Organizations | Identosphere Blogcatcher

Watch the video to learn how to go passwordless with passkeys.

What is a passkey? A passkey is a FIDO authentication credential based on FIDO standards, that allows a user to sign in to apps and websites with the same process that they use to unlock their device (biometrics, PIN, or pattern). Passkeys are FIDO cryptographic credentials that are tied to a user’s account on a website or application. With passkeys, users no longer need to enter usernames and passwords or additional factors. Instead, a user approves a sign-in with the same process they use to unlock their device (for example, biometrics, PIN, pattern).

Learn more about the benefits of using passkeys and how to get started with passkeys by visiting the FIDO website: https://fidoalliance.org/passkeys/

For more passkey-related resources, visit passkeycentral.org today: https://www.passkeycentral.org/home

We all know passwords are frustrating to use, and not safe. Passkeys are the replacement for passwords. Strong cryptographic security behind passkeys prevents phishing attacks, reduces security breaches and account takeovers. Passkeys make sign-ins fast, simple, and secure. Passkeys also sync easily across all user devices, including new ones. Passkeys for businesses reduce IT time, avoid desktop hassles, and there’s no more costly password resets.

Ready to switch to passkeys?

Visit Passkey Central today to get started: https://www.passkeycentral.org/home

Greetings Elanauts! As we approach the close of 2024, we are thrilled to share progress and updates on Elastos’ BeL2 Arbiter Protocol—a key element of BeL2’s mission to provide a trustless, decentralised financial infrastructure for native Bitcoin (NB) DeFi. While development is ongoing, here’s an update on the anticipated features and the roadmap toward delivery.

Key Features of the Arbiter Protocol Asset Versatility for Arbiter Registration: The upcoming protocol will support Elastos (ELA) and BPoS NFTs as acceptable assets for staking as margin. This focused asset support strengthens the connection to the Elastos ecosystem while incorporating BPoS NFTs to support additional mainchain staking and mainchain ELA rewards. Governance for DApp Integration: DApps will need to register and receive approval to use the protocol. This process will either be overseen by a designated administrator or structured through a DAO protocol, ensuring fairness and collective decision-making. Further details regarding governance will be refined collaboratively with the community. Transaction Management and Fees: Each DApp transaction using the protocol will designate an arbiter and incur a handling fee. The fee will depend on the arbiter’s pledged assets and the transaction duration. For instance, at a 10% annualised rate, a 6-month transaction requiring 10,000 ELA pledged would generate a handling fee of 500 ELA. Future Incentive Mechanisms: At present, the protocol does not include a token issuance mechanism for arbiters. This element, part of the broader incentive system, will be evaluated during future development. Development and Rollout Roadmap Finalising Product Features (3–4 weeks remaining): The development team is focused on completing the functional components of the Arbiter Protocol. Internal Testing and Refinements (~2 weeks): Comprehensive testing will follow, ensuring functionality and addressing any issues identified. Alpha Release (Internal Testing & Feedback): A limited release will enable stakeholders to provide feedback on the protocol’s design and performance. Beta Release (Community Testing & Feedback): The protocol will then be opened to the community for further testing and input to fine-tune its operation. Looking Ahead

The Arbiter Protocol delivers the final piece of BeL2’s decentralised clearing service. By introducing execution through dispute resolution and time-based transaction handling, it completes the system’s foundation. This capability adds to the already established components of collateralisation, verification, and cross-chain communication, offering a fully operational framework for NB DeFi.

The Role of the Arbiter System in Decentralized Clearing Collateralisation via Locking Scripts
Bitcoin transactions are safeguarded by locking scripts, allowing users to secure assets like BTC, ELA, or NFTs within a trustless structure. Verification through Zero-Knowledge Proofs (ZKP)
Transaction validity is confirmed using ZKPs, ensuring data integrity and privacy without exposing sensitive details. Cross-Chain Communication via ZKP
The system passes ZKPs into EVM-compatible smart contracts, enabling Bitcoin to engage with external smart contract ecosystems without leaving its native network. Execution and Dispute Resolution
Arbiter nodes manage time-sensitive transactions and resolve disputes in a decentralised manner, eliminating reliance on centralised systems. Next Steps: Expanding the Ecosystem

With Version 1 nearing completion, our focus will turn to refinement and ecosystem growth:

Reducing ZKP Generation and Verification Times
Integrating recent optimisation of the time for ZKP processes into loan dApp to showcase improved transaction flow and user experience. zkBTC Full Nodes on Mobile
Enabling mobile devices to operate zkBTC full nodes will increase accessibility and decentralisation. Launch of the NBW Stablecoin
The Native Bitcoin World (NBW) stablecoin will be the first major DApp on BeL2. This BTC-backed stablecoin will provide new opportunities for payments and lending while upholding Bitcoin’s foundational principles.

Thank you for being part of this journey as we bring native Bitcoin DeFi closer to reality! Did you enjoy this article? Follow Infinity for the latest updates here!

When Facebook hit 1 billion users in 2012, CEO Mark Zuckerberg said that when it comes to getting another billion users, “The big thing is obviously going to be mobile.”...

What started as a college project has now become a pantry staple sold in over 5,000 stores. 

In this episode, Matt Pittaluga, Co-Founder of Hank Sauce, joins hosts Reid Jackson and Liz Sertl to share how a homemade hot sauce grew into a beloved national brand.

Matt explains how traceability and consistency have been key to scaling the business while keeping product quality high. Through detailed product codes and a robust production database, Hank Sauce tracks every ingredient from batch creation to store shelves, ensuring full transparency and control.

This meticulous approach to data and process has fueled Hank Sauce’s growth from a local favorite to a nationwide success.

 

In this episode, you’ll learn:

How Hank Sauce scaled its distribution to national retailers The importance of traceability in ensuring food safety and product quality Strategies for building networks to expand brand reach

 

Jump into the conversation:

(00:00) Introducing Next Level Supply Chain

(01:34) The Hank Sauce story

(06:38) Grassroots marketing and early sales strategies

(10:09) Scaling up distribution to large retailers

(13:22) The importance of traceability and food safety

(16:11) Building a brand with a limited marketing budget

(19:21) Advice for new entrepreneurs

(26:30) Matt Pittaluga’s favorite tech

 

Connect with GS1 US:

Our website - www.gs1us.org

GS1 US on LinkedIn

 

Connect with the guest:

Matt Pittaluga on LinkedIn

Check out Hank Sauce

Pushing Forward Interoperability in Decentralized Communication

The Decentralized Identity Foundation (DIF) is thrilled to invite organizations, developers, and community members to participate in an exciting event centered around fostering interoperability within the DIDComm ecosystem.

What is DIDComm?

DIDComm (Decentralized Identifier Communication) is an open standard designed for secure, private peer-to-peer communication, powered by Decentralized Identifiers (DIDs). Unlike traditional communication protocols that depend on centralized entities, DIDComm offers a self-sovereign approach that supports verifiable identities and ensures the highest level of privacy and security.

With the growth of DIDComm implementations across the ecosystem, this event presents an opportunity to come together, test integrations, and enhance interoperability in a collaborative environment.

Event Details

Date: December 12, 2024  
Time: 7:00 am PT / 3:00 pm GMT  
Format: Each testing session will be 30 minutes long. Participants can choose to test with as many or as few others as desired.  

This Interop-a-thon will focus on testing DIDComm V2 features. The goal is to facilitate scenarios such as sending a message from one app to another, with the receiving app decrypting and understanding the content. While different agents may have different functional focuses (e.g., mediators understanding forward messages but not needing to send them), participation helps ensure comprehensive compatibility across various implementations.

