market? Can you build something that another human will part at least a dollar with for. After getting some customers and the product-market fit, can you acquire some customers and get the math to work a little bit.

Can he acquire a customer for $X and get the value of at least $3X out of that, and then the next phase is what he calls the scale-up. The first two phases are kind of the startup phase. This phase is like can you pour a lot of resources into the top of my funnel and acquire customers at $X for at least three $X at scale and not break the Machine and have the wheels fall off. So, it took them probably six-seven years to kind of get out of start-up mode and they have been in the scale-up mode for the last couple of years.

The next phase in the S curve is the disruption phase. In this phase, a company will either get disrupted or run out of market. But they were lucky at HubSpot. When disruption happened, they disrupted themselves rather than having somebody do it. That’s why he believes he will be in the scale up mode for a very long time.

Before going to scale up mode, they started hiring sales and marketing people at a rapid rate, what Brian felt was jumping the gun somewhat. The reason is that most of the tech companies that become great are not run by someone from a sales and marketing background. They are actually run by product people and so he started hiring sales and marketing background people. But it costs them time and a lot of money. His advice is to get the product-market fit, get the early customers and hire one or two salespeople.

To turn a completely perfect stranger in the world into a visitor in their site, they spent four years in that mission to pull that off. What they did is opposite to what everyone else did. What everyone just did was getting very good at something and then expand it.

According to Brian, every company has to have a secret that you have to be right about something that everyone thinks you’re wrong about. He was right about a couple of things. He was right about going very wide and all in one serving businesses, building a scalable big profitable business in the SMB software space. It is very important in start-up to scale up.

Right now, it’s the world’s best time to start a company and at the same time the worst to start a company. Now one can build software compared to ten years ago. Same with hardware or prototype. These are much faster now compared to 10 years ago. The hard part now is shifting to sales and marketing. Because so products right now in the market and there’s so much choice for the buyers.

Now a company has to become a black belt in how to do marketing in a way that stands out and matches the way people buy. That’s turned out to be a long pole now. The long pole used to be building a great product and now it’s the move to how to sell and market that product in an effective way.

The thing that enabled HubSpot to skip from or move from startup to scaleup was improving customer value and improving retention rates. They made retention and customer value a team sport. They changed pricing and packaging, delivering services, and many other things. The pricing model helped a lot.

SaaS ( Software as a service) companies are going through the first challenge as can they get the product-market fit as it is hard to do and there are lots of competitors. They need a secret and they need to be able to build products. HubSpot gave a 90 percent discount for startups that are in the incubators and called it HubSpot for startups. In the second year, they gave a 50 percent discount and from the third year it’s a normal subscription again. This helped them getting hundreds of users from incubators.

Brian concludes with a critical insight. He believes marketing and sales has entirely changed, the traditional approaches like cold calling are dead. Now education, such as their Hubspot Academy courses, has proven to be the most effective way of engaging and enabling not only their existing customers but new prospects too.

Video Timeline

0:00- Introduction
0:42- Brief Story of HubSpot
0:52- S Curve
5:27- Adopting tech and reinventing product
9:55- Switching from Tofu to Mofu
14:08- Retention strategy
16:47- Dealing with feedback
20:51- Challenges for brand new staring off today
23:50- Inbound Certification

The post Hubspot – From Startup to Scaleup appeared first on DigitalScot.net.


Elastos Foundation

Elastos Bi-Weekly Update – 29 January 2021

...

Friday, 29. January 2021

Own Your Data Weekly Digest

MyData Weekly Digest for January 29th, 2021

Read in this week's digest about: 16 posts, 2 questions
Read in this week's digest about: 16 posts, 2 questions

Thursday, 28. January 2021

ID2020

UK-Based Nuggets Joins the ID2020 Alliance

The ID2020 Alliance is delighted to welcome U.K.-based Nuggets as the newest member of its vibrant community. The Alliance is made up of public and private sector organizations who share a common commitment to good ID for all. The Nuggets proposition could not be clearer, proclaiming boldly that “privacy is a fundamental human right” and signaling an immediate alignment with the ID2020 Manif

The ID2020 Alliance is delighted to welcome U.K.-based Nuggets as the newest member of its vibrant community. The Alliance is made up of public and private sector organizations who share a common commitment to good ID for all.

The Nuggets proposition could not be clearer, proclaiming boldly that “privacy is a fundamental human right” and signaling an immediate alignment with the ID2020 Manifesto — the statement of principles that guide the Alliance’s work.

“We are always excited to welcome organizations who so wholeheartedly embrace our values,” said ID2020 Executive Director, Dakota Gruener. “When we talk about complex issues, such as identity and data ownership, we know that transparency is essential to building trust — with customers, partners, and users. We could not be more excited to welcome Nuggets to the Alliance as we work together toward a future with good digital identity for all.”

Nuggets offers a robust decentralized self-sovereign ID and payments platform, that enables consumers to retain control of their personal information and businesses to protect their customer’s data. Their solution leverages biometrics for verification, strong customer authentication, and cryptographic proof of identity to facilitate customer onboarding (KYC & KYB), single sign-on with biometrics, omnichannel payments, age verification, contactless delivery and verified two-way communication transactions through a scalable, decentralized digital ID.

Founded in 2016 by Alastair Johnson and Seema Khinda Johnson, Nuggets is available in Europe and Australia and is expanding its platform into new verticals including financial services, which has been advanced by a significant partnership with LexisNexis Risk Solutions, one of the largest protectors of private and confidential data in the world.

Nuggets has already won numerous awards for its industry-leading FinTech offerings, including most recently from Deutsche Bank. As part of their recent growth, Nuggets has established commercial partnerships with global companies such as LexisNexis Risk Solutions, LatPay, QFPay, and a variety of other organizations.

“Frustratingly, 2020 was the worst year on record for data breaches, signaling a seismic shift in consumer attitudes towards privacy,” said Alastair Johnson, CEO & Founder of Nuggets. “On this Data Privacy Day — held annually on January 28 to create awareness about the importance of respecting privacy, safeguarding data, and enabling trust — it feels particularly timely for Nuggets to join forces with ID2020 and the other brand leaders that are helping to make protecting customers’ data a top priority in this increasingly data-driven digital world.”

The ID2020 Alliance also continues to grow at a healthy pace, welcoming organizations from the public and private sectors that share our commitment to user-managed privacy-protecting, and portable digital ID. As an Alliance, we are only as strong as our members and we are thrilled to add Nuggets to the partnership as we move — together — towards providing good ID for all.

About ID2020

ID2020 is a global public-private partnership that harnesses the collective power of nonprofits, corporations, and governments to promote the adoption and ethical implementation of user-managed, privacy-protecting, and portable digital identity solutions.

By developing and applying rigorous technical standards to certify identity solutions, providing advisory services and implementing programs, and advocating for the ethical implantation of digital ID, ID2020 is strengthening social and economic development globally. Alliance partners are committed to a future in which all of the world’s seven billion people can fully exercise their basic human rights and reap the benefits of economic empowerment and to protecting user privacy and ensuring that data is not commoditized.

About Nuggets

Nuggets is an award-winning, decentralized, self-sovereign identity and payment platform. It helps organizations to protect customer data while giving customers a frictionless, seamless experience. Nuggets is the only platform of its kind that truly brings together payments and ID, utilizing self-sovereign data principles.

Nuggets was founded on the belief that each of us should own and control our personal information. No one else. Privacy is a fundamental human right, and a fundamental change is needed in the way personal data is stored.

UK-Based Nuggets Joins the ID2020 Alliance was originally published in ID2020 on Medium, where people are continuing the conversation by highlighting and responding to this story.


Digital Scotland

3Finery – Napier University Spin-out Pioneering “Intermediated Reality” (IR)

Exciting Edinburgh startup breaking new ground in the field of Augmented Reality. The post 3Finery – Napier University Spin-out Pioneering “Intermediated Reality” (IR) appeared first on DigitalScot.net.

3Finery are a spin-out from Napier University, and we were joined on our webinar series by founder Llogari Casas to learn more.

3Finery uses ground-breaking Augmented Reality (AR) technology which can boost customer engagement with remote marketing campaigns by portraying goods, services and venues in innovative ways. It is expected to appeal strongly to businesses during the Covid-19 pandemic.

The new twist on traditional AR methods was developed at the School of Computing over a three-year period by Professor Kenny Mitchell and his former PhD student Dr Llogari Casas.

Intermediated Reality

3finery provides an Augmented Reality technology that enables objects to interact, play and receive messages remotely as if they were magically coming to life. Their software provides a novel way of interaction with the user’s environment and can be easily integrated to already existing solutions.

As Llogari explains at 14m:05s their unique innovation is a concept they define as “Intermediated Reality” (IR), the ability for people to interact with objects brought to life through Augmented Reality capabilities.

The technology can be used to enhance products, services and venues from businesses that have interaction with their environment through mobile devices. They offer unique interactive experiences with the ability to better understand customer needs by gathering valuable user data from their interactions, and their technology is built around social media with virality as the core value proposition and can be used as an incentive to make users interact with third parties software.

The underlying technology behind 3finery can be applied in a variety of verticals, such as, theme parks, museums, interactive toys, social network communication or entertainment and beyond.

The post 3Finery – Napier University Spin-out Pioneering “Intermediated Reality” (IR) appeared first on DigitalScot.net.


Scotland’s Digital Disruptors: Better Internet Search – A David vs Goliath Battle with Google

Better Internet Search have set themselves the most audacious of startup ambitions: A better search engine than Google! The post Scotland’s Digital Disruptors: Better Internet Search – A David vs Goliath Battle with Google appeared first on DigitalScot.net.

As he describes in the feature video, Gordon Povey of Better Internet Search is one of Scotland’s Digital Disruptors.

Our goal with the DigitalScot.live webinar series is to showcase Scottish startups setting out to disrupt major industries, and Better Internet Search is taking on the most audacious of challenges: To build a better search engine than Google!

The theme of Gordon’s talk is how many “experts” have told them what a foolhardy goal this is, and you’d be forgiven for agreeing with them when you consider just how massive and ubiquitous Google is.

However at one point in time Google was just two guys in a garage and they were being told the same thing, with objective of displacing the incumbents like Altavista being their foolhardy mission.

That is the nature of Digital Disruption in the Internet era, no one is safe, any one can be toppled from the top slot simply through a new player having a unique competitive advantage that moves the game to an entirely new playing field.

Integrated Commerce Search

For the main introduction Gordon sets the scene by highlighting search users have two main issues with the Google approach: Data privacy and advertising. Google very intrusively tracks all of your online behaviours and uses that data to personalize adverts at you.

So Better Internet Search is going for a different model, one that keeps your personal data entirely private and doesn’t offer any advertising.

This leaves you wondering what possible options are there then to generate revenues, but as he explains from 13m:00s, Gordon and his team are pioneering an alternative model, one that charges users for searching, paid through tokens that they top up into their search wallet.

The core of their model is that should a user proceed to an e-commerce store as a result of their search and make a purchase, the user is rewarded with tokens back into their wallet. They can also directly purchase top ups.

From 25m:00s Gordon demonstrates where this can lead, showing an integrated search / product commerce experience. Given it is such a popular and distinct use of searching, to find products you want to buy, there is huge potential to offer a much improved, end-to-end integrated experience.

Thus Better Internet Search has defined a unique niche in the marketplace where they could achieve product superiority, and the dream of winning the David vs Goliath battle with Google suddenly seems more than realistic.

 

The post Scotland’s Digital Disruptors: Better Internet Search – A David vs Goliath Battle with Google appeared first on DigitalScot.net.

Wednesday, 27. January 2021

Me2B Alliance

Me2B Research: Consumer Views on Respectful Technology

What do healthy digital relationships look like? In the first in a series of webinars on Consumer Views on Respectful Technology, Noreen Whysel will present findings from interviews with digital technology consumers. View Webinar

We asked real people how they manage their relationships with apps, websites, browsers, and iOT devices. What types of behaviors do they put up with? What are the deal-breakers? The must-haves? And, what do people do when digital relationships go wrong?

View on YouTube

Noreen Whysel
Product Integrity Testing, Me2B Alliance

Noreen Whysel is a NYC-based researcher, advisor and teacher with 30 years research and design experience. She is COO of Decision Fish, a decision consulting firm, and teaches UX and UI Design at CUNY’s New York City College of Technology. She is a well-known mentor in the international UX and cyber-security communities. At the Me2B Alliance, Noreen leads product integrity testing and is developing a framework for identifying and remedying dark patterns and other user experience problems.

Read Less


Ceramic Network

Launching the Clay Testnet

Starting today you can build with Clay, the official testnet for the Ceramic Network.
Introducing, Clay

After more than a year of hard work, we're excited to officially unveil the Ceramic Clay Testnet. Starting today you can experiment, prototype, and develop applications on top of the Ceramic protocol.

To get started, try the demo app and jump into the docs.

What is Ceramic?

Ceramic is a public, permissionless, censorship-resistant network for managing mutable information on the open internet. Ceramic combines a stack of cutting-edge web3 technologies including IPFS, libp2p, blockchain, DIDs, and standards for authenticated (signed/encrypted) data to give developers the ability to build completely serverless applications using dynamic, verifiable, decentralized data.

Ceramic functions like a global-scale, permissionless NoSQL document datastore, but ensures strict ordering of document updates and data integrity without relying on database servers or trusted third-parties to perform mutations and transforms on content. Since Ceramic is built on a completely peer-to-peer network, all documents are openly discoverable and can be queried by any participant on the network or referenced in other documents.

Smart documents

In Ceramic all content is stored in smart documents, which are append-only IPFS logs where each commit (update) is signed by a decentralized identifier (DID) for verifiability and then subsequently anchored in a blockchain for consensus. Each smart document basically functions as its own independent doc-chain (a document blockchain). Here are some key features of smart documents:

Mutable content: Store information in collections of mutable documents like your favorite NoSQL document database. Immutable identifiers: Every document gets a globally unique persistent identifier, called a DocID. This DocID will never change regardless of how many updates are made to the document. Verifiable signatures: Every update to a document must be signed by the DID of its owner, providing verifiability to its content. Schema-enforced content: Documents can have schemas which will be enforced by the protocol. This allows for data integrity and simple cross-platform interoperability. Strict versioning: Every update made to a document is anchored in a blockchain, so its commits follow a strict order. This allows the protocol to guarantee the state of a document at every commit and allows its content to be auditable and trusted at all times. Programmable logic: Define custom rules for state transitions to enforce who, how, and when your document is updated without centralized servers. Rules can react to direct events such as a signature from the owner, or indirect events such as an update in another document. Configurable persistence: Nodes can back up documents to any centralized or decentralized data storage platform. How'd we get here?

Clay is the result of the tireless commitment by many in the community to the mission of creating an open dataweb free of silos. Since we first debuted a proof of concept of the Ceramic protocol in early 2020, the Ceramic codebase has had 1300+ git commits, 650+ releases, and dozens of top-tier projects in the Web3 ecosystem have been hard at work testing integrations and providing us feedback along the way.

This release is the final major milestone on a long journey to launching the Ceramic Fire mainnet, which is slated for the end of Q1 or early Q2 2021. Want to start building on Ceramic today? Continue reading to dive into the specifics of what's possible on Clay.

What's new for Clay? A live, fully-functioning public test network that simulates mainnet as closely as possible Three JavaScript clients: Core client, HTTP client, and CLI Loads of new protocol features, improvements, and performance optimizations The final breaking API changes before mainnet 🤞 Document anchoring on Ethereum's Ropsten (EIP155:3) and Rinkeby (EIP155:4) testnets A dedicated p2p gossip network using the libp2p topic /ceramic/testnet-clay A new documentation site Things to keep in mind The Clay network is experimental and should only be used for prototyping, development, and testing purposes. It's great for getting your application ready for mainnet. Documents created on Clay will not be portable to mainnet. These are separate networks, similar to Ethereum's testnets and mainnet. Clay does not yet have a purely decentralized peer discovery mechanism for nodes, and instead uses a curated peerlist for node discovery. This is because the DHT functionality in js-libp2p is not yet sufficiently performant for production, however it will be ready by the time mainnet launches. IDX is a protocol for cross-platform decentralized identity built on top of Ceramic. The IDX SDK is a useful tool for adding decentralized identity functionality to your already existing application, and is an easy entry point to get started with Ceramic. IDX runs on the Clay testnet and is currently in beta, so it has the same guarantees as Ceramic and will move to production when mainnet launches. You may encounter a few bugs and/or performance issues. We've done our best to make things work as smoothly as possible, but this is still a testnet. Please report any issues by opening a ticket on Github so we can fix them as soon as possible. We're always available in Discord to answer questions and help you out along the way. We're excited to see what you build on Ceramic! Getting started Jump into the developer docs Try the Playground demo app What's next?

After Clay, our efforts will be 100% focused on releasing mainnet as quickly and safely as possible. We're targeting the end of Q1 or early Q2 2021.

The Fire mainnet release will include additional performance optimizations, fully decentralized peer discovery, a new pubsub topic /ceramic/mainnet, document anchoring on the Ethereum mainnet (EIP155:1), network monitoring, public analytics, bug fixes, and more.

The community is also gearing up for mainnet with many announcements, launches, and partnerships to go live. We will be sharing more information on those as they are available.


Decentralized Identity Foundation

DIF Face to Face Jan 2021 Highlights

Come for the summaries, stay for the clip reel, bookmark for the links! DIF held its semiannual “Face-to-Face” community’ event this week, and man what an event it was! For obvious reasons, it was virtual for the second time, and for the first time, it spanned both Zoom and the interactive social platform gather.town, giving a more intimate atmosphere and allowing for more organic networking

Come for the summaries, stay for the clip reel, bookmark for the links!

DIF held its semiannual “Face-to-Face” community’ event this week, and man what an event it was! For obvious reasons, it was virtual for the second time, and for the first time, it spanned both Zoom and the interactive social platform gather.town, giving a more intimate atmosphere and allowing for more organic networking than often happens at “tele-conferences.” If you missed it in part or in full, you’ll find below summaries and recordings of the main events.

1# Opening remarks, and an update on DIF-OIDF Collaboration

Executive Director Rouven Heck got us started on a warm and welcoming note, bringing the largely unfamiliar audience up to date on DIF’s member-driven nature and its goals for 2021. These include a more engaged membership, more co-development at various scales, and more work items reaching stable specifications and publicly going from community incubation to commercial production.

Then, presenting from Tokyo (actually a little before the opening remarks, as is our asynchronous way here at DIF) Kristina Yasuda (Microsoft, Mydata) gave an update on her new role as the liaison between DIF and the OpenID Foundation. Joined by DID Authentication WG chair Oliver Terbu (Consensys Mesh), Kristina gave an overview not only of the ongoing SIOP work in the AB/Connect WG at OIDF, but also other identity-related efforts that might be of interest to DIF members, including the MODRNA and KYC-IDA working groups.

2# Interoperability and DIDComm working group

The “main stage” working group presentations started with the Interoperability Working Group, which has taken a break from its test-harness/test-suite role under its new chairs to concentrate on educational materials that support broader interoperability among verifiable credential protocols… and a better understanding of those protocols among decision-makers on the business side of the decentralized-identity business.

The chairs (Pam, Kaliya, and Juan) gave an overview of the last 6 months of their group, its publications and maps, and other products, an overview of their invited guests (and handy recordings), as well as the “parking lot” for future discussion/research topics for Q1.

The DID Communications Working Group, energetically presented by Chair Sam Curren (Indicio, Mattr), got the ball rolling with a swift and accessible overview of the group’s rapid progress from ambitious roadmap to the sophisticated draft specification since the last conference. In addition to the specification reaching its final rounds of editorial clean-up, many “nice to have” protocols that were put out of scope while the group focused on the specification alignment process (specifically a Bluetooth implementation and an NFC implementation) have spun out into parallel work items, which are already underway. In other DIDComm news, DIF member Jolocom announced this week a DIDComm v2 sample implementation in Rust, built for the company’s [otherwise completely non-Aries!] wallet. It seems 2021 will be the year of DIDComm!

3# Claims and Credentials, Presentation Exchange, and Sidetree

The Claims and Credentials group’s co-chair Wayne Chang (Spruce Systems) took a quick stroll through the new work item initiation process (currently being extended to other WGs DIF-wide) and the other major work items: the paused Credential Taxonomy, the work item formerly known as Credential Manifest, the new VC Marketplace.

DIF’s first Executive Director, Daniel Bucher (Microsoft Research), gave a quick overview of the Presentation Exchange spec, an ambitious specification for scaffolding credential requests and presentations between unfamiliar systems. After months of collaboration with core architects of the Aries ecosystem from DIF member Evernym, the presentation and request mechanics have been aligned with the upcoming iteration of the relevant Aries “Present Proof” RFCs, making this a major interoperability win that bridges the largest production ecosystems the decentralized identity space has yet seen. The specification is in the very home stretch of reaching 1.0 status and in the last weeks of a period of public comment, so give it a read and leave some issues soon if you have any!

Daniel also presented the other specification he has been tirelessly driving for even longer than the Presentation Exchange work item at Claims and Credentials — the Sidetree specification, which reached v1.0 this week. In this quick, extemporaneous video, Daniel runs through some common misconceptions and relates the overarching Sidetree Layer-2 architecture to Microsoft’s specific Ion implementation, the work of DIF members SecureKey on a Hyperledger Fabric implementation, DIF members Transmute’s Ethereum implementation, and even the affinities with DIF’s next working group to spin out of I&D, KERI.

4# Secure Data Storage WG, Identifiers and Discovery WG, and KERI

From potentially universal specifications for presenting credentials, we jumped straight to potentially universal specifications for storing credentials and other confidential data. The Secure Data Storage working group co-chair Dmitry Zangadulin (Digital Bazaar) talked about the group’s first and flagship specification, Confidential Storage, which is designing a modular and DID-controlled storage protocol that would allow so-called “encrypted data vaults” (with or without a coupled authorization server called an “identity hub”) to create a portable, secure, redundant, and replicable storage layer for the decentralized identity world. In addition to bringing the audience up to speed on the current status of the specification work and prototyping, the group also gave a quick overview of the many guest presentations since the last F2F, spanning the cutting edge of decentralized storage and next-generation database projects.

The architecture of the Confidential Storage draft specification

Identifiers and Discovery WG, the oldest continuously-active group at DIF, gave a detailed overview of its impressive roster of donations, work items, and updates since the last F2F. Chair Markus Sabadello (DanubeTech) ran through this long list. These include research on WebID and key recovery/roll-over systems, the evolving WebID pre-standard being discussed in some browser groups of W3C, new common libraries in .NET and Rust. Markus also explained to those new to the space the group’s broader mission of supporting the DID ecosystem and DID methods in particular as they experiment with decentralized governance and infrastructure. (Of particular interest to close watchers of the space was his update about the Universal Resolver project offering up very high-level analytics (privacy-preserving, of course!) about resolution activity on the public “testnet” service.)

Markus’ co-chair, Sam Smith (ProSapien, Digital Trust Ventures) talked about his passion-project, soon to become its own DIF WG: Key Event Receipt Infrastructure, or “KERI.” KERI offers a new way of thinking of the “layers” of decentralized identity infrastructure, focusing doggedly on the “bottom half” of the concerns of a traditional DID method and separating itself entirely from the “top half,” including method-specific namespacing and all [clear-text] data. After months of honing the skill, Sam impressively conveys a considerable portion of the core concepts in this complex and nuanced system in a record-setting fifteen minutes!

5# Special Interest Groups: Product Managers, Banking and Finance, and Healthcare

Transmute’s Margo Johnson, co-chair of the Product Managers’ community of practice, gave a quick overview of their very generative and generous non-technical working group. In addition to producing a useful open-source corpus of discussion notes, presentations, and UX blotters, and the like, the group is also an important watering hole for product and user interface design thinking, covering such topics as accessibility, ethics, and adoption strategies, for products but also for new concepts of software (and better user interface patterns) more generally.

Co-chairs Paul Dunphy (OneSpan) and Isaac Patka (Bloom) gave a fascinating overview of the activity of their fast-moving and diligent Banking and Finance open group. Paul introduces the philosophy, focus, and working methods of the group, then Isaac overviews the invited guests to date. In addition to hearing reports from SSI researchers in the financial services space, the group is also building out a wiki of relevant regulatory events in the space, as well as opportunities in the space like the UK’s financial regulatory sandbox, the subject of their next meeting with Evernym’s Andy Tobin.

Interim Chair Juan Caballero (LearningProof) gave a brief overview of the discussion group’s intentions and format. These could respectively be summarized as exploring the opportunities and access points for innovations in the healthcare space, and a recorded invited-guest series where researchers from the space offer “reverse pitches” about pain points and problems that decentralized identity might be uniquely suited to solve. As with all of DIF’s special-interest groups, the group is open to DIF non-members and interested parties can reach the chairs through the group’s repository, where they can also find notes and recordings of all guests to date.

Stay Tuned and Get Involved

As you can see, the DIF community has grown considerably since the last F2F, and keeps expanding into new terrains and modalities. If you work in the decentralized identity space or are trying to move your work into it, please consider joining the foundation, joining one of these working groups and special-interest groups, or even bringing a future project into DIF as a work item.
Or subscribe to our monthly newsletter.

DIF Face to Face Jan 2021 Highlights was originally published in Decentralized Identity Foundation on Medium, where people are continuing the conversation by highlighting and responding to this story.

Tuesday, 26. January 2021

EdgeSecure

Building A Proactive Defense Against Rising Cyber Threats

As technology continues to advance across many industries, the frequency and severity of security threats have risen as well. Breaches can be costly, and without a comprehensive cybersecurity strategy in place, many organizations may be left vulnerable. “In this current security landscape, the threats have only multiplied,” says Jeremy Livingston, Associate Vice President for Security Solutions De

 Experience Article in View From The Edge Magazine

As technology continues to advance across many industries, the frequency and severity of security threats have risen as well. Breaches can be costly, and without a comprehensive cybersecurity strategy in place, many organizations may be left vulnerable. “In this current security landscape, the threats have only multiplied,” says Jeremy Livingston, Associate Vice President for Security Solutions Development and Chief Information Security Officer. “Many of our members have had to rapidly deploy and implement new solutions for remote learning, remote management of IT systems and devices, and teleconferencing. All of these things have brought increased risks—with attacks rising close to 3000 percent.”

The changes brought on by COVID-19 are testing countless businesses’ security strategies and not everyone is prepared to defend themselves against increasing threats. “Unfortunately, the threats have only multiplied as everyone moves to telework and remote learning,” says Gregg Chottiner, Vice President for Technology Advancement and Chief Information Officer, Edge. “The attack sector has increased tenfold by the ability for hackers to now target the weak links in an organization’s security posture. The average data breach cost in the U.S. last year was almost $5 million, and this number seems to be rising at around 20 percent annually.”

Employing Preventative Protection
Developing a strong defense strategy is key and involves understanding threats and how to prevent them. “The cost of one of these breaches will far exceed most cybersecurity insurance policies,” says Livingston. “Luckily, there are many ways for us to stop that chain of attack. For most ransomware attacks, there are at least five different ways that an organization can stop that attack from occurring. This includes extensive user training, users avoiding phishing emails, and next-generation firewalls with updated block lists. Fortunately, there are many opportunities for organizations to cover all of these bases properly from a defensive standpoint.”

A proactive approach to cybersecurity can help boost the success of risk mitigation and allow an organization to ensure information is safeguarded over the long-term. “Many organizations often do not spend a lot of time thinking about cybersecurity until they get attacked or until their data is stolen,” says Chottiner. “Edge is trying to create awareness around security threats and show the value and cost benefit of doing this work upfront. One of the common themes in this realm is not if you’re going to be hacked, but when. In fact, there are organizations that have been already breached and are not aware of this threat because they do not have correct monitoring and logging of systems.”

Depending on an organization’s needs and current security profile, Edge can recommend solutions to assist in addressing specific vulnerabilities. “For some of the organizations we work with, we have made such improvements in the security measures that the cost of insurance has decreased,” shares Livingston. “Cyber insurance rates are based upon which defenses are in place versus the current risk levels and threats. We can actually help alter that equation to be more cost-effective, all without an attack even having occurred.”

“Edge is trying to create awareness around security threats and show the value and cost benefit of doing this work upfront. One of the common themes in this realm is not if you’re going to be hacked, but when. In fact, there are organizations that have been already breached and are not aware of this threat because they do not have correct monitoring and logging of systems.” – Gregg Chottiner

Effectively Navigating Risk
Handling the difficult and complex nature of today’s technical environments is no easy feat, making the roles of chief information officer (CIO) and a chief information security officer (CISO) more important than ever in helping an organization navigate these challenging times. While each has different responsibilities, the CISO and CIO work in tandem to create a holistic security approach. “The CIO is responsible for the overall technology health of an organization and the CISO is a critical role in protecting data, data management, and academic and administrative computing,” says Chottiner. “A challenge we see with many organizations is they have an IT leader or CIO, but not a CISO. Many are in need of the knowledge, skills, and experience of a CISO to understand the problems and vulnerabilities of today’s systems.”

Livingston adds that a CISO focuses primarily on organizational risk management and works with executives to set appropriate levels for risk. They then evaluate and maintain systems and data with that risk level in mind. “The CISO brings a different skillset and security background to the organization and helps to keep the CIO more informed; allowing for more educated decisions regarding the technology that is being used and implemented. The CIO and CISO work hand in hand as partners, both keeping the organization functional and secure.”

Developing Cybersecurity Strategies
A CISO plays an essential role in IT leadership and developing actionable cybersecurity strategies and policies, but not every organization has the ability to hire for this position full-time. To help organizations fill this gap and improve their security effectiveness, EdgePro virtual CISO (vCISO) services offers an affordable way to gain the expert insight and skills they need. “As a vCISO, we embed ourselves into the organization and work closely with the CIO or technology director,” shares Livingston. “For organizations that have budget constraints or do not need a full-time resource, the vCISO gives them the expertise they need. The vCISO performs the same functions that a normal CISO would, but at a much lower cost.”

vCISO services are available on a virtual, fractional, or full-time basis to meet each member’s unique security needs. “Edge’s vCISO services give members the ability to access a qualified credentialed individual to perform required services; only paying effectively for what is needed,” says Chottiner. “As part of a holistic security approach, members also have access to the Cybersecurity Health Check Program, a proactive, standards-based cybersecurity tool. Periodically assessing network security is a crucial part of a business’s cybersecurity plan and this subscription-based program generates monthly reports that provide a snapshot of network security and outlines actionable intelligence to remediate any new vulnerabilities.” Along with regular assessments, Edge’s cybersecurity experts collaborate with an organization’s team to provide knowledge of cybersecurity frameworks and create a long-term strategy that aims to improve cyber defense over time.

Improving Cyber Defense
Edge is dedicated to helping member organizations improve their cyber defenses in the most efficient and cost-effective way possible. By using a shared services model, members can access a variety of top-notch products and services at a much lower cost. “The shared services model provides our members with a better value,” says Livingston. “Edge will take time to review an organization’s existing security measures and ensure these controls meet their organizational risk needs. We can suggest different security solutions that may be useful and help implement changes if necessary. In addition, we also provide user training for staff and faculty members in how to effectively monitor and evaluate their security posture.”

By developing a thorough understanding of potential risks, an organization is able to make more risk-informed decisions on how resources should be distributed to defend against those risks. “Our Cybersecurity Health Check is an affordable method for regularly revealing vulnerabilities and gaining access to a vCISO,” says Chottiner. “Edge can then help design and execute a personalized security program based on the organization’s needs and budget.”

For member organizations interested in establishing an Edge vCISO service or conducting a Cybersecurity Health Check, Edge’s sales team will set up an initial meeting to evaluate current needs and answer any questions. “Our process is completely collaborative and we will work with an organization’s technology director or CIO to determine the areas we need to focus on,” says Livingston. “We will give feedback, make recommendations, and perform a risk assessment to determine where Edge can provide the most value and immediate reduction in risk. We understand that finding cybersecurity staff can be a challenge or is not always possible financially for an organization. EdgeSecure aims to alleviate this problem and offer the insight, expertise, and solutions needed to create a robust cyber security plan and meet the challenges of the future.”

Looking to gain actionable cybersecurity intelligence and insight? See how partnering with Edge can help improve your cyber defenses. njedge.net/solutions/edgesecure

If your institution or organization would benefit from a qualified vCISO, full details on Edge’s vCISO program are located at NJEdge.net/solutions/edgepro/vciso.

View Article in View From The Edge Magazine

The post Building A Proactive Defense Against Rising Cyber Threats appeared first on Edge.


How to Embrace the Next Normal: Let Edge Navigate the Way

Zoom Video Communications A video platform for online learning collaboration, virtual office hours, and administrative meetings. (For K-12 districts using Zoom Basic licenses, you can use this form to request removal of the 40-minute meeting time limit.) The post How to Embrace the Next Normal: Let Edge Navigate the Way appeared first on Edge.

 Experience Article in View From The Edge Magazine

Zoom Video Communications
A video platform for online learning collaboration, virtual office hours, and administrative meetings. (For K-12 districts using Zoom Basic licenses, you can use this form to request removal of the 40-minute meeting time limit.)

Desktop Virtualization
Leverage our relationships with AWS and/or VMware to provide users with the same working experience they expect in the office or the classroom, delivered via cloud-based desktops.

Instructional Technology as a Service
In the 21st century, high-quality learning not only utilizes technology, but demands it. The science of instructional technology is not just about finding a tool to meet an immediate need, but understanding how educational or instructional technology tools fit together to meet the learning outcomes set forth by faculty, administration, and instructional designers. The EdgePro team works with your staff to not only identify what tools can meet your technical needs, but how they can be used to facilitate learning and advance the academic mission and vision of your institution.

Instructional Design as a Service
There is far more to building online courses and programs than simply digitizing the content originally built for in person instruction. Quality online learning demands meticulous design, development, and revision of engaging and interactive online, blended, or face-to-face courses. The EdgePro team provides the pedagogical expertise to collaborate with your faculty and subject matter experts to create meaningful learning experiences for students through the creation, conversion, or expansion of online courses and programs.

Virtual Student Services One Stop
To prepare for the influx of demand on student services (administration, registrar, finance, etc.), access virtual resources to extend your existing administrative resources.

Edge Professional Services
Our team brings 120+ years of executive and IT/CIO experience to the table on behalf of our members. The Edge Professional Services team can assist with the development of, or add a second set of eyes to review, a business continuity and online learning/remote work action plan.

Online Learning Business & Financial Modeling
Online programs built on even the best instructional and design models can fail if not properly supported by effective business models and planning. The business of online learning depends on a detailed understanding and analysis of enrollment projections, optimal credit hours to be offered, cohort planning and scaling strategy, expense planning for instructors, supporting staff, and technology, and effective processes for the rollout and adoption of technology platforms. The EdgePro team consults with your staff to assess and optimize business strategies related to online learning goals.

Virtual IT Help Desk Resources
To prepare for the influx of service calls generated by remote work and online learning, access virtual resources to extend your existing help desk team.

Let Edge help you navigate your path forward!
855.832.EDGE (3343)
info@NJEdge.net
NJEdge.net

View Article in View From The Edge Magazine

The post How to Embrace the Next Normal: Let Edge Navigate the Way appeared first on Edge.


EdgeNet: Creating A Gateway to High Performance and Growth

The Edge optical fiber high-performance network, EdgeNet, was created to give connected members an exceptional connectivity experience, pushing past what traditional Internet service providers (ISP) can offer. To meet the unique needs of Edge member organizations, this purpose-built solution was specifically designed to enhance members' ability to deliver services to their key stakeholders, such a

 Experience Article in View From The Edge Magazine

The Edge optical fiber high-performance network, EdgeNet, was created to give connected members an exceptional connectivity experience, pushing past what traditional Internet service providers (ISP) can offer. To meet the unique needs of Edge member organizations, this purpose-built solution was specifically designed to enhance members’ ability to deliver services to their key stakeholders, such as students, faculty, researchers, and staff. “Unlike commercial Internet providers, EdgeNet services are custom-built to support the needs of our membership,” shares Bruce Tyrrell, Associate Vice President Programs & Services, Edge. “During the past year, we continued to expand the features and capabilities EdgeNet has to offer. For example, we increased the ability of our network to handle intercampus backbone capacity and have grown the number of 100 gigabit connections that we’re providing to our members for intercampus connectivity. We’ve also added Esports providers to our peering fabric, as this functionality has become an increasingly important element of the campus experience. Many institutions want to attract more students by offering real-time gaming and competition capabilities, and this update to EdgeNet has greatly increased the performance of these types of programs for colleges and universities.”