Preparation and Resources

To make the most of your experience at the Interop-a-thon, we encourage participants to prepare in advance by using the reference implementation for preliminary testing. The DIDComm Demo supports all core features relevant to the event, with the exception of Out of Band messages. For those needing to create out-of-band invitations, a helpful webpage can be found here to generate invitation URLs and QR codes for testing purposes.

If you have any questions or need assistance before the event, the DIDComm User’s Group is an excellent resource, offering support and guidance as you get ready for a successful event.

Volunteer Opportunities  

We’re looking for room facilitators to help coordinate and ensure smooth sessions. If you’re interested, please sign up here.

How to Join  

Complete this form and submit it by close of business on December 1, 2024, to confirm your participation. 

Whether you’re developing, deploying, or experimenting with DIDComm, this event is an invaluable opportunity to engage with peers and push the boundaries of decentralized communication.

Let’s advance interoperability, together!

Silicon Valley tech giants, including Microsoft and Google, have supported tech companies that provide censorship and policing technologies in China, according to publicly available corporate and promotional materials reviewed by...

In Mexico City, growing numbers of women earn their living as gig workers. As women bear the burden of care work, apps like Uber, Didi, and Rappi offer them flexible...

Some things we’ve talked about in our cooperative

I thought it might be a good idea to try to describe the Tao, or the natural way, of WAO.

“In the Tao Te Ching, Laozi explains that the Tao is not a name for a thing, but the underlying natural order of the universe whose ultimate essence is difficult to circumscribe because it is non-conceptual yet evident in one’s being of aliveness.” (Wikipedia)

Doug and I, both founding members of WAO, have a podcast we called the Tao of WAO. The podcast is “A podcast about the intersection of technology, society, and internet culture — with a dash of philosophy and art for good measure.” We’re on hiatus right now, but there are 9 seasons you can enjoy!

WAO is a collective of individuals who broadly agree on many things. Like any group of people, there are nuanced differences in our positions on the issues of the day, so instead of corporate pronouncements, we write things like this Tao or stuff we’ve written on our spirit wiki page.

Using the taxonomy of our podcast tagline, I’ve developed 15 short statements that summarise some of our beliefs:

Technology in the Tao of WAO cc-by-nd Visual Thinkery for WAO Open source is preferred, practicality is required.

We advise our clients and friends on all kinds of technical matters. We have varying beliefs on when to use what kinds of platforms and this statement sums up our approach. We try to find Open Source solutions, but we know that there are a variety of factors — like staff technical skills, developer resources or feature requirements — that need to be taken into account. Sometimes the practical recommendation is the right one.

Open standards lead to a better world.

We are proponents, however, of open source technology and we understand how important it is that our technical infrastructure remains open. There are open standards that underpin much of what we use on a regular basis. The World Wide Web is built on an open standard and so is e-mail. If we want a better world, we need interoperability and cohesion within the tech landscape.

The wild and open Internet is the platform.

It doesn’t make sense to use the same structures, policies and platforms for different people, communities and organisations. There is nuance in every project, so we don’t limit ourselves by recommending the same tools all the time. Instead, we are constantly learning new ways to use the Internet to solve real-world problems. We start with the communities involved, then we figure out how to use the Internet to solve the problems the people within those communities are trying to solve.

Society cc-by-nd Visual Thinkery for WAO Worker owned cooperatives work.

We’re pretty invested in the idea of cooperation. It’s worth noting that cooperatives are not a small ‘subculture’ of the business world. The world’s top 300 cooperative businesses have a turnover of over two trillion dollars a year. 10% of all jobs on the planet are co-op jobs. This economic system is hiding in plain sight and the powers that be don’t want us to know that there is a different way.

Participation matters, so model the behaviours.

Cynics would say that in the grand scheme of things it doesn’t matter what a single person does. We would make a quip about a mosquito having big impact or steal a quote from Margaret Mead (“Never doubt that a small group of thoughtful, committed citizens can change the world; indeed, it’s the only thing that ever has.”) We all have influence and impact on other people, so model the behaviours you want to see in the world and know that your participation matters.

Communities move mountains.

We could steal that Margaret Mead quote a second time, actually. Or, we can simply underline our belief that it is the collective, made up of individuals, that makes the world a better place. There is a more prevalent narrative embedded in (especially) western societies, and it’s one we need to actively disagree with. When we form communities, big or small, we can create more opportunities for everyone.

Internet Culture cc-by-nd Bryan Mathers Digital literacies live on a never-ending continuum.

Dr Belshaw wrote his doctoral thesis on the 8 Essential Elements of Digital Literacies. In it, he writes about ambiguity, defining terms, problems with binary concepts and so, so much more. We at the co-op are keen to help others understand that there is no such thing as being “literate”, digitally or otherwise. Instead, we appreciate acceptance and enthusiasm around the idea that humans are always learning and there is always more to learn.

Structured participation leads to more participants.

Structure helps people find their way into a group. We live in a world of diversity, and yet we tend to hear only the loudest voices. Finding intentional ways to invite participation from more diverse groups of people helps build healthy communities.

Experiment and fail often and loudly.

We are a group of people that likes to try new things. We try to encourage one another to do so, both personally and professionally. We try to be reflective and vocal about our failures, since failing is such a great way to learn.

Philosophy cc-by-nd Visual Thinkery for WAO Learning happens everywhere.

Our brains are constantly changing their very structures. Every day new inputs and impulses work to change the neural pathways that run our whole bodies. We are always learning, even if we’re not trying to. This learning happens at work, in classrooms, at the neighbour’s house, and all forms of learning deserve to be recognised.

Consent-based governance is empowering.

At the co-op we solve prickly problems with a sociocratic approach to decision making. We discuss a proposal and rework it until all members can consent to a decision being made. Governing our cooperative this way means that every member has an invitation to unpick how they’re feeling about something so that everyone can be comfortable in our collective efforts.

We bring our full selves to work.

We have, together, taken courses on conflict resolution and alternative governance structures so that we can bring our full selves to work. We talk to each other about things that are going on inside our minds and do our best to figure out the difference between a perception and an intention. We are human, it’s ok to feel, talking about that helps us work better together.

Art Bad Poetry for the Keep Badges Weird community (now called Open Recognition is for Everybody) Remix is a compliment.

We’re big believers in open licensing, partially because we love to expand and remix ideas, graphics and artwork. Open licensing gives us, as creative folks, the ability to make a thing and credit where the original idea came from. Because Doug published his AI generated photographs “Time’s Solitary Dance” under an open license, I could take them and write a kind of story to them without asking. It became a collaborative art piece.

Bad poetry is just poetry that is bad, and that’s ok.

Bad poetry written by humans is ok, bad poetry written by AI is just bad. We’re honest enough with ourselves to admit when something we’ve done is kind of terrible, like these last few entries into the Tao of WAO.

The Tao of WAO isn’t a thing, it is ephemeral.

If you ask us in a year what we think of this post, we’ll probably say “Heh? What Tao of WAO post, that’s a podcast!” Then you’ll bring this up and it will have my name on it and I’ll feel embarrassed. Looking forward to it!

What’s your Tao?

Need help figuring it out? We need more weird and wonderful projects, so get in touch!

The Tao of WAO was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

Webinar
December 5, 2024
10:00 AM ET

The session will tackle the coming challenges higher education institutions face in achieving compliance with the new ADA Title II standards. Firm deadlines are looming for institutions of all sizes to comply with new rules mandating that all digital content and mobile apps meet WCAG 2.1, Level AA standards. Join Edge’s accessibility experts as we explore the complexities of implementing these changes within strict timelines, the potential obstacles for institutions attempting to navigate these requirements, and how Edge’s expertise and guidance can streamline the path to compliance. You’ll gain valuable insights on preparing your institution’s digital accessibility strategy and understanding the key elements of this regulation.