Over the last six months, the EdgeNet engineering team has executed plans for significant network capacity and capability growth to continue to meet the needs of members and offer strategic advantages. “Edge has extended our backbone footprint into two new points of presence at Princeton University, with added path redundancy to enhance the redundancy to our network,” shares Jim Stankiewicz, Associate Vice President and Principal Network Architect, Edge. “Edge has also upgraded to a couple of 100G ports to our Internet transit providers and we’ve added 100G circuit capability to our optical network to further improve intercampus connectivity for members.”

“Last year, we had well over two hundred attacks that were mitigated before ever reaching our members’ networks. We’ve deployed a method that dynamically detects risks and automatically mitigates with no intervention needed from the Edge networking staff or from the affected member. The member will then be notified of the mitigation, the IP address that was under attack, and the duration and size of the cyberattack.” – Jim Stankiewicz

Bolstering Security and Mitigating Risk

Improving security and risk mitigation for members remain top-of-mind priorities as Edge further grows and enhances the network. “Edge maintains the DOS surveillance and mitigation system on behalf of all of our members,” explains Stankiewicz. “Last year, we had well over two hundred attacks that were mitigated before ever reaching our members’ networks. We’ve deployed a method that dynamically detects risks and automatically mitigates with no intervention needed from the Edge networking staff or from the affected member. The member will then be notified of the mitigation, the IP address that was under attack, and the duration and size of the cyberattack.”

Edge is compliant with the Mutually Agreed Norms for Routing Security (MANRS) and helps members ensure their American Registry for Internet Numbers (ARIN) database is up to date. In addition, the providers of Edge’s Internet transit service have implemented resource public key infrastructure (RPKI), which adds another level of security on top of Edge’s routing network. “These programs, like MANRS and RPKI, adopt industry-wide standards that help prevent Internet and transit service providers from unintentionally or intentionally breaking the Internet,” says Tyrrell. “Things can happen that can cause large amounts of traffic to be misrouted across the Internet and these two programs are designed to prevent those incidences from happening. As a service provider in the industry, following best practices is important to Edge and helps our members avoid service-related issues.”

Expanding Research Capabilities 

Edge continues to expand their capability and capacity for research computing and has a dedicated research network segment within EdgeNet. “The foundation of Edge’s research network is their Internet2 GigaPOPs, where specific routing, switching, and an optical infrastructure are dedicated to the research leg of the network,” explains Stankiewicz. “This research network is physically and logically separated from the production network our members use today to get to the Internet.” Tyrrell adds, “Since the networks are logically segmented, any activity a researcher conducts on the research network that would commonly be disruptive in a normal environment will not affect our regular transport network.”

Edge has also been working with Rutgers University and Princeton to identify research network opportunities and create peering points with those networks, like the Eastern Regional Network (ERN). With a mission of building partnerships between research facilities, educational institutions, regional network providers, and Internet2, the ERN provides layered and transparent access to shared data and computing facilities for research projects.

At the end of last year, Edge, Rutgers, and Princeton began discussing how to migrate Edge’s internet connections away from the existing GigaPOP provider and create New Jersey’s first Internet GigaPOP in the state. Turned on in April of this year, the access point provides 200 gigabits of Internet2 capacity. “GigaPOP is a major interconnection point with Internet2, allowing members to connect with both national and international research assets,” explains Tyrrell. This access point also contains built-in flexibility for scale and growth, with the ability to grow to 400 gigabits in the future.

“Unlike commercial providers, EdgeNet, partners with our members to design and build optimal services that are custom designed to support their specific requirements. Edge also brings access to existing research entities, such as Rutgers University, Princeton University, New Jersey Institute of Technology, New York Presbyterian, and Hackensack Meridian Health—coupled with our peering capabilities built into the network—to connect with regional, national, and international research networks. EdgeNet is a one-stop destination for leading-edge support, research, and resources.” – Bruce Tyrrell

Dedicated Support and Troubleshooting

The EdgeNet network supports 100 percent of member demand, where member’s traffic is never impacted by another member’s network activity. Designed with Internet transit providers and redundant nodes throughout New Jersey, EdgeNet delivers a highly available networking experience. “We’ve created a network that is highly reliable, highly available, and of high performance,” says Tyrrell. “In the event a member does experience an issue they believe is related to our network, we have several layers of ongoing support, including an Edge partner who is a managed services provider. They offer 24-hour monitoring management of the infrastructure. If they cannot resolve the issue, members have the ability to talk to our network engineers, which is very unusual in the industry. You can rest assured that you’ll be able to contact the right people to get any issues resolved.”

A new EdgeNet feature added this year is access to real-time network utilization reporting. Each Edge member receives a personal link to view their own connections and can provide additional visibility to an organization’s own network connections to the Edge network. “This feature helps members more efficiently troubleshoot inside and outside of their network when they’re experiencing a problem,” says Tyrrell.

Superior Network Connectivity

As one of the premier educational research networks in the country, EdgeNet offers a myriad of options for research networking. “Unlike commercial providers, EdgeNet partners with our members to design and build optimal services that are custom designed to support their specific requirements,” says Tyrrell. “Edge also brings access to existing research entities, such as Rutgers University, Princeton University, New Jersey Institute of Technology, New York Presbyterian, and Hackensack Meridian Health—coupled with our peering capabilities built into the network—to connect with regional, national, and international research networks. EdgeNet is a one-stop destination for leading-edge support, research, and resources.”

For research organizations who are looking to connect with other institutions, pursue larger grant opportunities, and meet their needs of high-speed research and collaboration, EdgeNet can help pave the way. Discover the power of EdgeNet at NJEdge.net/solutions/edgenet.

View Article in View From The Edge Magazine

The post EdgeNet: Creating A Gateway to High Performance and Growth appeared first on Edge.


Making the Case for the Cloud with EdgeCloud

For decades, IT departments have continuously combated obsolete computer hardware and applications. Generally, the replacement of these expensive tools requires capital funds, a convenience becoming more and more scarce. The funding obstacle subsequently then leads IT staff to operating the hardware beyond its useful life, creating other difficulties and larger expenses because of limited support

 Experience Article in View From The Edge Magazine

For decades, IT departments have continuously combated obsolete computer hardware and applications. Generally, the replacement of these expensive tools requires capital funds, a convenience becoming more and more scarce. The funding obstacle subsequently then leads IT staff to operating the hardware beyond its useful life, creating other difficulties and larger expenses because of limited support and the elimination of critical security updates. Enter cloud computing–the ideal solution to deliver enterprise applications and services. Cloud solutions reduce costs, increases the efficiency of an IT organization, solves storage needs, supports disaster recovery, data center reduction and many other issues, while freeing organizations from investing in capital or operational funds to replace underutilized hardware. In its essence, use of cloud solutions changes the financial equation from capital expenditures to operational costs. For example, the cloud allows customers to gain new capabilities without investing in new hardware or software. Rather, the client pays their cloud provider a subscription fee or pays only for the resources used. “The key advantage is agility: the ability to apply abstracted compute, storage, and network resources to workloads as needed, and leverage an abundance of prebuilt services,” said Gregg Chottiner, Edge’s Vice President for Technology Advancement and Chief Information Officer.

The ability to almost instantly scale up or down to support a workload is a critical cloud computing advantage, especially relevant and important to today’s education, government, and healthcare institutions. “Whether it’s patient, student or citizen data, the ability to access the information on any device is an important attribute,” Chottiner explains. In healthcare cloud computing, these tools allow healthcare providers to gain access to the patient data collated from numerous sources, share the information with important stakeholders and give out timely prescriptions and treatment protocols. The process also eliminates the distance between the specialists, allowing them to review cases and give their opinions, irrespective of the geographical limitations.

A variety of cloud options are available to users, often depending on resource needs. Hybrid cloud computing means utilizing a combination of services, generally public clouds, on-premise (on-prem) computing, and private clouds. Multi-cloud is the use of two or more cloud services from different cloud vendors and can be all-private, all-public or a combination of both. With numerous cloud services available, users have many providers to choose from including, AWS, Azure, and Google-all three of which provide on-demand availability of computer resources like data storage and computing power to their users.

Why Consider Using Cloud Strategy?

Chottiner says many organizations fail to realize how the cloud is not a place or specific technology, but a strategy. “If you’re not using cloud technology today, you’re behind your peers. There is an opportunity for an exponential increase in productivity, security, and performance that is currently being left on the table,” he explains. The important aspect to consider is the enormous amount of time technology teams often spend keeping the lights on, rather than focusing on strategic initiatives and organizational goals. Many organizations also pour time into patching and configuring hardware and rarely catch up. “The cloud allows an exponential leap in IT security without the capital spending required for on-prem IT,” Chottiner shared. “Cloud providers provide both physical and digital security mechanisms often too costly for most organizations to afford on their own. Edge offers all the tools and services to help organizations migrate to the cloud.”

Edge’s cloud assessment methodology helps build a business case for leveraging cloud services with accurate costs and provisioning plans based on real data from the institution’s current physical and virtual environment. The service also simplifies cloud migration and management through data analytics, competitive price modeling, and expert consultation.

“The cloud allows an exponential leap in IT security without the capital spending required for on-prem IT. Cloud providers provide both physical and digital security mechanisms often too costly for most organizations to afford on their own. Edge offers all the tools to help organizations migrate to the cloud.” — Gregg Chottiner

EdgeCloud Prepares Member Institutions with their Journey to the Cloud

Conceptually, migrating workloads to the cloud should be a basic “lift and shift,” but many organizations do not have an adequate cloud adoption strategy in place during their cloud migration attempts. One of the primary drivers for cloud migration is the staggered expiration of on-prem technology. However, EdgeCloud is available to all Edge members and helps an organization assess and prioritize workloads for migration to the cloud. “Edge has a proven methodology that combines several services developed to help an organization prepare for their journey to the cloud and reduce risks along the way,” Chottiner explained. “Our cloud readiness methodology is the perfect starting point.”

While some companies only offer cookie-cutter cloud migration solutions that claim to offer a seamless and all-encompassing migration plan. EdgeCloud provides members with a roadmap for cloud architecture and employs proven tools to make their journey easier. “When it comes to cloud computing, enterprises need a strategic and customized roadmap which will align with resources, budgets and strategic plans,” Chottiner says.

Edge employs proven tools to make the journey to the cloud painless using this criterion:

Have a solid business Outline your current objectives Categorize your workloads and desired outcomes Estimate timeline and budgets Prioritize what application to move first

In many cases, smaller organizations gain more efficiencies and cost savings from a cloud migration because these groups often have limited resources and budgets, eliminating operational tasks in favor of strategic projects with more value and better services to users. “Edge has the resources and partnership relationships to provide world class affordable cloud solutions for all types and sizes of organizations,” Chottiner shares.

Another of Edge’s differentiators is the capability to provide a purpose-built high performance and highly secure network, so Edge members can connect with the leading cloud providers. This contrasts with general Internet Service Providers that provide commodity-based networks, often with less security and less performance. For instance, with AWS, Edge has earned Strategic Partner status, which allows members to eliminate egress charges and significantly reduce costs. Edge also has a direct connection with AWS, which reduces latency for members.

To ease the burden of the procurement process and speed up their members’ time to implementation and innovation, EdgeCloud services can be attained through the EdgeMarket portal (edgemarket.njedge.net/home), which enables Edge to deliver consortium purchasing agreements to members. Edge members then gain access to current technologies such as cloud modeling at affordable prices and the increased ability to manage their complex technologies.

For more information on EdgeCloud’s services, visit NJEdge.net/solutions/edgecloud/.

THE CASE FOR THE CLOUD

From email, to e-commerce, to entertainment, the third party applications we use everyday have moved to the cloud. Cloud solutions deliver high performance and security for industry leaders everywhere, and the same technology can lead to positive outcomes for your organization. The cloud is the right platform to deliver the technology and services your users need if you find value in:

Agility. The ability to move fast, experiment, and easily access the solutions you need is inherent to the cloud. With anytime, anywhere access, the cloud allows you to more quickly and effectively meet the needs of your users.

Elasticity. The cloud allows you to grow or shrink your technology footprint as needed. Deploy the resources you need on demand, increasing availability during times of high demand and minimizing consumption (and cost) when appropriate.

Security & Compliance. Cloud services are built on a foundation of security. Cloud providers have designed solutions stringent security standards. In many cases, this results in a more secure environment than legacy on-premise solutions. Regulatory compliance is also key, with cloud security configured to meet standards including CJIS, FERPA, FEDRAMP, HIPAA, PCI, and more.

Business Continuity. The always-on nature of the cloud means your users will be able to access the services they need whenever and wherever they are, as long as they have an internet connection and meet your security policies. With applications and services living in the cloud, and business processes built to take advantage of that fact, this enables your organization to operate effectively whether onsite or working remotely, no matter the surrounding circumstances.

Total Cost of Ownership. When designed effectively, a cloud computing strategy can save your institution money on the technology bottom line. As a result of the ability to provision services when and where you need them, you’ll never need to spend money on hardware refreshes designed to meet the highest possible peak demand again.

View Article in View From The Edge Magazine

The post Making the Case for the Cloud with EdgeCloud appeared first on Edge.


Stockton University’s CIO is Passionate About Technology Advancements On Campus

Huston Joins Edge’s Board of Trustees In 2002, when Scott Huston stepped onto campus as a young freshman, Stockton University gained an integral component of their future executive team. Working hard, this forward-thinker earned both his undergraduate and graduate degrees from Stockton and began his career path providing guidance at the University’s IT Helpdesk. The post Stockton University’s C

 Experience Article in View From The Edge Magazine

Huston Joins Edge’s Board of Trustees

In 2002, when Scott Huston stepped onto campus as a young freshman, Stockton University gained an integral component of their future executive team. Working hard, this forward-thinker earned both his undergraduate and graduate degrees from Stockton and began his career path providing guidance at the University’s IT Helpdesk. Over 16 years later, Huston was named Stockton’s Chief Information Officer, and most recently, this innovator in educational technology was voted onto Edge’s Board of Trustees, providing Huston with another outlet for influencing additional learning spheres.

“I guess you could say I fell in love with the Stockton campus and community and never left,” Huston says. “I started my career at the IT Helpdesk, which taught me many things about the expectations of the higher education community, and the experience really gave me a good understanding of the entire organizational landscape.”

From the beginning, Huston has desired to deliver the best customer service experience possible and this mantra has followed him along his career path. He has managed numerous Stockton information technology initiatives, including the campus conversion to Active Directory, convergence and management of the Stockton unified Helpdesk, and the negotiation and purchasing of enterprise hardware and software. Huston has also helped the University’s divisions implement new IT projects and has managed the servers and services which run the applications.

Under his leadership, the Division of Information Technology Services team takes a proactive and collaborative approach to deliver innovative, reliable, and sustainable technologies to optimize satisfaction and desired outcomes. Huston said he also tries to stay involved in the day-to-day decision-making and processes at the University. “This way I’m never caught off-guard, and any email going to the Helpdesk still comes to me as well. I believe it’s very important for me to stay connected to the needs of our user community,” he adds. While overseeing operations, Huston works with his team to develop new strategies, programs, and procedures to promote quicker responses with improved customer service. Huston also plays a large role in the fiscal planning and budgeting for the division and has implemented many process improvements in the areas of allocation of funding and procurement of equipment for Information Technology Services. “In my role as CIO, I now provide the strategic vision and leadership for the continued development of an innovative, robust, and secure information technology environment at Stockton,” Huston shares. “We are always looking to provide fully engaging learning experiences throughout the University.”

“We need to sustain the higher education experience with information security strategies and high education affordability, because at the end of the day, the most important thing to remember is we are here for the students.” – Scott Huston

Reliance on IT During COVID-19

COVID-19 has been an obvious challenge on campus, but the nimbleness of Stockton’s IT department has allowed the University to overcome numerous obstacles and issues throughout the pandemic. The Fall 2020 semester features courses taught in multiple teaching modalities, including online courses, in-person classes on campus, and via hybrid classes that combined in-person and online lessons. Huston’s department had to be ready to handle each situation and make sure systems and programs were capable of each scenario. “The greatest challenge has been dealing with the ever-changing landscape of the pandemic and the reliance on IT to provide solutions to issues arising due to the situation,” he said. “IT at Stockton has been required to become even more agile and nimble during the pandemic, with a lot of out-of-the-box thinking required to solve the ever-growing situations at hand.”

During these very unprecedented times, Stockton made the strategic decisions to heavily leverage and upscale Zoom services, including larger meetings, webinars, and cloud phone service, along with the use of collaboration resources such as SharePoint and OneDrive. The University procured and deployed enhanced virtual desktop infrastructures to ensure students, faculty, and staff could continue their operations and still thrive despite the challenges. Huston noted how communication and connectivity to resources has been some of the biggest hardships to overcome.

Classroom needs have also regularly changed, especially during the fall semester. Tools beginning to become archaic have made a reappearance, such as the use of digital document cameras to provide a unified classroom learning environment. “With increased remote learning due to the pandemic, these devices have become more popular than ever,” Huston shares. “All I can say is we are spending many late nights preparing for any situation that may appear in the semester ahead.”

Digital Transformation in Higher Education

Besides being CIO, Huston has also served as an adjunct faculty member at Stockton since 2012, and in 2014, he was named the Business Faculty Member of the Year. This popular instructor enjoys remaining connected to the classroom through teaching and finds the experience gives him insight into the modern technological needs of the student body and his fellow faculty. For instance, Huston believes higher education must innovate in order to provide world-class instructional technologies. He says digital transformation must take place by using technology to assist with student retention and completion, as well as to employ advanced data analytics to ensure colleges and universities are providing students with the best educational experience possible. “I think EDUCAUSE got it right; digital transformation is all about simplifying the end user experience and technologies to support their needs, while still providing an advanced and imaginative experience for users at all levels.”  He continues, “We need to sustain the higher education experience with information security strategies and high education affordability, because at the end of the day, the most important thing to remember is we are here for the students.”

The use of emerging technologies and practices aid the process for ongoing digital transformation. Stockton uses Analytics for Inclusive Student Success to create a strategic plan for their campus. Huston says the school heavily utilizes reporting and analytics to recruit, support, and empower their increasingly diverse student body, while working closely to fill equity gaps often existing in higher education. “Every CIO’s agenda should look to improve the analysis of student data, student success planning, and advising systems and predicative analytics for student success,” he added. “But as pure strategic technologies, gaining redundancy and expanding possibilities through a blended data center should be on the mind of every CIO.” However, more importantly, Huston says the growing complexity of security threats keeps him up at night. “Information Security is something you always have to be concerned about.”

Innovative Technologies Benefit the University

Currently, colleges and universities are experiencing the importance of cloud services and software as service offerings. This change is causing a shift for many institutions. “The result is a swing from capital expense to operating expense, but with the appropriate planning the benefits can be huge,” Huston explains. “Educational technology will continue to advance and transform in the future, however, there will always be underlying needs for the University community.”

Outside of technological resources like the HyFlex Course Model needed to overcome COVID-19 obstacles, Huston believes those colleges and universities who begin to offer multiple learning modalities simultaneously will be very important for the future university student. Ongoing, Stockton plans to continue to investigate alternate modality technologies and services with the IT team, working for the creation and production of high quality pedagogical-focused learning materials across all disciplines. “I hope the industry as a whole continues to focus on these opportunities and future technologies can be leveraged to support the HyFlex learning model,” Huston explains. “Over the last few months, I’ve been amazed watching the unbelievable creative and innovative ways Stockton’s faculty have used technology to create some excellent methods for instruction. I hope to continue doing everything possible within my means to support this type of activity.”

Collegiate Esports is another area where Stockton University has been a leader. In 2019, the institution had 85 student competitors spread across seven different sports and had over 350 very active community members. The Esports teams received four first place finishes in various national tournaments, putting in over 15,000 hours of utilization in Stockton’s dedicated Esports labs.

As Edge enters the world of Esports, Stockton’s Esports teams have had hundreds of students attending their community gaming events on campus. “The program is thriving more than ever! We have open play nights throughout the week, which was popular with students, and we hosted multiple middle and high school teams on campus for Esports related events,” he says. “We are looking forward to Edge’s continued involvement with collegiate Esports in New Jersey and their continued support of the initiatives here at Stockton.”

Edge is very appreciative for Huston’s willingness to contribute his skills and expertise to the overall Edge community, as he joins the Board of Trustees.

View Article in View From The Edge Magazine

The post Stockton University’s CIO is Passionate About Technology Advancements On Campus appeared first on Edge.


Digital ID for Canadians

DIACC International Pilots Special Interest Group “Un-panel”

In recognition of the 2021 International Data Privacy Day taking place January 28th, Joni Brennan, President of the Digital ID & Authentication Council of Canada (DIACC),…

In recognition of the 2021 International Data Privacy Day taking place January 28th, Joni Brennan, President of the Digital ID & Authentication Council of Canada (DIACC), hosts an “un-panel” with guests from around the world who are committed to focusing on issues around data privacy, empowering people while ensuring they’re protected, and advancing the international data governance landscape.

Guests include:

Joni Brennan (Canada) Mark Lizar (Canada) Dick Dekkers (Netherlands) Steve Pannifer (UK) Paul Theyskens (Belgium) Sal D’Agostino (USA)

If you’d like to learn more about how to get involved in DIACC’s international activities, please contact info@diacc.ca.


OpenID

“Exploring Financial-grade API (FAPI) with Torsten” Podcast is Live

The OpenID Foundation is pleased to sponsor the Identity, Unlocked second season premiere podcast featuring host Vittorio Bertocci and special guest Torsten Lodderstedt, “Exploring Financial-grade API (FAPI) with Torsten”. Torsten is a long time member of and contributor to the OpenID Foundation. Torsten has contributed significantly to the FAPI security profile and is the co-chair […] The post “

The OpenID Foundation is pleased to sponsor the Identity, Unlocked second season premiere podcast featuring host Vittorio Bertocci and special guest Torsten Lodderstedt, “Exploring Financial-grade API (FAPI) with Torsten”. Torsten is a long time member of and contributor to the OpenID Foundation. Torsten has contributed significantly to the FAPI security profile and is the co-chair of the eKYC&IDA working group.

This episode is a deep dive on the technical plumbing of FAPI. It provides an overview of the specification, how it came to be and what it means for implementers and end-users. FAPI is a security and interoperability profile closely aligned with OAuth. It was originally intended for use in open banking scenarios and has now rapidly extended to other high security use-cases in insurance, healthcare and mobile.  Torsten explains how FAPI navigates two challenge areas of using OAuth in open banking, what one may find within the FAPI working group initiatives, and the differences between FAPI versions 1 and 2.  Further, Torsten dives into specific macro  areas of FAPI, and discusses JARM (JWT Secured Authorization Response Mode).  He details cryptography measures such as MTLS and their relation to FAPI, his thoughts on the future of FAPI, prominent features in the specifications such Client Initiated Backchannel Authentication (CIBA), and helps listeners interested in FAPI to determine what version might best suit them.

This podcast compliments the OpenID Foundation’s plans for technical information sharing sessions with government and private sector partners in AUS, LATAM, MENA, the EU and UK. The Foundation plans to enhance and extend the workshops we tested over the last few years with the UK’s Open Banking Implementation Entity with the goal of the workshops to provide an open forum to educate technologists on the current state of the FAPI standards and its conformance test suite and invite contributions to the evolution of FAPI-2.0

To learn more about the FAPI working group, how to participate, and information about the specification, visit https://openid.net/wg/fapi

To learn more about OpenID Foundation’s global open banking initiatives as well as access resources for developers and implementers of the Financial-grade API (FAPI), visit https://fapi.openid.net 

 

About Torsten Lodderstedt 

Torsten is CTO of yes.com, a startup building an open banking scheme. Before joining yes.com, he served for a decade in different roles at Deutsche Telekom’s identity team, building and operating large-scale consumer identity services. In his previous positions as a consultant and IT architect, he helped customers in several domains (public, banking, railway communication, telecommunication) to implement highly scalable and secure applications. Torsten Lodderstedt received his Ph.D in computer science from Albert-Ludwigs University in Freiburg. Torsten regularly contributes to OAuth & OpenID. He is the editor of the OAuth 2.0 Security Best Current Practice and the OpenID Connect for Identity Assurance draft, contributes to OpenID Foundation’s FAPI working group, and helps API standardization initiatives, especially in the open banking space, to effectively use OAuth.

 

To Learn More About the “Identity, Unlocked” Podcast

To learn more about the ‘Identity, Unlocked,’ podcast and host, Vittorio Bertocci, visit identityunlocked.auth0.com  

To subscribe to the latest podcast updates and episodes, visit Apple Podcasts and Spotify.

The post “Exploring Financial-grade API (FAPI) with Torsten” Podcast is Live first appeared on OpenID.

WomenInIdentity

Identity and Data Privacy – Predictions for 2021

  2021 is going to be a significant year in Identity and Data Privacy. Since the GDPR went into full enforcement in 2018, we’ve seen  many countries rapidly change or… The post Identity and Data Privacy – Predictions for 2021 appeared first on Women in Identity.

 

2021 is going to be a significant year in Identity and Data Privacy. Since the GDPR went into full enforcement in 2018, we’ve seen  many countries rapidly change or update their Data Privacy laws. Although intended to protect the individual, the number of Data Privacy Rights has increased dramatically. And, this is compounded by the fact that emerging technologies are putting a huge burden on identity and Identity systems.

The world is also experiencing an acceleration of technologies that rely heavily on Identity and Identity systems.  As a result, I predict there will be a need to use Identity systems to facilitate new ways for people to access services:

carry out financial transactions with cryptocurrencies, validate vaccination and health status due to Covid-19, help big tech better moderate objectionable content.

These are my predictions for the year ahead – share your feedback below!

Immunity Passports will become ubiquitous

As a result of Covid-19, many countries are looking to how they can relax travel restrictions. A cruise company recently confirmed that they will not be accepting passengers unless they have been vaccinated.  This is very likely to be the case for many other travel companies in 2021.  This raises the issue of Data Privacy because some of these companies will now be collecting confidential, protected health information from the customers which they need to manage going forward.

Technologies are being developed right now to create things like Identity Passports through which travellers can present a negative COVID test result or proof of vaccination.  This will then be tied to their identity to determine the right to travel. This will put a significant burden on identity systems as we seek to combine health information with travel information. Identity is going to be critical in making sure that organizations can have confidence in any tests results or new data provided.

Links between Cryptocurrencies and Identity

An essential part of bringing cryptocurrencies to people worldwide is the ability to have users create and maintain digital wallets. A fundamental purpose of digital wallets is to allow the unbanked or underbanked access to digital currency systems. As a result of this, Identity and Identity verification systems will grow in significance to cryptocurrencies.  Identity and cryptocurrencies will be tightly bound together and initiatives aimed at getting people to use digital currency in the digital wallet will depend very much on adoption of the underpinning identity systems. Data Privacy and Data Protection will become the central point for developing trust in these digital money systems.

Emerging technologies and Identity

Emerging technologies like virtual reality (VR) and augmented reality (AR) and mixed reality will require more information about individuals as they move around, interacting with these systems. It will be vital that users are correctly identified and ‘marked’ appropriately so that, for example, their access to certain types of services can be restricted if needed. Identity plays a big part in this, and we will see increasing amounts of data collected about individuals which need to be protected to ensure their privacy rights.

Big Tech, Identity, and Content Moderation

Content moderation by big tech companies has become a hot issue in the US and the EU. Governments are looking very closely at ‘Big Tech”s role in moderating content and support for law enforcement when investigations relate to their customer base. As a result of this, and as we’ve seen recently in the US Capitol attack, the big tech companies are being asked not just to moderate conversations but also to track people that are causing harm or planning harmful events.

This is likely to result in more regulation around the responsibilities of ‘Big Tech’ in this area. In many different scenarios, I can see that this will cause a considerable uptick in how tech organisations identify users – particularly if it is to be used for law enforcement reasons.

It will be interesting to see how 2021 evolves. But whatever happens, it is likely that Identity and Data Privacy will play an increasingly significant role.

The post Identity and Data Privacy – Predictions for 2021 appeared first on Women in Identity.


Energy Web

ASA Automation, a German automation manufacturer that supplies companies including Walmart and…

ASA Automation, a German automation manufacturer that supplies companies including Walmart and Pfizer, leverages Energy Web Zero to decarbonize international supply chain Mainhausen, Germany and Zug, Switzerland — 26 January 2021 — Today, ASA Automation and Energy Web announced a renewable energy project leveraging the EW Zero application to help ASA source renewables for its production faci
ASA Automation, a German automation manufacturer that supplies companies including Walmart and Pfizer, leverages Energy Web Zero to decarbonize international supply chain

Mainhausen, Germany and Zug, Switzerland — 26 January 2021 — Today, ASA Automation and Energy Web announced a renewable energy project leveraging the EW Zero application to help ASA source renewables for its production facilities in Germany and Chile. ASA Automation is a leading global automation and robotics manufacturer that supplies equipment and solutions to multinational companies including Walmart, Nestle, Volkswagen, and Pfizer. Companies like these with strong sustainability policies require that suppliers such as ASA use low-carbon energy throughout their supply chain. EW Zero will enable ASA to provide a verified proof that low-carbon energy was used in its facilities throughout the world to produce its products. This pilot builds on the first technical and commercial demonstration of EW Zero — Energy Web’s partnership with Ripple and XRP Foundation to decarbonize the XRP Ledger.

“We are thrilled to welcome ASA Automation as an early adopter of EW Zero to reduce the carbon footprint of its production facilities. We hope that this pilot will set an example for how small- to medium-sized companies, often excluded from participation in renewable energy markets due to their relatively low electricity consumption, can now contribute to sustainability efforts. As ASA Automation is showing, EW Zero makes it much easier to decarbonize global, complex supply chains as required by some of the largest corporates,” said Walter Kok, CEO of Energy Web.

EW Zero enables energy buyers of any size to efficiently locate and purchase renewables around the world. The first version of EW Zero leverages energy attribute certificates (EACs). In this transaction, ASA Automation will use EW Zero to cover electricity consumption in Germany and Chile using renewable EACs. Zero will also act as a discovery tool to view available renewable supply in the markets of interest and choose the suppliers that match specific demand criteria (such as location, generation type, and installation year). In this way, ASA Automation will reduce its electricity-related emissions (Scope 2 under the GHG Protocol), which in turn decreases supply chain Scope 3 emissions for ASA’s customers. Zero will also integrate with renewable energy suppliers to showcase how local renewables platforms can leverage open-source standardized APIs to connect to EW Zero.

“We’re proud to become a member of Energy Web and an early adopter of such an innovative project that will allow us to make a first step towards renewable energy procurement,” said Mario Krämer, CEO of ASA Automation. “I am convinced that this is only the first step in the strategic cooperation with Energy Web and we are thrilled to become a frontrunner in blockchain-based innovation for the automation sector.”

The project will be completed in early 2021 and inform the continued open-source development of EW Zero. In the meantime, ASA and Energy Web are seeking renewable energy developers with a footprint in Europe and Latin America to participate in the project. Interested companies are invited to contact Meerim Ruslanova to get involved.

About ASA Automation
ASA Automation is engineering, building, and installing high-tech automation solutions custom tailored to suit our clients’ specific needs and their products, working from our German facility at Mainhausen, in the vicinity of Frankfurt/Main. For clients in South America, we have founded a subsidiary, ASA Automation SpA, located in Santiago de Chile. ASA’s expertise ranges from the implementation of complex turnkey projects, through the interlinking of machinery, systems, and isolated single-function modules, to retrofitting existing systems. ASA Automation also provides extensive after-sales service for everything we supply. Our conveyor and handling systems are primarily employed in fabrication, assembly, processing, and packaging operations.

For more information, please visit www.asa-automation.com

About Energy Web
Energy Web is a global, member-driven nonprofit accelerating the low-carbon, customer-centric energy transition by unleashing the potential of open-source, digital technologies. Our Energy Web Decentralized Operating System (EW-DOS) enables any energy asset, owned by any customer, to participate in any energy market. The Energy Web Chain — the world’s first enterprise-grade, public blockchain tailored to the energy sector — anchors the EW-DOS tech stack. The Energy Web ecosystem comprises leading utilities, grid operators, renewable energy developers, corporate energy buyers, IoT / telecom leaders, and others.

For more, please visit https://energyweb.org.

CONTACT
Peter Bronski, Energy Web
+1.201.575.5545 | peter.bronski@energyweb.org

ASA Automation, a German automation manufacturer that supplies companies including Walmart and… was originally published in Energy Web Insights on Medium, where people are continuing the conversation by highlighting and responding to this story.

Monday, 25. January 2021

omidiyar Network

Our Year in Responsible Tech

By Sarah Drinkwater, Director & Aniyia Williams, Principal, Omidyar Network Back in 2018, we started funding the rise of the responsible tech worker. This is our effort to help tech workers and founders step into their power, and build a world in which technology makes good on its promise of improving everyone’s lives for the better: fueling an ecosystem that is equitable, ethical, and i

By Sarah Drinkwater, Director & Aniyia Williams, Principal, Omidyar Network

Back in 2018, we started funding the rise of the responsible tech worker. This is our effort to help tech workers and founders step into their power, and build a world in which technology makes good on its promise of improving everyone’s lives for the better: fueling an ecosystem that is equitable, ethical, and inclusive in addition to innovative.

2020 marked a monumental shift for the movement as the techlash came of age. At Omidyar Network, we were proud to provide a roadmap for the US Department of Justice, Federal Trade Commission, and dozens of state attorney generals to file antitrust cases against the largest tech companies; there was an escalating debate (and, finally, some action) around acceptable online speech; and millions of people worldwide gained a deeper understanding of the dark patterns in the devices they use everyday watching the hit documentary, A Social Dilemma.

We’ve come a long way since US senators asked Facebook how it makes money, but there’s so much more to do.

Here are the biggest lessons we’ve learned so far, and where we hope this year will take us.

The people we’re told are “leaders” will not lead us where we need to go.

We can’t expect technology executives to self-regulate because they have no incentive to do so. In a world in which technology is inextricably bound with capitalism, CEOs are beholden to their shareholders to maximize profit.

But within those companies, there’s hope.

Tech workers, from engineers to cafeteria staff, are pushing back and speaking up; and new founders are testing out new kinds of business models and products. Together, they are holding their employers and the industry accountable to do the right thing, not just say it.

Yet too often these people face retaliation and get branded troublemakers. We see them as heroes. We believe these are the early stages of a massive tech labor movement, and the number of tech workers who understand the connection between their day-to-day job and its impact on society is growing.

To help unlock their power, we’re creating space for workers and founders to come together, funding the tools and resources they need, and developing new mechanisms for accountability.

In 2020, we launched Ethical Explorer, a tool that gives people working on tech products (including designers, engineers, or their collaborators) a practical guide to navigate and lead on complex topics such as bias in AI or outsized power.

We helped launch the Trust & Safety Professional Association (TSPA) to build the field and continue to elevate those working on the frontlines of content moderation. It is the first membership organization designed for trust and safety specialists, from contract content moderators to in-house engineering teams at big tech companies.

For tech workers yearning to upskill and meet like minds, we funded Logic School to teach them about creative protest, as well as a course at Stanford for professionals on Tech, Ethics, and Public Policy.

In addition, Ifeoma Ozoma joined our team as an advisor to help us consider how to strengthen tech workers’ ability to whistleblow when they see or experience something wrong in the workplace.

The industry is missing a common vision and narrative about responsible technology.

Last year, we discovered that “ethical tech” means different things to different people. The lack of common narrative is a core challenge for the movement because it means that people haven’t gelled around a shared identity, have a hard time finding each other, and aren’t speaking the same language.

How can you rally without something to rally around? We have to identify the harms as well as the common goals, interests, and passions to build the path forward.

As the pandemic hit, we funded Mobius to bring technology leaders together and determine collective work. To help deepen our knowledge of how race and technology intersect, we funded the Center for Critical Internet Enquiry to bring on an artist-in-residence (an incredible filmmaker, Oge Egbuonu). And Civic Signals, now renamed New_ Public, kicked off 2021 with a festival that brought together a diverse crowd of activists, technologists, artists, academics, and urban planners to consider what healthy digital public spaces should look like.