This webinar will:

Outline new ADA Title II requirements and their impact on compliance and institutional operations. Provide insights on addressing accessibility standards sustainable leading up to and beyond the initial deadline. Identify the challenges and potential roadblocks in achieving accessibility compliance in time. Explore how partnering with Edge as a nonprofit consortium can provide the support and resources needed to facilitate compliance. Register Now »

The post Interpreting ADA Title II Compliance: Implications for Institutions and How You can Prepare appeared first on NJEdge Inc.

The post Leveraging National Supercomputing Resources for Research and Education appeared first on NJEdge Inc.

Webinar
December 6, 2024
12:00 PM ET

You are invited to a virtual event.

Presented by: Lukman Ramsey, Ph.D., Head of AI Solutions, Public Sector and Education

This presentation will explore the transformative role of artificial intelligence in the educational sector. Drawing on Dr. Ramsey’s extensive experience, he will outline the key challenges currently being addressed by AI technologies and will delve into specific applications, particularly in AI-driven tutoring and personalized learning experiences. The discussion will highlight innovative solutions developed by Google, demonstrating recent advancements and envisioning the future trajectory of AI in education.

Register Now »

Please contact Forough Ghahramani (research@njedge.net) for additional information.

We are grateful for support from the National Science Foundation.

CC* Regional Networking: Connectivity through Regional Infrastructure for Scientific Partnerships, Innovation, and Education (CRISPIE) project (NSF OAC- NSF0311528)

The post The Impact of AI on Education appeared first on NJEdge Inc.

Enhancing medical device logistics at The First Affiliated Hospital of Sun Yat-sen University, China Manual coding in SPD management poses risks of errors like incorrect labelling, leading to medical hazards.

Traditional adverse event reporting is inefficient, burdening departments with excessive paperwork. Implementing UDI enhances device traceability, automates inventory management with smart systems and streamlines adverse event reporting

Business goal GS1 Healthcare Case Studies 2023-2024 gs1-healthcare-case-studies_enhancing-medical-device-logistics-_gs1-china_final.pdf

Futureproofing medical device supply using GS1 standards Due to NHS requirements and changes to the EU medical device regulations, PDI was required to ensure all products were issued with GTINs and that medical devices had unique device identifiers to comply with EU MDR.

They implemented new equipment and processes to ensure compliance and continue to service its international customer markets.

Business goal GS1 Healthcare Case Studies 2023-2024 gs1_uk_pdi_final.pdf

The Wireless Broadband Alliance (WBA), the global industry body dedicated to improving Wi-Fi standards and services, announced a new framework for WBA integrating OpenRoaming and FIDO Device Onboard (FDO). This initiative is intended to enable a seamless and secure zero-touch onboarding process for Internet of Things (IoT) Wi-Fi devices.

It’s been a couple of years since Apple, Google, and Microsoft started trying to kill the password, and its demise seems more likely than ever.

The FIDO Alliance, the industry group spearheading the passkey push, is putting out some much-needed guidelines to make passkeys usage feel more consistent from one site to the next, and the big tech platforms are getting better at letting you store passkeys in your preferred password manager. Work is also underway on a protocol to let people securely switch between password managers and take all their passkeys with them.

All this is contributing to an air of inevitability for passkeys, especially as major e-commerce players such as Amazon and Shopify get on board. Even if you’re not fully attuned to the passkey movement, you’ll soon have to go out of your way to avoid it.

“Within the next three to five years, virtually every major service will offer consumers a passwordless option,” says Andrew Shikiar, the FIDO Alliance’s CEO and executive director.

In this series of case studies, the FIDO Alliance talks to organizations that have deployed FIDO strong authentication. In this edition, we spoke with Hyoung Woo Kim who represents the ‘Sunny Bank Business’ department at Shinhan Bank in Korea, which is now offering FIDO-based fingerprint authentication to its Sunny Bank mobile application.

FIDO Alliance: Why did Shinhan Bank decide to offer fingerprint authentication to the Sunny Bank application? What problem were you trying to solve?
Hyoung Woo Kim: Shinhan Bank was looking for a trusted biometric solution to add value for their customers using the Sunny Bank app. We chose this because FIDO has been developed as a biometric standard specifically for the mobile online environment, and biometric-based identity authentication systems through FIDO has been proven to be a secure infrastructure to provide a convenient and strong authentication service. It is used as a second-factor authentication or an easy alternative login of the app (ID/password) in conjunction with the existing banking app.

FIDO Alliance: Please tell us more about Shinhan Bank.
Hyoung Woo Kim: Shinhan Bank was founded in 1897 and operates banking, foreign exchange operations, and trust-services businesses. Its capitalization is 8 trillion KRW ($6.7 billion USD), and the corporation has a turnover of 14.8 trillion KRW ($12.3 billion USD). It has roughly 15,000 employees.

FIDO Alliance: Please describe the new service.
Hyoung Woo Kim: Shinhan Bank has introduced the first FIDO-based biometric authentication technology in the domestic banking services market. This service is a specialized mobile banking platform for Shinhan Bank called ‘Sunny Bank’. By introducing the first non-face-to-face personal identity authentication system, it makes possible a variety of traditional banking services such as opening a new account, deposit and withdrawal inquiry, currency exchange services, MyCar loan applications, and so forth without visiting a bank branch.

FIDO-based fingerprint authentication services with OnePass replace the existing certificate verification system so that the Shinhan Bank app service increases security as well as convenience for its customers in the financial services sector.

FIDO Alliance: Why did Shinhan Bank choose to use FIDO standards for this service?
Hyoung Woo Kim: With the explosive growth in mobile and online banking services, coupled with mandatory regulations changes related to banking and finance security, the need for a new secure authentication method that is also convenient for mobile users was very pressing.

Furthermore, the FIDO protocol is built around the secure storage of biometric information on the local device, with no transmission of the information necessary for authentication. The FIDO system locally verifies the user on his or her own device and then authorizes an encrypted authentication response to the server.

In order to satisfy both security concerns as well as customers’ requirements, building a convenient and secure authentication service that combines identity services with secure authentication is a real challenge. For Shinhan, the FIDO-based OnePass system was a clear choice to answer that challenge.

FIDO Alliance: What partners worked with you to enable FIDO authentication for the service?
Hyoung Woo Kim: FIDO authentication for the service has been built with Raonsecure, which is a leading FIDO-based biometric solution, mobile security, and PKI security technology provider. Raonsecure was one of the first companies to earn FIDO certification and is a leading FIDO authentication technology provider in Korea. Based on strong financial services management know-how, Raonsecure offers a range of technologies for clear understanding and meeting the requirements of Shinhan Bank.

FIDO Alliance: How many customers are now using the Shinhan Bank service and has Shinhan Bank seen any other positive results?
Hyoung Woo Kim: Shinhan Bank serves approximately 23 million customer accounts, which is roughly half the total population of the Republic of Korea (excluding duplicate customers in 2014).

FIDO Alliance: What role do you see FIDO-based authentication playing for Shinhan Bank in the future?
We are currently providing FIDO-based fingerprint authentication login services with enhanced security to an existing simple login method for customers using the Sunny Bank app, and as an additional authentication method. Currently, it is provided for Android and iOS Smartphone devices with the fingerprint authentication function.

Login, signup products, and funds transaction services provided with existing certificate verification will be gradually changed to the FIDO-based biometric solution, such as fingerprint authentication services via the smartphone application. It will maximize security in financial services and customer convenience simultaneously. Other means of authentication are also being planned in order to expand the variety of other authenticator types, such as iris scan and facial recognition-based authentication.

Join our report launch!

The post Dec 3 – Join our online event: Alternative social media platforms for social justice organizations  appeared first on The Engine Room.

One day in September, Bisi Alade rode past a long line of motorists at a fuel station in Abeokuta, the capital city of Ogun State in southwest Nigeria. Two weeks...