We win together, or not at all.

For too long, tech has moved too fast and, at that high speed, broken things. An African proverb says “if you want to go quickly, go alone. If you want to go far, go together.” Beyond needing less haste and more conversation, we strongly believe in solidarity and collective approaches.

If this past year has taught us anything, it’s how interwoven our lives are. Wearing a mask protects ourselves, as well as others. We exist as a society and we thrive in communities.

That’s why last year we helped launch Coworker’s Solidarity Fund, the first ever mutual aid fund designed specifically to assist employees and independent contractors who have faced retaliation for organizing in the workplace. The launch is timely given both our commitment to worker power in all forms of business under our Reimagining Capitalism banner and the continued progress of tech organizing, and we hope to see more progress in 2021 with the formation of the Alphabet Workers Union and Amazon employees voting for its first-ever union in the US.

Acting with integrity can and should become business as usual.

We think that doing the right thing for as many people as possible (whether you call it behaving with responsibility, integrity, or ethics) will be how the business world — including the technology sector — weaves together topics such as diversity, equity, belonging, and sustainability.

2020, and the years before it, taught us that tech’s unethical behavior leads to incredible harm. It also results in reputation, regulatory, and talent risk. The largest tech companies are seeing experienced employees as well as young graduates (like those in our ResponsibleCS program) turn away from the cultures they’ve built.

Articulating and living by strongly held values will be how future leaders make their companies appealing to customers, investors, and the most sought-after employees.

We’re already seeing this in the startup scene, with a new class emerging, led by organizations such as Zebras Unite,* who have created a powerful identity for founders who want to build companies grounded in values and defined in opposition to some of Silicon Valley’s most harmful norms.

That’s why our teammates on the Reimagining Capitalism team are working to shift the current corporate governance rules away from shareholder primacy towards a world that recognizes broader stakeholders, including employees and consumers. It’s why we funded Ethical Source and the Corporate Accountability Lab, elevating their existing work which challenges the notion that open source is “values neutral” by deploying tactical, practical licensing and legal frameworks to allow developers to center values in their work. We also funded Project Include to investigate how the shift to working remotely has impacted harassment and toxicity in the virtual workplace, and how tech companies can create better and fairer working conditions for all.

What Comes Next
Looking ahead, we see our work as enabling a diverse community of tech stakeholders to connect, collaborate, and co-create. To fuel the next stage of the movement, we need to focus on both the aspirational (envisioning together what we want) and the adversarial (pushing back against what we don’t). After all, communities are defined as much by what they aren’t as what they are.

In doing so, we hope examples will emerge of what we — as an industry and society — want to reward, as we so often see examples of what we want to correct. Working together, we believe a new surge of people, ideas, and examples will shift tech culture.

We’re still navigating what Omidyar Network’s role should be in the movement towards responsible tech. We aren’t here to own, we’re here to listen, empower, and contribute. We feel strongly that people who are most marginalized in our communities are critical to developing effective solutions — they have deep lived-experience and can see a clear path forward. We must find ways to hear them and respond to their needs.

If what you’ve read here resonates, tell us what you think. If you’re already engaged in some form of this work, or want to be, then we’d love to hear what you are working on or passionate about.

We hope you’ll join us on the journey.

And starting February 9th, we’ll be hosting a series of community conversations to share more of what we’ve learned. Register now for The Tech We Want: Tech Whistleblowing featuring the work of Ifeoma Ozoma.

*For transparency, Aniyia Williams is one of the four co-founders of Zebras Unite and continues to serve on their board. She joined Omidyar Network after we made a grant to the organization.

Our Year in Responsible Tech was originally published in Omidyar Network on Medium, where people are continuing the conversation by highlighting and responding to this story.


Decentralized Identity Foundation

Trinsic donates did-key.rs to I&D WG

This marks the first donation of a Rust “crate” (package) to the group Over the years, the Identifiers and Discovery WG at the DIF has received many donations that form a vital resource for developers of DID-based systems: recently, a flotilla of complementary secret recovery mechanisms, a command-line tool for handling Verifiable Credentials that was the foundation for years of JWT work in

This marks the first donation of a Rust “crate” (package) to the group

Over the years, the Identifiers and Discovery WG at the DIF has received many donations that form a vital resource for developers of DID-based systems: recently, a flotilla of complementary secret recovery mechanisms, a command-line tool for handling Verifiable Credentials that was the foundation for years of JWT work in the Ethereum community, the .well-known specification, and the /did-common-{language}/ series of basic libraries and tooling in various popular languages, to say nothing of the donations of drivers for the open-ended Universal Resolver project.

The newest donation to the I&D WG archive is an implementation of did:key built in the Rust language by long-time active DIF members, Trinsic. In addition to being great news for the I&D WG itself, it is also great news for the “target audience” of the WG: developers trying to smoothly and efficiently extend the domain of DID-based systems to new programming languages, use cases, and contexts.

Photo by Simon Harmer Don’t all DIDs contain keys?

DID:Key, originally specified in the W3C Credentials Community Group (CCG), is a DID “pseudo-method” that allows static, pre-existing, and/or pre-published public keys to function like traditional DIDs — they can be queried, stored, issued against, and resolved to return valid DID documents. These DID documents, or “pseudo-documents” if you prefer, are generated deterministically from their public keys, allowing the integration of complex key management systems involving cold storage, hardware security modules, etc.

This “masquerade” of wrapping external or pre-existing keypairs in the form of a valid DID is crucial to many kinds of interoperability, legacy integration, and testing. It can be a life-saver in both the early days and the home-stretch of moving to production in the messy real world of legacy systems and interoperability stress-testing.

Like the /did-common-{language}/ series, a plug-and-play library that handles all the transformations between different kinds of key and their “DID-ification” is a huge time-saver for people working in new contexts, or contexts where prior art has not yet been open-sourced. In addition to these advantages, the unique design of did:key has also been valuable in demonstrating the flexibility and universality of the DID concept itself — and that DIDs can seamlessly interoperate with systems that do require a blockchain or similar technologies.

Rust and DIF

Rust has earned a reputation among contemporary blockchain and web developer communities, in large part because it is so performant, controllable, and versatile across in-browser, server-side, and cloud environments. It plays nicely with widely different programming languages as well.

In particular, it has also been designed to be smoothly integrated into JavaScript systems, for decades the most common language in most kinds of web development. In fact, many of today’s JS developers consume Rust/WASM libraries without even knowing they’re doing so. The libraries from Hyperledger Aries, for instance, use Rust cryptographic libraries packaged and managed by the Hyperledger Ursa project.

One crucial distinction, however, between Rust and Javascript is that the former has a drastically different way of managing dependencies and packages. In addition to being very resource-conscious in their assembly, “crates” (as the packages are called in Rust’s native “cargo” package management system) can be imported and compiled selectively, using only what each project needs “at build”. For in-browser, edge-device, and other resource-constrained environments, this makes a world of difference compared to traditional JS frameworks like Node or Angular.

While the authoritative branch of the source code is being donated to DIF where it will stay open to new issues and pull requests from the DIF community, the “crate” is already available at crates.io, and can be used directly in your project’s Cargo.toml file:

did-key = “*”
Extending the library

Like all code donations to DIF, there are many ways in which this library can be extended. GitHub issues and pull requests are open! So far, the key formats currently supported are:

BLS12381 (G1 & G2 derivations) Ed25519 X25519 NIST P256 Secp256k1

If you find this project useful in your own development, whether for compliance-testing, for supporting new verifiable credential formats like BBS+, or for extending your interoperability and compatibility reach, please leave an issue describing future features you might find useful. Better still, if you have experience with Rust/WASM, please consider getting involved and contributing features, leaving constructive feedback, or extending the specification’s documentation and implementation guidance notes.

We also welcome you to join and participate in the I&D Working Group, regarding any questions or contributions to the Rust did:key implementation or one of the other work items!

Trinsic donates did-key.rs to I&D WG was originally published in Decentralized Identity Foundation on Medium, where people are continuing the conversation by highlighting and responding to this story.

Saturday, 23. January 2021

decentralized-id.com

Twitter Collection – 2021-01-23

Decentralized Identity - Curated 2021-01-23

Friday, 22. January 2021

omidiyar Network

Reimagining Capitalism Series: An Introduction to Ideas, Rules, and Power and How They Shape Our…

Reimagining Capitalism Series: An Introduction to Ideas, Rules, and Power and How They Shape Our Democracy and Economy By Audrey Stienon, Analyst, Reimagining Capitalism Photo by Eric BARADAT / AFP Over the coming weeks, Omidyar Network will expand on our theory of change around ideas, rules, and power and connect it to the five pillars outlined in our recently released Point of View on
Reimagining Capitalism Series: An Introduction to Ideas, Rules, and Power and How They Shape Our Democracy and Economy

By Audrey Stienon, Analyst, Reimagining Capitalism

Photo by Eric BARADAT / AFP

Over the coming weeks, Omidyar Network will expand on our theory of change around ideas, rules, and power and connect it to the five pillars outlined in our recently released Point of View on Reimagining Capitalism, and the work being done by our grantees. This is the first contribution to that series.

Democracy & Capitalism
This week, Joseph R. Biden was inaugurated as America’s 46th president, standing on the West Front of the US Capitol that was attacked earlier this month. With that picture still vivid in the minds of many, President Biden swore an oath to preserve, protect, and defend the Constitution of the United States. In that moment, people across the country let out a sigh of relief; though our democracy has been bruised and battered, it continues. And so too can the American people continue to pursue a more perfect union.

At Omidyar Network, we recognize that the strength of our democracy is deeply entwined with the strength of our economy. We believe that we all have a collective responsibility to defend our democracy, and we are recommitting ourselves to ensuring that our economy supports our democratic society in providing opportunity, dignity, and security to all.

Democracy and capitalism have long stood as twin pillars under-girding American society. Their modern incarnations were both born in 1776 out of the same intellectual movement, and advance the same vision: for decision-making power to rest with the people. Just as we are united, as Americans by a common faith in the democratic values of equality, justice, and liberty, we value the capitalist promise that those who innovate, compete, and take risks will be fairly rewarded. Ultimately, capitalism is what has made possible American democracy, with its promise of shared prosperity and opportunity.

A key debate across American history has been of how to balance the competing rights and freedoms guaranteed in each system. Adjusting this balance has allowed our government and economy to adapt to the changes in our values across centuries. However, it is clear to so many of us that the balance between democracy and capitalism is now in a dangerously precarious position.

For years, we have prioritized the protection of capitalist rights to seek growth and profit at the expense of democratic commitment to general welfare, as enshrined in our Constitution alongside liberty and prosperity. We now find ourselves with an economy that is obviously structured in ways that exacerbate inequalities at every level. Despite a soaring stock market and rising GDP, the fundamentals of our economy are as broken as the windows smashed by the angry mob that stormed the Capitol on January 6th. Already profound gaps in income, wealth, and opportunity are widening, especially between white and Black families.

Most of us are deeply dissatisfied with the status quo, yet feel that we lack the power to change our circumstances. This powerlessness is fundamentally undemocratic and, by extension, un-American. We must change it.

Omidyar Network has called for a reimagining of capitalism so that we can once again strike a balance between our democratic and capitalist systems that creates an economy grounded in democratic values. Our goal is to achieve systemic change so that our society is centered on the well-being of individuals and communities, and allows for full economic, democratic, and social participation for all. Our strategy is to transform how economic systems support our society by investing in organizations and individuals working to reshape economic ideas, rules, and power.

Replacing Old Ideas
Throughout America’s history, we have lived in accordance with a variety of ideas that reflected society’s values at the time — many of which were rightfully discarded as our values evolved. Over the last 50 years, a set of ideas based on individual liberty, the primacy of markets, and a limited role for government have guided our economic policies, and our views of what is possible. Those ideas were built on an even longer history of economic thinking that has perpetually excluded and devalued people because of their race, class, gender, or disability. They are not only outdated, but demonstrably false.

We have entered a period of great uncertainty and change, in which ideas and the values that inform them are shifting toward a re-balancing of markets, government, and communities. Our New Economic Paradigm work is experimenting with new ways of thinking and talking about the economy, while seeking to align stakeholders around a coherent new vision for equitable, inclusive, and sustainable capitalism.

Rewriting the Rules
At its core, our capitalist economy and the ideas that shape it are a reflection of our common values. These ideas are translated into rules which give the economy structure and which govern who can participate in markets, and how. These rules include laws and regulations, as well as norms that govern everything from contracts and property rights, to competition, to employer-employee relationships. Ultimately, the rules that govern and shape markets matter, and they desperately need a rewrite.

Our democracy, policies, politics, and markets must be protected and shielded from manipulation and capture by those with the most money,. These rules must be rewritten to direct capitalism toward greater societal outcomes, not the interests of economic or political elites. To that end, we are also exploring ways to rewrite the rules that shape economic structures so that they can support the well-being of everyone in our society. As part of that work, we are looking at opportunities to strengthen market infrastructure, financial systems, and corporate governance norms so that companies and investors can account for their impact on people, communities, and the planet.

Reshaping Power
Ideas and rules are important, but they become concrete with power. Those who wield power are most likely to see their ideas reflected in the world, to design the economic and social norms governing markets and society, and determine which rules are enforced. This is why democracy, and its ideal of equal power, is so crucial to a capitalist society. Capitalism can certainly exist without democracy, but cannot, alone, guarantee that everyone will have access to opportunities to build a dignified life. We see this around the world, and increasingly in the United States: capitalist, oligopolistic markets are manipulated by the powerful to enrich themselves while exploiting the powerless. Democracy is the critical factor that allows all people equal rights and power to have a say in how capitalism impacts their lives and, more importantly, is the only system ensuring that any person can advocate for change when the capitalist economy is not delivering the basic well-being that is their right.

Any true reimagining of capitalism must include checks to balance the power between markets, government, and civil society. So, Omidyar Network is working to reshape how power is distributed across society and the economy. One of our key priorities is to increase worker power and strengthen grassroots movements, since we believe that the economy will only increase the well-being of everyone — businesses, working people, and communities — when working people have individual and collective agency and voice. On the flip side, we are working to ensure that those who have benefited from existing economic structures do not use their economic power to distort either markets or democratic processes. To this end, we are working to curb concentrated corporate power and monopolies, especially in the tech sector, and are exploring strategies to counter corporate influence in our government.

Reimagining Capitalism

The interplay of ideas, rules, and power are ultimately what determine which iterations of capitalism and democracy are possible. Ideas (which reflect our values) guide how we build our society. Rules determine distribution of wealth and power. Power then determines which ideas and rules shape society, and how. It is impossible to create a better form of capitalism or democracy without tackling each at the same time. In doing so, we aim to create a reimagined capitalism that empowers all people to realize their fullest potential as our economy flourishes.

Last year, we outlined five core pillars that we believe could best support a modern and equitably economy, one committed to values that reflect the inalienable rights of all; built to be not only inclusive, but explicitly anti-racist; capable of exercising true counterweights to economic power; dedicated to fostering a rebalanced relationship between markets, government, and communities; and responsive to the unique challenges we face in the 21st century.

We know that we cannot build this alone. It will require deep partnership with a cadre of advocacy organizations and grassroots leaders, intellectuals and academics, business leaders and shareholders, philanthropies, policymakers and concerned citizens alike. We are humbled by the work that has already been done, encouraged by the growing chorus of voices calling for change, and proud to be a part of this effort.

Throughout our history, American capitalism and democracy held promise for upward mobility and shared prosperity. Despite the many challenges that lie ahead, we believe we can expand that promise by seizing this moment to reimagine what we can be.

Reimagining Capitalism Series: An Introduction to Ideas, Rules, and Power and How They Shape Our… was originally published in Omidyar Network on Medium, where people are continuing the conversation by highlighting and responding to this story.


Own Your Data Weekly Digest

MyData Weekly Digest for January 22nd, 2021

Read in this week's digest about: 8 posts, 1 Tool
Read in this week's digest about: 8 posts, 1 Tool

Thursday, 21. January 2021

omidiyar Network

Omidyar Network Applauds Tech Employees Who Are Demanding a Voice Through Unionization

By Sarah Drinkwater, Director, Responsible Technology and Tracy Williams, Director, Reimagining Capitalism Photo by Jeenah Moon, Reuters In less than three weeks, nearly 6,000 workers at a fulfillment center in Bessemer, Alabama will begin voting on whether or not to join the Retail, Wholesale and Department Store Union. If they vote yes, they will make history as the first American union in

By Sarah Drinkwater, Director, Responsible Technology and Tracy Williams, Director, Reimagining Capitalism

Photo by Jeenah Moon, Reuters

In less than three weeks, nearly 6,000 workers at a fulfillment center in Bessemer, Alabama will begin voting on whether or not to join the Retail, Wholesale and Department Store Union. If they vote yes, they will make history as the first American union in Amazon’s history.

The tech giant, which employs more than 1.1 million people around the world, has so far thwarted all attempts to unionize workers in the United States. The results? “The working conditions are horrible is all I’m willing to say,” said one Bessemer employee. “I support a union coming aboard, we need them badly.”

The efforts to organize the Bessemer warehouse are the latest in a spate of activism by Amazon employees. In 2019, more than 1,500 Amazon workers staged a walkout to push the company to lower its carbon footprint. That was followed by a virtual walkout this past June, in protest of the firing of several tech workers and warehouse associates who were organizing around social justice and climate change.

And Amazon workers are not alone. Last summer, software engineer Raksha Muthukumar also found herself in the midst of a battle with a giant tech company. Her offense? She sent her colleagues a GoFundMe list of criminal justice reform groups in the aftermath of George Floyd’s murder. “The fear of retaliation has always been great, and we’ve seen retaliation, so this is our chance to protect ourselves,” said Muthukumar.

On January 4, Muthukumar joined several hundred Google employees in the formation of the Alphabet Workers Union (AWU) with support from the Communications Workers of America (CWA). Since the announcement, more than 500 additional people have joined the union, and will now be able to protect themselves with a union card.

Google’s employees aren’t demanding higher pay. They are fighting to overturn the fundamental concept of shareholder primacy — that Google’s primary goal should be to make as much money as possible. “We will use our reclaimed power to control what we work on and how it is used,” AWU wrote in its mission statement. “We will ensure Alphabet acts ethically and in the best interests of society and the environment.”

This latest development comes after years of frustrated attempts by workers to unite and confront Google management on critical issues, including sexual harassment in the workplace, ethics and the responsible deployment of technology, and partnerships with controversial customers like the US Department of Defense.

Successful organizing drives don’t just happen. The formation of the Alphabet Workers Union is the culmination of many earlier efforts by Alphabet employees. In December, Dr. Timnit Gebru, a scholar in the race and Artificial Intelligence (AI) field and co-leader of Google’s Ethics in AI team, was ousted ostensibly due to a disagreement over her team’s research after previously speaking out on behalf of minoritized employees. Dr. Gebru’s termination was a defining moment that galvanized many Google employees on their path to forming the union.

This is all part of a growing movement to organize in the tech industry. Employees at tech firms Kickstarter and Glitch were able to unionize last year, and hundreds of other workers at large tech companies ranging from Microsoft and Facebook, to Salesforce and GitHub, have increased their activism.

Omidyar Network stands in solidarity with these workers who are organizing for their rights — and what’s right.

We believe that increased worker power provides an essential counterweight to the rising dominance of corporations. Over the past several decades, we have seen the economic power of major companies spill over into the political arena, leading to a lopsided power imbalance that has damaged not only the fundamentals of capitalism, but of our democracy as well.

The solution? Empower workers — from warehouse associates to software engineers — with greater power, agency, and voice at work, both individually and collectively. That goal lies squarely at the intersection of two of Omidyar Network’s key priorities: expanding Worker Power and supporting Responsible Tech Workers. In doing so, we can create a much healthier economy, one that is better for employees, businesses, consumers, and society.

Through our Responsible Tech work, we’re helping to provide tech workers with the tools, resources, and space to ask thoughtful questions about responsible tech so they can focus on building solutions that avoid the potential downsides of technology. To that end, we have invested in organizations ranging from Coworker, a mechanism to helps tech workers organize, both within their companies and more broadly to the Trust and Safety Professional Association, to New Public.

As part of our efforts to Reimagine Capitalism and increase Worker Power, we’re fighting for labor reform policies that increase the power of all workers, and supporting new organizing models that expand worker power to a broader set of working people, whether in the gig economy, in homes, in fields, or in a conventional workplace. Some of our grantees in this area include the Clean Slate for Worker Power project at Harvard Law School, United for Respect’s WorkIt app, which uses artificial intelligence to answer workers’ questions about their rights and helps workers organize, and a new coalition focused on advancing worker power in California through policy and advocacy, narrative change, and strengthening organizing, led by the Koreatown Immigrant Workers Alliance (KIWA). We also work with the Partnership for Working Families, and the Warehouse Workers Resource Center.

The actions taken by working people to organize at some of America’s most influential tech companies represent a significant step forward in restructuring the social contract between tech giants, the people who work for them, and the society they serve. We’re cheering them on.

Omidyar Network Applauds Tech Employees Who Are Demanding a Voice Through Unionization was originally published in Omidyar Network on Medium, where people are continuing the conversation by highlighting and responding to this story.

Wednesday, 20. January 2021

Kantara Initiative

Exostar earns healthcare digital identity trust framework certification by Kantara

Certificate awarded for NIST 800-63 ID and data privacy and EPCS compliance https://www.biometricupdate.com/202101/exostar-earns-healthcare-digital-identity-trust-framework-certification-by-kantara The post Exostar earns healthcare digital identity trust framework certification by Kantara appeared first on Kantara Initiative.

Berkman Klein Center

An Introduction to Extitutional Theory

By Jessy Kate Schingler and Primavera de Filippi Extitutional theory is an emerging field of scholarship that provides a set of conceptual tools to describe and analyse the underlying social dynamics of a variety of social arrangements, such as communities, companies, organisations, or any other types of institutions. Extitutional theory posits that the institutional framework is just one s

By Jessy Kate Schingler and Primavera de Filippi

Extitutional theory is an emerging field of scholarship that provides a set of conceptual tools to describe and analyse the underlying social dynamics of a variety of social arrangements, such as communities, companies, organisations, or any other types of institutions.

Extitutional theory posits that the institutional framework is just one specific lens through which we can make sense of social behaviour. Social dynamics that are not part of an institution are not unstructured, just differently structured. Specifically, institutions focus on the static and inert elements of social structures — the aspects that persist over time — whereas extitutions focus on the dynamic and mutating elements of social structures — the aspects that continuously evolve over time. Both serve as filters to observe different aspects of the underlying social arrangements. This means that if we look at structured social dynamics only and exclusively through an institutional lens, we are only seeing one part of the larger picture. Extitutional theory provides an alternative lens — and the choice to use it is a normative decision to look at another part of the picture.

Unknown author; Public Domain.

It is important to note that the extitutional lens is not claiming that there are social dynamics “outside” of an institution, in the Here be Dragons sense of extrapolated but as-yet-unexplored territory; it simply observes the same social dynamics of an institution from another conceptual angle. By relying on the idea that institutions and extitutions are two different interpretations of the same set of social dynamics, we can formalize the characterization of each lens, and begin to examine the underlying structuring logics that distinguish them. Since they represent two different points of view into the same social arrangement, we can also explore the structural relationships that link these two lenses. Extitutional theory attempts to formalize these different ordering logics and the interplay between them.

For instance, a company is generally composed of a structured set of roles: a board of directors, a series of shareholders, a CEO, a treasurer, etc. — each with their corresponding rights and duties. Instead of these formal roles, the extitutional lens focuses on the social dynamics that animate this structure, which necessarily evolve over time as individuals join or leave the social structure, and as their reciprocal relationships change. The hiring of a new CEO doesn’t mutate the structure from an institutional perspective, yet it could have a significant impact on the social dynamics of the company as whole, because of the different capacities and relationships that the CEO will establish with the other company members. These extitutional dynamics are crucial to the life of institutions, and may impact operational behaviour through culture and more informal principles and values.

Given that both lenses are looking at the exact same social arrangement — although focusing on different aspects of it — a proper understanding of the underlying social dynamics requires a holistic view, combining both the institutional and extitutional perspective. Indeed, one does not exist without the other: while the operations of a company or organisation are ultimately constrained by the specific rules and roles that constitute the institution, they are fundamentally fueled by the individuals assuming these roles and the corresponding relationships that make up the extitution. Accordingly, the interplay between institutions and extitutions is all the more crucial to explore in the context of complex social arrangements because the two are constantly shaping and influencing each other.

Extitutional theory is interested not only in the ways that individuals interact and engage with one another through relationships and rhythms, but also in how different practices of institutionalization can create conditions that stabilize and amplify, or erode and suppress, certain extitutional dynamics — and vice versa. Central to the process of institutionalisation is the concept of enclosure: the mechanism through which an institution implements increased control (or coding) relative to a particular domain. Conversely, extitutional theory contrasts enclosure with the concept of exclosure, which recognizes that certain types of enclosures appear to play a different role — that of protecting the activity within it from control and coding. Providing tools to better understand the interplay between these two mechanisms is one of the key contributions of Extitutional theory.

Extitutional theory does not assign any moral value to institutions or extitutions: neither are good or bad; yet, because of the performativity of these lenses, choosing to look at a particular social arrangement as an institution or an extitution will impact the way we interact with it, as well as the manner in which it will evolve over time. Networked technologies in particular have created dramatic new exclosures giving rise to extitutional dynamics which can’t be understood through the institutional lens alone. Hence, extitutional theory is important not because it is better than institutional theory, but because extitutions are an under-studied phenomena. Understanding extitutional dynamics, and their interplay with the more familiar tools and logics of institutions, can help us respond to the specific, unprecedented demands of human coordination in our era.

An Introduction to Extitutional Theory was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.


Hyperledger Ursa

Kiva Protocol, Built on Hyperledger Indy, Ursa and Aries, Powers Africa’s First Decentralized National ID system

For the 1.7 billion unbanked adults around the world, access to financial services is extremely limited. Without even a basic savings account, economic opportunity is often limited to informal offerings... The post Kiva Protocol, Built on Hyperledger Indy, Ursa and Aries, Powers Africa’s First Decentralized National ID system appeared first on Hyperledger.

For the 1.7 billion unbanked adults around the world, access to financial services is extremely limited. Without even a basic savings account, economic opportunity is often limited to informal offerings such as local shopkeepers who extend credit to their customers, microfinance institutions that work to serve the last mile, and community savings and credit associations that are setup by individuals living in the same village.

In the unbanked world, individuals borrow a few hundred to a few thousand dollars at a time, paying back over a relatively short time frame of 12-18 months. But despite excellent credit records, they are unable to receive even similar credit facilities at local banks. This is because the data from their informal transactions is essentially invisible: the banks either do not trust the data sources, or are otherwise unable to verify the provenance of the data.

While this is the state of the world today, it does not have to be our future. Kiva, a US-based nonprofit organization focused on financial inclusion, has built Kiva Protocol to bridge the data disconnect and help enable universal financial access. In 2019, Sierra Leone, a West African nation of about 7 million, launched the National Digital Identity Platform (NDIP) that used Kiva Protocol to enable fast, cheap, and secure identity verification for its citizens.

Kiva Protocol is built using Hyperledger Indy, Aries, and Ursa, and as implemented in Sierra Leone, allows citizens to perform electronic Know Your Customer (eKYC) verifications in about 11 seconds, using just their national ID number and a fingerprint. With this verification, it is possible for the nation’s unbanked to open a savings account and move into the formally banked population.

To find the right platform, Kiva assessed more than 20 software stacks, both centralized and decentralized. Blockchain and decentralized ledger technologies quickly emerged as good solutions for the developing world as they enable data provenance at the protocol level and stakeholders can act relatively independently to enable their various activities in the formal and informal sectors.

After deep consideration, Kiva decided to use Hyperledger’s stack for identity: Indy, Aries, Ursa. While all three projects are closely related, each has a distinct mandate:

Hyperledger Indy is a distributed ledger purpose-built for decentralized ID with transferable, private, and secure credentials; Hyperledger Aries is infrastructure that supports interactions between peers and between blockchains and other DLTs; and Hyperledger Ursa is a modular, flexible library that enables developers to share time-tested and secure cryptography.

In August 2019, Kiva launched the beta of Kiva Protocol with a public event opened by the president of Sierra Leone. Since that launch, global regulators have made significant progress in terms of how they are considering digital identity and eKYC verifications. There is a growing global movement towards user-owned and -controlled data, better privacy, and more universal access. 

As of today, Kiva is focusing on building additional ecosystem applications and services to make it easier for all stakeholders to access and use Kiva Protocol. Much of this is being contributed upstream into the Hyperledger Indy and Aires projects, with the remaining components hosted in Kiva’s repository.

Hyperledger teamed up with Kiva on a detailed case study covering the challenges of the unbanked, requirements for a solution that delivers fast, cheap and secure ID exchange, and plans for expanding Kiva Protocols’ use to other countries and other applications. 

Read the full case study here.

The post Kiva Protocol, Built on Hyperledger Indy, Ursa and Aries, Powers Africa’s First Decentralized National ID system appeared first on Hyperledger.


Lissi

The Lissi wallet supports the Indicio Network

Digital identity is now a fundamental requirement to function in a world that has shifted to remote-first. To empower individuals and to protect their self-sufficiency, the concept of self-sovereign identity (SSI) was developed. It grants the individual agency over their interactions and data by putting the data-subject back into the driver-seat. Self-sovereign identity and its use-cases There a

Digital identity is now a fundamental requirement to function in a world that has shifted to remote-first. To empower individuals and to protect their self-sufficiency, the concept of self-sovereign identity (SSI) was developed. It grants the individual agency over their interactions and data by putting the data-subject back into the driver-seat.

Self-sovereign identity and its use-cases

There are plenty of potential use-cases. Our identity isn’t something we can easily explain or which can easily be summarized by single data sets. It highly depends on the context in which it operates and is different depending on the person with whom we interact. One category of use-cases is the proof of certification or qualification of an individual. This proof is required for applications for jobs, grants or the participation in special events. Depending on the requirements, an individual can collect all necessary certificates and present them directly to the relying party. Another big category of use-cases is to enable access to information, buildings or resources. When e.g. information is labeled as “internal only”, the authorized people should be able to access it. Organizations can issue credentials to the right target audience and only approve access for those individuals, which have a valid credential.

Wallets and Networks

Two elemental components of an SSI-ecosystem are the wallets for end-users and the networks for organisations on which issued credentials are anchored to. In this article, we will explain how these relate to each other, what their specific goals are and how they interact with each other by providing the example of the Lissi wallet and the Indicio Network.

About the Lissi Wallet

In order to store and possess the credential, an individual requires an application with a graphical user interface to receive, store and present these credentials to third parties. A wallet is a key management application, which hides all the complicated technical aspects from the user and provides the required guidance to securely interact with trusted contacts. The Lissi wallet offers an intuitive interface and provides the necessary information and flexibility to navigate through an increasingly complex digital environment. Furthermore, it automatically recognizes the network, which an organisation used to verify the authenticity of the credential. Hence, while organizations can choose a suitable network, the user is informed about the network, but doesn’t need to do anything to receive the credential or interact with the organisation. Lissi is your smart agent, which takes unnecessary workload from you, provides you with the information to make informed decisions while always offering a choice.

While the Lissi team is also involved in the formation of the IDunion network with its main focus in Europe, we recognize that organisations around the world have different needs. The networks, which are necessary to verify the authenticity of issued credentials, need to be adjusted to different regulatory requirements and the specific demands of their target audience. The network is a distributed and publicly readable database, which contains the public identifier of a legal entity. Therefore, we are committed to not only provide individuals with the choice of their favourite wallet, but also organisations with the choice of their network. We are delighted to announce that the latest version of the Lissi wallet also supports the Indicio Network.

About the Indico Network

Indicio.tech created the Indicio Network to meet the needs of companies and organizations that want a reliable and robust network to build, test, demo, and launch their identity solutions — all the while supported by a team of engineers with extensive experience in decentralized identity, its architecture, and its use cases.

Indicio believes that this “concierge” approach to running a network will accelerate the development, adoption, and use of verifiable digital credentials. This means:

Professional staffing: Indicio’s engineers are among the most experienced in the decentralized identity field and are ready to answer questions, support network operations, and help to get products ready for launch. Stability for demonstrations: Indicio supports developers at every step of the way from building to testing and public demonstrations. Cross-network test readiness: Indicio sees the future as one of interoperable credentials and networks. Its network is the perfect platform for testing interoperability by issuing and verifying on multiple networks. Easy Node Operator onboarding: For those interested in joining a network as a node operator, Indicio has simplified the process, offers training for all levels, and a suite of network tools and resources.

With the Covid pandemic driving urgent need for decentralized identity solutions, Indicio is committed to delivering superlative infrastructure and technical support, and to making decentralized identity as easy to use as possible, whether as a node operator, a developer, an issuer or a verifier.

About Indicio

Indicio.tech is a professional services firm specializing in decentralized identity architecture, engineering, and consultancy. Indicio provides expert guidance to a global community of clients on the use of verifiable credentials to build digital identity solutions. The decentralized networks and tools created by Indicio make verifiable credentials easy to adopt, simple to deploy, and reliable to use. As a Public Benefit Corporation, Indicio is committed to advancing decentralized identity as a public good that enables people to control their identities online and share their data by consent. Indicio believes in privacy and security by design, interoperability, and supports the open source goals of the decentralized identity community.

This article was co-written by the Lissi and Indicio team.
Cheers


Ceramic Network

dProfiles Call 4

Watch the dProfiles community collaboration call from January 13, 2021.

Topics included:

Update on Metagame and the profile goals of the community Update on IDX and how it can be used Discussion of BrightID verifications in IDX

Tuesday, 19. January 2021

Digital ID for Canadians

The PCTF is a tool for implementing Canada’s Digital Charter

It’s well-established that digital technology is the defining force of our modern lives. Work, play, social, commercial and political interactions are all taking place online.…

It’s well-established that digital technology is the defining force of our modern lives. Work, play, social, commercial and political interactions are all taking place online. In the era of social distancing, the already crucial migration to digital platforms has accelerated, leaving many Canadian citizens, organizations and governments eager to get online with confidence.

That confidence must extend beyond the internet connection – it is fundamental for developing trust amongst Canadians that the systems, organizations, and information they are interacting with and sharing are reliable and secure. Trust encompasses personal data protection and empowerment, so that Canadians have the ability to share their information, in exchange for products or services, and decide when and what information they want to share.

Protecting their data is crucial. As is the need to remain open, innovative, and leading in an increasingly competitive global digital market. Canadians know that data is important – both to use and to protect.

Canada’s Digital Future: Built on Values and The Digital Charter

Leveraging input from Canadians who are eager to develop skills and talent for the future of work, drive innovation for more competitive advantage, and ensure that privacy and trust remain a priority, the Federal Government of Canada has launched the Digital Charter.

The Digital Charter details a plan to reach all of those goals with ten principles in place to guide decisions and set priorities:

Universal Access Safety and Security Control and Consent Transparency, Portability, and Interoperability Open and Modern Digital Government A Level Playing Field Data and Digital for Good Strong Democracy Free from Hate and Violent Extremism Strong Enforcement and Real Accountability

Ultimately, the Digital Charter sets out a mission to make Canada home to a privacy-respecting, “innovative, people-centred, and inclusive digital economy built on trust.” The vision aligns closely with the DIACC’s public and private sector focused Pan-Canadian Trust FrameworkTM (PCTF)

The PCTF development and definition of core sections have been carefully steered by Canadians who are leaders in diverse industries and the public sector. From the outset, it has been designed through multi-jurisdictional collaboration. DIACC acts as a convening body to synthesize the expertise, needs, and requirements of public and private sectors and represent the interests of all Canadians. The Trust Framework offers insight into how Canadians’ values can be reflected across industries, locations, and use cases in practical ways. The first version, that is currently being tested in-market, reflects back these ten principles in concrete, actionable and thorough standards.

Enabling Everyone through Digital ID and the Pan-Canadian Trust FrameworkTM

The Digital Charter is used to implement a digital ecosystem as a whole that respects Canadians’ need for safety, security, and opportunity. To make that vision a reality, digital identity needs to be built in from the outset, and factored in by design. 

The PCTF has been developed by Canada’s public and private sectors as a comprehensive tool to establish interoperability of personal and business data as well as the security practices that governments and businesses will require to ensure that the benefits of people are kept at the centre of design and decisions. The Trust Framework provides a clear method for rallying Canada’s diverse industries, provincial and territorial systems, and users around agreed-upon standards for the best possible security, user experience, and outcomes. 

The PCTF offers a pathway for governments, businesses, and individuals to plug into the benefits of the digital economy and interact seamlessly across Canadian entities without ever reconsidering or faltering that high degree of trust. 

The PCTF directly addresses many of the principles outlined in the Digital Charter, accelerating progress on the top six in particular. Expertise in security, consent, user experience, and interoperability have been guiding forces from the beginning of the PCTF development. These values are echoed in the Charter and ensure all Canadians and Canadian organizations of all sizes are able to take advantage of the convenience and potential scale afforded by digital technologies. 

At its core, the PCTF is intended to increase data access and extend opportunities to all Canadians, whether they’re setting up their first business and offering online services or reviewing their health records from home. Ensuring they’re able to complete these and all tasks online with speed, ease, and peace of mind that their information is secure is the goal.

Ensuring that delivery of benefits to all Canadians is at the core of the digital economy, the PCTF maintains that businesses and governments must provide reliable, accountable, and interoperable services. Giving Canadians the freedom of choice and simplified user experience they have come to expect. 

PCTF has data privacy and citizen/resident data empowerment built into every aspect of the standards, offering universal standards and a simple implementation approach for organizations to follow. The Digital Charter is about reprioritizing personal data protection. Paired with the PCTF, it will ensure individuals interacting online will be respected and protected as individuals at the core of the digital economy, with business and governments acting as standards implementers, law enforcers, and service providers in service of Canadians.

Learn more about the DIACC’s critical work in progressing the PCTF. Please contact us if you are interested in getting involved at info@diacc.ca.


Spotlight on ECAD Labs Inc.

1.What is the mission and vision of ECAD Labs Inc.? At ECAD Labs Inc., our mission is to increase the GDP of the blockchain economy…

1.What is the mission and vision of ECAD Labs Inc.?

At ECAD Labs Inc., our mission is to increase the GDP of the blockchain economy by creating safe and easy-to-use software development tools for blockchain applications. As an open-source first company, we are most successful when we empower all developers to build innovative, world-changing applications

2. Why is trustworthy digital identity critical for existing and emerging markets?

Decentralized ID and authentication tools built on public blockchain protocols will provide an accessible, trusted, and secure platform for individuals to manage their personal information and interact online with businesses and governments. These tools can have a profound impact on Canada and emerging markets by improving access to regulated online services while reducing reliance on intermediaries that may suffer from limited oversight or trust.

3. How will digital identity transform the Canadian and global economy? How does ECAD Labs Inc. address challenges associated with this transformation?

Decentralized digital identity and authentication will transform the Canadian and global economy by shifting control of personal information back to consumers and reducing compliance costs for regulated entities providing online products and services.

This technology will become a critical compliance tool for businesses and institutions as virtual currencies, digital securities and other blockchain-based products and services are integrated into regulated markets.

At ECAD Labs Inc., we are building open-source developer tools to simplify the adoption of decentralized digital identities in blockchain applications.

4. What role does Canada have to play as a leader in this space?

As an advanced, educated, and urbanized economy with high online connectivity rates, Canada is well-positioned to become a leader in the development and adoption of digital identity and verification technologies.

DIACC plays a vital role in this process, and ECAD Labs Inc. is excited to join the conversation.

5. Why did ECAD Labs Inc. join the DIACC?

At ECAD Labs Inc., we believe that decentralized digital identification and verification tools  will facilitate the mass adoption of virtual currencies and other blockchain technologies. Our goal is to provide our clients with open-source software development tools that support vendor neutral access to decentralized ID and authentication services interoperable across technologies and jurisdictions.

Joining DIACC will help us understand, support and develop decentralized ID and verification standards, meet community members and advocate for a regulatory environment that promotes Canadian innovation.

6. What else should we know about ECAD Labs Inc.?

ECAD Labs Inc. is a Vancouver based software development company that builds and maintains open-source software development tools and libraries for the Tezos blockchain protocol, including the TezosTaquito.io TypeScript library, Signatory.io remote signer, and TezGraph.com indexer API. We are currently working with industry partners to support decentralized identities in various blockchain applications.


SelfKey Foundation

SelfKey – CoinTiger AMA Recap

CoinTiger had listed KEY token recently and hosted an AMA session with Edmund Lowell. Here is a recap of the AMA. The post SelfKey – CoinTiger AMA Recap appeared first on SelfKey.

CoinTiger had listed KEY token recently and hosted an AMA session with Edmund Lowell. Here is a recap of the AMA.

The post SelfKey – CoinTiger AMA Recap appeared first on SelfKey.

Sunday, 17. January 2021

Human Colossus Foundation

Thinking of DID? KERI On

In this blog post, we address DIDs security from the viewpoint of KERI (Key Event Receipt Infrastructure), a novel, simple, and improved DKMS (Decentralized Key Management System) solution for digital identifiers. KERI provides a unifying solution to DID document authentication and resolution that will prove invaluable to use cases where security and interoperability are essential (e.g., for g
Key Event Receipt Infrastructure to expand the reach of DIDs 


Introduction

Work under the World Wide Web Consortium (W3C) hood continues on Decentralized Identifiers (DIDs). This new type of digital identifier enables the verification that a DID comes from an authenticable source under the control of a governing entity. A DID is always coupled to a unique DID document that describes how to (i.) interact with a governing entity in a trustable way and (ii.) authenticate a DID controller.

This association is defined by a DID method, which can be captured directly through a dedicated namespace in the syntax of the DID. Each method defines the basic chaining and processing requirements - CRUD (create, read, update, deactivate) - for the immutable coupling of the DID and its associated DID document. A DID method specification defines both the DID method and the process of DID resolution, describing how a DID document is to be written and subsequently edited. DIDs come with a unique set of characteristics to provide a prominent solution for digital identifiers in decentralised networks, but there are cons.

The W3C DID Working Group has already registered 84 different method types, which raises questions about interoperability, scalability, and security of the current DID methodology, such as (i.) How secure are DIDs and specific DID methods?, and (ii.) Can all DID methods be trusted?

In this blog post, these questions are addressed from the viewpoint of KERI (Key Event Receipt Infrastructure), a novel, simple, and improved DKMS (Decentralized Key Management System) solution for digital identifiers. KERI provides a uniform solution to DID document authentication and resolution that will prove invaluable to use cases where security and interoperability are essential (e.g., for global supply chains and humanitarian applications).

Interoperability DID resolution process, a security weakness

Each DID method aims to solve the same problem in a nuanced way by responding to a specific problem or use case uniquely by design. However, from the perspective of the user, this compromises the integrity of the network with a variance of digital assurance for each method implementation.

From the inclusion of standard Central Authorities (CAs) to the implementation of Distributed Ledger Technologies (DLTs), each solution comes with its own set of pros and cons when it comes to tackling digital security. Some rely on the human trust factor, while others rely on cryptographic assurance and, through these nuances, the DID resolution process, inadvertently, becomes a “magic box” with each specific implementation relying on different security measures. 

If interoperability is a core requirement for a specific use case, assessing and maintaining an optimal level of security and assurance may become difficult. To achieve strong security between the DID and its associated DID document, regardless of who controls and stores the DID Document, interacting actors must assume that the result can always be cryptographically assured and, therefore, trusted. If a specific method is ever compromised, the negative connotations could be detrimental to the SSI community as a whole. 

With the ever-increasing number of DID methods, Trusted Digital Assistant (TDA) and digital wallet implementations would have to support all methods for full interoperability to be maintained.

Security DID resolution process, the rise of the “Magic Box”

Digital security is only as strong as its weakest link. The process of obtaining a DID document for a given DID is called DID resolution and, when it comes to the DID, it is the weakest link. To create a DID, a user must first generate a public / private key pair. The DID can then be coupled to a DID document and usually within an infrastructure to enable that process. The cryptographic link enables a strong binding between the key and the DID. However, when it comes to the DID resolution process, most DID methods either rely on external sources of information or provide a limited scope on the capability and content of the DID document. There is no standard way of creating a strong binding between a DID and DID document, which compromises the security of the identifier. An example of weak binding is demonstrated by the did:web method, which simply points to a DID document in the public domain with a DNS (Domain Name System) resolver used for the retrieval process, e.g.:

did:web:w3c-ccg.github.io:user:alice

The DID method, a dedicated namespace in the DID syntax, currently defines the DID resolution process. As mentioned in this post’s introduction, the number of registered DID methods continues to rise exponentially. 

With the rapid rise of decentralised authentication solutions appearing on the market, many different DID methods are currently active under the hood of applications and services which, for the most part, remain invisible to the end-user. Thus popularity, rather than security, has become the driving factor behind chosen DID methods. Due to this fragmentation, identifying and resolving weak security points of deployed DID methods continues to be cumbersome. Some of the method types, such as the Peer DID method, enable the derivation of a DID document directly from the DID itself. However, most rely on external processing to resolve the document, with the source providing a hidden "magic box" that masks the DID resolution process. To maintain system integrity, any DID method that requires external processing via a “magic box” requires trust from all interacting actors. Trust is a human trait. Cryptographic assurance, a machine trait, can often be overlooked in the presence of trust. 

Digital security stems from the resolution process but, with the current DID methodology, a uniform standard is not available across all implementations, which can lead to fragmentation and security risks across the network.

How to maintain interoperability & security

The weak binding issue between a DID and DID document can be resolved by a technological solution that provides an immutable link between the two objects. In doing so, a DID document can be cryptographically verified for correctness as there is an immutable coupling to a specific DID. 

Cryptographic hash 

Cryptographic assurance is provided by generating a hash of the DID document, to be used as the actual identifier. The did:key method works in this way. However, this approach is limited as there is no way of rotating the keys, revoking the identifier, or adding additional information to the DID document.

Key Event Receipt Infrastructure

KERI (Key Event Receipt Infrastructure) is a protocol that provides a simple set of rules on how to achieve strong bindings between the controller, identifier, and key pair, without sacrificing the functional capabilities of the identifier. It achieves this through solid security principles in its base architecture. KERI generates a type of “DID document” in the form of an appendable private micro-ledger that contains cryptographically-linked sets of events for transaction verification purposes. In doing so, KERI facilitates sapored data supply chains providing an append-only chained key-event log (KEL) of signed transfer statements, which account for the source of the identifier and all transactions related to it.

In current KERI implementations, the genesis state of the identifier is “active” as defined by the Human Colossus model of Identifier States, meaning that a signing key is required to authenticate the controller. As a self-certifying identifier with an event log, KERI provides a strong binding between the DID and DID document, thereby enabling all DID identifier operations (e.g., key rotation, delegation, and interaction) to be tracked and cryptographically verified by any recipient of the identifier information. For instances where a controller's keys are compromised, a pre-rotation mechanism for key recoverability is also available. These security-rich enhancements suggest that a magic box, along with any associated weak binding issues, can be benched in favour of KERI, which promises to provide a simple, yet improved, alternative DKMS-solution for digital identifiers.

In the current version of the DID specification, location is identifiable via the method space. For example, the did:sov method assigns a DID to the Sovrin MainNet ledger. Other DID methods define the resolution rules for other unique implementations. In terms of security, this level of tailor-made differentiation between use cases can become an attack vector. Having to maintain an ever-growing registry of DID methods and implementation specifics suggests a scalability issue in the current methodology. These issues are disadvantageous to the whole SSI community.

To solve these issues, KERI introduces a component called Resolver, which provides a mechanism to discover identifiers. Resolver simply maps identifiers to URLs or IP addresses where users can either obtain (or be directed to) auditable identifier event logs. The resolver relies on a distributed hash table (DHT) algorithm, known for its beneficial characteristics in autonomy, decentralization, fault tolerance, and scalability, a good example being IPFS (InterPlanetary File System) or GNUnet

Simple and concise

The beauty of  KERI is that the user can nominate locations through the event log with full autonomy to make edits or location transfers as they wish. To highlight a prevalent issue with the current DID methodology, a DID method may assign an identifier to the Sovrin MainNet but, after a few months, the controller may wish to move it to a new location such as the Ethereum network or an IPFS location. As it currently stands, there is no restriction on the number of identifiers that can be issued to identify the same object. The generation of duplicate identifiers for the same content despite the encoded part of the DID remaining unaltered is problematic. By removing the method space, the identifier can be used on any network, thus providing a truly interoperable solution for decentralised identifiers.

With KERI, a cryptographically-verifiable DID document is available to a recipient without requiring prior knowledge of the exact location of the object. In the absence of having to define a specific network or alternative storage location in the DID syntax, the namespace for any “magic box” method becomes redundant, along with any fragmentation issues that have arisen from the current DID methodology. In the future, the DID syntax as defined in the W3C Decentralized Identifiers (DIDs) v1.0 specification, could evolve from …

did:<method>:<identifier>

to

did:<identifier>

The road ahead may be long, but the effort worthwhile, as the revised syntax could bring about an adoption factor where (i.) security is a primary concern (e.g., humanitarian sector) or (ii.) stakeholders for a given business process are numerous and operate in different jurisdictions (e.g., global supply chains).

Conclusion & Further developments

The current generation of DIDs has introduced an innovative approach to digital identifiers, which has triggered the SSI movement. However, the inclusion of the method space in the DID syntax has led to fragmentation and weak security properties of the identifier type. These known method-space issues give the community impetus to redress them. In light of these innovative developments, now is the time to embrace KERI as an improved interoperable and secure solution for digital identifiers.

KERI is a truly secure network-agnostic decentralised infrastructure for digital identifiers.

Within Trust over IP Foundation, a Linux Foundation Project, trustees of the Human Colossus Foundation have convened an Inputs and Semantics Working Group (ISWG), subdivided into an Inputs Domain Group (ISWG-I) and a Semantic Domain Group (ISWG-S). The mission of the ISWG-I is to define an Internet-scale decentralized key management infrastructure (DKMI) where the primary cryptographic root-of-assurance is self-certifying identifiers underpinned by one-way functions. KERI is the core public utility technology of choice in the ISWG-I. Health Care, Notice & Consent, Privacy & Risk, and Storage & Portability task forces have also been convened under the ISWG to integrate the technology into a Dynamic Data Economy (DDE).

Check out Part 2: Inputs Domain of the webinar “Core public utility technologies for a ‘next generation’ internet” where Sam Smith, Founder of ProSapien LLC, explains how KERI is set to become a breakthrough solution for authenticable data entry and brings with it the promise of a unified DID method for all signed inputs in a digital network.

The core development work for the KERI project is taking place at DIF under the auspices of its Identifiers and Discovery Working Group, where collaborators continue to build and test the solution in a production environment. 

To learn more about the rationale behind did:<identifier>, including any use cases that may benefit from the revamped syntax, follow our upcoming blog posts, join the Human Colossus Foundation Matrix room, or email us directly at info@humancolossus.org.

Official KERI website: keri.one

Friday, 15. January 2021

OpenID

OpenID Financial-grade API (FAPI) Conformance Tests Now Available for Australian Consumer Data Rights Participants & Push Authorization Requests (PAR)

The OpenID Foundation is pleased to announce the availability of Financial-grade API (FAPI) conformance tests for banks and fintechs in Australia providing consumer data rights (CDR) compliant solutions. The Foundation recently updated the FAPI conformance suite to ensure that servers following the CDR standards comply with the underlying FAPI specifications, specifically FAPI-RW. These updates in

The OpenID Foundation is pleased to announce the availability of Financial-grade API (FAPI) conformance tests for banks and fintechs in Australia providing consumer data rights (CDR) compliant solutions.

The Foundation recently updated the FAPI conformance suite to ensure that servers following the CDR standards comply with the underlying FAPI specifications, specifically FAPI-RW. These updates include minor changes relative to the underlying FAPI-RW specification:

private_key_jwt must be used x-v header must be sent to resource server endpoint Refresh tokens must be supported Returned id_tokens must be encrypted For “acr” claims, a CDR-specific value is used: “urn:cds.au:cdr:2”

The Foundation is also announcing the availability of FAPI-RW with Pushed Authorization Requests (PAR) conformance tests. PAR is an IETF standard developed within the OAuth Working Group that is an evolution of the FAPI-RW’s request object endpoint. FAPI-RW with PAR avoids passing the authorization details via the front channel, which is better for privacy and avoids any size limits on URLs. This new certification service also optionally covers the new pushed authorization request (PAR) spec that CDR introduced in November 2020.

A number of Australian organizations have “tested the tests” against their CDR environments, finding a number of interoperability and security issues in the deployments of Data Holders – which were then addressed before they impacted a significant number of Data Recipients.

More information about running the new CDR and PAR conformance tests can be found here: https://openid.net/certification/fapi_op_testing/.

A list of FAPI certified implementations/deployments can be found here:

https://openid.net/certification/#FAPI_OPs.

Please reference the OpenID Certification page for more information about the certification program and to review the current directory of certified implementations. Any questions about OpenID Certification can be sent to certification@oidf.org.

For more information on the Financial-grade API (FAPI) Working Group, please visit: https://openid.net/wg/fapi/.

For more information about joining the OpenID Foundation please visit: https://openid.net/foundation/benefits-members/.

The post OpenID Financial-grade API (FAPI) Conformance Tests Now Available for Australian Consumer Data Rights Participants & Push Authorization Requests (PAR) first appeared on OpenID.

Elastos Foundation

Elastos Bi-Weekly Update – 15 January 2021

...

OpenID

Update on OpenID Foundation Leadership Transition

Dear OpenID Foundation Members: This is to update the OpenID Foundation community on our leadership transition and plans for 2021. We’ve enlisted the support of Women in Identity, IDPro and other groups to insure a broad international search and a diversity of backgrounds for the Foundation’s next Executive Director. Our search efforts are ongoing so […] The post Update on OpenID Foundation Leade

Dear OpenID Foundation Members:

This is to update the OpenID Foundation community on our leadership transition and plans for 2021. We’ve enlisted the support of Women in Identity, IDPro and other groups to insure a broad international search and a diversity of backgrounds for the Foundation’s next Executive Director. Our search efforts are ongoing so please feel free to send your nominations to Vice Chairman Bjorn Hjelm.

Despite the headwinds of 2020, the awareness of the OpenID Foundation’s international technical leadership has translated into adoption momentum across working groups. Many point to the Financial-Grade APIs (FAPI) Working Group diversity of requirements and ongoing technical improvement has driven FAPI’s global adoption. The extensibility of open standards and the increasing importance of international interoperability has been a particular focus area of Don Thibeau’s for the Foundation during this leadership transition.

To maintain this momentum and help guide the OpenID Foundation’s new leadership, we’ve asked Don Thibeau to continue to serve, but in a new role as a Non Executive Director on the OpenID Foundation board of directors. This provides the board and its new leadership the time, continuity and experience needed to transition and grow. And most importantly, is to continue to build on the contribution of those in OpenID Foundation working groups that are the foundation of our success.

Thank you for your continued support of and contributions to the OpenID Foundation.

 

Best regards,

Nat Sakimura
Chairman, OpenID Foundation Board of Directors

Bjorn Hjelm
Vice Chairman, OpenID Foundation Board of Directors

The post Update on OpenID Foundation Leadership Transition first appeared on OpenID.

Digital ID for Canadians

Spotlight on Ernst & Young

DIACC is very pleased to welcome EY. In this member spotlight, DIACC President Joni Brennan interviews Abhishek Sinha, Peter Law, and Atul Ojha to hear…

DIACC is very pleased to welcome EY. In this member spotlight, DIACC President Joni Brennan interviews Abhishek Sinha, Peter Law, and Atul Ojha to hear their thoughts on digital ID and the great work that EY is doing in this space.


OpenID

First Implementer’s Drafts of Three FastFed Specifications Approved

The OpenID Foundation membership has approved the following Fast Federation (FastFed) specifications as OpenID Implementer’s Drafts: FastFed Core 1.0 FastFed Basic SAML Profile 1.0 FastFed Basic SCIM Profile 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. These are the first FastFed Implementer’s Dr

The OpenID Foundation membership has approved the following Fast Federation (FastFed) specifications as OpenID Implementer’s Drafts:

FastFed Core 1.0 FastFed Basic SAML Profile 1.0 FastFed Basic SCIM Profile 1.0

An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. These are the first FastFed Implementer’s Drafts.

The Implementer’s Drafts are available at:

https://openid.net/specs/fastfed-core-1_0-ID1.html https://openid.net/specs/fastfed-saml-1_0-ID1.html https://openid.net/specs/fastfed-scim-1_0-ID1.html

The voting results were:

Approve – 39 votes Object – 13 votes Abstain – 10 votes

Total votes: 62 (out of 250 members = 24.8% > 20% quorum requirement)

— Michael B. Jones – OpenID Foundation Board Secretary

The post First Implementer’s Drafts of Three FastFed Specifications Approved first appeared on OpenID.

Own Your Data Weekly Digest

MyData Weekly Digest for January 15th, 2021

Read in this week's digest about: 9 posts, 2 questions, 2 Tools
Read in this week's digest about: 9 posts, 2 questions, 2 Tools

Thursday, 14. January 2021

OpenID

Second Implementer’s Draft of OpenID Connect User Questioning API Specification Approved

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft: OpenID Connect User Questioning API 1.0 An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the second Implementer’s Draft of this specification. This specification is a product of the […] Th

The OpenID Foundation membership has approved the following specification as an OpenID Implementer’s Draft:

OpenID Connect User Questioning API 1.0

An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This is the second Implementer’s Draft of this specification. This specification is a product of the OpenID MODRNA Working group.

The Second Implementer’s Draft is available at:

https://openid.net/specs/openid-connect-user-questioning-api-1_0-ID2.html

The voting results were:

Approve – 46 votes Object – 2 votes Abstain – 11 votes

Total votes: 59 (out of 250 members = 23.6% > 20% quorum requirement)

— Michael B. Jones – OpenID Foundation Board Secretary

The post Second Implementer’s Draft of OpenID Connect User Questioning API Specification Approved first appeared on OpenID.

Elastos Foundation

Hive 2.0 Release Announcement

...

Nyheder fra WAYF

WAYF får nye HSM-bokse

Al datatrafik fra WAYF underskrives digitalt med en privatnøgle som opbevares i et hardware security module (en 'HSM'), så nøglen ikke kan hackes. Det giver tjenesteudbyderne meget stor sikkerhed for at brugeroplysninger fra WAYF rent faktisk stammer fra WAYF. WAYFs nuværende HSM'er er imidlertid end-of-life og i færd med at blive erstattet af to nye. Language Danish Read more a

Al datatrafik fra WAYF underskrives digitalt med en privatnøgle som opbevares i et hardware security module (en 'HSM'), så nøglen ikke kan hackes. Det giver tjenesteudbyderne meget stor sikkerhed for at brugeroplysninger fra WAYF rent faktisk stammer fra WAYF.

WAYFs nuværende HSM'er er imidlertid end-of-life og i færd med at blive erstattet af to nye.

Language Danish Read more about WAYF får nye HSM-bokse

WAYF nu i stand til at filtrere attributværdier

Visse af de typer brugeroplysning eller attributter som WAYF kan videreformidle til tjenester fra brugerorganisationer, har et meget stort værdirum, og i mange tilfælde er det kun en mindre delmængde af de mulige værdier der vedkommer tjenesteudbyderen. Language Danish Read more about WAYF nu i stand til at filtrere attributværdier

Visse af de typer brugeroplysning eller attributter som WAYF kan videreformidle til tjenester fra brugerorganisationer, har et meget stort værdirum, og i mange tilfælde er det kun en mindre delmængde af de mulige værdier der vedkommer tjenesteudbyderen.

Language Danish Read more about WAYF nu i stand til at filtrere attributværdier

Wednesday, 13. January 2021

SelfKey Foundation

KEY Token to be Listed on CoinTiger

Cointiger has decided to list the KEY token on the CoinTiger exchange on 14th January at 18:00 (GMT+8). CoinTiger is a centralized exchange, with reportedly more than 4 Million users worldwide. The post KEY Token to be Listed on CoinTiger appeared first on SelfKey.

Cointiger has decided to list the KEY token on the CoinTiger exchange on 14th January at 18:00 (GMT+8). CoinTiger is a centralized exchange, with reportedly more than 4 Million users worldwide.

The post KEY Token to be Listed on CoinTiger appeared first on SelfKey.


Covid Credentials Inititative

CCI has joined Linux Foundation Public Health!

We have exciting news to share: CCI has a home now! When the COVID-19 Credentials Initiative (CCI) was formed in April 2020, we were a self-organizing group of companies and individuals, held together by a few mailing lists and working groups, to explore how Verifiable Credentials (VCs), an open standard and an emerging technology, could be used for the public health crisis unfolding with CO

We have exciting news to share: CCI has a home now!

When the COVID-19 Credentials Initiative (CCI) was formed in April 2020, we were a self-organizing group of companies and individuals, held together by a few mailing lists and working groups, to explore how Verifiable Credentials (VCs), an open standard and an emerging technology, could be used for the public health crisis unfolding with COVID-19. Recognizing our limits early on as an informal group, we quickly pivoted from developing a solution together to supporting each other to build for their local contexts. Over the course of nine months, we have seen over 20 projects present their work to the CCI community and developed an MVP governance framework that can be adapted to specific COVID-19 use cases.

As our work evolved and as vaccine development showed promising progress, the need to align efforts around VCs for COVID-19 and educate decision-makers on the use of VCs for COVID-19 became clearer and stronger. However, the limits of not having a formal organizational home hinder us from engaging with key stakeholders and conducting necessary development efforts. So, we began exploring options for a home in summer.

Linux Foundation Public Health (LFPH) emerged in the middle of the pandemic, right after we started our search. There was a natural alignment between LFPH and CCI on building on open standards to ensure interoperability and developing open-source code bases of minimal-viable privacy-preserving software components to make interoperability easier and cheaper to implement. So here we are today; after achieving success with privacy-preserving exposure notification apps, LFPH officially took CCI in before the end of 2020, kicking off our journey to advance the use of VCs for public health with vaccination record as a start.

At the tail end of holiday spirits, we hope to spread our joy by sharing with you the invitation letter (below in italics) from Brian Behlendorf, the Executive Director of LFPH. You can find the official press release here.

Dear CCI Community,
We are excited to extend this invitation to you to join Linux Foundation Public Health and work together with us to advance the use of Verifiable Credentials and data and technical interoperability of Verifiable Credentials in the public health realm.
Linux Foundation Public Health (LFPH) was founded in July 2020 as a collaborative effort to combat COVID-19 and future epidemics through building, securing, and sustaining open- source software to help public health authorities (PHAs). We started with exposure notification apps and have achieved success with COVID Green™ and COVID Shield™, which are being deployed in 4 US states and 7 countries around the world. The early achievements were made possible within such a short time frame through our merger with TCN Coalition, a global community promoting privacy-preserving and interoperable exposure notification apps.
As COVID-19 tests mature and vaccines are around the corner, we have identified an increasing demand for responsible and interoperable credentialing solutions to issue and manage COVID-19 credentials, especially vaccine records, from PHAs. Therefore, we would like to work with the COVID-19 Credentials Initiative (CCI), supporting you to build on your existing work and enabling open-source development for vaccine records or key components of it, which can be implemented widely by PHAs with the help of the CCI community. We view this as a starting point of a long-term partnership to advance the adoption of verifiable credentials for wider public health use cases, such as patient ID and patient centered information exchange.
At LFPH, we have been following CCI’s work; we value the resources and assets created by the community and the tight relationships you have developed with small, grassroots solution providers. We foresee the scope of our partnership to go beyond open-source software development. The nature of the problem we are solving requires us to build solutions that are interoperable, so we are committed to supporting CCI in leading work around open standards, e.g. definitions and schemas for public health credentials. We also will provide CCI resources to strengthen community and knowledge building, broaden and deepen engagement with key stakeholders (e.g. PHAs, commercial entities, software vendors, relevant identity and technical communities) and conduct public and strategic advocacy.
As the next step, we will join the CCI Group Update call on December 11 from 10 to 11 am ET to answer any questions you have. In the meantime, we plan to commission the following three members of the CCI Community Guidance Team to lead the migration of CCI into LFPH once the community is ready:
- Lucy Yang, Co-Lead of the Coordination and Communications Workstream of CCI
- John Walker, Co-Lead of the Coordination and Communications Workstream of CCI
- Kaliya Young, the Identity Woman, an active contributor at CCI and a super-connector in the credential community. (Kaliya made the initial connection between CCI and LFPH and facilitated the formation of the partnership.)
While LFPH does offer different levels of paid membership for companies and we welcome interested parties to join, membership will not be a requirement for individuals and organizations to participate in any CCI activities. We will strive to respect the community-driven and open nature of CCI to the maximum during migration and onwards, and only leverage LFPH’s structure and infrastructure to improve efficiencies and effectiveness.
This is a strong alignment of efforts between two communities that share the same vision and aspiration. We look forward to meeting you and working with you.
Brian Behlendorf
Managing Director for Blockchain, Healthcare and Identity
The Linux Foundation

Happy New Year! We appreciate your support in 2020 and look forward to working together for a better 2021.

Tuesday, 12. January 2021

Sovrin (Medium)

2020 — How SSI Went Mainstream

2020 — How SSI Went Mainstream January 12, 2021 An introduction to SSI and where it came from. 2020 as a growth catalyst and where SSI is going. A Sovrin Foundation perspective. Written by: Chris Raczkowski — Sovrin Foundation, Chairman of the Board of Trustees Drummond Reed — Evernym, Chief Trust Officer; ToIP, Steering Committee Member It goes without saying that last year was transform
2020 — How SSI Went Mainstream

January 12, 2021

An introduction to SSI and where it came from.
2020 as a growth catalyst and where SSI is going.
A Sovrin Foundation perspective.

Written by:
Chris Raczkowski — Sovrin Foundation, Chairman of the Board of Trustees
Drummond Reed — Evernym, Chief Trust Officer; ToIP, Steering Committee Member

It goes without saying that last year was transformational for the world. Along with pains felt by many, the challenges of 2020 were also a catalyst for positive growth. The global SSI community, dedicated to privacy-respecting digital identity, has risen to these challenges. Digital identity solutions have been called into action by governments and companies large and small to help mitigate pandemic-related public health challenges. This call to action has accelerated adoption of SSI across many use cases where it brings new standards of truly privacy-respecting digital identity control to all peoples of the world.

But first, what is SSI?

SSI is an acronym for self-sovereign identity, representing the secure, privacy-respecting digital identity model developed around blockchain technology starting in 2016. During the last five years acceptance of this model has grown rapidly. SSI utilizes best practices in open-source cryptography and decentralized computing in tandem with humanistic governance. It also helped drive development of new technology open standards such as Verifiable Credentials and Decentralized Identifiers. While SSI incorporates a wide range of complex technology and detailed governance, its essence is captured in the opening chapter of a book that will be published during 2021:

“The best overall analogy for the decentralized identity model (SSI) is in fact exactly the way we prove our identity to each other every day: by getting out our wallet and showing the credentials we have obtained from other trusted parties. ... With decentralized digital identity, we just do this with digital wallets, digital credentials, and digital connections.” ¹
SSI has emerged as a, “simple, neutral, memorable name for this new model for digital identity.” ²
Open Source and Open Standards: Growth Engines of SSI

SSI is rooted in core principles of privacy-respecting Internet-scale identity architecture first laid out by individuals like Kim Cameron with his Laws of Identity, which were published in 2006. Such governance principles, combined with open-source technology advances in blockchain, cryptography, supporting software and standards, ultimately gave rise to reliable SSI infrastructure starting in 2017. Open-source development of digital identity technology, standards and principles is truly the engine of SSI growth.

The Sovrin Foundation, a not-for-profit corporation, was established in 2016 to promote global adoption of SSI as an open standard for digital identity. Over the past five years the Foundation has operated the Sovrin Ledger as the best-known SSI identity network, helped advanced the most widely used SSI open-source software (Hyperledger Indy, Ursa, and Aries), published the most widely used SSI governance framework, and drives SSI thought leadership in areas including data protection, financial inclusion, IoT, and government-issued ID. In its role as an originator and disseminator of open-source SSI concepts and code, the Sovrin Foundation is dedicated to supporting SSI development in cooperation with companies, organizations and governments around the world.

One of the most important products of this work is the “Sovrin Stack,” shown in Figure 1.

Figure 1: The Sovrin Stack, developed by the Sovrin Foundation and the global SSI community, was created in early 2019 and is curated as part of the open-source Sovrin Governance Framework.

The Sovrin Stack was the first conceptualization of SSI infrastructure as a four-layer stack, where the lower two layers provide cryptographic trust needed for machine-to-machine communications and the upper two layers provide human trust needed for business, legal, and social interactions.

The Sovrin Stack also represents the first recognition of the critical role governance frameworks play in bridging the technological innovations of SSI with real-world policy requirements of governments, industries, businesses and individuals. In fact, as the importance of governance frameworks became more widely acknowledged, the SSI community recognized that specialized governance was needed at all four layers of the stack. During early 2020 the Sovrin Stack evolved into the Trust over IP (ToIP) stack, shown in Figure 2.

Figure 2: The ToIP stack, showing how governance frameworks apply to all four layers of the stack, and also how Layer 4 can support entire digital trust ecosystems.

As a model for decentralized digital trust infrastructure at Internet-scale, the ToIP stack was compelling enough that in May 2020 it became the cornerstone of a new Linux Foundation project called the ToIP Foundation. Rapid growth of ToIP Foundation membership is a testament to how core concepts of SSI architecture are strongly supported by respected governments and companies.

Emergence of entirely new organizations promoting SSI adoption is evidence of the effectiveness of the Sovrin Foundation’s open-source approach to advancing technology and thought leadership. The Foundation’s success is measured not only in by results it delivers, but in the progress of derivative and novel SSI products and services created by organizations which build on contributions of Sovrin and the global SSI community.

2019: Early success ahead of unexpected crisis

Prior to the global public health crisis of 2020, SSI was progressing along a steadily increasing adoption curve. Start-up companies, global corporations, digital identity privacy organizations and a variety of national and regional governments (Canada, UK, US, Germany, British Columbia, Ontario, etc.) were all expanding SSI infrastructure and launching initial use cases. This advancement was based on vigorous technology development (open-source software architecture, code and standards), a robust global public identity utility (the Sovrin Ledger), the first comprehensive decentralized digital identity governance framework (the Sovrin Governance Framework), and proof of concept use cases produced by a variety of governments and companies.

Woven throughout this activity, the Sovrin Foundation acted as a convener, facilitator and beacon for the global SSI community. The Foundation’s commitment to the Principles of SSI, open-source technology and identity ecosystem governance, combined with efforts to sow the ethos of SSI across a spectrum of use-cases, helped to create fertile ground for emergent applications. During this course of activities Sovrin and the SSI community unknowingly primed the world for tremendous acceleration of SSI adoption during a most unexpected year.

2020: The SSI Springtime

As the world embarked on a new decade at the start of 2020, almost no one could have guessed what their lives and societies would look like 365 days later. Public health challenges of 2020 brought tremendous stress and grief to most corners of the world. Yet, the situation also created opportunity for unprecedented growth of technologies that could address urgent social needs. For SSI, this meant compressing what could have been a five-to-ten-year adoption process for sensitive use-cases into a period of 12 months.

During normal times, new technology standards for critical services such as medical information credentials, travel credentials and critical worker credentials often face regulatory review and approval marathons spanning years or even decades. Fortunately, prior to 2020, the core components of SSI had already been assessed and accepted by respected companies and governments. These organizations understood that trusted digital identity must be privacy-respecting, which is a central requirement for SSI technology and governance. With solutions needed immediately for verifiable proof of medical test results, vaccination status, etc., the standards and technology developed with the support of the Sovrin Foundation and the global SSI community have been fast-tracked into service.