This is important. Be there.

If we want VRM to prove out globally, we have to start locally. That’s what’s happening right now in India, using ONDC (the Open Network for Digital Commerce), which runs on the Beckn protocol.

ONDC is a happening thing:

One big (and essential) goal for VRM is individual customer scale across many vendors.  ONDC and Beckn are for exactly that. Here is how kaustubh yerkade explains it in Understanding Beckn Protocol: Revolutionizing Open Networks in E-commerce:

Beckn protocol in the Real World
The Beckn Protocol is part of a larger movement toward creating open digital ecosystems, particularly in India. For example, the ONDC (Open Network for Digital Commerce) initiative in India is built using the Beckn protocol, aiming to democratize e-commerce and bring small retailers into the digital economy. The Indian government supports ONDC for making digital commerce more accessible and competitive.

Here are some practical examples of how the Beckn Protocol can be used in different industries:

1. Ride-Hailing and Mobility Services
Example: Imagine a city with multiple ride-hailing services (e.g., Uber, Ola, Rapido). Instead of using individual apps for each service, a user can use one app powered by the Beckn Protocol. This app aggregates all available ride-hailing services, showing nearby cars, prices, and estimated arrival times from multiple providers. The user can choose the best option, book the ride, and pay directly through the unified app.

Benefit: Service providers gain broader visibility, and users can easily compare services in one place without switching between apps.

https://becknprotocol.io/imagining-mobility-with-beckn/

2. Food Delivery Services
Example: A consumer uses a food delivery app that leverages Beckn to show restaurants from multiple food delivery services (like Zomato, Swiggy, and local food delivery providers). Instead of sticking to just one platform, the user sees menus from different services and can order based on price, availability, or delivery time.

Benefit: Restaurants get listed on more platforms, increasing their exposure, and users can find more options without hopping between different apps.

3. E-Commerce and Local Retail
Example: A shopper is looking for a product (like a phone charger) and uses an app built on the Beckn Protocol. The app aggregates inventory from big e-commerce players (like Amazon or Flipkart) as well as small local retailers. The user can compare prices and delivery times from both big platforms and nearby local stores, then make a purchase from the most convenient provider.

Benefit: Small businesses and local stores can compete with larger e-commerce platforms and reach a wider audience without needing their own app or website.

4. Healthcare Services
Example: A patient needs to book a doctor’s appointment but doesn’t want to manually search through different healthcare platforms. A healthcare app using Beckn shows available doctors and clinics across multiple platforms (like Practo, 1mg, or even independent clinics). The patient can choose a doctor based on location, specialization, and availability, all in one place.

Benefit: Patients get access to a larger pool of healthcare providers, and doctors can offer their services on multiple platforms through a single integration.

5. Logistics and Courier Services
Example: An online seller wants to ship products to customers but doesn’t want to manage multiple courier services. With an app built on Beckn, they can see delivery options from multiple logistics providers (like FedEx, Blue Dart, and local couriers) and choose the best one based on cost, speed, or reliability.

Benefit: Businesses can streamline shipping operations by comparing various logistics providers through one interface, optimizing for cost and delivery time.

6. Public Transportation
Example: A commuter is planning a trip using public transit in a city. Using a Beckn-powered app, they can view transportation options from multiple transit services (like metro, bus, bike-sharing services, or even ride-hailing). The app provides real-time schedules, available options, and payment methods across different transport networks.

Benefit: The commuter has a unified experience with multiple transportation modes, improving convenience and access to more options.

7. Local Services (Home Services, Repair, Cleaning)
Example: A user needs a home repair service (e.g., a plumber or electrician). Instead of browsing different service provider platforms (like UrbanClap or Housejoy), a Beckn-enabled app aggregates professionals from multiple service providers. The user can compare prices, reviews, and availability and book a service directly from the app.

Benefit: Service providers get access to more customers, and consumers can quickly find professionals based on location, reviews, and price.

8. Travel and Hospitality
Example: A traveler uses a travel booking app based on Beckn to find accommodations. The app aggregates listings from various hotel chains, Airbnb, and local guesthouses. The traveler can filter by price, location, and amenities, then book the best option without switching between platforms.

Benefit: Smaller accommodation providers can compete with big brands, and travelers get access to more choices across different platforms in one app.

9. Government Services and Civic Engagement
Example: A citizen uses a Beckn-enabled app to access multiple government services. They can apply for a driver’s license, pay taxes, and book a health checkup at a government hospital—all from one platform that integrates services from different government departments and third-party providers.

Benefit: Governments can offer a unified experience across various services, and citizens get easier access to public services without visiting multiple websites or offices.

He adds,

The ONDC (Open Network for Digital Commerce) initiative in India is built using the Beckn protocol, aiming to democratize e-commerce and bring small retailers into the digital economy. The Indian government supports ONDC for making digital commerce more accessible and competitive.

While it is nice to have government support, anyone anywhere can deploy open and decentralized tech, or integrate it into their apps and services.

On Tuesday we’ll have a chance to talk about all this at our latest salon at Indiana University and live on Zoom. Our speaker, Shwetha Rao, will be here in person, which always makes for a good event—even for those zooming in.

So please be there. As a salon, it will be short on lecture and long on dialog, so bring your questions. The Zoom link is here.

 

 

Experts discovered the top 10 overused passwords in the US that could put you at risk of being easily hacked.

NordPass and NordSteller recently released its sixth annual analysis of personal password habits.

Based on NordPass and NordStellar’s data they crunched, ‘secret’ was the most common password in the US.

The management platforms found that the password was used 328,831 times, and it would take less than one second for someone to crack it.

‘Secret’ is also ranked in the top 10 most common passwords in the world.

Andrew Shikiar, executive director of FIDO Alliance, mentioned hackers could guess the password if it’s even spelled using numbers or with other substitutions while speaking with CNBC.

‘For example, they might believe that “secret” is a weak password but “s3cr3t” will be hard to guess,’ Shikiar said in 2019. 

The OpenID Foundation membership has approved the following AuthZEN specifications as an OpenID Implementer’s Draft:

Authorization API 1.0 Implementer’s Draft: https://openid.net/specs/authorization-api-1_0-01.html

An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This Implementer’s Draft is a product of the AuthZEN Working Group.

The voting results were:

Approve – 82 votes Object – 2 votes Abstain – 22 votes

Total votes: 106 (out of 391 members = 27% > 20% quorum requirement)

Marie Jordan – OpenID Foundation Secretary

The post AuthZEN Authorization API 1.0 Implementer’s Draft Approved first appeared on OpenID Foundation.

In Eason Lin’s cramped one-bedroom apartment in Brooklyn’s Sunset Park, the living room is a maze of hundreds of boxes. All of the packages will soon ship out to Americans...

We recently shared some exciting news about a new Working Group, Interoperability Profiling for Secure Identity in the Enterprise (IPSIE). However, there have been some misunderstandings in the media coverage that followed the OpenID Foundation’s announcement. The OIDF is keen to clarify our ways of working and affirm that all the usual due processes have been followed during IPSIE’s formation. 

Background The OpenID Foundation (OIDF) is committed to a world in which everyone can assert their identity wherever they choose. We do this by defining identity standards that are secure, interoperable, and privacy-preserving. OIDF’s Working Groups, through which much of this work is delivered, are underpinned by trust. They provide a safe space for competing organizations to come together and agree on common rules and practices that will solve mutual challenges.  The outcomes of these groups are OIDF Standards – a culmination of the valuable feedback of all the OIDF members in those groups – which go on to become trusted by millions of organizations across the globe.  All the organizations and individual contributors involved in OIDF’s Working Groups are respected thought leaders in their fields and OIDF is proud to be able to bring together their valuable contributions. Introducing IPSIE

Last month, seven members of the OpenID Foundation proposed the IPSIE Working Group under a new proposal and charter to the OpenID Foundation Specifications Committee. That proposal was then supported by the Specifications Council, which means that the new IPSIE Work Group would address a new and relevant area of specification development aligned to the OpenID Foundation’s Mission and Vision.