Just a few of the SSI implementations that were launched in 2020 or are pending launch in early 2021 include:

IATA Travel Pass will be the first verifiable credential capable of providing proof of COVID-19 test and vaccination status at airports around the world, NHS Staff Passport is the first portable digital identity credential for doctors and nurses in one of the largest public healthcare networks in the world, GLEIF (the Global Legal Entity Identifier Foundation), based in Switzerland and the only global online source that provides open, standardized and high quality legal entity reference data, is committed to following the SSI model for digital identity credentials for companies. SSI4DE, co-funded by the German Federal Ministry of Economic Affairs, supports showcases for secure digital identities in Germany, and Chancellor Angela Merkel declared digital identity as a priority matter during December 2020. MemberPass brings SSI to financial services with Credit Union customer identity verification, Farmer Connect is realizing is vision to “Humanize consumption through technology” by enabling and empowering individual coffee farmers to more easily work with global enterprises, and reducing costs and inefficiencies for large companies to work directly with small and often remote farmers. Lumedic Exchange is the first network designed exclusively for patient-centric exchange of healthcare data using SSI-based verifiable credentials.

While scientists and professionals in the fields of biology, genetics, immunology, medicine and public health are the superstars of 2020, SSI is also in a position to make a major contribution. Reliable digital credentials for medical test results and vaccination status, in the form of W3C Verifiable Credentials backed by privacy-respecting governance, can help societies more safely return to normal levels of social interaction and restart economies. At the same time, the SSI model will be establishing new standards and expectations for person identity data management and control by individuals.

2021: Looking Forward

Unexpected urgencies that accelerated broad acceptance of the SSI digital identity model during 2020 will continue into 2021. Ongoing challenges of the global pandemic can be mitigated by expanded use cases and public acceptance of trusted digital identity. In the most forward-thinking and dynamic jurisdictions, SSI progress is anticipated in the following areas:

Verifiable digital vaccination credentials to facilitate safer operations at some workplaces, medical facilities and senior care centers, International travel enabled by vaccination and medical test results quickly and easily proved with the power of verifiable digital credentials, Rollout of government-issued ID such as driver licenses in the form of digital credentials conforming to SSI standards and securely stored in privacy-respecting digital wallets on smart phones, Expansion of SSI digital identity networks, along with demonstrated interoperability of digital credentials and their verification across multiple networks using smart phone apps (digital ID wallets), Laws and regulations implemented at state, provincial and national levels which support the use of digital Verifiable Credentials for medical, financial and other uses.

While the wellbeing of individuals and societies during this historic time rests largely on the clear thinking and actions of responsible scientists, business leaders and government leaders, SSI is also playing a significant role. The Sovrin Foundation is dedicated to supporting global adoption of SSI to help mitigate challenges of this pandemic, while advancing its mission of Identity for All.

Notes Alex Preukschat, Drummond Reed. Self Sovrin Identity. Manning. Publication expected spring 2021. Ibid.

Originally published at https://sovrin.org on January 12, 2021.


Good ID

The IoT Security Foundation and FIDO Alliance Announce Collaboration to Eliminate Passwords in IoT

Release Date: January 5th 2021 Today, the IoT Security Foundation (IoTSF) and FIDO Alliance announced that they are collaborating to improve the status of IoT security. The main aims of […] The post The IoT Security Foundation and FIDO Alliance Announce Collaboration to Eliminate Passwords in IoT appeared first on FIDO Alliance.

Release Date: January 5th 2021

Today, the IoT Security Foundation (IoTSF) and FIDO Alliance announced that they are collaborating to improve the status of IoT security.

The main aims of the collaboration are to raise awareness on the limitations of passwords for IoT devices and provide practical alternatives for product manufacturers. The goals of the collaboration will be achieved by joint messaging and providing publicly accessible materials to help industry implement password-less authentication. 

What’s the problem with passwords?

Passwords are a traditional and simple method for authenticating a user and allowing access to resources. In the past this may have been sufficient, but passwords dramatically fall short in many ways when billions of devices are expected to be connected to networks to collect and share data or provide automation – the era of IoT.

Although this is not a new problem, users are still finding it a challenge to manage and keep track of different accounts and app login credentials. The result is that many take shortcuts – using easy to remember (and guess) passwords, or using the same password across many accounts1. This weakens security. Now consider the growing number of home, business, medical, industrial and national infrastructure uses of IoT which bring efficiency, innovation and user benefits. IoT devices are everywhere and the trend is set to continue as this article illustrates. For IoT-class products such as routers and webcams, traditionally manufacturers have opted to have factory universal default passwords2 and whilst these can be changed, a significant number remain set to the default. This makes them prime targets for botnets which weaponize devices for DDOS attacks such as the famous Mirai and its many variants.

This means that the sheer volume of devices is only going to exacerbate the issues experienced with passwords today. In summary, passwords are not a good solution to the requirements of IoT authentication now, or in the future.

How can this be addressed?

New standards and forthcoming regulation are helping to drive change. The ETSI 303 6453 baseline requirements for consumer IoT cyber security standard published mid 2020, has a provision for “no universal default passwords” and this standard is now being used as a basis for regulation and certification schemes internationally4.

Whilst “no universal passwords” is a good start for regulation5, it does not go far enough. The good news is that there are good alternatives to passwords, so they can be eliminated, and they are also better and simpler to use. 

How are IoTSF and FIDO Alliance working together?

Both organisations will work together to promote the awareness and use of password-less forms of authentication and link working group activities to ensure industry can access publicly available materials when designing new products.

The IoT Technical Working Group of the FIDO Alliance aims to build a comprehensive authentication framework for IoT devices which provides detailed technical specifications for password-less authentication.

The IoT Security Foundation publishes best practice cyber security advice for product manufacturers and users of IoT systems. Its IoT Security Compliance Framework Working Group is dedicated to the creation and maintenance of the framework which guides developers through a structured process of questioning and evidence gathering. This helps companies make better products with security by design. It is in this area where both organisations intend to collaborate at the technical level to complement the advocacy of passwords alternatives.

John Moor, Managing Director IoTSF said, “The use of passwords for security is an outdated and outmoded security practice for the digital age. There are solutions which are stronger from a technical perspective and better from a user’s perspective. We are delighted to be working closely with the FIDO Alliance to help eliminate the use of passwords and drive better practice for our manufacturing members.”

Christina Hulka, executive director and COO of the FIDO Alliance said, “The FIDO Alliance mission is to reduce the world’s reliance on passwords with simpler and stronger authentication, including in IoT which unfortunately continues to rely on default or weak password authentication. We look forward to working with the IoT Security Foundation to accelerate our path toward bringing passwordless authentication to IoT.”

References

1 https://en.wikipedia.org/wiki/List_of_the_most_common_passwords
2 https://www.router-reset.com/default-router-password-lookup
3 https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.00_30/en_303645v020100v.pdf
4 https://www.iotsecurityfoundation.org/consumer-iot/
5 https://www.gov.uk/government/news/government-to-strengthen-security-of-internet-connected-products

About the Internet of Things Security Foundation (IoTSF)

IoTSF is a non-profit corporate and professional membership association.

The mission of IoTSF is to help secure the Internet of Things, in order to aid its adoption and maximize its benefits. To do this IoTSF will promote knowledge and clear best practice in appropriate security to those who specify, make and use IoT products and systems.

IoTSF promotes the security values of a security-first approach, fitness for purpose and resilience through operating life. The security values are targeted at key stages of the IoT ecosystem – those that build, buy and use products and services: Build Secure. Buy Secure. Be Secure.

IoTSF was formed as a response to existing and emerging threats in the Internet of Things applications.

IoTSF is an international, collaborative and vendor-neutral members’ initiative, driven by the IoT ecosystem and inclusive of all parties including technology providers and service beneficiaries.

For more information, news and further announcements, please visit the official website at www.iotsecurityfoundation.org.

About the FIDO Alliance

The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.

Press Contact

Jenny Devoy
IoT Security Foundation
+44 (0)1506 401210
contact@iotsecurityfoundation.org
twitter: @IoT_SF

The post The IoT Security Foundation and FIDO Alliance Announce Collaboration to Eliminate Passwords in IoT appeared first on FIDO Alliance.

Monday, 11. January 2021

Ceramic Network

Core Devs 8

Discussion of Ceramic protocol improvements, multi-chain anchroing, and timeline to Clay (beta devnet) launch.

Topics covered:
- Dev roundtable (until 3')
- Planning for multi-chain anchoring and high gas costs (until 44')
-Timeline to Clay release (44'-54')

As always, these meetings are completely open and we invite everyone in the technical community to join. If you'd like to attend a future meeting, add the Ceramic Calendar to your Google calendar. If you'd like to propose protocol improvements, reach out on Discord and Github.



Elastos Foundation

Trinity Native 1.0 Release Announcement

...

aNewGovernance

French Banque des Territoires: Self data report

In 2020 aNewGovernance, Onecub, and Visions have participated with Capgemini in a report for the French Banque des Territoire on the state of the art for Self-Data, and personal data sharing:

In the context of strong digitization of activities and services, the question of control and protection of personal data is a key issue. With this in mind, in 2018 the DPMR was created to provide a framework for the collection and use of data. Also, for a trusted digital world, a new concept is beginning to emerge: self-data.

Self-data can be defined in a few words as « the production, exploitation, and sharing of personal data by individuals, under their control and for their own purposes » (definition given by the New Generation Internet Foundation).

At the crossroads of data governance and digital trust, the control of personal data by each individual is a challenge for the digital projects of European public and private players. However, the construction of such a model also depends on the ability to remove obstacles on the technical, political, legal, and economic levels. This is why the Bank of Territories is publishing a study that proposes an inventory of the ecosystem of self-data actors.

This document aims to provide a clear and updated vision of the actors who propose solutions to implement self-data, the brakes and levers that need to be taken into account, and initiatives that can serve as an example to embark in turn on such a project.

Read the full report

Friday, 08. January 2021

Own Your Data Weekly Digest

MyData Weekly Digest for January 8th, 2021

Read in this week's digest about: 10 posts, 2 questions
Read in this week's digest about: 10 posts, 2 questions

Thursday, 07. January 2021

Kantara Initiative

Exostar receives Kantara Initiative’s Identity Assurance certification

Exostar, a leader in trusted, secure business collaboration in aerospace and defense (A&D), life sciences, and healthcare, today announced it has been named a full service credential service provider by the Kantara Initiative.http://www.securitydocumentworld.com/article-details/i/16642/ The post Exostar receives Kantara Initiative’s Identity Assurance certification appeared first on Kantara

Exostar, a leader in trusted, secure business collaboration in aerospace and defense (A&D), life sciences, and healthcare, today announced it has been named a full service credential service provider by the Kantara Initiative.
http://www.securitydocumentworld.com/article-details/i/16642/

The post Exostar receives Kantara Initiative’s Identity Assurance certification appeared first on Kantara Initiative.


Elastos Foundation

Trinity Native: An Introduction

...

SelfKey Foundation

December Progress Report is Here! 🔔

SelfKey Weekly Newsletter Date – 06th January, 2021 The SelfKey voyage report for December 2020 is here. The post December Progress Report is Here! 🔔 appeared first on SelfKey.

SelfKey Weekly Newsletter

Date – 06th January, 2021

The SelfKey voyage report for December 2020 is here.

The post December Progress Report is Here! 🔔 appeared first on SelfKey.


SelfKey – 2020 & Beyond

Here we are at the end of yet another amazing year. In this article, we look back at the major milestones that defined the year 2020 for us at SelfKey. The post SelfKey – 2020 & Beyond appeared first on SelfKey.

Here we are at the end of yet another amazing year. In this article, we look back at the major milestones that defined the year 2020 for us at SelfKey.

The post SelfKey – 2020 & Beyond appeared first on SelfKey.

Wednesday, 06. January 2021

Kantara Initiative

Exostar Receives Kantara Initiative’s Identity Assurance Trust Framework Certification, Achieves Healthcare and Life Science Community Milestones

HERNDON, Va., Jan. 6, 2021 /PRNewswire/ — Exostar, the leader in trusted, secure business collaboration in aerospace and defense (A&D), life sciences, and healthcare, today announced it has been named a full service credential service provider by the Kantara Initiative. https://markets.businessinsider.com/news/stocks/exostar-receives-kantara-initiative-s-identity-assurance-trust-framework

HERNDON, Va., Jan. 6, 2021 /PRNewswire/ — Exostar, the leader in trusted, secure business collaboration in aerospace and defense (A&D), life sciences, and healthcare, today announced it has been named a full service credential service provider by the Kantara Initiative. 
https://markets.businessinsider.com/news/stocks/exostar-receives-kantara-initiative-s-identity-assurance-trust-framework-certification-achieves-healthcare-and-life-science-community-milestones-1029937505

https://markets.businessinsider.com/news/stocks/exostar-receives-kantara-initiative-s-identity-assurance-trust-framework-certification-achieves-healthcare-and-life-science-community-milestones-1029937505

The post Exostar Receives Kantara Initiative’s Identity Assurance Trust Framework Certification, Achieves Healthcare and Life Science Community Milestones appeared first on Kantara Initiative.


Exostar Receives Kantara Initiative’s Identity Assurance Trust Framework Certification, Achieves Healthcare and Life Science Community Milestones

HERNDON, Va., Jan. 6, 2021 /PRNewswire/ — Exostar, the leader in trusted, secure business collaboration in aerospace and defense (A&D), life sciences, and healthcare, today announced it has been named a full service credential service provider by the Kantara Initiative. The post <a href="https://apnews.com/press-release/pr-newswire/technology-business-corporate-news-products-and-services-

Exostar Receives Kantara Initiatives Identity Assurance Trust Framework Certification

Exostar, the leader in trusted, secure business collaboration in aerospace and defense (A&D), life sciences, and healthcare, today announced it has been named a full service credential service provider by the Kantara Initiative. The post <a href="https://www.insidenova.com/news/state/exostar-receives-kantara-initiatives-identity-assurance-trust-framework-certification-achieves-healthcare-

Exostar, the leader in trusted, secure business collaboration in aerospace and defense (A&D), life sciences, and healthcare, today announced it has been named a full service credential service provider by the Kantara Initiative.

The post <a href="https://www.insidenova.com/news/state/exostar-receives-kantara-initiatives-identity-assurance-trust-framework-certification-achieves-healthcare-and-life-science-community/article_9a5305f8-ce2c-5314-acc1-b4b31a614992.html">Exostar Receives Kantara Initiatives Identity Assurance Trust Framework Certification</a> appeared first on Kantara Initiative.


Exostar Receives Kantara Certification

Exostar has received Level 3 Identity Assurance Trust Framework certification from the Kantara Initiative. The certification is good for a period of three years, and marks Exostar as an approved credential service provider for the healthcare and life sciences industries. The post <a href="https://mobileidworld.com/exostar-receives-kantara-certification-010604/">Exostar Receives K

Exostar has received Level 3 Identity Assurance Trust Framework certification from the Kantara Initiative. The certification is good for a period of three years, and marks Exostar as an approved credential service provider for the healthcare and life sciences industries.

The post <a href="https://mobileidworld.com/exostar-receives-kantara-certification-010604/">Exostar Receives Kantara Certification</a> appeared first on Kantara Initiative.


EdgeSecure

Edge Announces Partnership with GRM Information Management to Enhance Content Management and Accelerate Digital Transformation

Newark, NJ, January 5, 2021 – Edge, the region’s nonprofit research and education network and technology partner, has announced a partnership with GRM Information Management (GRM), a leader in enterprise content management (ECM) solutions. Via its EdgeMarket Cooperative Pricing System,... The post Edge Announces Partnership with GRM Information Management to Enhance Content Management and Accele

Newark, NJ, January 5, 2021 – Edge, the region’s nonprofit research and education network and technology partner, has announced a partnership with GRM Information Management (GRM), a leader in enterprise content management (ECM) solutions. Via its EdgeMarket Cooperative Pricing System, Edge has awarded a procurement contract which will give EdgeMarket participants the ability to efficiently and affordably procure GRM’s solutions and services. 

This contract award and resulting partnership is the result of a thorough RFP process, designed to meet members’ needs related to digital transformation and content management. Via its cloud-based platform, GRM provides a set of solutions and capabilities such as document management software, workflow automation, iForms (GRM’s proprietary intelligent forms technology), business process management, machine learning, and intelligent data capture, all coupled with the cutting-edge security features.

GRM’s comprehensive offering allows organizations to harness data and processes in order to deliver dramatic improvements in efficiency, savings and insights into data.

“Managing content effectively is vital to success in the digital age. The common approach to information management via legacy applications often leaves organizations with documentation in numerous locations, and struggles to find and use information efficiently,” said Christopher Markham, VP for Information Technology and Economic Advancement at Edge. “Automating access to information, updating business process and workflows, and putting people in a position to succeed is vital to successful digital transformation initiatives, and GRM’s solutions give EdgeMarket participants the tools they need.”

“We’re thrilled to form a strategic partnership with Edge organizations and to support the group’s membership with a diverse set of software solutions. As an enterprise content management leader with deep expertise in education, public sector and healthcare, GRM is well-suited to partner with members and deliver them valuable digital transformation solutions.” said GRM VP Sales, Larry Reynolds.

Existing Edge members and other institutions interested in leveraging the EdgeMarket purchasing consortium for access to streamlined technology purchasing and preferred pricing can find more information at https://njedge.net/solutions/edgemarket/.

The post Edge Announces Partnership with GRM Information Management to Enhance Content Management and Accelerate Digital Transformation appeared first on Edge.


Berkman Klein Center

Internet shutdowns in 2021

Internet Shutdowns in 2021 Rethinking advocacy strategies It’s that time of the year again when expert analysts take a gaze into the future and proffer an outlook for the year ahead. In international affairs perhaps there is none as eminent as The Economist magazine’s “The world in 2021’’ — insights that leaders in politics, business, and finance draw from to shape personal, institutional,
Internet Shutdowns in 2021 Rethinking advocacy strategies

It’s that time of the year again when expert analysts take a gaze into the future and proffer an outlook for the year ahead. In international affairs perhaps there is none as eminent as The Economist magazine’s “The world in 2021’’ — insights that leaders in politics, business, and finance draw from to shape personal, institutional, and national agendas for the incoming year.

In digital rights, it is perhaps also apt to take a look at the incoming year to prepare for whatever it might throw up. An important trend to anticipate in the coming year is Internet shutdowns, and their impact on freedom of expression, political participation, and societal development, particularly in the global south.

Photo: Pixabay

Internet shutdowns have become a common tactic deployed in the past decade by authoritarian regimes to restrict human rights and citizen mobilization, particularly around political events such as elections and mass protests. The digital rights organization AccessNow documented at least 213 shutdowns in the year 2019 across 33 countries. In 2020 some of the countries that shut down the Internet include Ethiopia, Bangladesh, India, and Myanmar. For the year 2021, we get the sense it is simply a question of when, rather than if there will be Internet shutdowns. However, there is no escaping the fact that this blunt tool of human rights repression is largely a feature of countries in the global south. In Africa, research by the digital rights organization CIPESA revealed a correlation between government styles and the incidence of Internet shutdowns. Internet shutdowns occur less frequently in real, functioning democracies, and more in authoritarian regimes, the research noted.

The persistence of Internet shutdowns in authoritarian regimes despite perennial advocacy efforts by civil society organizations perhaps suggests the need for a shift in advocacy strategies to combat it. The first evolution of advocacy strategies to combat Internet shutdowns focused on the human rights angle — appealing to the governments and corporate actors who implemented shutdowns to see that shutdowns amounted to trampling on human rights of freedom of opinion, expression, and association. No other document encapsulates this approach as the resolution by the UN Human Rights Council stating that human rights enjoyed offline also apply online.

This approach did not always work, necessitating the second evolution of advocacy strategies targeting shutdowns. Rather than focusing only on the human rights angle, these strategies also highlighted the economic losses shutdowns foist on economies. Examples of this approach include research by the Brookings Institution, Deloitte, and CIPESA detailing in figures the losses accruing to the economies of nations that implement shutdowns. Given that some of the countries which implement shutdowns are also among the poorest in the world, this advocacy approach held some promise. This promise was however disappointed, as it emerged that the regimes which implemented shutdowns were more swayed by the survival of their regimes than economic considerations. Occasionally there was the counter-argument proffered by some of these states that although Internet shutdowns resulted in economic losses, they were nevertheless implemented to prevent even bigger losses and the collapse of states.

All these bring us to a third way. If these two illustrious approaches to Internet shutdown advocacy have not been effective, there has to be a better way. In the observation that Internet shutdowns persist in authoritarian regimes and are rare in functioning democracies perhaps lies a path to effective advocacy strategies. As has been touted in recent years in development circles, what if the future of digital rights advocacy lies in its participation in broader advocacy efforts that target broader societal reforms in the electoral process, government accountability and transparency, and development? This can be achieved, for instance, by digital rights advocacy organizations collaborating with the broader human rights community.

Internet shutdowns and other digital rights abuses do not spring out of a vacuum. Instead, they proceed from broader dysfunctional societal systems needing reform. If, in general, societies heal and reform in the broad areas of electoral processes, accountability and transparency, and development, in time this progress will seep into better digital rights standards. This approach takes time but is sustainable. The new year 2021 is another opportunity to intensify our efforts in adopting new methods in advocating against Internet shutdowns.

Internet shutdowns in 2021 was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.


r@w blog

#PoliticsOnSocialMedia

Rinku Lamba, Rajarshi Dasgupta, Mohinder Singh, Valerian Rodrigues & Shefali Jha Session Indian politics had witnessed the entry of new social movements in the 1970s, adding a whole set of new issues, actors, and ways of activism to the older nationalist tradition. We suggest a similar change is now taking place, as different ways of governance and interventions aided by latest technolo
Rinku Lamba, Rajarshi Dasgupta, Mohinder Singh, Valerian Rodrigues & Shefali Jha Session

Indian politics had witnessed the entry of new social movements in the 1970s, adding a whole set of new issues, actors, and ways of activism to the older nationalist tradition. We suggest a similar change is now taking place, as different ways of governance and interventions aided by latest technologies are emerging in the social media. Websites, blogs, tweets, emails and online petitions are creating a new virtual space for politics, through information, propaganda, debates, appeals and mobilizations.

The proposed session will discuss this emerging field of power, critically considering its democratic potential and interrogating the political issues and ideas at stake in it. The aim is to tackle the new forms of civic and public-political engagements witnessed in the domain of social media, and analyze their implications for the theory and practice of democracy. In the process our papers would explore conceptual notions such as agency, political act and participation as well as notions of selfhood and subjectivity.

Plan

We will present four papers, with a question-answer and discussion session at the end. The papers will be addressing broadly three kinds of concerns.

The first concern is to identify novel understandings of the political and political acts in the social media. We ask the following questions in this regard: What are the political issues and ideas at stake and how do they affect conventional understandings of democracy? Who are the new actors outside the fray of party-centered politics and how do they see what is political in the acts of internet-users? How are political institutions including parties reacting to the phenomena? The second concern relates to probing the new forms of political subjectivity that are emerging in this process. The questions here include: What kind of political actor is getting shaped by the forms of political participation engendered by the social media? How does the virtual nature of practice impact on questions of location and identity as determinants of political membership and political action? Is this nature of virtual participation too fluid for the state to control? The third concern relates to the forms of exclusion and inclusion that virtual participation entails. This involves questions like: What kind of social capital is necessary for talking part in the process and does it cut across cultural and economic divisions? What kinds of interest drive the social media? How does it shape the meaning of political concepts like representation and rights, accountability and political agency?

It is likely that we will raise more questions than we can answer at this point. However, we think it is important to raise them all the more in keeping with the questions that make up the focus of the conference, especially, the first question of how do we conceptualize, as an intellectual and political task, the mediation and transformation of social, cultural, political, and economic processes, forces, and sites through internet and digital media technologies in contemporary India.

Readings

None.

Audio Recording of the Session

IRC 2016: Day 2 #Politics On Social Media : Researchers at Work (RAW) : Free Download, Borrow, and Streaming : Internet Archive

Session Team

Rinku Lamba is Assistant Professor at the Centre for Political Studies in
Jawaharlal Nehru University. She was educated in Delhi, Oxford and Toronto, and has a strong interest in modern Indian political thought, democratic theory, the history of western political thought, and contemporary political theory (especially secularism, liberalism and multiculturalism). Her published work includes essays on state power, nationalism, Ambedkar’s views on the reform of religion, and on the discourse about socio-religious reform in colonial India. She has held visiting positions at the Humboldt University and the University of Wurzburg, and research fellowships at the European University Institute and the universities of Victoria and Sydney.

Rajarshi Dasgupta is Assistant Professor at the Centre for Political Studies, JNU. Formerly Fellow at the Centre for Studies in Social Sciences, Calcutta, he primarily teaches Marxism and Biopolitics, while his research interests span radical politics, urbanization, contemporary labor and refugee histories. His recent publications include ‘The Ascetic Modality: A Critique of Communist Selffashioning’ in Nivedita Menon, Aditya Nigam and Sanjay Palshikar eds., Critical Studies in Politics: Exploring Sites, Selves, Power, and ‘The People in People’s Art and People’s War’ in Gargi Chakrabarty ed., People’s Warrior: Words and Worlds of P.C. Joshi.

Mohinder Singh is Assistant professor teaching political thought at the Centre for Comparative Politics and Political Theory, School of International Studies, Jawaharlal Nehru University (JNU), New Delhi. Before he joined JNU in April 2013, he was teaching at the Department of Political Science, University of Delhi. He finished his M. A. and doctorate (2003) from the Centre for Political Studies, JNU, New Delhi. For the last few years his research has been on the study of Hindi as the language of political discourse in the late nineteenth century and early twentieth century North India with the main focus on the conceptualization of the domains of the social and the political. His recent publication is ‘Civilizing Emotions: Concepts in Nineteenth Century Asia and Europe.’ Oxford and New York: Oxford University Press. 2015 (Co-authored with Margrit Pernau, Helge Jordheim et. al.)

Valerian Rodrigues, currently National Fellow, ICSSR, has taught at the
Department of Political Science, Mangalore University, and Centre for Political Studies, JNU. His academic interest lies in Political Philosophy, Political Ideas and Institutions in India, Disadvantage, Marginality, and Preferential Public Policies. He has published extensively on these themes. He was Agatha Harrison Fellow, St. Antony’s College, Oxford (1989–1991), ICCR Chair at Erfurt University (2012), and Senior Visiting Professor at Wuerzburg University. He is a recipient of the Sri Pravananda Saraswati UGC National Award (2006) for Political Science.

Shefali Jha is Professor and teaches political philosophy and feminist political theory at the Centre for Political Studies, Jawaharlal Nehru University. She is interested in and writes on issues of constitutionalism and democracy in India.

Note: This session was part of the first Internet Researchers’ Conference 2016 (IRC16) , organised in collaboration with the Centre for Political Studies (CPS), at the Jawaharlal Nehru University, Delhi, on February 26–28, 2016. The event was supported by the CSCS Digital Innovation Fund (CDIF).

#PoliticsOnSocialMedia was originally published in r@w blog on Medium, where people are continuing the conversation by highlighting and responding to this story.


Kantara Initiative

Exostar Receives Kantara Initiative’s Identity Assurance Trust Framework Certification, Achieves Healthcare and Life Science Community Milestones

Latest Recognition Further Demonstrates Company Protects Customers’ Identity and Personal Data by Complying with NIST 800-63 Standard HERNDON, VA, January 6, 2021 – Exostar, the leader in trusted, secure business collaboration in aerospace and defense (A&D), life sciences, and healthcare, today announced it has been named a full service credential service provider by the Kantara Initiative.&nb

Latest Recognition Further Demonstrates Company Protects Customers’ Identity and Personal Data by Complying with NIST 800-63 Standard

HERNDON, VA, January 6, 2021 – Exostar, the leader in trusted, secure business collaboration in aerospace and defense (A&D), life sciences, and healthcare, today announced it has been named a full service credential service provider by the Kantara Initiative.  Kantara granted the Identity Assurance Trust Framework certification at Level of Assurance 3 (LOA 3), allowing Exostar to seamlessly continue to align with mandates issued by the Drug Enforcement Agency for the electronic prescribing of controlled substances (EPCS) by healthcare providers using Health IT systems.

“We are pleased to award Exostar the Kantara Full Service Trust Mark of Approval signifying conformity with the Kantara Classic Class of Approval for digital identity requirements at LOA 3,” said Colin Wallis, executive director, Kantara Initiative.  “This is a significant achievement and market differentiator for Exostar.  The Kantara assessment and review process is rigorous and approval demonstrates a company’s care and respect for its customers.”

With this additional identity-based certification, Exostar becomes 1 of only 3 companies to achieve Kantara’s full service designation for its identity proofing, credentialing, and authentication capabilities.  The accreditation follows an audit by a Kantara-approved third-party assessor spanning nearly 700 questions and requirements from the National Institute of Standards and Technology’s 800-63 standard and beyond, across categories including security, governance, infrastructure, operations, and finance.

The certification remains valid for 3 years.  With it, Exostar qualifies to work more closely with Kantara to define the future of identity and access management technology, specifically as it impacts highly-regulated industries like healthcare, life sciences, A&D, and banking, financial services, and insurance.

This newest recognition comes as Exostar continues to extend its market leadership by leveraging its identity and access management platform and products to support critically-important secure business collaboration use cases in life sciences and healthcare.  The firm’s Secure Access Manager anchors a community of over 15,000 life sciences organizations (including 10 of the 20 largest global pharmaceutical companies), connecting 400,000 users to more than 70 applications used in the conduct of clinical trials.  Health IT vendors serving 75,000 physicians and other healthcare providers now rely on Exostar’s ProviderPass as part of the EPCS process for 2 million prescriptions per month and over 80 million prescriptions since the product’s inception.

“The Full Service Trust Mark of Approval from Kantara offers yet another independent validation of the quality, security, and compliance of our products and solutions.  Our prospects and customers can connect their employees, partners, and applications to our communities with even greater confidence,” said Sudeep Dharan, Exostar’s Chief Technology Officer.  “As a result, we anticipate more rapid acceleration in the growth of our communities in the months ahead.”

About Exostar

Exostar’s cloud-based platform creates exclusive communities within highly-regulated industries where organizations securely collaborate, share information, and operate compliantly.  Within these communities, we build trust.  More than 135,000 aerospace and defense organizations and agencies in nearly 175 countries trust Exostar to strengthen security, reduce expenditures, raise productivity, and help them achieve their missions.  Ten of the top twenty global biopharmaceutical companies rely on Exostar to help them speed new medicines and therapies to market.  Exostar is a Gartner Cool Vendor.  For more information, please visit www.exostar.com, and follow Exostar on LinkedIn and Twitter.

About Kantara Initiative

Kantara Initiative is the Global Trust Framework and Specification ‘commons’ whose mission is to grow and fulfill the market for trustworthy use of identity and personal data.  Kantara provides real-world innovation through its development of specifications, applied R&D and conformity assessment programs for the digital identity and personal data ecosystems.  More information is available at https://kantarainitiative.org/.

Follow Kantara Initiative on Twitter — @KantaraNews

Media Contacts:
Alan Gilbert
Exostar
(703) 793-7735 (o)
(703) 624-4675 (m)
Alan.Gilbert@exostar.com

Bob Olson
Kantara Initiative
(978) 872-7120
rolson@virtualinc.com

The post Exostar Receives Kantara Initiative’s Identity Assurance Trust Framework Certification, Achieves Healthcare and Life Science Community Milestones appeared first on Kantara Initiative.

Tuesday, 05. January 2021

Digital ID for Canadians

Spotlight on ApplyBoard

1.What is the mission and vision of ApplyBoard?  ApplyBoard believes that education is a right, not a privilege. The company empowers prospective international students around…

1.What is the mission and vision of ApplyBoard?

 ApplyBoard believes that education is a right, not a privilege. The company empowers prospective international students around the world to access the best education by simplifying the study abroad search, application, and acceptance process. By connecting international students, academic institutions, and recruitment partners on a single digital platform, ApplyBoard drives qualified student applications and diversity to over 1,200 campuses across Canada, the United States, the United Kingdom, and Australia. To date, ApplyBoard has assisted more than 120,000 students along their educational journeys and has become the world leader in providing study abroad opportunities.

2. Why is trustworthy digital identity critical for existing and emerging markets?

As a company that has disrupted the traditional education application process

through technological innovation, ApplyBoard understands the importance of developing a trustworthy digital identity. The company has broken down barriers to accessing information and opportunity, creating a global digital ecosystem that spans thousands of partners and customers in hundreds of countries around the world. During the online application process, the ability to trust the identity of the applicant is key to improving global mobility. Proof of identity is required at various stages of the international student journey, including admission, international payments, and immigration.

ApplyBoard recently launched ApplyProof, an industry-leading platform that enables immigration stakeholders, students, and institutions to validate document authenticity by providing access to the digital original held securely by ApplyProof. The COVID-19 pandemic has highlighted the importance of digital ecosystems and doing business online, driving the need for heightened security and privacy demands. It is critical for businesses like ApplyBoard to innovate and partner with organizations like DIACC to champion the creation of secure digital properties and tools to drive a digital future.

3. How will digital identity transform the Canadian and global economy? How does ApplyBoard address challenges associated with this transformation?

ApplyBoard firmly believes that by creating a strong digital identity framework for Canadians, we will be able to build global trust that will increase capacity for international collaborations. International students play a vital role in driving the Canadian economy. By improving efficiency and trust in the digital ecosystem, the international education segment will thrive faster with fewer costs while positively impacting local economies. Additionally, a robust digital identity framework will reduce international students’ reliance on shared physical locations, allowing them to learn from multiple locations simultaneously from around the world.

4. What role does Canada have to play as a leader in this space?

By bringing together the most forward-thinking public and private sector organizations, institutions, and other stakeholders in the country, Canada has the ability to step up and become a global leader in the digital identification and authentication space. Working together, these groups will showcase their abilities and achieve collectively desired outcomes that benefit Canadians and drive us closer to creating a secure, scalable, inclusive, and privacy-enhancing digital ecosystem.

5. Why did ApplyBoard join the DIACC?

ApplyBoard has joined DIACC to become a foundational member of the ecosystem that’s addressing key identification issues. ApplyBoard is excited to bring its technology and experience to the ecosystem while having the opportunity to learn from other leaders. Together, we will improve the international student journey for the thousands of students that choose to study in Canada every year. As we grow our base of global partners, we are excited to play a role in sharing standards around the world.

6. What else should we know about ApplyBoard?

ApplyBoard was founded in 2015 by Martin, Meti, and Massi Basiri, three brothers that came from Iran to study at post-secondary institutions in Canada. Today, the company has grown to become the world’s largest online platform for international student recruitment, using AI and machine learning to assist more than 120,000 students with their educational journeys. In 2019, ApplyBoard was named the fastest-growing technology company in Canada by Deloitte, ranking #1 on the Technology Fast 50™. The company ranked #2 in 2020. To learn more about ApplyBoard, please visit their website.


Elastos Foundation

Hive 2.0: An Introduction

...

Monday, 04. January 2021

Berkman Klein Center

Movement Lawyering for Alternative Futures

Social Movements & the Limits of the Law By Zahra Stardust, Roslyn M. Satchel, Afsaneh Rigot, Kendra Albert and Micaela Mantegna The Revolution card from Cristy C Road’s Next World Tarot deck. Ten years ago, trans activist, writer and teacher Dean Spade published a piece for those considering law, setting out ‘what every activist should know before going to law school.’ I
Social Movements & the Limits of the Law

By Zahra Stardust, Roslyn M. Satchel, Afsaneh Rigot, Kendra Albert and Micaela Mantegna

The Revolution card from Cristy C Road’s Next World Tarot deck.

Ten years ago, trans activist, writer and teacher Dean Spade published a piece for those considering law, setting out ‘what every activist should know before going to law school.’

In the article, Spade discusses the complicated relationship between law and social movements (including how law is used to maintain rather than undo systems) and asks what role can lawyers play in social movements, through demystifying the law to resist indoctrination and by linking legal service provision to transformative change strategies.

Inspired by this piece, 5 lawyers, ex-lawyers and legal practitioners from the Berkman Klein Center for Internet and Society speak about their vexed relationship to the law, tensions in their practice, their strategies and tactics, and the kinds of futures they are trying to build.

Roslyn M. Satchel

Media, Law, Ethics, & Social Movements

Principles of justice, equity, mutual aid, and self-determination animate my work.

Law is content for courses I teach, as well as organizing and policy advocacy I do in communities. I teach that the law can be helpful as both a guide for protecting the vulnerable and for challenging unethical practices/laws. Simultaneously, however, I often use history to reality-test slippery slope harms created by laws that are inconsistent, cause confusion or lack predictability — particularly in relation to race, gender, sexuality, ability, national origin, language, socio-economic status, or other caste markers.

The relationship between law and social justice movements is one of tension and boundary challenging. The law could be an instrument to help people live in security and dignity, but instead those in power use it to entrench and fortify their power via status quo. These competing interests require juxtaposition to avoid dominant group tyranny. Those pushed to the margins must exert pressure by all necessary means. For 20 years, I’ve pushed back.

Sometimes law is not the answer; it’s the problem.

Sometimes law is not the answer; it’s the problem. The difficulty I often see arises when law enables/permits money and power to corrupt movements. The non-profit industrial complex has a political economy that retains power with elite gatekeepers through funding grants. These foundations broker grants to address certain social problems but rarely change social conditions or the law. As a result, Non-Government Organisations/Community-Based Organisations compete for grants (scraps) — often abandoning the mission or programming for the preferences of grantors — in order to make payroll or provide healthcare benefits for staff. Meanwhile, the government either fails to act or enacts laws that tie activists’ hands (e.g., U.S. Patriot Act). Currently, this divisive dynamic is at work in popular social movements, and we must question whether splintering is the purpose; and if so, who benefits?

Having experienced these problems professionally as a non-profit executive (as well as hating disempowering adversarial courtroom practices), I opt for alternative uses of my legal skills that shift power by prioritizing research and interventions with practical benefits to marginalized communities. I am trying to build a future where children of the African diaspora have futures as bright as (or even brighter than) they did before colonization and enslavement.

Afsaneh Rigot

Resistance and the Power of the People

I never wanted to study law. It wasn’t for us. Coming from Iran, moving to the UK as a refugee and living in the UK in a struggling working-class family (in a predominately immigrant BIPOC town) l quickly realised, the law was not for us. The law was about us. It was for us to bypass and navigate and not fall into the traps of.

In Iran the law served as a tool for a theocratic dictatorship that surveilled, imprisoned, tortured and exiled its residents, our friends, my family. In the UK it was the structures that worked to keep people like us out — on the outskirts of borders or in the margins of society.

The law meant barriers to jobs, financial support and opportunities to exist. It meant the police, immigration control, access issues. The law meant: you’re not safe; this isn’t for you.

That changed as I grew. I didn’t know about Movement Lawyering per se — but came to admire those who I now know employed it: legal aid lawyers that helped us get status when all other hope was lost; the fearless lawyers in Iran who used their in-depth knowledge against the legal system itself; those I’d read about in books who used the law as a tool to contain its own power, to cripple the structures confining groups most oppressed, marginalised and targeted. Then I was intrigued. I wanted to learn how to wield the same tool for our communities.

My favourite movement lawyering quote is from Law for Black Lives: “It means building the power of the people, not the power of the law.”

I didn’t continue with traditional legal practice (I was working towards becoming an immigration and human rights barrister). These days, I use my access and knowledge to support communities in my region. I follow their leadership on how to build strategic movements and support their safety. I use the language of law to leverage power and hold companies accountable for harm. Most of the time the law itself isn’t useful, but my knowledge of how to navigate it is.

The law might not be for us, but we can do our best to stop it from being used against us.

Kendra Albert

The Limits of Law

I’ve always had a weird relationship to my role as a lawyer. I didn’t go to law school because I believed in the majesty or dignity of the law, but because I wanted software engineers to listen to me. Law felt like a way to accomplish that. And somehow, at the end of law school, people expected me to be a lawyer. Turns out a law degree isn’t just humanities finishing school, it’s a professional degree. ¯\_(ツ)_/¯.

Fortunately, while I was in law school, my peers radicalized me. Specifically, Derecka Purnell, Kidist Keaton, and the other Black women who led the student protest movement at Harvard Law School called #Reclaim, radicalized me. I saw how lackluster the institutional response to racism was. I also saw how easy it was for White folks who the institution worked for (even self-professed liberal ones) to underestimate their own power to make change. At the same time, I was processing my own identity as a transgender person who wasn’t out (or even totally sure of their gender), and I could see all the ways in which law failed trans folks.

As I’ve gotten further into my legal career, I am more and more aware of the limits of law. As an attorney, I’ve embraced my role as a demystifer of legal systems (to use Dean Spade’s words). I’ve also been taught by friends and comrades, like Danielle Blunt of Hacking // Hustling, how to use the power that comes with institutional affiliations for rebellion.

As a teacher, I hope to help my students understand the limits of law as a tool. I support my students by building spaces for them in hierarchical institutions with unwritten rules, while challenging them via the material I teach to think bigger about systemic oppression, violence, and our duty as people to make change. Through my teaching, I aim to pass along, at least in part, the gift I was given by #Reclaim.

Ultimately, my legal work pales in comparison to the hard work of building movements and supporting communities. So now I play a small part in making the law less of a barrier to those who are making what John Lewis called “good trouble”, and I hope to train the next generation to push further and imagine more.

Micaela Mantegna

Law in 8-bits: Finding Joy and Creativity in the Legal Profession

My relationship with the law is ambivalent to say the least: I went to law school because I wanted to make a positive impact in the world, and becoming a judge seemed the proper way to do so. Spoiler alert! It was not.

Years as a Court clerk taught me a fair bit about how bureaucracy shapes organizations, preventing them from effective action and meaningful change. I come to the unsettling place of a non-conforming legal practitioner buried in one of the most archaic, formal and change-averse institutions: the judiciary. If you don’t fit, you must not acquit, but make room.

Law is a loose corpora of building blocks that interact to create solutions, a duality of limits and spaces for freedom. In that sense law is as much a tool as is code, and both could be equally inaccessible and esoteric for the uninitiated. Wide and open knowledge is crucial as a catalyst for change, that can be achieved by involving the communities affected by law’s frameworks before they are set in place.

Being lectures, podcasts or streamings, in divulgation and advocacy I found my call. And through pop culture and video games, the language to translate law and policy into something relatable and fun.

When presenting myself, I used to be in a “too many hats” conundrum: Should I speak as a policy researcher or from my place as a diversity activist through Women in Games Argentina? Videogames or artificial intelligence? Media or attorney?

Before, all these facets seemed antagonistic to being a legal professional. Now I settle on defining myself as the mind of a scholar, the heart of an activist and the skillset of a lawyer, trying to use all of them for good.

Through an unconventional journey I came to peace of mind with my purpose: trying to inspire the rogues and the misfits to embrace the whimsical weirdness of being different and to find our place in Law and its intersections: you are welcomed and you are needed here.

Zahra Stardust

Sex, Law & Protest

When I was admitted to practice, I was advised by colleagues to disclose my sex work experience so the Legal Profession Admission Board could consider whether I was a ‘fit and proper person’ of ‘good fame and character’. Sex work is often seen as some kind of reputational risk. But in my view, sex work is a more dignified profession than law. And sex workers have plenty to offer in legal analysis, including robust critiques of criminalisation, licensing, border patrol, policing practices and the carceral state.

Law makes us preoccupied with incremental change and symbolic victories. My auto-ethnographic research on pornography taught me about the perils of reformism and my background as a policy advisor taught me that an ‘evidence-base’ will only get you so far before it is trumped by political expediency and self-interest.

In law reform, wins for some mean losses for others. And it is consistently the most marginalised who are left off the agenda with the promise that legislators will return for them ‘later’, a date that never arrives.

Where I live, on the unceded Gadigal land of the Eora Nation, our government refuses to enter into a treaty with our Aboriginal and Torres Strait people, anti-protest legislation is on the rise and there is political backlash against trans youth. Yet the law maintains a delusion of progress.

My work has involved various strategies and interventions, from demystifying the law to legal accountability to strategic litigation. I’ve been a Legal Observer during protests for Black Lives Matter and Mardi Gras to document and record police brutality. I began the Illustrated Law Project, collaborating with tattoo artists to create accessible guides to police powers, protests and strip searching. I am working with Scarlet Alliance, Australian Sex Workers Association and the Inner City Legal Centre, to prepare a class action of sex workers against payment processors for financial discrimination.

As lawyers, we should be thinking about how we can use our skills to further social movements. Law speaks to itself in inaccessible jargon and maintains a profoundly unjust system of race, class, gender, sexuality and ability. The real legal experts are not lawyers or academics, but the communities who witness the brunt of its operation. I want to help build a future where marginalised communities drive social, cultural and economic change and eventually dismantle institutions of law as we know them.

For more on movement lawyering, see Law for Black Lives, the Movement Law Lab, the Movement Lawyering Conference, or watch this Spotlight on LGBTQ Advocacy in Lebanon as part of a series on Movement Lawyering and Social Change.

The Seven of Wands from Cristy C Road’s Next World Tarot deck.

Movement Lawyering for Alternative Futures was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.


WomenInIdentity

Member Interview with Fatema Pirone

What do you do and what is it about your job that gets you out of bed in the morning? I have the privilege of leading the Enterprise Innovation team… The post Member Interview with Fatema Pirone appeared first on Women in Identity.
What do you do and what is it about your job that gets you out of bed in the morning? Fatema Pirone, Senior Director, Enterprise Innovation for CIBC

I have the privilege of leading the Enterprise Innovation team at CIBC, shaping and transforming our bank’s stance on how we approach emerging trends and technologies. Our team is built of data scientists, designers, UX researchers, strategists and collectively we have created comprehensive projects, frameworks and a culture of innovation across our lines of business at CIBC. My role is to ensure we do not overinvest or underinvest in emerging technology and have built our innovation frameworks to tackle the banks most compelling opportunities and problems. I also have the privilege to elevate the people on my team to recognize their strong skills, provide opportunities for them to continue to grow and develop those skills, all while being able to set the vision and develop strong partnerships and sponsors from leaders in our organization.

I am constantly motivated by the various mindsets of the people around me, the depth of experience that everyone is able to bring to the table, and the great work that is the outcome of all of that combined! What gets me out of bed every morning is a strong cup of coffee, but also the curiosity of seeing what that day brings. The only standard on this team is that you can guarantee no two days will be the same. And that is what I love most about it.

How did you get to where you are today?

I follow a couple of key principles:

Be open to new experiences. This career path was never in my plans but I happened upon it and took various roles and training to figure out what I was passionate about and where I wanted to apply myself. Align yourself with great people, leaders that are willing to share their experiences and give you advice, and colleagues and employees you will take along on the journey. Lastly, never turn away from a complex project – I have grown the most doing the work others found unattractive. There are always lessons to learn which I embrace. I think this is at least part of the reason why I received WXN Canada’s Top 100 Most Powerful Women’s award this year. What is the most important lesson you have learned along the way?

It’s got to be the value and importance of advocating for yourself. I’ve been fortunate to have leaders who have supported and mentored me as I have developed throughout my own career, and I think that because of this I have seen the outcomes that are possible when you trust yourself. It can be easy to get caught up in imposter syndrome, but if I have learned anything, it is that if you can learn to believe that you have earned where you are today, that will transpire into better tangible outcomes.

The most important lesson I have learnt is the value and importance of advocating for yourself.

What’s your pitch to CEOs in the identity space?

Digital Identity is the single most important emerging tech that will allow us to provide end to end digital servicing for our clients in the most secure and transparent (to the client) way. We need to start ensuring we embed Digital ID into every flow where client’s data is moving – internally or externally. We need to stop creating siloed solutions and rather take an holistic approach. We need to continue to make the client the center of our solutions and services.

Why does diversity matter to you?

Diversity matters to me because it is the only way we create a future that is unique, that is better for all and is simply not like our history. Diversity is truly representations of all, that includes ethnicity, sexual orientations, belief systems, experience, skills, education and so on. When you have representation of all with a diverse group of people, the best outcomes are possible ~ that is where the magic lies.

What book/film/piece of art would you recommend to your fellow members? “From the Ashes” by Jesse Thistle

I am an avid reader so its really hard to just recommend one – so I’ll go with one recently read called “From the Ashes”  a memoir by Jesse Thistle. I think this book is a heart wrenching memoir and testament to inter-generational trauma that Indigenous people of Canada have experienced and are still battling. It is not the duty of the marginalized to drive the change that our society needs, rather the job of the privileged. So it is all of our duty to gain better understanding of what has happened, what the different experiences of the Indigenous communities and people are and advocate to do better. This book is a good start.

What advice would you give to the teenage ‘you’?

“There is no need to grow up so fast!” I jumped in the deep-end of adulthood really quickly, I was working full-time by the time I was 17 and got married when I was 19.  Although I do not regret any decision I made,  I would tell my younger self to be kinder to myself and enjoy that short time one has a teenager.

Where can we find you on social media?

Twitter: @Fatemzz

LinkedIn: linkedin.com/in/fatemapirone/

The post Member Interview with Fatema Pirone appeared first on Women in Identity.

Saturday, 02. January 2021

decentralized-id.com

Twitter Collection Week #5 December

Decentralized-ID - Week #5 December - Curated tweets by DecentralizeID

Friday, 01. January 2021

Own Your Data Weekly Digest

MyData Weekly Digest for January 1st, 2021

Read in this week's digest about: 14 posts, 1 Tool
Read in this week's digest about: 14 posts, 1 Tool

Sunday, 27. December 2020

EdgeSecure

Princeton University: Building World-Class Computing, Networking, and Data Science Research Infrastructure

The technological changes affecting the academic science community are happening at a rapid pace, causing the roles of advanced cyberinfrastructure and big data to evolve on a global scale. As the Senior Director of Advanced CyberInfrastructure, Office of the Vice President for Information Technology, and Senior Research Scholar, Department of Computer Science at Princeton University, Dr. Jack Bra

 Experience Article in EdgeDiscovery Magazine

The technological changes affecting the academic science community are happening at a rapid pace, causing the roles of advanced cyberinfrastructure and big data to evolve on a global scale. As the Senior Director of Advanced CyberInfrastructure, Office of the Vice President for Information Technology, and Senior Research Scholar, Department of Computer Science at Princeton University, Dr. Jack Brassil is witnessing this extraordinary shift in scientific research. “The cyberinfrastructure and collaboration that researchers need to conduct their work is an important driver of this change. The role of commercial cloud technologies is growing. Work that is conducted at a relatively modest scale in laboratories or in campus research facilities is shifting to include larger collaborations between many universities with increased reliance on shared infrastructure and access to massive datasets.” The transition from an older model of scientific research to a new model is occurring across the academic community, including Princeton, with many opportunities arising to leverage the Cloud to advance innovation and discovery.

Expanding the Reach of IT

Princeton is home to world-class facilities that are available to researchers across many departments and disciplines. Throughout his career, Brassil has worked at many top-notch institutions and says his role at Princeton is both an honor and a privilege. “Princeton has a commitment to excellence and advancing teaching and research. My position is unique to this institution in that the role bridges both Advanced CyberInfrastructure and the Department of Computer Science. I’m able to expand the reach of the IT organization deeper into the departments and elevate the boundaries of the service that is normally provided. Through this hybrid role, I’m embedded within various departments as they explore new programs, research infrastructures, and instruments.” 

Brassil says closing the gap between an IT organization and academic units is vitally important to an institution. His dual-role at Princeton allows him to see university operations from both vantage points and helps him gain a better understanding of university-wide thinking, including how that aligns with the institution’s goals and objectives. Brassil spent 25 years in industrial research, primarily working with universities and start-ups, and came to Princeton three years ago from the National Science Foundation (NSF).“This experience was instrumental in preparing me for the kind of innovative work I’m doing at Princeton,” shares Brassil. “I was able to learn more about the overall national and international research enterprise and the inner workings, including policy development and fundraising associated with science research. This experience gave me a greater understanding of not just a single university, but the vast differences between universities. Now at Princeton, I’m helping the University meet the growing needs for complicated infrastructure and instruments that academics are increasingly calling for to complete their research.”

“My hat is off to Dr. Forough Ghahramani for having the vision and insight to bring together people from different institutions to lead collaborations between universities and the State. Edge taking a leadership role is terrific, council members will help inform each other of what’s going on at the different institutions in New Jersey. By doing so, we’ll gain a collective understanding of group economic development and important technologies and how we can help support each other in our teaching and research missions — driving success for all.”

Dr. Jack Brassil
Senior Director of Advanced CyberInfrastructure,
Office of the Vice President for Information Technology
Senior Research Scholar, Department of Computer Science,
Princeton University

The Future of Cloud Technology

With extensive knowledge of cloud technology and the future of cloud-based research facilities, Brassil was approached by NSF to conduct a workshop at Princeton. The NSF-1934704, Workshop on Next Generation Cloud Research Infrastructure, brought together members of the academic community and industry from around the country to investigate the future of cloud computing research infrastructure. Academic members of the workshop use clouds to conduct their research, publish papers, and study datasets. The group also included service providers and cloud platform developers.

“Cloud research platforms have multiple uses, but the underlying intent is to allow researchers to think about how we build clouds and guide the development of future commercial clouds,” explains Brassil. “Existing commercial clouds, like Microsoft® Azure or Amazon Web Services (AWS), are designed to provide services to enterprises who want to expand their offsite computing needs. They do a great job at this, but they are not perfect vehicles for academic research. Institutions need sandboxes to determine what future commercial cloud technology should look like and try to pinpoint the specific services that are required of an academic cloud.”

An additional project Brassil is involved in is NSF-1923692, CloudJoin: Migrating CISE Computing Research Infrastructure to the Cloud, which investigates the integration of novel architectures into campus research computing and commercial cloud platforms. Like the workshop, this project focuses on how to build cloud computing infrastructure that is tailored to academic scientific research. “Academic research institutions host a central IT research computing organization to provide researchers with the campus tools, storage, and computing requirements they need to do their job,” says Brassil. “Those services struggle to meet  the demands of today, especially with the need for massive computing jobs and datasets.”

“Academics are at a place of transition,” Brassil continues, “Moving from using extensive, local equipment on campus to shared instruments, shared computing, and commercial cloud resources.” CloudJoin is exploring hybrid clouds, which integrates on campus computing resources with commercial cloud resources. “A hybrid model provides researchers with the comfort of working with familiar, local tools, combined with the scale, reach, and collaboration opportunities of a commercial cloud.”

Supporting Education and Innovation

Princeton, in conjunction with Edge and Rutgers University, created New Jersey’s first Internet2 GigaPOP access point earlier this year. Internet2 is the nation’s premier backbone for conducting research that supports education and innovation. The Internet2 GigaPOP is the first in-state connection to the national and global research infrastructure. “Edge created a community that facilitated collaboration and helped New Jersey create a top-tier statewide network,” shares Brassil. “GigaPOP is a tremendous opportunity to consolidate resources in the state, which in the long run, will lead to better economic development and help facilitate more collaboration between universities and community colleges and the State.”

With the creation of this access point, Princeton, a long-time Edge member, is now connected to an advanced technology community. “This opportunity ties back to Princeton’s desire to be fully connected and engaged in local communities,” says Brassil. “As seen in other regional networks in the country, I think the potential impact on both workforce and economic development is fantastic and will help further drive innovation and discovery. This collaborative environment also creates a center of knowledge for institutions to call upon for support as they develop new cyberinfrastructure.”

Princeton, Rutgers, and Edge are also key participants in a NSF-funded network research infrastructure called FABRIC. The four-year project is intended to support exploratory research in computer networking, distributed computing systems, and next-generation applications. FABRIC involves network elements that are equipped with large amounts of compute and storage that are interconnected by high speed, dedicated optical links. Connecting several testbeds and high-performance computing facilities, FABRIC provides access to cutting-edge network technologies and aims to advance cybersecurity, integrate machine learning and artificial intelligence, and help train the next generation of computer science researchers.

EdgeDiscovery Advisory Council

Edge is dedicated to forging pathways for innovation and engagement among researchers and other stakeholders in the scientific discovery domain. Through EdgeDiscovery, members can pursue their research goals by accessing the advanced computing, support, training, and community engagement they need for success. The EdgeDiscovery Advisory Council was created to bring together fellow forward-thinkers and visionaries and provide a forum for supportive and informative collaboration. “Edge taking a leadership role is terrific. My hat is off to Dr. Forough Ghahramani for having the vision and insight to bring together people from different institutions to lead collaborations between universities and the State,” says Brassil. “Council members will help inform each other of what’s going on at the different institutions in New Jersey. By doing so, we’ll gain a collective understanding of group economic development and important technologies and how we can help support each other in our teaching and research missions — driving success for all.”

To learn more about EdgeDiscovery and tapping into the power of research collaboration and connectivity, visit NJEdge.net/edge-discovery.

View Article in EdgeDiscovery Magazine

The post Princeton University: Building World-Class Computing, Networking, and Data Science Research Infrastructure appeared first on Edge.

Saturday, 26. December 2020

decentralized-id.com

Twitter Collection Week #4 December

Decentralized-ID - Week #4 December - Curated tweets by DecentralizeID

Friday, 25. December 2020

Own Your Data Weekly Digest

MyData Weekly Digest for December 25th, 2020

Read in this week's digest about: 8 posts, 2 questions, 1 Tool
Read in this week's digest about: 8 posts, 2 questions, 1 Tool

Thursday, 24. December 2020

aNewGovernance

Happy Holiday Season

Dear Friends,

We all agree 2020 is not a year we’ll regret. Still, we shall all remember it!

This pandemic has been devastating for individuals, families, health professionals, cities, countries, the world at large. Still, we found the way to adapt our lives through technology and data, while keeping human relations alive, sometimes reinforcing them. It led to imaginative solutions and technical leaps in many areas. It enabled an unprecedented mobilization on a global basis which delivers as we speak
efficient vaccines in a record time. This pandemic has silver linings!

Let’s push it further and make 2021 the year fair, human-centred and trusted data becomes a reality and the norm.


Happy Holiday Season and together we shall build the best in the New Year in Europe and beyond!

the team @ aNewGovernance


SelfKey Foundation

Claim your KEY Airdrop for Credentials Verification Now!

Users with verified SelfKey Credentials will get an airdrop of 18,888 KEY tokens. A total of 18,888,000 KEY tokens will be distributed as part of the airdrop. The post Claim your KEY Airdrop for Credentials Verification Now! appeared first on SelfKey.

Users with verified SelfKey Credentials will get an airdrop of 18,888 KEY tokens. A total of 18,888,000 KEY tokens will be distributed as part of the airdrop.

The post Claim your KEY Airdrop for Credentials Verification Now! appeared first on SelfKey.

Wednesday, 23. December 2020

EdgeSecure

New Jersey Alliance for Action’s Chris Hartman Named to Edge’s Board of Trustees

Graduating with an Engineering degree from New Jersey Institute of Technology (NJIT) in 2004, Christian Hartman’s plan was to dive into the world of project creation and design. While immensely enjoying the collaboration with peers and working with his fellow engineers, the self-described extrovert began to find less enjoyment with the laboratory work, testing, and diagnostics associated with some

 Experience Article in View From the Edge Magazine

Graduating with an Engineering degree from New Jersey Institute of Technology (NJIT) in 2004, Christian Hartman’s plan was to dive into the world of project creation and design. While immensely enjoying the collaboration with peers and working with his fellow engineers, the self-described extrovert began to find less enjoyment with the laboratory work, testing, and diagnostics associated with some of his earlier roles. Conversely, he found quite a bit of joy in presenting and face-to-face human interaction. “I found I’d rather be the person giving the presentation and sharing the design concepts to our clients,” Hartman says. Fortunately, following a few of his internships, Hartman found opportunities to combine his technical and interpersonal skills with several companies in the private sector. He enjoyed building up franchises and teaching the businesses about technology. “My positions were all about working with people and showing the teams how technology could change and improve their businesses,” he adds.

These experiences brought forth connections at New Jersey Alliance for Action (Alliance for Action). Hartman began conversing with one of Alliance for Action’s officers, who shared the organization’s mission to transform New Jersey’s infrastructure. “Alliance for Action’s positive impact on the state and its residents interested me immediately. Their mission fit in with what I wanted to do and how I wanted to move my career forward. I felt like I would be able to give back because I love this state,” he shares. Hartman began working at Alliance for Action in 2014, initially as the Assistant Vice President. In 2018, he was named Vice President and was placed on the Executive Team.

Hartman’s technical expertise and ability to connect with Alliance for Action’s clients was also one of the reasons for his recent invitation onto Edge’s Board of Trustees. “When Edge asked me to be a part of their Board, the invitation was an honor and seemed like a natural fit,” he said. “Our organizations often work together with research and development and many Edge members are also members of the Alliance.”

Providing Leadership Through Advocacy and Education

As Vice President, Hartman oversees several key strategic areas at Alliance for Action, devoting significant time to the areas of advocacy, education, infrastructure, capital construction, economic development, and working to unite three industries: business, government, and labor. “We bring together the big three—entities that may not traditionally see eye to eye,” he explains. “Our job is to carve out the projects and the initiatives that we believe are important economic drivers for those three sectors.” While working diligently to align the big three, Hartman also aims to grow Alliance for Action’s membership and develop fresh networking opportunities for current members. “All of our members, whether they are from business, government, or labor, are constantly seeking to expand their respective networks, so part of my job is to connect members to individuals who could potentially become a new contact which, in turn, enables both parties to grow both their bases.”  

With many important strategic tasks on his plate, Hartman also finds time to be the resident technical geek on staff, guiding Alliance for Action into the 21st Century through digital and virtual interactions, communications, and interactive conferences. “We have to change the way we communicate whether the mechanism is through social media, more traditional online interactions, or via digital communication,” he explains. “I don’t think the technology evolution will ever truly end, but fortunately, I relish the concept of constant innovation.” 

“The New Jersey Connection That Works”

Since the 1970s, Alliance for Action’s overall mission has been to improve New Jersey’s economy through the promotion of capital construction and infrastructure investments, calling themselves “The New Jersey Connection That Works.” With thousands of New Jersey’s top corporate, labor, professional, academic, and governmental representatives as members of the non-partisan organization, the group has been an important advocate regarding the completion of countless initiatives and projects within the state. While not always visible to the general populous, Alliance for Action plays a vital role in bettering the state’s communities, including spearheading the creation of a better transportation infrastructure, the development of 5G, all the way down to making sure there is sand on the beaches and clean drinking water flowing through the pipes. 

Hartman says their goal is to identify areas of need in New Jersey and then direct resources to devise a solution. “No one thinks about when the light switch is flipped on or the heat is turned on in the winter, people simply expect both utilities to work seamlessly. Families aren’t necessarily concerned about where their energy is coming from; they just want their family to be safe and comfortable,” Hartman says. “Our job is to make sure everything is working behind the scenes, so the lights can come on, there is clean drinking water, working utilities, and functional transportation.”

“When Edge asked me to be a part of their Board, the invitation was an honor and seemed like a natural fit. Our organizations often work together with research and development and many Edge members are also members of the Alliance.”

Chris Hartman

Vice President,

New Jersey
Alliance for Action

5G Becoming a Game Changer

Over the past few years, the term 5G has become better known and the possibilities the technology provides have become known game changers. Alliance for Action has partnered with Edge’s network to strengthen the state’s infrastructure and provide instantaneous access. Hartman believes Edge’s connections to research institutions, healthcare organizations, higher education, and non-profits, as well as their broadband backbone, provide untapped potential for 5G in New Jersey.

With COVID-19 accelerating trends like remote learning, research collaboration online, and working from home, many member institutions are reaching out to Edge and Alliance for Action for connection, so these necessities can be sustained and improved. “I believe our members will learn how to leverage Edge as a resource as time moves on, because they’re learning how important things like broadband and connectivity are in the real world right now, especially because of the COVID-19 pandemic,” Hartman explains. “You either are going to have to change or you are going to be left behind.”

Continued Partnership with Edge

Since youth, Hartman has been a communicator and enjoys the times he can interact with like-minded individuals. He especially appreciates Edge events and his ability to network and grow in technological education. “At the several Edge events I attended, the material was focused on cybersecurity, which is something I believe, especially in the construction industry, we need to start looking at more,” he says. This sector has incorporated wireless tools, CAD programs, and the ability to create blueprints and schematics in real time at the job sites. If these components aren’t protected, hacking can occur, and material lost.

Hartman also appreciates the ability to network at Edge events, which is something he immensely enjoys and is a necessity in his position at Alliance for Action. “There is enjoyment in meeting new people, because you never know when the next person could open the door for you or open your eyes to something you didn’t know about before – basically opening up a whole world for you,” he adds. Most importantly, Hartman said the value of making new connections with a diverse group of people can have enormous impact in the future. He then takes these networking opportunities and connects his members to resources. “If by going to these different events and meeting all these different people, I can break down those walls, or I can learn something about a new connection and I can help one of my members, all I’m doing is making the network that much stronger and that much better,” Hartman shares. “These connections not only help me, but will also help my members and Edge’s members. They’re getting a new contact, my member is getting a new contact, and hopefully the two of them are learning something new. Then they can move forward, and their businesses can grow from there.”

The connections Hartman has developed was another reason for his invitation onto Edge’s Board of Trustees. With his role at Alliance for Action, he can become a collaborative resource for both parties and increase the overall value proposition of the two organizations. As part of the Edge Board, two of the areas he will be focusing on include connectivity and security. “Protection must be provided against ransomware and viruses, and hackers have increased their efforts across the board.” Many towns, smaller institutions, and municipalities find themselves ill-prepared against the onslaught. Hartman finds comfort in the fact the Edge network provides another level of protection and additional resources to aid these groups. “I think Edge has some very interesting solutions when it comes to cybersecurity, especially the new EdgeSecure Cybersecurity Health Check program,” he says.

Full Circle Assistance

Almost twenty years ago, Hartman was a student at NJIT and now he serves as a peer to the institution, which is also a valued, connected member of both Alliance for Action and Edge. He feels the preparation and real-world experience NJIT provided has played an enormous role in his own life. “I don’t know if there are many schools out there that prepares their students for the real world as well as NJIT, especially as an upperclassman and no longer just looking at the books, but you’re working in a lab and collaborating with others,” he shares. “Their ability to prepare students to transition to the workforce is unparalleled.”   

Hartman says the transition from student to peer is strange in some ways, explaining. “When you’re a student, you look up to these folks, especially those in the administration. In my mind, they represented the true embodiment of innovation and the creation of new methods to conduct business using the latest technology,” he added. “It’s a strange thought to put yourself as a peer to Dr. Henderson or Dr. Rose—people I always looked up to. However, I finally understand the challenges these administrators face on a day-to-day basis, and I understand how groups like Alliance for Action and Edge can help their members navigate the world as universities adapt to changing students’ needs, wants, and desires—what they need in order to adapt and to survive.”

Now, Hartman has a seat at all these tables, using the leadership and interpersonal skills he began crafting in classrooms at University Heights, Newark, NJ. In many ways, he has come full circle, using his gifts to help members of both Alliance for Action and Edge to become game changers in the world.

View Article in View From the Edge Magazine

The post New Jersey Alliance for Action’s Chris Hartman Named to Edge’s Board of Trustees appeared first on Edge.

Tuesday, 22. December 2020

Good ID

FIDO Certified Servers: Updates for Processing Current Metadata Statements

Yuriy Ackermann, Certification Technical Manager, FIDO Alliance With the advancement and modifications to specifications and program requirements, certification processes and policies will need to be modified from time-to-time. With the […] The post FIDO Certified Servers: Updates for Processing Current Metadata Statements appeared first on FIDO Alliance.

Yuriy Ackermann, Certification Technical Manager, FIDO Alliance

With the advancement and modifications to specifications and program requirements, certification processes and policies will need to be modified from time-to-time. With the recent changes and publication of the FIDO Authenticator Certification program as they relate to V1.4 of the Security Requirements, and the current FIDO Registry of Values specification, we are recommending currently certified servers make necessary changes.

It is strongly recommended that you update your FIDO2 and UAF servers in order to correctly process current and future metadata statements based on the latest updates to the FIDO Registry of Predefined Values.

The spec changes are as follows:

All previous USER_VERIFY methods have been post-fixed with _INTERNAL to identify them explicitly as INTERNAL user verification methods  Example: USER_VERIFY_PRESENCE → USER_VERIFY_PRESENCE_INTERNAL.
New USER_VERIFY methods have been added: USER_VERIFY_PASSCODE_EXTERNAL (0x00000800) and USER_VERIFY_PATTERN_EXTERNAL (0x00001000)
RS1 or ALG_SIGN_RSASSA_PKCSV15_SHA1_RAW (0x0010) IANA ALG_KEY_COSE “alg” identifier has been changed to -65535

Servers should make the following updates to support these changes:

FIDO2 servers: Update pubKeyCredParams to contain -65535 alg
FIDO2 and UAF servers: Change old user verification methods values to the new post-fixed values. Example: USER_VERIFY_PRESENCE → USER_VERIFY_PRESENCE_INTERNAL
FIDO2 and UAF servers: Run the conformance tools to verify support for these changes

The latest FIDO Registry of Predefined Values is now available in JavaScript.

The post FIDO Certified Servers: Updates for Processing Current Metadata Statements appeared first on FIDO Alliance.

Monday, 21. December 2020

Ceramic Network

How to build a simple notes app with IDX

Learn how to build a simple note taking application where users own their data with IDX and React.
Introduction

IDX is a protocol for building applications with user-centric, interoperable data. In a previous post, we described what IDX is and the benefits of building applications in this way. This tutorial will walk through the creation of a simple note-taking web app using decentralized technologies for authentication and data storage, allowing users to have complete ownership over their contents.

In this tutorial, we will use the following technologies:

React: a popular framework for building web applications IDX: a JavaScript/TypeScript framework for user-centric data management Ceramic: a decentralized network for storing mutable, verifiable documents DIDs: a W3C standard for decentralized identifiers The finished product ✨ Environment setup

To get started using IDX, we'll first need to install the IDX CLI using npm. You'll also need to have node installed.

npm install -g @ceramicstudio/idx-cli Project setup Initial dependencies

We'll use Create React App with the TypeScript template to setup our project:

npx create-react-app idx-demo-app --template typescript --use-npm

Then we'll add the first dependencies:

cd idx-demo-app npm install @ceramicnetwork/cli @ceramicnetwork/http-client @ceramicstudio/idx-tools key-did-provider-ed25519 uint8arrays

Let's also edit the package.json file to add the following scripts:

"bootstrap": "node ./bootstrap.js", "ceramic": "ceramic daemon",

Finally, as the uint8arrays package does not provide TypeScript definitions, let's add them to the src/react-app-env.d.ts file:

/// <reference types="react-scripts" /> declare module 'uint8arrays' { export function toString(b: Uint8Array, enc?: string): string export function fromString(s: string, enc?: string): Uint8Array } src/react-app-env.d.ts file Local Ceramic node

Let's start a local Ceramic node using the script defined, and keep it running for all the steps of this tutorial:

npm run ceramic

We'll also need to bootstrap the local node with the IDX documents, using the IDX CLI previously installed:

idx bootstrap Data model

By using Ceramic and IDX, we can create a data model for our application that is user-centric (instead of application-siloed),  globally available from any client on the Ceramic network, and publicly discoverable and shareable across any application(s) that a user interacts with. This is all made possible thanks to public schemas, data definitions, and the user's IDX document. Thus, by storing your application's user data in the IDX framework, it becomes truly user-centric and portable across app domains and contexts.

A schema is a JSON-schema document created by a developer which can be used to validate the contents of other documents simply by including the unique document identifier (DocID) of the schema. A definition is a document created by a developer which provides metadata about the data that they want to store with the user. The DocID of the definition acts as a unique key within the user's IDX document, and is used to identify a reference (the actual contents) associated to a specified schema. An IDX document is a document owned by a user which maintains an index of all of their data in a single place. It is a key-value store that stores mappings from definitions to references.

For this notes management app, we'll use two types of documents and therefore two schemas:

Note: this document will store the contents of a single note NotesList: the entry-point document to index the list of notes with metadata

We will need to create and publish these schemas to the local Ceramic node, along with a definition which allows us to interact with the notes list using IDX. This will allow our app and others to access the notes via the following path:

User DID —> IDX index —> notes definition —> notes list —> note 1 -> note 2 -> ...