There are many specifications underlying the Identity and Access Management (IAM) functions in enterprise operations. Achieving interoperability between them and optimizing for security is the challenge at the heart of the IPSIE Working Group charter.

The IPSIE Working Group will develop secure-by-design profiles of these existing specifications with a primary goal of achieving interoperability and security-by-design by minimizing optionality in multiple specifications that are used in enterprise implementations.

Key clarifications:  No one entity or member can create an OpenID Foundation Working Group on their own. A minimum of five active members in the OpenID Foundation are required to propose a new Working Group. In the case of the IPSIE Work Group, there were seven proposers, thus conforming to the usual due process.  No single entity or individual controls the substance of the work conducted within a Working Group. The IPSIE Working Group is a collaboration hosted by the OIDF and made up of many member organizations and individuals, including leading global tech firms and startups, who have committed to working together to address this key industry challenge.  The IPSIE Working Group is in its early days, so there is no new security standard yet. This is work in progress and any proposed standards will follow a rigorous process of community contributions, community feedback, and refining as per the OpenID Foundation Process document.  Since there are no IPSIE Specifications yet, there are no products or services on the market that are based on IPSIE specifications or that can be considered conformant to an IPSIE specification.  Proposers are not Contributors or Adopters. Proposers agree to a problem statement and express willingness to collaborate. At the stage of proposing a WG and until Contribution Agreements are signed, no intellectual property has been contributed to the WG. Consensus is a core value of how the OpenID Foundation conducts the development of standards, and the OpenID Foundation follows the World Trade Organization guidelines for standards bodies. No single entity or individual can make a decision for the group.

These distinctions are important. The work of Standards organizations, like the OIDF, the IETF, the W3C, ISO, and others, are all underpinned by trust. Standards organizations provide safe spaces for government, individuals, and private entities – many of whom often compete – to agree upon common rules and practices. This ensures a level playing field and protects businesses and consumers by promoting security and portability. 

As part of the inquiry into the misunderstanding, the OpenID Foundation Board did recognize that we lack a clear policy on how OpenID Foundation members, contributors, and implementers should refer to OIDF processes and work groups in media and marketing channels. We are working actively to close this policy gap to offer the OpenID Foundation community better clarity and avert future misunderstandings. As always, the Foundation values the trust the community places in OIDF processes and specifications and appreciates the lengths our community goes to sustain the trust that helps deliver on our Mission and Vision.  

To become a member of the IPSIE WG you can find more information here. 

Full information on the OIDF Process Document is here.  

To become a member of the OpenID Foundation link here.  

About the OpenID Foundation The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate.   Find out more at openid.net.

The post For the Record: The IPSIE WG and OpenID Foundation Processes first appeared on OpenID Foundation.

In the business world, data consistency is essential, but so is data privacy and control over who has access to it. Within a permissioned private network, where multiple entities are involved, there may be situations where access to transaction details between specific participants needs to be restricted for various reasons. This highlights the importance of privacy, even among entities within the same private environment. It’s not difficult to envision a scenario where this occurs—for instance, in a setting where transfers of tokens representing financial assets take place between entities.

Corporate Overview

Branch® is a cloud-native home and auto insurance company founded in 2020. Operating on a serverless architecture, Branch’s mission is to simplify the insurance purchasing experience for consumers and independent insurance agents.

“One of our key superpowers is making the insurance buying experience as easy as possible,” explained Arkadiy Goykhberg, Chief Information Security Officer at Branch.

Branch Authentication Challenges

Due to the sensitive nature of their market and the variety of stakeholders they served, Branch faced multiple authentication challenges:

Legacy two-factor authentication. Branch has been relying on SMS-based two-factor authentication, which has multiple issues. Telco issues would prevent users from logging in. It’s also not phishing resistant and subject to risk associated with SIM swapping attacks. Customer support volume. There was a high volume of support tickets related to password resets and login issues. User-friendly approach. Branch needed a more secure and user-friendly authentication process to serve their 12,000+ independent insurance agents. Compliance. Another core challenge was the need to meet strict compliance requirements in the highly regulated insurance industry. How Passkeys Addressed Branch’s Challenges

Branch identified passkeys as the solution to their authentication problems for several reasons.

Enhanced Security: Passkeys are inherently phishing-resistant, addressing the vulnerabilities associated with SMS-based authentication.

Improved User Experience: Passkeys eliminate the need for passwords, reducing friction during login and preventing issues related to forgotten passwords or typing errors.

Reduced Support Burden: By implementing passkeys, Branch saw a significant reduction in support tickets. John MaGee, Software Product Manager at Branch, noted, “We did see our support ticket volume drop by about half, which was the key business goal, outside of some of the user experience and security goals of the project.”

Regulatory Compliance: Passkeys provided a strong foundation for meeting current and future regulatory requirements in the insurance industry.

Compatibility with Existing Infrastructure: Passkeys integrated well with Branch’s cloud-native architecture, allowing for a smoother implementation process.

Implementation process and results Branch adopted a phased approach to implementing passkeys.

The first phase involved internal testing. Branch first implemented passkeys for internal use, which helped build confidence and user acceptance. Branch then went through a vendor selection and development phase, contracting with Descope. Branch decided that it was a more efficient approach to engage with a service provider to help with passkey implementation.

The project roadmap included a two month vendor selection process, followed by a three-month development phase and a six-week end-user migration phase.

The final step was a phased user migration. Branch rolled out passkeys to its agents in waves, starting with a small group and gradually scaling up. The onboarding process involved multiple communication campaigns to prepare users for the new authentication experience. The user journey included prompting users to set up passkeys and providing a fallback option of email and OTP. The goal was to ensure a seamless transition and reduce support ticket volume by eliminating password resets. This approach allowed the company to refine the process based on feedback and minimize risks.

The results of the passkey implementation were impressive:

25% passkey adoption rate across the organization, exceeding internal goals. 50% reduction in support ticket volume related to authentication issues. Maintained steady login failure rates at 5%, despite the transition. Improved user experience, with fewer frustrations related to authentication.

One surprising benefit was the high compatibility of passkeys with existing hardware and software. Goykhberg said that he had initially expected that only approximately 60% of systems would support passkeys.

“That hypothesis was wrong. To my surprise, only a few devices across thousands of logins could not support passkeys,” he said.

Branch’s passkey success and future roadmap

Branch’s successful implementation of passkeys has not only addressed their current authentication challenges but also laid the groundwork for future improvements and expansions.

Goykhberg said:
“Descope’s flexible workflow made implementing passkeys and taking care of edge cases relatively straightforward. With conditional steps, we routed users to passkeys when their hardware or software were compatible, and routed them to fallback MFA options when passkeys couldn’t be supported. Visualizing the user journey as a workflow helps us audit and modify the registration
and authentication journey without making significant code changes, which sets us up well for the future.”

The company’s successful phased rollout approach, starting with internal adoption and then gradually expanding to their agent base, highlights the importance of incremental implementation and learning. This strategy will continue to inform their future authentication initiatives. Building on the initial success of 25% passkey adoption, Branch aims to increase this number through targeted experimentation and user education.

Branch’s successful implementation of passkeys demonstrates how this modern authentication method can significantly improve both security and user experience in the insurance industry. By addressing the vulnerabilities of traditional authentication methods,
reducing support burden and providing a seamless user experience, passkeys have proven to be a valuable solution for Branch’s authentication needs.