Let's create a bootstrap.js script that will create and publish the schemas and definition to our Ceramic node, and store the Ceramic document ID (DocID) of the definition to a JSON file that will be used by the app:

const { writeFile } = require('fs').promises const Ceramic = require('@ceramicnetwork/http-client').default const { createDefinition, publishSchema } = require('@ceramicstudio/idx-tools') const { Ed25519Provider } = require('key-did-provider-ed25519') const fromString = require('uint8arrays/from-string') const CERAMIC_URL = 'http://localhost:7007' const NoteSchema = { $schema: 'http://json-schema.org/draft-07/schema#', title: 'Note', type: 'object', properties: { date: { type: 'string', format: 'date-time', title: 'date', maxLength: 30, }, text: { type: 'string', title: 'text', maxLength: 4000, }, }, } const NotesListSchema = { $schema: 'http://json-schema.org/draft-07/schema#', title: 'NotesList', type: 'object', properties: { notes: { type: 'array', title: 'notes', items: { type: 'object', title: 'NoteItem', properties: { id: { $ref: '#/definitions/CeramicDocId', }, title: { type: 'string', title: 'title', maxLength: 100, }, }, }, }, }, definitions: { CeramicDocId: { type: 'string', pattern: '^ceramic://.+(\\\\?version=.+)?', maxLength: 150, }, }, } async function run() { // The seed must be provided as an environment variable const seed = fromString(process.env.SEED, 'base16') // Connect to the local Ceramic node const ceramic = new Ceramic(CERAMIC_URL) // Authenticate the Ceramic instance with the provider await ceramic.setDIDProvider(new Ed25519Provider(seed)) // Publish the two schemas const [noteSchema, notesListSchema] = await Promise.all([ publishSchema(ceramic, { content: NoteSchema }), publishSchema(ceramic, { content: NotesListSchema }), ]) // Create the definition using the created schema ID const notesDefinition = await createDefinition(ceramic, { name: 'notes', description: 'Simple text notes', schema: notesListSchema.commitId.toUrl(), }) // Write config to JSON file const config = { definitions: { notes: notesDefinition.id.toString(), }, schemas: { Note: noteSchema.commitId.toUrl(), NotesList: notesListSchema.commitId.toUrl(), }, } await writeFile('./src/config.json', JSON.stringify(config)) console.log('Config written to src/config.json file:', config) process.exit(0) } run().catch(console.error) bootstrap.js file

Now to run this script, we'll need to provide a 32 bytes base16-encoded string as an environment variable:

SEED=<your seed> npm run bootstrap

If you need a simple way to create such a seed, you can use the following command:

node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"

Running the bootstrap script will create a config.json file in the src folder, that will be imported by our app. The schemas and definition DocIDs contained in this config.json file are globally unique and can be shared with other apps wanting to interact with the notes associated to the user.

Interacting with our data model

Before moving forwards with implementing our app, let's first check we can interact with our data model using the IDX CLI.

First, we'll need to create a local DID that will be used by the CLI:

idx did:create --label=local

The local alias can be used to reference the DID in the following commands, rather than having to provide the full DID string.

Now we can create a note with some text using the Note schema URL added to src/config.json. In my case this URL is ceramic://kjzl6cwe1jw14atxo8ax0mrknm7xfh8pxqy24hbdrxi9nagtwoa3la5s4hf32qr but it will be different when using another seed, so don't forget to change it in the example below:

idx tile:create local '{"text":"My first note"}' --schema=ceramic://kjzl6cwe1jw14atxo8ax0mrknm7xfh8pxqy24hbdrxi9nagtwoa3la5s4hf32qr

Successfully running this command will display the document ID of the created note, that we can then add to the list of notes using the notes definition key added to src/config.json:

idx index:set local kjzl6cwe1jw14almqh93rmt1mpv8h6zvyeyhh7jzlqp95kgv38c0jb5yuo8mo7w '{"notes":[{"id":"ceramic://kjzl6cwe1jw147xhyjemd6r38812gzhhexw9mj3gz2vvkimotu5xktssik2cbzp","title":"First"}]}'

Make sure to replace the definition key (kjzl6cwe1jw14almqh93rmt1mpv8h6zvyeyhh7jzlqp95kgv38c0jb5yuo8mo7w in my case) and the created note URL (ceramic://kjzl6cwe1jw147xhyjemd6r38812gzhhexw9mj3gz2vvkimotu5xktssik2cbzp in the code above) by the values created in your environment.

We can now check the created note and notes list can be loaded:

idx index:get local kjzl6cwe1jw14almqh93rmt1mpv8h6zvyeyhh7jzlqp95kgv38c0jb5yuo8mo7w idx tile:get ceramic://kjzl6cwe1jw147xhyjemd6r38812gzhhexw9mj3gz2vvkimotu5xktssik2cbzp Application dependencies and IDX setup

Our app is going to use the following additional dependencies:

IDX, to interact with the list of notes Material UI for UI components and icons A random bytes generator, to generate a seed npm install @ceramicstudio/idx @material-ui/core @material-ui/icons @stablelib/random

Then, let's create an idx.ts file in the src folder, implementing the logic to authenticate using a provided seed and load notes with IDX:

import Ceramic from '@ceramicnetwork/http-client' import { IDX } from '@ceramicstudio/idx' import { Ed25519Provider } from 'key-did-provider-ed25519' import { definitions } from './config.json' const CERAMIC_URL = 'http://localhost:7007' export type NoteItem = { id: string title: string } export type NotesList = { notes: Array<NoteItem> } export type IDXInit = NotesList & { ceramic: Ceramic idx: IDX } export async function getIDX(seed: Uint8Array): Promise<IDXInit> { // Create the Ceramic instance and inject provider const ceramic = new Ceramic(CERAMIC_URL) await ceramic.setDIDProvider(new Ed25519Provider(seed)) // Create the IDX instance with the definitions aliases from the config const idx = new IDX({ ceramic, aliases: definitions }) // Load the existing notes const notesList = await idx.get<{ notes: Array<NoteItem> }>('notes') return { ceramic, idx, notes: notesList?.notes ?? [] } } src/idx.ts file Application state and actions

In this section, we'll implement the core logic of our app based on a state, synchronous actions mutating the state, and high-level handlers performing one or more actions.

First, let's create a state.ts file in the src folder with the following initial contents:

import type { Doctype } from '@ceramicnetwork/common' import type Ceramic from '@ceramicnetwork/http-client' import type { IDX } from '@ceramicstudio/idx' import { useCallback, useReducer } from 'react' import { schemas } from './config.json' import { getIDX } from './idx' import type { IDXInit, NotesList } from './idx' type AuthStatus = 'pending' | 'loading' | 'failed' export type DraftStatus = 'unsaved' | 'saving' | 'failed' | 'saved' type NoteLoadingStatus = 'init' | 'loading' | 'loading failed' type NoteSavingStatus = 'loaded' | 'saving' | 'saving failed' | 'saved' type UnauthenticatedState = { status: AuthStatus } type AuthenticatedState = { status: 'done'; ceramic: Ceramic; idx: IDX } export type AuthState = UnauthenticatedState | AuthenticatedState type NavDefaultState = { type: 'default' } type NavDraftState = { type: 'draft' } type NavNoteState = { type: 'note'; docID: string } export type IndexLoadedNote = { status: NoteLoadingStatus; title: string } export type StoredNote = { status: NoteSavingStatus title: string doc: Doctype } type Store = { draftStatus: DraftStatus notes: Record<string, IndexLoadedNote | StoredNote> } type DefaultState = { auth: AuthState nav: NavDefaultState } type NoteState = { auth: AuthenticatedState nav: NavDraftState | NavNoteState } export type State = Store & (DefaultState | NoteState) src/state.ts file

Here we are importing types and dependencies from React (the useCallback and useReducer hooks) and defining the valid shapes the application State can have.

Next we'll define an Action type that includes all the possible synchronous actions that can be performed to mutate the State:

type AuthAction = { type: 'auth'; status: AuthStatus } type AuthSuccessAction = { type: 'auth success' } & IDXInit type NavResetAction = { type: 'nav reset' } type NavDraftAction = { type: 'nav draft' } type NavNoteAction = { type: 'nav note'; docID: string } type DraftDeleteAction = { type: 'draft delete' } type DraftStatusAction = { type: 'draft status'; status: 'saving' | 'failed' } type DraftSavedAction = { type: 'draft saved' title: string docID: string doc: Doctype } type NoteLoadedAction = { type: 'note loaded'; docID: string; doc: Doctype } type NoteLoadingStatusAction = { type: 'note loading status' docID: string status: NoteLoadingStatus } type NoteSavingStatusAction = { type: 'note saving status' docID: string status: NoteSavingStatus } type Action = | AuthAction | AuthSuccessAction | NavResetAction | NavDraftAction | NavNoteAction | DraftDeleteAction | DraftStatusAction | DraftSavedAction | NoteLoadedAction | NoteLoadingStatusAction | NoteSavingStatusAction src/state.ts file

To handle the state transitions, we'll use a reducer function, as presented in React's documentation:

function reducer(state: State, action: Action): State { switch (action.type) { case 'auth': return { ...state, nav: { type: 'default' }, auth: { status: action.status }, } case 'auth success': { const auth = { status: 'done', ceramic: action.ceramic, idx: action.idx, } as AuthenticatedState return action.notes.length ? { ...state, auth, notes: action.notes.reduce((acc, item) => { acc[item.id] = { status: 'init', title: item.title } return acc }, {} as Record<string, IndexLoadedNote>), } : { auth, draftStatus: 'unsaved', nav: { type: 'draft' }, notes: {}, } } case 'nav reset': return { ...state, nav: { type: 'default' } } case 'nav draft': return { ...state, auth: state.auth as AuthenticatedState, nav: { type: 'draft' }, } case 'draft status': return { ...state, auth: state.auth as AuthenticatedState, draftStatus: action.status, } case 'draft delete': return { ...state, draftStatus: 'unsaved', nav: { type: 'default' }, } case 'draft saved': { return { auth: state.auth as AuthenticatedState, draftStatus: 'unsaved', nav: { type: 'note', docID: action.docID }, notes: { ...state.notes, [action.docID]: { status: 'saved', title: action.title, doc: action.doc, }, }, } } case 'nav note': return { ...state, auth: state.auth as AuthenticatedState, nav: { type: 'note', docID: action.docID, }, } case 'note loaded': { const id = (state.nav as NavNoteState).docID const noteState = state.notes[id] return { ...state, auth: state.auth as AuthenticatedState, notes: { ...state.notes, [id]: { status: 'loaded', title: noteState.title, doc: action.doc, }, }, } } case 'note loading status': { const id = (state.nav as NavNoteState).docID const noteState = state.notes[id] as IndexLoadedNote return { ...state, auth: state.auth as AuthenticatedState, notes: { ...state.notes, [id]: { ...noteState, status: action.status }, }, } } case 'note saving status': { const id = (state.nav as NavNoteState).docID const noteState = state.notes[id] as StoredNote return { ...state, auth: state.auth as AuthenticatedState, notes: { ...state.notes, [id]: { ...noteState, status: action.status }, }, } } } } src/state.ts file

Finally, let's create a React hook wrapping this logic in high-level handlers:

export function useApp() { const [state, dispatch] = useReducer(reducer, { auth: { status: 'pending' }, draftStatus: 'unsaved', nav: { type: 'default' }, notes: {}, }) const authenticate = useCallback((seed: Uint8Array) => { dispatch({ type: 'auth', status: 'loading' }) getIDX(seed).then( (init) => { dispatch({ type: 'auth success', ...init }) }, (err) => { console.warn('authenticate call failed', err) dispatch({ type: 'auth', status: 'failed' }) }, ) }, []) const openDraft = useCallback(() => { dispatch({ type: 'nav draft' }) }, []) const deleteDraft = useCallback(() => { dispatch({ type: 'draft delete' }) }, []) const saveDraft = useCallback( (title: string, text: string) => { dispatch({ type: 'draft status', status: 'saving' }) const { ceramic, idx } = state.auth as AuthenticatedState Promise.all([ ceramic.createDocument('tile', { content: { date: new Date().toISOString(), text }, metadata: { controllers: [idx.id], schema: schemas.Note }, }), idx.get<NotesList>('notes'), ]) .then(([doc, notesList]) => { const notes = notesList?.notes ?? [] return idx .set('notes', { notes: [{ id: doc.id.toUrl(), title }, ...notes], }) .then(() => { const docID = doc.id.toString() dispatch({ type: 'draft saved', docID, title, doc }) }) }) .catch((err) => { console.log('failed to save draft', err) dispatch({ type: 'draft status', status: 'failed' }) }) }, [state.auth], ) const openNote = useCallback( (docID: string) => { dispatch({ type: 'nav note', docID }) if (state.notes[docID] == null || state.notes[docID].status === 'init') { const { ceramic } = state.auth as AuthenticatedState ceramic.loadDocument(docID).then( (doc) => { dispatch({ type: 'note loaded', docID, doc }) }, () => { dispatch({ type: 'note loading status', docID, status: 'loading failed', }) }, ) } }, [state.auth, state.notes], ) const saveNote = useCallback((doc: Doctype, text: string) => { const docID = doc.id.toString() dispatch({ type: 'note saving status', docID, status: 'saving' }) doc.change({ content: { date: new Date().toISOString(), text } }).then( () => { dispatch({ type: 'note saving status', docID, status: 'saved' }) }, () => { dispatch({ type: 'note saving status', docID, status: 'saving failed' }) }, ) }, []) return { authenticate, deleteDraft, openDraft, openNote, saveDraft, saveNote, state, } } src/state.ts file Application UI

Now that our application logic is implemented, we can add the user interface, based on Material UI components.

For simplicity in this tutorial all the components are implemented in a single file, but more complex apps would gain from having the interface split into different modules.

Let's change the generated App.tsx file in the src folder, first to import the dependencies we'll use:

import type { Doctype } from '@ceramicnetwork/common' import AppBar from '@material-ui/core/AppBar' import Button from '@material-ui/core/Button' import CssBaseline from '@material-ui/core/CssBaseline' import Dialog from '@material-ui/core/Dialog' import DialogActions from '@material-ui/core/DialogActions' import DialogContent from '@material-ui/core/DialogContent' import DialogTitle from '@material-ui/core/DialogTitle' import Divider from '@material-ui/core/Divider' import Drawer from '@material-ui/core/Drawer' import Hidden from '@material-ui/core/Hidden' import IconButton from '@material-ui/core/IconButton' import List from '@material-ui/core/List' import ListItem from '@material-ui/core/ListItem' import ListItemSecondaryAction from '@material-ui/core/ListItemSecondaryAction' import ListItemText from '@material-ui/core/ListItemText' import Paper from '@material-ui/core/Paper' import TextareaAutosize from '@material-ui/core/TextareaAutosize' import TextField from '@material-ui/core/TextField' import Toolbar from '@material-ui/core/Toolbar' import Typography from '@material-ui/core/Typography' import { makeStyles, useTheme, Theme, createStyles, } from '@material-ui/core/styles' import DownloadIcon from '@material-ui/icons/CloudDownload' import DeleteIcon from '@material-ui/icons/Delete' import EditIcon from '@material-ui/icons/Edit' import ErrorIcon from '@material-ui/icons/ErrorOutline' import ListItemIcon from '@material-ui/core/ListItemIcon' import MenuIcon from '@material-ui/icons/Menu' import NoteIcon from '@material-ui/icons/Note' import NoteAddIcon from '@material-ui/icons/NoteAdd' import UploadIcon from '@material-ui/icons/CloudUpload' import { randomBytes } from '@stablelib/random' import React, { useRef, useState } from 'react' import { fromString, toString } from 'uint8arrays' import { useApp } from './state' import type { AuthState, DraftStatus, IndexLoadedNote, State, StoredNote, } from './state' src/App.tsx file

Next, let's create the styles we will use:

const drawerWidth = 300 const useStyles = makeStyles((theme: Theme) => createStyles({ root: { display: 'flex', }, drawer: { [theme.breakpoints.up('sm')]: { width: drawerWidth, flexShrink: 0, }, }, appBar: { [theme.breakpoints.up('sm')]: { width: `calc(100% - ${drawerWidth}px)`, marginLeft: drawerWidth, }, }, menuButton: { marginRight: theme.spacing(2), [theme.breakpoints.up('sm')]: { display: 'none', }, }, // necessary for content to be below app bar toolbar: theme.mixins.toolbar, drawerPaper: { width: drawerWidth, }, content: { flexGrow: 1, padding: theme.spacing(3), }, title: { flexGrow: 1, }, noteSaveButton: { marginTop: theme.spacing(2), }, noteTextarea: { border: 0, fontSize: theme.typography.pxToRem(18), padding: theme.spacing(2), width: '100%', }, }), ) src/App.tsx file

Now we'll create our first component: NotesList. This component displays the list of notes in a side menu, and a button to open a draft note.

This component will get the State and needed actions injected:

type NotesListProps = { deleteDraft: () => void openDraft: () => void openNote: (docID: string) => void state: State } function NotesList({ deleteDraft, openDraft, openNote, state, }: NotesListProps) { let draft if (state.nav.type === 'draft') { let icon switch (state.draftStatus) { case 'failed': icon = <ErrorIcon /> break case 'saving': icon = <UploadIcon /> break default: icon = <EditIcon /> } draft = ( <ListItem button onClick={() => openDraft()} selected> <ListItemIcon>{icon}</ListItemIcon> <ListItemText primary="Draft note" /> <ListItemSecondaryAction> <IconButton edge="end" aria-label="delete" onClick={() => deleteDraft()}> <DeleteIcon /> </IconButton> </ListItemSecondaryAction> </ListItem> ) } else if (state.auth.status === 'done') { draft = ( <ListItem> <ListItemIcon> <NoteAddIcon /> </ListItemIcon> <ListItemText primary="New note" /> </ListItem> ) } else { draft = ( <ListItem> <ListItemIcon> <NoteAddIcon /> </ListItemIcon> <ListItemText primary="Authenticate to create note" /> </ListItem> ) } const notes = Object.entries(state.notes).map(([docID, note]) => { const isSelected = state.nav.type === 'note' && state.nav.docID === docID let icon switch (note.status) { case 'loading failed': case 'saving failed': icon = <ErrorIcon /> break case 'loading': icon = <DownloadIcon /> break case 'saving': icon = <UploadIcon /> break default: icon = isSelected ? <EditIcon /> : <NoteIcon /> } return ( <ListItem button key={docID} onClick={() => openNote(docID)} selected={isSelected}> <ListItemIcon>{icon}</ListItemIcon> <ListItemText primary={note.title} /> </ListItem> ) }) return ( <> <List>{draft}</List> <Divider /> <List>{notes}</List> </> ) } src/App.tsx file

Another component we will need is AuthenticateScreen, that will display the authenticated ID or seed prompt as needed:

type AuthenticateProps = { authenticate: (seed: Uint8Array) => void state: AuthState } function AuthenticateScreen({ authenticate, state }: AuthenticateProps) { const [seed, setSeed] = useState('') const isLoading = state.status === 'loading' return state.status === 'done' ? ( <Typography>Authenticated with ID {state.idx.id}</Typography> ) : ( <> <Typography> You need to authenticate to load your existing notes and create new ones. </Typography> <div> <TextField autoFocus disabled={isLoading} fullWidth id="seed" label="Seed" onChange={(event) => setSeed(event.target.value)} placeholder="base16-encoded string of 32 bytes length" type="text" value={seed} /> </div> <Button color="primary" disabled={seed === '' || isLoading} onClick={() => authenticate(fromString(seed, 'base16'))} variant="contained"> Authenticate </Button> <Button color="primary" disabled={isLoading} onClick={() => setSeed(toString(randomBytes(32), 'base16'))}> Generate random seed </Button> </> ) } src/App.tsx file

Next, let's add the DraftScreen, allowing users to create and save a new note:

type DraftScreenProps = { save: (title: string, text: string) => void status: DraftStatus } function DraftScreen({ save, status }: DraftScreenProps) { const classes = useStyles() const [open, setOpen] = useState(false) const textRef = useRef<HTMLTextAreaElement>(null) const titleRef = useRef<HTMLInputElement>(null) const handleOpen = () => { setOpen(true) } const handleClose = () => { setOpen(false) } const handleSave = () => { const text = textRef.current?.value const title = titleRef.current?.value if (text && title) { save(title, text) } setOpen(false) } return ( <> <Dialog open={open} onClose={handleClose} aria-labelledby="form-dialog-title"> <DialogTitle id="form-dialog-title">Save note</DialogTitle> <DialogContent> <TextField autoFocus margin="dense" id="title" label="Note title" inputRef={titleRef} type="text" fullWidth /> </DialogContent> <DialogActions> <Button onClick={handleClose} color="primary"> Cancel </Button> <Button onClick={handleSave} color="primary" variant="outlined"> Save note </Button> </DialogActions> </Dialog> <Paper elevation={5}> <TextareaAutosize className={classes.noteTextarea} placeholder="Note contents..." ref={textRef} rowsMin={10} rowsMax={20} /> </Paper> <Button className={classes.noteSaveButton} color="primary" disabled={status === 'saving'} onClick={handleOpen} variant="contained"> Save </Button> </> ) } src/App.tsx file

We will use another component, NoteScreen, for displaying an existing note as the logic is a bit different from a draft, notably that we have to first load the document from Ceramic before being able to display the note contents:

type NoteScreenProps = { note: IndexLoadedNote | StoredNote save: (doc: Doctype, text: string) => void } function NoteScreen({ note, save }: NoteScreenProps) { const classes = useStyles() const textRef = useRef<HTMLTextAreaElement>(null) if (note.status === 'loading failed') { return <Typography>Failed to load note!</Typography> } if (note.status === 'init' || note.status === 'loading') { return <Typography>Loading note...</Typography> } const doc = (note as StoredNote).doc return ( <> <Paper elevation={5}> <TextareaAutosize className={classes.noteTextarea} defaultValue={doc.content.text} placeholder="Note contents..." ref={textRef} rowsMin={10} rowsMax={20} /> </Paper> <Button className={classes.noteSaveButton} color="primary" disabled={note.status === 'saving'} onClick={() => save(doc, textRef.current?.value ?? '')} variant="contained"> Save </Button> </> ) } src/App.tsx file

Finally, we can use all these components in the top-level App component exported by this module:

export default function App() { const app = useApp() const classes = useStyles() const theme = useTheme() const [mobileOpen, setMobileOpen] = useState(false) const handleDrawerToggle = () => { setMobileOpen(!mobileOpen) } const drawer = ( <div> <div className={classes.toolbar} /> <NotesList authenticate={app.authenticate} deleteDraft={app.deleteDraft} openDraft={app.openDraft} openNote={app.openNote} state={app.state} /> </div> ) let screen switch (app.state.nav.type) { case 'draft': screen = ( <DraftScreen save={app.saveDraft} status={app.state.draftStatus} /> ) break case 'note': screen = ( <NoteScreen key={app.state.nav.docID} note={app.state.notes[app.state.nav.docID]} save={app.saveNote} /> ) break default: screen = ( <AuthenticateScreen authenticate={app.authenticate} state={app.state.auth} /> ) } return ( <div className={classes.root}> <CssBaseline /> <AppBar position="fixed" className={classes.appBar}> <Toolbar> <IconButton color="inherit" aria-label="open drawer" edge="start" onClick={handleDrawerToggle} className={classes.menuButton}> <MenuIcon /> </IconButton> <Typography className={classes.title} noWrap variant="h6"> IDX demo notes app </Typography> <Button color="inherit" href="<https://idx.xyz>" variant="outlined"> IDX </Button> </Toolbar> </AppBar> <nav className={classes.drawer} aria-label="notes"> <Hidden smUp implementation="css"> <Drawer variant="temporary" anchor={theme.direction === 'rtl' ? 'right' : 'left'} open={mobileOpen} onClose={handleDrawerToggle} classes={{ paper: classes.drawerPaper }} ModalProps={{ keepMounted: true }}> {drawer} </Drawer> </Hidden> <Hidden xsDown implementation="css"> <Drawer classes={{ paper: classes.drawerPaper }} variant="permanent" open> {drawer} </Drawer> </Hidden> </nav> <main className={classes.content}> <div className={classes.toolbar} /> {screen} </main> </div> ) } src/App.tsx file That's it!

You should now be able to start the app using the npm start command that will compile and start a local server.

The application logic and UI in this tutorial is intentionally kept simple for demonstration purposes, but could be greatly improved for a real app.

The full code for this tutorial is available on GitHub if you want to use it as a basis for your own experiments.

Moving to production

Using a local Ceramic node is an easy way to get started developing an app, but what about production use cases?

We are working with infrastructure partners who are eager to provide production-grade Ceramic node hosting services that we will recommend once ready. Other options are for you to host a Ceramic node for your users, or alternatively, build your app using a full Ceramic node in-browser with @ceramicnetwork/core (instead of the @ceramicnetwork/http-client used in this tutorial). Future tutorials and guides will dive into how to set up production Ceramic deployments.

In the meantime, feel free to reach out on the Ceramic Discord if you need support deploying Ceramic.

What's next?

Learn more about IDX by visiting the IDX website and documentation.

If you need any help or just want to say hi, join the IDX Discord channel!

Friday, 18. December 2020

Elastos Foundation

Elastos Bi-Weekly Update – 18 December 2020

...

Own Your Data Weekly Digest

MyData Weekly Digest for December 18th, 2020

Read in this week's digest about: 12 posts, 2 questions
Read in this week's digest about: 12 posts, 2 questions

Thursday, 17. December 2020

Berkman Klein Center

Q&A: Armando Guio Español on AI Ethics and Policy

BKC affiliate drafted Ethical Framework for Artificial Intelligence in Colombia Armando Guio Español at a Berkman Klein Center event. Increasingly, the public and private sectors alike are working on guidance and principles for artificial intelligence (AI) development, deployment, and regulation. The Colombian government, for example, recently published a draft AI ethics framework, “Ethi
BKC affiliate drafted Ethical Framework for Artificial Intelligence in Colombia Armando Guio Español at a Berkman Klein Center event.

Increasingly, the public and private sectors alike are working on guidance and principles for artificial intelligence (AI) development, deployment, and regulation. The Colombian government, for example, recently published a draft AI ethics framework, “Ethical Framework for Artificial Intelligence in Colombia.” AI policy expert Armando Guio Español, an alumnus of Harvard Law School, an affiliate of the Berkman Klein Center (BKC), and consultant for the Development Bank of Latin America — drafted the framework for the Colombian government.

On November 24, Armando participated in an expert roundtable discussion on Colombia’s AI ethical framework and its implications for young people. The BKC Policy Practice on Artificial Intelligence hosted the roundtable in collaboration with the Colombian government. BKC Policy Practice: AI is a public interest-oriented program, led by BKC Executive Director Urs Gasser, that helps governmental, nonprofit, and private sector organizations implement AI best practices and turn AI principles into operational realities.

We spoke with Armando about Colombia’s Ethical Framework for Artificial Intelligence, the recent roundtable discussion focusing on youth, and how working at BKC informed his experience creating the framework. Responses were lightly edited for clarity.

You authored Colombia’s Ethical Framework for Artificial Intelligence, which creates a foundation by which Colombia’s public and private sectors can embrace AI while respecting core values such as protecting human rights and privacy. Could you briefly summarize the main points?

The Ethical Framework for AI describes ten principles for designing, developing, and deploying trustworthy AI systems in Colombia. Some of these principles are transparency, explainability, privacy, human control, social benefit, and the prevalence of children’s and adolescents’ rights, amongst others. Each of these ethical principles is considered from a tri-dimensional perspective: data, algorithms, and practices. When we have discussions about transparency and AI, we have different considerations when we talk about being transparent: on the use of data, on the modeling of an algorithm, or in the practices we undergo to implement this technology. Likewise, the framework also carefully considers the algorithmic chain and how principles will be applied in the design, development, or implementation of this technology. Creating the framework has been quite interesting because it has allowed us to discuss the ethical consequences of implementing this emerging technology in Colombia, pointing out that ethics are not only a matter of designing this innovation.

Additionally, the framework serves as an ethical toolkit. It provides a series of options to operationalize these principles in entities from the public and private sectors. We have proposed different methodologies such as algorithm assessment, algorithm auditing, data cleansing techniques, ethical training in coding courses, legitimacy evaluation for AI projects, and the implementation of Codes of Ethics, amongst others. We present a range of options that all entities can adopt per their convenience and own internal procedures.

Finally, the ethical framework sets a series of recommendations for the Colombian government to develop these ethical principles further. The main proposal was for the government to use this framework as a first draft to mobilize the discussion we must have as a society about using such disruptive technology.

What was the process for creating such a framework? What factored into your thinking?

The ethical framework is part of a bigger effort I have been working towards: implementing Colombia’s AI Strategy. In 2019, for example, I led the design process of Colombia’s AI strategy with Victor Muñoz, the Presidential Advisor for Digital Transformation in Colombia. This opportunity allowed Colombia to create one of the first AI Strategies in Latin-America. We defined a series of guidelines, one of them being an ethical framework. Therefore, having this framework is just one step towards properly implementing this policy that Colombia has adopted.

With the support of the Development Bank of Latin America (CAF), I started the task and, I must say, the challenging experience of preparing this first draft. For me, it was essential to look at the existing academic work that supported many of the principles being proposed around the world. I will highlight that the work and literature developed by BKC, especially from the Ethics and Governance of AI Initiative, was essential for this purpose. Additionally, I looked into the evidence that was developed in the last few years about the possible risks arising from the use of this technology. Case studies around the world showed the risks of using AI without proper ethical considerations. The study published by BKC about AI and Human Rights was exceedingly relevant to this point.

Once I was convinced about the importance of having ethical principles, I started thinking about those principles that could become the most relevant for Colombia and our technology ecosystem. I tried to think through this from different perspectives so it could become a national framework. My experience working in different sectors allowed me to consider the interests and needs of other entities. From academia to the private sector and public entities, I wanted these principles to have a horizontal view. I have had, and still have many discussions, but this was a helpful exercise to work on a document that was convincing enough for different stakeholders. I also considered that such an effort required proper research and a quality document that allowed us to have a high-standard discussion. That was one of my main motivations.

You joined the BKC community as a fellow in 2018 and remain active as an affiliate. How did your time at BKC support your work on AI and ethics, and specifically your thinking about AI and youth?

Without a doubt, I would not have been able to work on this project without being part of the BKC community. When I arrived at BKC in 2018, AI was becoming a very relevant issue, but still, in countries such as Colombia, the topic was not seen as a priority. Additionally, there were many myths about this technology and its real potential. My time at BKC allowed me to understand the real features of AI, its characteristics, and how it could impact Colombia and the region. Sharing time with such an exceptional group of individuals through fellows hours, coffee breaks with colleagues from all around the world, Urs’ office and “un-office hours,” were essential for learning, questioning myself, and going beyond my initial thoughts. There were many challenging conversations, and that is only part of the Fellow experience. At the same time, I was able to discuss with many of the authors of some of the papers and research that I was reading at the time, and who were impacting my approach to these topics. That was a great privilege.

I also had the opportunity to work in the Youth and Media office, which was very helpful for the work I was going to develop. Not only were Sandra Cortesi and Alexa Hasse very welcoming, but they also shared with me their research ideas, their perspectives about these topics, and the interesting and innovative things that I could do. I had never considered how important it was to design spaces to discuss with children about AI systems and how to get the most from their approach to this topic. Sandra’s advice also inspired me to explore my creativity, appreciate a multidisciplinary approach, and consider the relevance of design features in the produced documents. I also shared my desk with Youth and Media’s designers, who did an exceptional job and showed me how relevant their work was to prepare an impactful proposal. Rarely have I been as comfortable being challenged and motivated as I was during my time with the Youth and Media team. Sandra always encouraged me to think that many of these ideas were possible in Colombia, and that also motivated me to return to Colombia with this purpose.

BKC’s AI policy practice hosted the recent roundtable discussion about AI and its impacts on youth. What key insights did you gain from that discussion?

The first roundtable we had about the ethical framework was a very interesting discussion. From my perspective, one of the most important points is that experts from all around the world appreciated the effort of including an ethical principle specially dedicated to prioritizing the needs of children and adolescents in the way AI is being developed and implemented in Colombia. I think the Colombian framework will keep this principle and show other countries in the region and the world how important this is.

The discussion also showed me that the impact of AI in the future of education is tremendous. We should be aware of the potential benefits and risks and promote inclusion in AI implementation. AI can accelerate existing disparities and inequalities in this sector and in a country like Colombia, this is something we should definitely avoid.

Finally, there was also a call to consider the need for regulatory measures about AI. I find this interesting because there is no doubt the framework will impact the policy and regulatory proposals we have on this area. At the same time, prioritizing children’s rights and interests will have to be harmonized with existing regulations and international treaties that already developed this same concept.

What advice would you give to someone interested in policy and AI?

I think that someone interested in working in AI policy issues should prepare to be constantly challenged. Not only because concepts are still being developed, but the technology itself is also constantly changing. At the same time, there are high interests at stake that must be considered in every policy analysis. There will be constant pressure for something to be done, and a person working on these areas should be prepared to handle it. I will add that resilience to rapid changes is also a great skill to master if you want to work in this area.

Governments want to show themselves as proactive in this area. When you act as an advisor and say that there is not enough evidence to support a policy or regulatory measure, you will be questioned. Trying to convince decision makers on how important it is to wait, or to develop evidence-based policies, is not an easy task, but it is highly appreciated when this approach provides positive results.

Finally, I think that a multidisciplinary approach is highly desirable. Advising on AI policy requires individuals who can interact with different stakeholders and with technical experts. Presenting yourself as someone with policy expertise but who also understands the technology is helpful. I am a lawyer, and it is interesting to see after a talk or event how some people approach me and consider me a data scientist or computational engineer. I am glad that they see I have this potential and feel confident I understand what they are doing and their motivations.

Are there any resources or additional reading you would recommend to them?

I think that a person interested in these issues should understand the power dynamics involved in this process, the patience that is required to have an impact after a long process of deliberation, and the way policy-making process has been changing in the last decades. Therefore, I recommend them to read these three books:

AI Superpowers: China, Silicon Valley, and the New World Order by Kai-Fu Lee Delayed Response: The Art of Waiting from the Ancient to the Instant World by Jason Farman The Cost-Benefit Revolution by Cass R. Sunstein

Q&A: Armando Guio Español on AI Ethics and Policy was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.


Some Reflections on the Role of Government and Trustworthy AI

Some Reflections on the Role of Government in Trustworthy AI Shared at the Launch Event of Colombia’s AI Ethics Framework I had the honor of participating in Lanzamiento de la Ética de la Inteligencia Artifical en Colombia (“Launch of Ethics of Artificial Intelligence in Colombia”) on November 25, 2020, alongside Colombian President Iván Duque Márquez. My remarks highlight the different roles go
Some Reflections on the Role of Government in Trustworthy AI Shared at the Launch Event of Colombia’s AI Ethics Framework

I had the honor of participating in Lanzamiento de la Ética de la Inteligencia Artifical en Colombia (“Launch of Ethics of Artificial Intelligence in Colombia”) on November 25, 2020, alongside Colombian President Iván Duque Márquez. My remarks highlight the different roles governments can (and should) play in promoting trustworthy AI. The reflections are informed by the Berkman Klein Center’s work on the ethics and governance of AI as well as ongoing learnings in the context of BKC’s Policy Practice on AI, in addition to the great and vast literature on trust, technology, and law.

Here is the transcript of my talk.

Thank you very much, dear Mr. President, dear colleagues, and Colombian friends. It’s an honor to speak to you today. First, let me congratulate you on the AI ethics framework, which is an important milestone in the implementation of the national policy for digital transformation and AI. It’s been a real pleasure working with your team, Mr. President, on some of these issues that you’re talking about today. And I’ve been impressed by your leadership and your office’s expertise and wisdom. So thank you very much for all this collaboration that you’ve supported.

Please let me use the next few minutes to reflect on the role that the government can, and I would argue should, play as we work together in this multi-stakeholder fashion towards trustworthy AI. I can build upon the excellent contributions by my colleagues and previous speakers when highlighting the crucial role trust and trust-building play in this particular moment in time. If you take two steps back, I will argue that AI — as a relatively new set of technologies, at least in terms of the application areas — poses a number of trust problems or trust challenges.

I would like to highlight only two such challenges and share them with you. The first challenge is one that we are actually familiar with as a society: the moment when new technology becomes more widely available. When we introduce a new piece of technology, there is often a risky gap between what we know and what we don’t know about the technology and its interaction with society, including the unknown unknowns. And in some interesting ways, trust is a social coping mechanism to bridge this gap of uncertainty, to enable people to take a leap of faith, if you will. And indeed, as I reviewed again Colombia’s national policy, you’ve highlighted this lack of knowledge, this problem of information gap as a key barrier to the adaptation of digital technology.

Now when we look at this trust issue, one key role of the government becomes immediately clear when it comes to trust-building. Like at this event today, governments can serve the role of a convener, of an educator to inform citizens. But of course, it’s more than just sharing information about the promise of AI. Yesterday we hosted with the president’s office a roundtable, a workshop to zoom in, quite literally, we were using Zoom, on children and young people to discuss the ways how we can use the power of education through skill-building to empower the next generation, to use these technologies in meaningful ways as they navigate their lives and building their futures.

In addition to the role of an educator, there is a second role that has become visible already today in our conversation: governments can promote trust by setting norms. And of course, the ethics framework that we’re celebrating today sets the background norms upon which expectations can become stable across the many stakeholders in the ecosystem and trust can crystallize around these expectations.

Building upon ethics, legal norms are needed to enable trust.

But of course, the Colombian government also understands that ethical norms are not sufficient. Building upon ethics, legal norms are needed to enable trust. And here again, we can learn from history when we look at the role of law in promoting trust. Law can actually help to build a bridge across the knowledge gap I mentioned at the beginning. For example, by introducing transparency requirements, as previous speakers highlighted, or by introducing monitoring obligations. It is in this context, as my colleague from the World Economic Forum mentioned, why the right to explanation or the idea of explanation within AI systems is such an important trust enabler. There is another angle to law as a tool to build trust, which is perhaps less intuitive. One of the magics that law can bring to us is actually to enable trust by anticipating that sometimes trust is disappointed, and already putting into place norms and rules that should apply once trust is disappointed. And think about sanctions or liability through that lens, and suddenly you may see law is functioning in building trust in different ways and not the dominant paradigm that law is bad for innovation, suddenly a richer narrative.

Now let me move quickly to AI’s second trust problem, which is more specific to AI. I think unlike previous technologies, trust in AI doesn’t only require that the technology works. In the past, think about trains or airplanes, or whatever technical system that was innovative at some point. What was a key thing to build trust for people was that a train brings you from A to B quite safely and so does an airplane. But what we see with AI is probably a novel trust challenge. And that has to do with what AI applications do. They are involved in decision-making unlike a train. Probably closer to modern airplanes. And the question becomes whether our AI is making sound decisions that are in our interests as users. In other words, we may move from a role of functional trust, like in the age of trains and locomotives, that is mostly a cognitive matter, to a world where it’s about fiduciary trust. This form of trust actually requires trust not only cognitively, but also emotionally. And to me, this kind of trust in technology is much harder to achieve. It’s actually harder to earn.

And so the key question becomes again what are the roles that governments can play? I would just like to highlight two. First, I would propose that governments can serve the function of a seismograph and an amplifier. In my view, going forward, it’s important to capture the real-world feedback from how AIs are used in their specific social context — What issues emerge from these interactions? — and create a learning ecosystem within the government, and within society, to learn from these often weak signals in real-time, upgrade and revise, and adjust laws and policies dynamically. And that’s a real challenge, as we all know, for those doing work in the policy space. How can we create learning by design and build that into our governance systems?

Second, governments are themselves trust proxies. As users of AI technology, which governments often are, they can demonstrate how AI indeed can support sound, yes, better decision-making. Now, unfortunately, this is a high bar. As we know from many negative headlines these days, some of the early stories when governments started to adopt and use AI have been the opposite of a success story. So I think that means we have to choose very wisely and ensure that we can demonstrate how AI serves this fiduciary role.

Now taken together a few things become clear. Governments can and do play many different roles when it comes to AI. Governments are promoters of AI, regulators, educators, users, coordinators, researchers. And that’s good news. And I see all these roles described also in Colombia’s national strategy. It means that we have many different tools, a broad toolkit for AI governance available and the Colombian government is embracing it. But there are also challenges that may immediately affect the trust equilibrium.

First, given that AI and AI applications are so contextual, and given that so many different government agencies are involved in decision-making, it’s very hard to maintain coherence in decision-making and in communication within the government. And we know, particularly now looking at COVID, that mixed signals from government agencies have a great potential to harm trust immediately. And I think that’s a particular problem in such a complex policy area where AI transcends through restrictions and plays a role in transportation, education, health, you name it. How can we create and maintain a certain coherence in both policymaking and communication?

It’s not only what decisions will be made, but also how we arrive at these value judgments […] that will be key for trust outcomes.

A second complication emerges from the fact that some of the roles I mentioned may be in tension with each other. There may be even the risk of role conflict. For instance, sometimes the interests of the government as a user may be different from the interests of the government as a regulator. Now these conflicts, or at least tensions, are often not addressed in ethics frameworks or national policies. But any resolution will of course benefit from proactive dialogue. And I would argue and emphasize, it’s not only what decisions will be made, but also how we arrive at these value judgments in case of some of these roles trade-offs or tensions, that will be key for trust outcomes.

So in conclusion, and perhaps paradoxically, I think a healthy dose of skepticism towards the promises of AI might be the most productive and sensible way to work together towards trustworthy AI. I am personally and together with the BKC team, looking forward to being part of this journey of trust-building with all of you. Thank you very much.

Some Reflections on the Role of Government and Trustworthy AI was originally published in Berkman Klein Center Collection on Medium, where people are continuing the conversation by highlighting and responding to this story.


Good ID

2020 FIDO Hackathon in Korea: Introducing the Top 5 Winners

Joon Hyuk Lee, APAC Market Development Director, FIDO Alliance Editor’s Note: This is the final blog posting covering the 2020 FIDO Hackathon – Goodbye Password Challenge. To learn more about […] The post 2020 FIDO Hackathon in Korea: Introducing the Top 5 Winners appeared first on FIDO Alliance.

Joon Hyuk Lee, APAC Market Development Director, FIDO Alliance

Editor’s Note: This is the final blog posting covering the 2020 FIDO Hackathon – Goodbye Password Challenge. To learn more about the background and process, please read previous blog posts:

2020 FIDO Hackathon: Goodbye Password Challenge in Korea 2020 FIDO Hackathon in Korea: Learn & Implement Phase 2020 FIDO Hackathon in Korea Update: Mid-term Meetup Event [Pictures from Final Evaluation Day – August 7, 2020]

The 2020 FIDO Hackathon – Goodbye Password Challenge has come to a close – a big thank you to the FIDO Alliance Korea Working Group members and event sponsors. The Korean video versions of the entire 2020 FIDO Hackathon journey and presentations by the top 5 winners are available through FIDO Videos Library and a ZDNet Korea interview. We hope this blog will help English readers to understand these winners’ projects, and how their ideas showcase the myriad possibilities for FIDO Authentication in the future.

Here is an overview of the winners and their projects: 

Moses’ Miracle – Gold Award

[Picture of Moses’ Miracle Team at Final Evaluation Day]

Moses’ Miracle is a team consisting of three students majoring in computer engineering and industrial design. They developed a gate access control system based on FIDO Authentication. The smartphone-based system helps people access different security areas much faster and more conveniently without remembering passwords, physical keys, or smart cards. From a management perspective, this solution consumes less time, cost, and labor. For more technical information and a demo of the system, please watch their video presentation.

Protect Homes – Silver Award

[Picture of Protect Homes Team at Final Evaluation Day]

Protect Homes is a team that consists of two developers and two designers, half studying in university and the rest working for venture companies. The team integrated FIDO Authentication to strengthen a smart home ecosystem’s security, coming up with a management app for IoT devices. By going passwordless, the system demonstrated that security and usability are both enhanced. For more technical information and a demo of the solution, please watch their video presentation.

Dr. Who – Silver Award

[Picture of Dr. Who Team at Final Evaluation Day]

Dr. Who is a team consisting of one project manager, two developers, and one public healthcare specialist from WHO (World Health Organization). The team came up with a Proof of Concept project, introducing smart health insurance card services that link Distributed IDentity technology and FIDO Authentication. They wanted to solve the problem with the existing physical health insurance card, which is an inferior way of identifying a patient’s actual identity. For more technical information and a demo of the service, please watch their video presentation.

Fingerprint 486 – Bronze Award

[Picture of Fingerprint 486 Team at Final Evaluation Day]

Fingerprint 486 is a team that consists of seven university students; two app developers, two front-end, one backend developer, and one computer graphic designer. They developed a FIDO Authentication-based document sharing system, which grants file access rights more securely and conveniently without sharing passwords. For more technical information and a demo of the system, please watch their video presentation.

AWS (Add Wi-Fi Security) – Bronze Award

[Picture of AWS Team at Final Evaluation Day]

AWS is a team that consists of two backend, two front-end developers, and one computer graphic designer coming from the same woman’s university. The team developed a FIDO Authentication-based passwordless Wi-Fi router control system, which does not disclose an administrator’s information. For more technical information and a demo of the system, please watch their video presentation.

[Pictures from Award Ceremony – September 2, 2020]

Building upon the success of the FIDO Hackathon in Korea over the last two years, we are looking at possibilities for APAC-wide (or global) Hackathon in the year 2021. We believe such a Hackathon (or challenge program) helps us engage and empower developers to accelerate service deployment with out-of-box ideas.

The post 2020 FIDO Hackathon in Korea: Introducing the Top 5 Winners appeared first on FIDO Alliance.


Energy Web

Digging Deeper into Self-sovereign Identity and Access Management

Joe Shields | Unsplash Everyone is talking about self-sovereign identities (SSIs) and how they allow users to control their data and identity. We at Energy Web believe that this is only the first step in the journey to a decentralized application landscape. Indeed, being able to authenticate with a certificate has been possible for a long time now but it has never been widely adopted due to t
Joe ShieldsUnsplash

Everyone is talking about self-sovereign identities (SSIs) and how they allow users to control their data and identity. We at Energy Web believe that this is only the first step in the journey to a decentralized application landscape.

Indeed, being able to authenticate with a certificate has been possible for a long time now but it has never been widely adopted due to technical limitations. Until recently, there’s been the need to create centralized public key infrastructure systems—with a key shortcoming being that one certificate would only give you access to one application. So while the identity might remain self-sovereign to the ID owner, it still lacks the efficiency of a more-decentralized system in which a master ID ‘passport’ could be used seamlessly across multiple apps.

This is because most implementations of SSI focus on the authentication portion. This is the first step and a mandatory one. But as long as there is no standardized manner to exchange profile data, this will only be a global certificate system, allowing passwordless login but not permission management. This is what we want to change with Energy Web Switchboard, our recently released one-stop solution for access management.

Requirements

A permission management system—or Authentication, Authorization, and Accounting (AAA)—is the basis for every Identity and Access Management (IAM) solution. It fulfills three basic functions:

Authentication: Verify that the user is in possession of the credentials (in our case, the private key). Authorization: List the roles that have been assigned to the user in order to do Role-Based Access Control (RBAC). Accounting : Keep a log of the operations performed by the user.

In order to create a decentralized version of IAM we have to enable the above functionality, while at the same time make sure our system has the following properties:

Censorship Resistance: A user can use their credentials whenever they want. Data Confidentiality: It must not be possible to list the users who have access to a specific system. Decentralized Infrastructure: Nodes must not be able to misbehave; either they perform correctly or not at all.

Let’s look at each one of these requirements in more detail.

Censorship resistance

When using a centralized system like Google or Facebook, these entities have complete control over the data that your application receives. They have little incentive to withhold information from you specifically but they could if they wanted to. And as we don’t know their motives, it is difficult to assess the probability of this occurring. Even in a system like OpenID, there is an administrator for the database and unless that administrator is you, their interests might diverge from yours.

Being resistant to censorship means that there is no actor in the system that has the power to selectively limit the information other actors have access to. In other words, everyone has access to the same information at the same time and there is nothing the creator of the information (or anybody else) can do about it.

This matters because there are a few data points that you do not want to be withheld from you when using an IAM system. You must know as soon as possible:

If a permission has been revoked. You would not want to give access to someone who should not have it. If a key has been invalidated. If a key has been compromised, all the permissions granted by it should be revoked or it should not be able to authenticate anymore. If a permission has been granted. Once a permission has been granted, it must be possible to verify it every time it is presented.

A blockchain fulfills these requirements by design. Since the state is kept in sync over all the participating nodes, once something has been published, it is either known to all or none of the nodes. Additionally, the cryptographic proofs contained in the transactions allow the offline verification of the data.

This is why all the permissions are anchored on chain. The descriptions of roles are held in an ENS smart-contract; the successful granting of a permission is noted in the DID document of the user. Each user holds their credentials and is the only one to have unrestricted access to that data.

Confidentiality

As an application developer, I don’t want the world to be able to make a list of my app’s users and even less, a list by roles. It is therefore crucial that when a user is granted a role, this event not be made public.

Centralized systems are not terrible in this use case, as they will not disclose your information to third parties but they themselves will record all the activities of your users. This is a feature of the platform. It is a tradeoff you’re willing to make in order to give convenience to your users.

In the EW Switchboard solution, no third party has the full list of users of an application. This is guaranteed by the permission-granting process:

What we’d like to highlight in this simplified process is the fact that it is the user who stores the claim and anchors it on chain. Also, because it is a private claim, the contents are provable but not disclosed. The user can therefore prove that they have been granted a certain privilege, but unless they elect to disclose this information, it is impossible for a third party to find out.

And as the users must anchor the claim on-chain themselves, there is no opportunity for an observer to make a list of the addresses added to a particular smart contract or any other indirect way to observe the activities of the IAM. The only information an observer can garner is that the user has added a claim to their DID document but not the content, origin, or nature of the claim.

Decentralized infrastructure

We have mentioned the Energy Web Chain and IPFS, which are both peer to peer networks and lack a central point of control. There is one piece of infrastructure we have not mentioned yet: the message transport between users.

How the user and the role admin in the above sequence diagram exchange information is through a service bus: the EW-DOS messaging component. This component is decentralized in the same manner IPFS is: there is no centralized control but there is no consensus either. Each client must pick the service node they want to connect to and if this service node does not deliver the expected service, it is the responsibility of the client to connect to a different service node.

As every message must be signed by the sender there is no opportunity for the service provider to alter messages in transit. Either messages are delivered as received or they are rendered invalid by the update and the recipient would notice immediately. The messaging service therefore fulfills the requirement of not being able to misbehave. It either fulfills its duty correctly or not at all.

Conclusion

With Switchboard, we provide application developers an alternative to centralized authentication and authorization systems like OAuth with Google and Facebook or Azure Active Directory. Obviously we still have a lot of features to add in order to compete with these established services, but EW Switchboard is the first fully decentralized IAM solution. You can use the installed version today on the EWC or deploy your own from source on any EVM chain.

Digging Deeper into Self-sovereign Identity and Access Management was originally published in Energy Web Insights on Medium, where people are continuing the conversation by highlighting and responding to this story.


How Switchboard Tackles the Challenge of Enterprise ID Management

How Switchboard Tackles the Challenge of Enterprise Identity Management Matthew Henry | Unsplash By Ian Kelly and Nitin Gavhane Nearly a decade has passed since Marc Andreeson wrote that software was eating the world, by which he meant that software — and ultimately the services that software and the Internet could provide — would increasingly capture value in the economy from tradition
How Switchboard Tackles the Challenge of Enterprise Identity Management Matthew HenryUnsplash

By Ian Kelly and Nitin Gavhane

Nearly a decade has passed since Marc Andreeson wrote that software was eating the world, by which he meant that software — and ultimately the services that software and the Internet could provide — would increasingly capture value in the economy from traditional firms producing things. A list of the world’s largest companies by market cap suggests Andreeson was right: three of the top five — Apple, Microsoft, and Alphabet — are software-centric digital enterprises.

This digitalization of the global economy has spurred a new wave of Big Data, including data associated with identities. Yet for enterprises around the world, managing identities remains a major information technology challenge.

Challenges in enterprise identity management

In traditional enterprise identity management, identity data is typically highly siloed both within and across organizations, even with respect to individual business processes. Anyone who’s had to separately on-board with two more departments at a single company—such as accounts receivable, a membership department, a software tech team, and maybe a parallel business unit located in another country—knows what we’re talking about.

Enterprises must aggregate, share, and synchronize identity data across databases and directory services. Despite their best efforts, this is cumbersome and inconvenient at best. Plus, managing identities with traditional enterprise IT architectures like these often leads to high administrative and maintenance costs, privacy and security risks, and high compliance costs to mitigate those risks.

We see four key problems with the traditional approach to enterprise identity management:

Low Interoperability: Centralized systems with information silos increase friction for would-be collaborators due to proprietary processes and architectures. Expensive Verifiability: Sharing verified attributes about users and assets (such as energy market participants and distributed energy resources like electric vehicles) is time-consuming and costly. Data Protection: Policymakers globally are regulating customer data privacy and ownership via new regulations such as the EU’s GDPR and the California Privacy Act. Complying with these policies using traditional IT architectures and processes—which were not designed with customer data ownership in mind—is increasing operational costs for many companies. Security: Even when enterprises attempt to manage data responsibly, vulnerabilities in traditional software and infrastructure systems can result in compromised data.

Taking a smarter approach to identity management using traditional enterprise architectures can address these challenges in part. However, a new approach to enterprise identity management that fully embraces the concept of self-sovereignty can unlock significantly more value.

Benefits of a self-sovereign approach

We at Energy Web believe that an enterprise identity management architecture based on self-sovereign identities (SSIs) enabled by decentralized identifiers (DIDs) and verifiable credentials (VCs) presents the best solution to these challenges.

We believe that DIDs should have four essential characteristics:

Decentralized: The DID-based system has no central issuing authority. Persistent: The DID does not require the continued operation of any underlying organization. Cryptographically verifiable: One can prove control of the DID. Resolvable: One can discover metadata about the DID.

Using DIDs and VCs to build a SSI system should address the main challenges of centralized IT approaches we described above: interoperability, verifiability, data protection, and security.

Here’s what this could look like applied to a simple example in the energy sector: managing lithium-ion batteries from cradle to grave. The system could assign a DID to each battery when manufactured and the manufacturer could issue claims regarding the battery’s model, serial number, and specifications like capacity and energy. Next, the installer of that battery could add claims related to its purchaser and location. The owner of the battery could add a claim about the transfer of ownership and, at the end of its life, the recycler of that battery could issue a final claim about its retirement. Meanwhile, during its operating lifetime, the battery could enroll via its DID in various energy markets, such as to provide grid flexibility services.

How EW Switchboard brings this architecture to life

We are building this system, which we call EW Switchboard. It allows anyone to create a decentralized identifier based on a public-private keypair, and it provides a way for application owners to manage authentication, authorization, and accounting for their own apps. Like everything we do at Energy Web, it is not a product for sale but an open-source tool, designed for the needs of the energy sector but also sufficiently abstract to be applicable for any user or app owner — even those apps and services that do not use blockchain technology at all.

Switchboard is compliant with the W3C v1.0 decentralized identifier and verifiable credentials standards and is intended to accommodate a variety of approaches to digital identity. It uses a decentralized architecture, meaning that no one person or organization stores sign-in information or other user data or controls authentication or authorization. Each user remains in control over their own data and who has access to it. Thanks to WalletConnect, users can select from a large variety of existing wallets to create their DIDs.

Let’s see how Switchboard works.

We host Switchboard at our own website, meaning that anyone can access Switchboard and use it to create and manage their own DID, enroll in applications, create a DID for their devices, or perform other tasks. Developers or owners of applications can integrate Switchboard into their own apps, using it to manage user authentication, authorization, and accounting (without the user leaving the primary app) so that they need not develop these functionalities from scratch. This latter option means that users could use their DID as a single sign-in for a variety of apps, similar to how many people use their Google or Facebook accounts for single sign-in today, but remaining in control of that DID for life and independent from any one platform. It also means that application developers can focus on other functionalities in their apps and therefore deploy faster.

Once a user has authenticated with Switchboard, they can then use their DID to enroll in applications. This terminology is intentional: the user registers a DID once and owns it for life, and therefore that user need not re-register a new DID every time they want to use a new application. Instead, that user authenticates with their DID and then takes on specific roles in applications.

As the owner of an application, how do you ensure that users take on the correct roles? For example, what prevents an unknown user (i.e., a DID) from enrolling as the owner of a rooftop solar PV system in your app, especially if the architecture is decentralized (meaning neither you nor any other single authority dictates who has what role)?

To do this, Switchboard employs a system of VCs and provides an interface for you to set the roles and role governance for your application (role governance leverages Energy Web’s Ethereum Name Service). In our example above, you could use Switchboard to specify that your app includes the roles PV owner and PV installer, and that in order for a DID to enroll in your app as a PV owner that DID must have proof from a PV installer that the DID does in fact own a home with a PV system on the roof. The DID requests the installer to cryptographically sign a statement that the installer installed a PV system on that DID’s roof, and when the installer signs this statement then the DID can then present it to your app. Your app can verify that the cryptographic signature must have been added by that installer and thus allow the DID to enroll as a PV owner. Of course, you can use Switchboard to set whatever roles and requirements you wish (e.g., “a PV owner must have signed claims from the installer, the PV OEM, and from the PV owner’s distribution utility in order to enroll”).

This approach also benefits from network effects, because the verified claim is specific to the DID but not specific to the application. Continuing our example, imagine a user with a rooftop PV system wanted to enroll in someone else’s application and therefore obtained verified claims from the installer, the OEM, and the distribution utility relating to the specifications, location, and ownership of the rooftop PV system. You can, as the owner of a different application, set your app to allow any DID with those same claims to enroll as a user in your app — if the user can present the verified claims you require, it is not necessary that the user obtained those claims specifically to enroll in your app. The user does not lose the claims in the other app owner’s system, but retains them and can simply present them to your app.

We are releasing an alpha version of Switchboard now, for initial use and feedback from our community. Our intent is then to release a beta version in Q1 of 2021, with a final production version to follow. These future versions will add functionality related to asset management and incorporate Energy Web’s concurrent work with key management solutions and distributed messaging and storage.

How Switchboard Tackles the Challenge of Enterprise ID Management was originally published in Energy Web Insights on Medium, where people are continuing the conversation by highlighting and responding to this story.


Energy Web Unveils EW Switchboard

The new open-source tool offers identity and access management for users, assets, and app developers in a self-sovereign era Zug, Switzerland — 17 December 2020 — Today Energy Web unveiled EW Switchboard, the latest addition to its open-source technology stack, the Energy Web Decentralized Operating System (EW-DOS). Switchboard is a first-of-its-kind identity and access management (IAM) tool for
The new open-source tool offers identity and access management for users, assets, and app developers in a self-sovereign era

Zug, Switzerland — 17 December 2020 — Today Energy Web unveiled EW Switchboard, the latest addition to its open-source technology stack, the Energy Web Decentralized Operating System (EW-DOS). Switchboard is a first-of-its-kind identity and access management (IAM) tool for users, assets, and application developers in today’s growing self-sovereign approach to digital solutions. Although Energy Web developed Switchboard with a focus on the global energy sector and its foundational Energy Web Chain, Switchboard can be used in any sector and on any blockchain-based or non-blockchain digital solution.

To date, IAM solutions have been centralized, fragmented, and siloed. This presents challenges with respect to data privacy and security, lack of interoperability across systems, concerns about data persistence and censorship, and bloated administrative (e.g., reconciliation, KYC) and compliance (e.g., privacy, security) costs. Consumer-focused solutions such as Google or Facebook single sign-on and enterprise-focused solutions such as Google OAuth or Azure Active Directory have attempted to address some of these challenges. But a decentralized self-sovereign identity (SSI) approach offers a superior experience.

“This is a major landmark, not just for Energy Web’s ecosystem but for the future of open-source, decentralized technology,” explained Micha Roon, chief technology officer for Energy Web. “Universal self-sovereign identity is at the core of tomorrow’s digital solutions, from tracing an energy asset or megawatt-hour of renewable generation throughout its entire lifecycle to managing energy market and application access for enterprise users.”

SSI creates master identities for users and assets, avoiding constant duplication and always remaining in control of the user or asset owner (rather than third parties). An SSI comprises decentralized identifiers (DIDs) supported by verifiable claims (VCs). For example, a residential battery energy storage system manufacturer may create a DID for each battery that rolls off its production line. The manufacturer then might transfer ownership of a particular DID to a homeowner that installs a battery system at their residence, while the battery installer and the local grid operator both might attest to VCs about the battery’s capacity, location, and other details.

But until EW Switchboard, no organization had developed a full IAM solution that leverages SSI, DIDs, and VCs for authentication, authorization (such as for role-based access management in applications), and accounting (for logging user activity history).

“In the 20th century, an analog switchboard allowed an operator to plug and unplug various inputs and outputs, interconnecting a variety of users and endpoints. EW Switchboard is the modern, 21st century equivalent. We’ve replaced the operator with a decentralized system of autonomous self-sovereign identities, interconnecting various users, assets, and applications,” said Mani Hagh Sefat, solution architect at Energy Web.

For users, Switchboard enables them to manage their core identity and associated verifiable claims, their assets (such as solar panels, thermostats, electric vehicles, and batteries), and their enrollment in various applications and digital services (such as messaging and storage). For application developers, Switchboard enables them to define user roles and associated permissions, authorize users and assets, and log user operations.

The alpha version of EW Switchboard is available now, for initial use and feedback from the community. Energy Web intends to release a beta version in Q1 2021, with a final production version to follow.

Visit Switchboard now Continue reading about enterprise ID management Dig deeper into SSIs, DIDs, and VCs

About Energy Web
Energy Web is a global, member-driven nonprofit accelerating a low-carbon, customer-centric electricity system by unleashing the potential of decentralized, digital technologies. EW focuses on our open-source technology stack — the Energy Web Decentralized Operating System (EW-DOS) — to enable any device, owned by any customer, to participate in any energy market.

EW launched the Energy Web Chain, the world’s first enterprise-grade, public blockchain tailored to the energy sector and the anchor of the EW-DOS tech stack. EW has also fostered the world’s largest enterprise ecosystem focused on open-source, decentralized, digital technologies. They comprise utilities, grid operators, renewable energy developers, corporate energy buyers, IoT / telecom leaders, and others.

For more, please visit https://energyweb.org.

CONTACT
Peter Bronski, Energy Web
+1.201.575.5545 | peter.bronski@energyweb.org

Energy Web Unveils EW Switchboard was originally published in Energy Web Insights on Medium, where people are continuing the conversation by highlighting and responding to this story.

Wednesday, 16. December 2020

omidiyar Network

An Investment in Justice

By Simone Hill, Senior Manager, Omidyar Network Illustration by Tiffany Hughes. In June, Omidyar Network committed $500,000 to organizations fighting on the frontlines for racial justice because we firmly believe that this work is core to our ability to create inclusive, equitable societies. While the funding is an essential step toward our vision, the way we invested was also critical t

By Simone Hill, Senior Manager, Omidyar Network

Illustration by Tiffany Hughes.

In June, Omidyar Network committed $500,000 to organizations fighting on the frontlines for racial justice because we firmly believe that this work is core to our ability to create inclusive, equitable societies. While the funding is an essential step toward our vision, the way we invested was also critical to developing thoughtful partnerships with organizations already building or scaling innovations.

What does it mean to invest in justice? It begins with a clear-eyed recognition of the systemic racism that manifests within all of our systems to undermine the safety of Black and Brown people. Investing in justice means attacking the many resulting symptoms of white supremacy at their root by finding organizations working to innovate and advance holistic ways to create lasting change. It means being strategic and careful about ensuring that while we are looking for ways to address the wrongs that pervade our societies, we are not inadvertently causing more harm. With that, an awareness of our own limitations as a funder is required –– financial investments are a step at the beginning of a long-term journey towards holistic, strategic action. Finally, investing in justice means continuing to integrate racial justice with our firm-wide focus to reimagine systems: building an economy that works for all — an anti-racist economy is a key pillar of our point of view; realizing the promise of responsible technology; and fostering a more pluralistic society.

We searched around the country for Black-led organizations whose work combined economic, civic, or criminal justice reform with narrative shift or movement building towards racial justice. Among many organizations doing incredible work, the following five are achieving impact in ways that align with our current strategic focus.

Large Scale Change, Powered by Deep Networks: Centering Blackness Initiative

Spearheaded by three dynamic women of color, the Insight Center for Community Economic Development has developed the Centering Blackness Initiative; a lens to identify how and where economic policies, practices, and institutions harm Black people.

Graphic illustration from Insight Center’s Power Learning Community

A multi-pronged approach to systemic change, the Initiative is a new framework for examining and reimagining systems. It is accompanied by a set of tools, currently in development, to encourage multiracial, progressive organizations to adopt the framework. Not only will organizations be supported to develop new internal operations through this lens, but they can also adopt it for their policy advocacy campaigns.

Because narrative shift is a critical component of the Centering Blackness Initiative, the Insight Center has also launched the Black Thought Project to create safe spaces in cities that center, celebrate, and protect Black thoughts and expression.

Black Thought Project installation www.blackthoughtproject.com Systems Change in the Informal Economy: Equity & Transformation

“Black informal workers are resilient and creative, and they have constructed an informal economy to acquire a means of subsistence,” — Richard Wallace, founder, and director of Equity & Transformation (EAT).

(Right) Richard Wallace, Founder and director of EAT

Founded in 2018, EAT is the only organization in the United States, specifically focused on protecting and uplifting Black workers operating in the informal economy. Defined as a set of unregulated economic activities, the informal economy includes street vending, childcare, auto-mechanic, and moving services — activities which allow people who cannot find standard employment to make a living, but without the protection of formal labor standards.

While EAT’s work includes research and policy development to destigmatize the informal economy, the organization also educates workers about their protections. EAT spearheads and collaborates on campaigns across Chicago to improve the lives of Black workers in the informal economy. The Guaranteed Income Project, for instance, provides previously incarcerated individuals with $500 per month to help cover their bills, find homes, and ultimately, reduce recidivism.

EAT www.eatchicago.org Building Power through Black Leadership: Advancing Black Strategists Initiative

Black leadership is critical to the success of racial and economic justice movements, but while BIPOC are often the implementers of social change campaigns, they rarely drive the strategies that energize these movements. The Advancing Black Strategists Initiative (ABSI)—a joint project led by The Jobs With Justice Education Fund, in collaboration with the Black Worker Initiative at the Institute for Policy Studies and Morehouse College—is raising a cohort of Black economic-justice and labor-focused strategists to lead, develop, and advance policies and campaigns.

ABSI will provide the tools and knowledge to equip Black strategists to work from the strength of their lived experiences, to inspire participation and engagement around polices that center Black economic justice. As this new generation of Black leaders takes on bigger roles and builds and wields power across movements, they will ultimately strengthen Black institutions, advance economic democracy, and change the socio-economic conditions of the Black community.

Narrative Shift at the Intersection of Race and Technology: Center for Critical Internet Enquiry

While technology permeates our everyday lives, it is another system where built-in white supremacy limits both usage and accessibility by Black people.

The Center for Critical Internet Enquiry (a newly-founded interdisciplinary research center at UCLA) aims to use art and storytelling to reimagine technology, and in the process, champion racial justice, reframe our understanding of the role of technology in our lives, and strengthen democracy by holding those who create unjust systems and technologies accountable.

Over the next year, artist-in-residence, film-maker Oge Egbounu, will work alongside the center’s co-directors and racial justice lead, to translate the center’s work into cultural artifacts that can resonate with a broad audience. This project creates a unique opportunity to develop cultural artifacts grounded in the center’s research that can shift narratives for mass audiences and tech workers alike, to more intentionally use and create technology in ways that do not harm others.

A Clear Path Forward: Movement for Black Lives

Movement for Black Lives has a courageous vision: a long-term plan to shift the consciousness toward racial reckoning, and an ability to chart a clear path towards their goal. Fiscally sponsored by the Common Counsel Foundation, the Movement for Black Lives’ Black Power Rising: Vision 2024 seeks to build the social, political, institutional, and collective power of Black people by harnessing the collective power and creativity of Black people. Grounded in Black culture, the initiative aims to bring an informed electorate to the table to drive anti-racist policy shifts.

This strategic five-year plan will guide the coalition’s programmatic and campaign efforts to build mass support for progressive policies that center the needs of Black people. A core part of this work will equip local leaders with tools and strategies to build power within and between their organizations, scale engagement around political participation, and attack white supremacy by ensuring political representation and leadership, especially in Black communities.

Illustration by Tiffany Hughes. Restorative Justice Requires Restorative Investment

Why invest specifically in narrative shifting, and power-building in the intersections between movements, institutions, and Black leadership? Why look for spaces that prioritize economic justice in underfunded regions? Because we believe that this is where organizations are creating innovative, holistic solutions to specific problems that will generate the most significant returns.

In the course of identifying these organizations, we collaborated with five of our sister organizations within The Omidyar Group — Democracy Fund, Flourish, Humanity United, Imaginable Futures, and Luminate — to jointly fund two regranting organizations focused on supporting grassroots racial justice groups. Emergent Fund (a fiscally sponsored project of Amalgamated Charitable Foundation) quickly moves no strings attached resources to communities of color under attack by federal policies and priorities. Liberated Capital Fund of the Decolonizing Wealth Project (fiscally sponsored by Allied Media Projects) provides unrestricted resources through a reparations model to Black and Indigenous-led organizations to shape a future where we can all heal from generations of colonial trauma. As a result of the substantial work we’ve seen around the country, we will have exceeded our initial goal and invested a total of $1,050,000.

We believe that these investments are a significant step towards creating the world we are advancing toward in our mission as an organization. But this is only a first step. We are committed to building true partnerships with these organizations, putting our relevant resources at their disposal, and amplifying their work to a broader audience of both practitioners and funders. Investing in justice means much more than dollars; it is a whole-hearted commitment by our institution.

An Investment in Justice was originally published in Omidyar Network on Medium, where people are continuing the conversation by highlighting and responding to this story.


Berkman Klein Center

What can tech learn from sex workers?

Sexual Ethics, Tech Design & Decoding Stigma By Zahra Stardust, Gabriella Garcia and Chibundo Egwuatu With thanks to Livia Foldes & Danielle Blunt. Images by Decoding Stigma. What would tech look if it was designed by sex workers? What values would be embedded into the design? A new collective, Decoding Stigma, is hoping to find the answer by bridging the gap between sex
Sexual Ethics, Tech Design & Decoding Stigma

By Zahra Stardust, Gabriella Garcia and Chibundo Egwuatu
With thanks to Livia Foldes & Danielle Blunt. Images by Decoding Stigma.

What would tech look if it was designed by sex workers? What values would be embedded into the design?

A new collective, Decoding Stigma, is hoping to find the answer by bridging the gap between sex work, technology, and academia. The goals are twofold: to prioritize sexual autonomy as a necessary ethics question for researchers and technologists and to design a liberatory future in which sexually stigmatized voices are amplified and celebrated.

Decoding Stigma is the continuation of research presented by Gabriella Garcia at the Interactive Telecommunications Program at New York University. Garcia’s thesis, Shift Control, End Delete: Encoded Stigma, which she explains in detail here, explores how whorephobia becomes encoded in tech design, despite the historically co-constitutive relationship between sexual labor and the development of digital media.

The distribution of sexual material fiscally supported the historical development of communications technology, from the emergence of photography, home video, to even cable TV as the sexual revolution of the 1970s collided with more affordable means of film production and the birth of public-access television. Money made in the erotic market of 1980s proto-internet bulletin board systems (BBSs) literally paid for the material infrastructure that paved the path toward the world wide web before mainstream consumer adoption could even be taken into consideration.

As necessary innovators, sex workers are consistently early adopters of new technologies, designing, coding, building, and using websites and cryptocurrencies to advertise. In our time of internet ubiquity, sex workers often build up the commercial bases of platforms, populating content and increasing their size and commercial viability, only to later be excised and treated as collateral damage when those same platforms introduce policies to remove sex entirely.

Now, overarching policies that prohibit sexual communication, expression, and solicitation are commonplace. While some have responded to legislation such as FOSTA/SESTA that prohibits the promotion or facilitation of prostitution, many of these policies go far beyond what is legally required. When Apple, the first company to “put the internet in everyone’s pocket,” prohibited explicit content under its “Safety” conditions for third-party app developers, it fundamentally equated erotic material with torture, bigotry, and physical harm. As growing numbers of people are accessing their news and information via mobile (and thus via app), content must increasingly pass Apple’s Terms and Conditions as a point of market viability.

With algorithms to detect sexual content by picking up particular words, emojis, and hashtags and recognition software that scans for nudity, body parts, and skin patches, sex is under increasing surveillance. A