Read the Case Study

Trace Labs, Core Developers of OriginTrail, Welcomes Toni Piëch and Chris Rynning to the Advisory Board

Zürich, Switzerland — November 14, 2024

Trace Labs, the core builders behind the OriginTrail ecosystem, is pleased to announce the expansion of its advisory board with the addition of Toni Piëch and Chris Rynning. Both esteemed leaders bring extensive experience in fostering human-centric technology, investment, and innovation, further positioning Trace Labs to drive trusted advancements in Artificial Intelligence (AI) and sustainable digital solutions across multiple sectors, including healthcare, construction, and mobility.

The OriginTrail ecosystem, built on decentralized knowledge graph technology, is committed to leveraging AI in a responsible and sustainable manner. By joining the advisory board, Toni and Chris will help shape Trace Labs’ vision for harnessing AI to positively impact industries while advocating for ethical, human-centered applications of technology.

Toni Piëch

Toni Piëch, a serial entrepreneur and 4th generation member of the Piëch-Porsche family, brings a unique blend of global experience and vision for developing a trusted technology ecosystem. Currently based in Luzern, Switzerland, Toni’s contributions to technology and sustainability are reflected both through the Anton Piëch Foundation (https://www.tonipiechfoundation.org/) and his broad technology investment activities, investing both in venture capital funds and directly in people and companies. A graduate of Princeton University with a background in East Asian Studies, Toni spent twelve years in China before returning to Europe to further his philanthropic and investments efforts that can make significant contributions to a better and safer world.

Toni’s LinkedIn

Chris Rynning

Chris Rynning, an economist and investment professional, brings decades of expertise in venture capital and global markets. A resident of Zurich, Switzerland, Chris is a seasoned investor with a background in mergers & acquisitions, public/private market investing, and is currently the managing partner of the Piëch-Porsche family office AMYP Ventures. A graduate of ESSEC in Paris, Chris also holds an MBA in Finance and Economics from the University of Chicago. His influence spans across Asia, US, and Europe, where he has lived and served as an investor and advisor to scale-up companies, while maintaining a thought leadership role in AI, cryptocurrencies, and blockchain. Chris also authored a book on the topic in 2018.

Chris’s LinkedIn

Toni and Chris join a prestigious advisory board that includes Dr. Bob Metcalfe, Ethernet inventor, and Turing Award winner; Greg Kidd, founder of Hard Yaka; and Ken Lyon, global logistics expert. Together, this board will support Trace Labs’ mission of pioneering decentralized solutions that power trust and transparency.

For further information, please contact:
lucija.naranda@tracelabs.io

Trace Labs, Core Developers of OriginTrail, Welcomes Toni Piëch and Chris Rynning to the Advisory… was originally published in OriginTrail on Medium, where people are continuing the conversation by highlighting and responding to this story.

You might have noticed that many online services are now offering the option of using passkeys, a digital authentication method touted as an easier and more secure way to log in. 

Some 20% of the world’s top 100 websites now accept passkeys, said Andrew Shikiar, CEO of the FIDO Alliance, an industry group that developed the core authentication technology behind passkeys.

Passkeys first came to the public’s attention when Apple added the technology to iOS in 2022. They got more traction after Google started using them in 2023. Now, many other companies including PayPal, Amazon, Microsoft and eBay work with passkeys. There’s a list on the FIDO Alliance website.

Still, some popular sites like Facebook and Netflix haven’t started using them yet.

Passkey technology is still in the “early adoption” phase but “it’s just a matter of time for more and more sites to start offering this,” Shikiar said.

Since 2022, Mariana Garfias Torres, a 30-year-old nutritionist, has been making an additional income by selling housewares from Betterware, a Mexican catalog company. She regularly circulates Betterware’s digital catalog to...

The alleys in South Jakarta are winding and narrow, sometimes just one meter wide, barely enough to fit a motorbike. A delivery rider has to squeeze past laundry racks and...

We are pleased to announce that Particle Network has added BTC Connect to the Elastos ecosystem as part of our ongoing collaboration. This development enhances Elastos relationship with Bitcoin, offering users a slicker Bitcoin experience.

What This Means Single Wallet Use: Connect your Bitcoin wallet—like UniSat, OKX, or BitGet—directly to Elastos. This allows you to interact with both the Bitcoin network and Elastos’ smart contracts using the same wallet. Smart Account Assignment: When you connect, BTC Connect assigns a smart account to your Bitcoin wallet. Your Bitcoin wallet acts as the signer, so you don’t need separate accounts. Easy Transactions: Send and receive transactions on both Bitcoin and EVM-compatible chains without hassle. Your Bitcoin wallet’s signatures are adapted for use on these chains.

Looking Ahead with BeL2

BTC Connect sets the stage for supportive BeL2 dApp possibilities:

DeFi Access: Soon, you might use your Bitcoin wallet to secure BTC, generate proofs for smart contracts, and obtain USD loans or issue stablecoins all in one wallet. These balances would appear in your BTC Connect account, usable across various chains. Unified Experience: BeL2 DApps could let you handle complex DeFi tasks directly from your Bitcoin wallet, making it feel like you’re still on the Bitcoin network but with added features from Elastos’ SmartWeb. Cross-Chain Use: Use stablecoins or USD loans across different EVM chains without needing traditional intermediaries or bridges.
Try It Out

Experience this advancement by checking out the BTC Connect demo: BTC Connect Demo.

Our collaboration with Particle Network brings BTC Connect into Elastos, giving users a unified and secure blockchain environment. We’re excited about the future possibilities this opens up for users and developers alike. Did you enjoy this article? Follow Infinity for the latest updates here!

Progressive Trust—it sounds a bit like something from a relationship advice column, right? But in the world of digital interactions, it’s actually a revolutionary model, one that moves us away from “all-or-nothing” choices into a more human, flexible way of establishing trust. Progressive Trust is about mirroring the natural ways we build trust in real life, adding depth and resilience to our digital interactions.

“The basic idea behind progressive trust is to model how trust works in the real world”
—Christopher Allen, Musings of a Trust Architect: Progressive Trust (December 2022)

In real life, trust doesn’t happen at the click of a button. It’s a process. You don’t start a friendship, a business deal, or a marriage with complete openness or blind trust. Instead, what you reveal is initially minimized, and then trust builds up gradually. As we share experiences, we reveal more, bit by bit, learning through consistent responses from the other person. When it comes to digital relationships, whether they’re between people, devices, or other entities, why should things be any different?

Why Progressive Trust Matters Today

The internet didn’t start off so polarized. Back in the early days, you could slowly get to know people online, like on message boards or MUDs, where interaction was incremental and organic. But as commercialization took over, new online communities popped up with restricted, binary models of trust. Tech giants started telling us who to trust based on certificates or institutional endorsements, pushing people into a “trust or don’t trust” mindset. But this one-size-fits-all approach isn’t just impersonal. It’s risky. Without the gray area, we’re left with blind trust or total skepticism, with few options inbetween.

Enter Progressive Trust, which seeks to change that by returning choice to the user, letting individuals decide whom to trust and how much of themselves to reveal over time. It’s an effective way to enhance security and protect user agency, fitting seamlessly into decentralized systems like blockchain, where openness and security go hand in hand. Progressive Trust takes the online world back to a more natural process of gradual trust-building, transforming digital trust from a binary affair into something more organic.

The Progressive Trust Life Cycle

Let’s break down the Progressive Trust Life Cycle into its key phases, each step building on the last and adding layers of trust over time. Think of it as a journey from cautious introduction to informed engagement, with each phase providing the groundwork for a stronger, more resilient trust model. These are the steps of progressive trust that are simultaneously automatic in the real world and often ignored in the digital world.

0. Context – Interaction Considered

The foundation of Progressive Trust begins with understanding the Context of an interaction. This sets the stage by establishing the purpose and parameters of the interaction, helping each party assess risk and feasibility. Before any data is exchanged or any commitments are made, each party considers the interaction’s purpose, its goals, its potential benefits, and the risks involved. They also examine the setting in which the interaction takes place, ensuring that they understand the overall environment and any particular conditions that might impact their decision.

Example: A homeowner, Hank, evaluates hiring a contractor for a kitchen remodel. He considers the financial costs, the importance of quality work, and the potential risks of inviting someone into his home for an extended period. The stakes of the scenario are sufficient to prompt Hank to engage in a Progressive Trust model, as opposed to a quick, one-off transaction.

This initial phase helps each side assess whether the potential stakes, such as financial or reputational risk, warrant a full, Progressive Trust approach or if simpler, lower-risk models could suffice.

1. Introduction – Assertions Declared

With the interaction context defined, both parties proceed with Introduction, where they each make initial declarations and claims. By sharing basic information, the parties set the groundwork for further scrutiny, while keeping sensitive details private or hidden (for now).

Example: Hank meets Carla, the cabinet maker, at a social gathering and discusses his interest in remodeling his kitchen. Carla offers her business card and highlights her experience, expressing interest in working with him. This initial interaction is informal yet purposeful, establishing the first connection and introducing each party’s intentions.

This phase is an essential starting point for trust-building, as it allows each party to signal their intentions clearly and publicly, establishing a mutual understanding of what they aim to accomplish. It does not involve extensive trust verification but instead creates a framework of transparency and expectation between the participants.

2. Wholeness – Integrity Assessed

Once an introduction has been established, both parties assess the Wholeness of the information shared. This phase involves evaluating the structural integrity of the data, ensuring that all critical pieces are complete and correctly formatted. Think of this as a quality check: verifying that foundational information is present, well-formed, and free from any immediate signs of corruption or tampering.

Example: Hank checks Carla’s business card, noting that it includes her contractor license number and contact details. Carla, meanwhile, considers whether Hank’s job aligns with her skillset. Both use this phase to make sure the information they have about each other is coherent and free of red flags.

This phase creates the foundation for deeper verification by ensuring that each party’s data contributions are reliable at a surface level. Without verifying structural integrity, any future steps could rest on flawed or incomplete data, leading to potential misunderstandings or risks.

3. Proofs – Secrets Verified

With data integrity confirmed, the next step is Proofs, where parties delve into verifying the sources of the data. It’s a deeper level of validation, establishing the authenticity of the sources for each party’s assertions. That validation leverages modern technology such as digital signatures where possible, to minimize the risk of misrepresentation or fraud.

Example: Hank calls a few of Carla’s previous clients, confirming that they exist, and the testimonials given to him are real. Similarly, Carla may ask for proof of Hank’s readiness to pay by confirming his budget or financial standing.

This phase confirms that both parties’ assertions are backed by a proof, to establish a more secure foundation for the interaction.

4. References – Trust Aggregated

Building on the established proofs, the References phase broadens trust by gathering endorsements, certificates, or additional validation from external sources. This step goes beyond just authenticating the source of any assertions. It’s about gathering the good word from others, including testimonials, reviews, licenses, or certificates. Cryptographic methods may also be used to assure the validity of the references. Parties don’t necessarily gather every reference: they collect until they feel they have enough corroborating information to proceed.

Example: Hank checks Carla’s contractor license in a state registry and reads online reviews. Carla, in turn, verifies Hank’s reputation or credibility within her professional network, gaining confidence that his project is legitimate and that he can be trusted to honor financial commitments.

This phase provides a composite view of the other party’s trustworthiness based on diverse sources, making trust more holistic. It creates a comprehensive picture without oversimplifying the credibility of each party into a binary “yes” or “no.”

5. Requirements – Community Compliance

After personal and third-party validation, the parties consider whether the interaction meets broader Community Standards and Requirements. Here, each party assesses if the interaction complies with external guidelines, legal standards, or industry norms, which may vary by context. Compliance might involve revealing additional data, following guidelines for quality or safety, or meeting regulatory requirements, which helps each party feel confident that their involvement is appropriate and sanctioned.

Example: Hank ensures that Carla’s contractor license and project quote meet legal requirements and industry standards, such as fair pricing and warranty expectations. Carla might consult her network or a local building authority to verify that Hank’s project is feasible and professionally compliant.

This phase adds another layer of credibility through its confirmation that the interaction aligns with expected practices and requirements.

6. Approval – Risk Calculated

With community compliance confirmed, each party calculates the risk of proceeding and provides a tentative Approval. This step involves a personal assessment, comparing the accumulated trust to any potential risks or liabilities. It’s a decision point where each party considers their own risk model and goals, assessing whether the interaction is likely to fulfill their needs without exposing them to undue harm. Approval may involve internal checks or may require formal documentation of agreed-upon terms.

Example: Hank and Carla both review the project’s terms and risk factors, ensuring they feel comfortable with potential liabilities. When ready, they formalize their commitment by signing a contract, each confident that the project aligns with their risk model and is mutually beneficial.

This phase emphasizes that trust isn’t an all-or-nothing concept. It exists on a spectrum, and each party must decide if their level of trust is sufficient to continue.

7. Agreement – Threshold Endorsed (Optional)

In situations of higher stakes or complexity, the Agreement phase may require additional endorsements before proceeding. An Agreement phase is optional but valuable when external input can add layers of confidence, often through the endorsement of peers, family members, or other trusted figures. Threshold endorsements are vital in larger or more sensitive projects, ensuring that all necessary parties or authorities approve before moving forward.

Example: Hank might discuss the project with his family for added assurance, while Carla secures necessary permits from the city. Both parties use these endorsements to reinforce

This phase provides an extra level of validation, helping each party feel more secure in their decision to proceed.

8. Fulfillment – Interaction Finalized

Fulfillment is the phase where each party finally executes their commitments, bringing the project to life based on the trust established through previous steps. Fulfillment requires each party to act according to the rules they’ve set, adhering to any terms, standards, or expectations agreed upon earlier.

Example: Carla completes the kitchen remodel, delivering quality work as per the contract. Hank, in turn, fulfills his financial commitment by making the payment. The project reaches its conclusion, satisfying both parties’ expectations based on their prior trust-building efforts.

This phase represents the culmination of the trust-building process, where both sides honor their agreements and responsibilities. It’s a phase of action rather than evaluation, marking a key transition from planning to execution, after which the interaction is officially complete.

9. Escalation – Independently Inspected (Optional)

In high-stakes or sensitive interactions, the Escalation phase optionally introduces an independent, third-party inspection. This step allows an impartial reviewer to verify that each party’s work or commitments were met, ensuring that the final product aligns with the agreed-upon standards. An inspector may re-evaluate certain phases, especially compliance and fulfillment, confirming that all requirements were followed.

Example: A city inspector reviews Carla’s remodel to ensure it complies with local building codes, giving Hank and Carla final confirmation that the project meets regulatory standards.

This phase helps protect each party, providing an additional level of assurance when risk is high or when the interaction has lasting implications.

10. Dispute – Independently Arbitrated (Optional)

If issues arise, the final, optional phase of Dispute involves resolving conflicts through independent arbitration. In cases where fulfillment does not meet expectations, each party may bring forth additional data or reveal previously concealed information to support their case. An arbitrator then assesses the evidence, reviewing both parties’ original commitments, agreements, and standards, to determine a fair resolution.

Example: If a cabinet installed by Carla collapses, Hank may initiate a dispute to assess liability. An independent arbitrator reviews the contract, Carla’s compliance with installation standards, and any relevant inspection reports, ultimately deciding if Carla is responsible for repairs or damages.

This phase safeguards both parties, providing a structured way to resolve disagreements that may impact future interactions or reputations.

The Progressive Trust Life Cycle

Interactions are actually mirrored by both parties, but this diagram simplifies things in most places by focusing on party two.

Beyond Binary Trust: How Progressive Trust Can Transform the Internet

Progressive Trust offers a way to return agency to individuals in a world increasingly dominated by centralized systems. Instead of clicking “OK” on trust agreements handed down by big corporations, users regain control over who they trust and to what degree, over time. Imagine a digital ecosystem where browsers, websites, or social media platforms gradually allowed users to choose what information they revealed and what they kept private, based on their own evolving trust models.

From Gradients to Greatness

The vision for Progressive Trust goes beyond making interactions safer; it’s about bringing digital trust closer to real-world norms. With Progressive Trust, we’re not just building secure systems—we’re creating environments where people can interact meaningfully and sustainably, with digital relationships that grow stronger over time, just like in real life. Whether it’s in journalism, finance, wellness, or personal data sharing, the possibilities are endless when trust is no longer binary.

Progressive Trust is hard, but it’s worth it. It’s a mature model, one that can elevate our digital interactions by letting trust grow naturally. We’ve evolved this process over thousands of years in the physical world; now it’s time to bring the same wisdom to the online world. By embracing Progressive Trust, we’re not just keeping data safe; we’re building a digital space where people can authentically connect and collaborate, one step at a time.

For a more extensive discussion of this Life Cycle, including a look at the vocabulary and several more examples in different domains, see “The Progressive Trust Life Cycle” on the Developer web pages. For more on progressive trust, see my 2004 introduction of the concept and my more recent 2022 musings on the topic.

Mastercard is enabling faster and more convenient online transactions with its newest feature, Mastercard Click to Pay, launching in the Asia-pacific region.

The result is that consumers will be able to enjoy one-click checkout across devices, browsers and operating systems, without needing to input one-time passwords (OTPs).

The feature is enabled by the Mastercard Payment Passkey Service, which allows on-device biometric authentication through facial scans or fingerprints, the same way phones are unlocked.

The Cybersecurity and Infrastructure Security Agency’s (CISA) secure-by-design pledge has hit its six-month mark, and companies that took the pledge say they’ve made significant security improvements since they signed onto the initiative.

There appears to be growing momentum behind the use of passkeys as an alternative identity verification tool to passwords, with the familiarity with the technology growing over the past two years while the use of passwords as declined a bit, according to the Fast IDentity Online (FIDO) Alliance.

In its latest Online Authentication Barometer, FIDO found that support for a number of authentication options – including not just passkeys but also biometrics – is growing.

Public awareness of passkeys has jumped from 39% in 2022, when the technology was first introduced, to 57% this year. Meanwhile, the use of passwords in various services sectors is dropping. For example, the percentage of people who used a password over a two-month period for financial services dropped from 51% two years ago to 31% this year.

Retail lags in authentication modernization, but not because providers aren’t interested in upgrading. It’s because customers actively reject change. Familiarity, ease of implementation and legacy system compatibility all mean that very few retailers offer anything beyond usernames and passwords, not even two-factor (2FA) and multi-factor authentication (MFA).

Ecommerce sites have experimented with magic links, an authentication method that is a little higher friction but is still a viable passwordless alternative. Meanwhile, biometric authentication (think fingerprints and facial recognition) is gaining popularity among less technical users, even if it’s simply to unlock their smartphones. Passkeys, another passwordless authentication method, leverage biometrics or a PIN to let consumers confirm a purchase with just a tap or a quick selfie.

The inaugural Hiero community meeting marked a significant milestone for the Hiero project, emphasizing its global reach and the adaptive nature of open-source initiatives. Diane Mueller, Head of Open Source Development at Hedera, opened the meeting by providing context on Hiero’s journey and its recent contribution to the Linux Decentralized Trust Fund Foundation. Originally scheduled, Hendrik Ebbers, Chair of the Hiero Technical Steering Committee (TSC), was set to present, but he had to bow out due to illness. Stepping up on short notice was Richard Bair, Hashgraph’s Director of Engineering, another member of the TSC, showcasing the community’s ability to adjust seamlessly.

As Ghana approaches its presidential election on December 7, researchers have uncovered a network of 171 bot accounts on X that use ChatGPT to write posts favorable to the incumbent...

Mahadev Waghji Patel ran Choice Mart for nine years in an affluent neighborhood of Mumbai. His local customers relied on the store for their monthly groceries, and continued to come...

WAO at ePIC 2024 CC BY-NC Visual Thinkery for WAO

Last week, I was in Paris for ePIC, a conference I keynoted 12 years ago(!) in my first week on the Mozilla Foundation’s Open Badges team.

Four years later, in 2016, participants at the event signed the Bologna Open Recognition Declaration (BORD). This year, we signed the Paris Declaration on the Equality of Recognition.

Many thanks to the organisers of the event, who manage to ensure that it runs smoothly every year and invite a wide range of people to participate within the ‘big tent’ that is Open Recognition!

Open Recognition vs Microcredentials CC BY-NC Visual Thinkery

There has been a lot of muddy thinking in the badges and credentials world since Mozilla handed over stewardship of the Open Badges standard. One of the major issues, which we discussed in an impromptu ‘group therapy session’ at ePIC, is the paucity of microcredentials as a term of art.

Microcredentialing, as we shall discuss in an upcoming NDLN Horizon Report, is a supply-side reinvention of Open Badges. Unfortunately, it has at its core neither an agreed-upon definition, nor a technical standard. As such, ‘microcredential’ is what I would call an unproductively ambiguous term; it doesn’t mean or signify much.

The reason that Open Recognition is an increasingly attractive approach to badging is that it is holistic. It builds upon the original, revolutionary Mozilla Open Badges white paper by putting the individual at the centre and decentralising recognition practices. Not all Open Recognition needs to be badged, credentialed, or endorsed, but the important thing is that it can be — and by anyone.

WAO x ePIC

Last year, in Vienna, WAO was represented by Laura, Anne, and me. This year, I went by myself, despite the slide below with Laura’s name on it!

I ran a 45-minute workshop on using AI tools for identifying and mapping skills against various frameworks using a custom GPT that I called ePIC Skills Mapper. I also showed the functionality in one particular badge platform on how AI can help generate badge metadata.

Julie Keane from Participate kindly helped me present in a 20-minute slot for sharing our findings from a recent project in which we were both involved.

Open Recognition is for Everybody (ORE) CC BY-NC Visual Thinkery

WAO would like to reinvigorate the ORE community in 2025. While we’re currently still meeting on the last Tuesday of every month, we can do more in terms of spreading Open Recognition practices within the various communities and networks which we operate.

Why not join us on November 26th to reflect on ePIC and plan for next year? Click here to register — all welcome! https://lu.ma/2wq9hpuc

A Little Open Recognition Goes A Long Way was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

We’ve been heads down working hard on solutions for builders at the intersection of data, AI and crypto. But we’re coming up for air to meet other builders in Bangkok this month. Whether you’re a builder, an operator, or just learning about the space, we’d love to meet you.

Where to find our crew:

Filecoin’s FIL Dev Summit – Nov 11 Devcon – Nov 12-15 Fluence’s DePIN Day – Nov 15 (RSVP to attend, and catch us at our booth)

Join Proof of Data to be part of an ongoing community

Join our private Telegram group, Proof of Data, for people working on challenges related to the Web3 data ecosystem. This is a collaborative, ongoing space where you can connect with others who are interested in decentralized storage, verifiable data, data availability, identity and reputation, synthetic data, DePIN, and more.

To get the invite link, chat with one of our team members at DePIN day, or DM us on X.

Public Review ends -- November 25th

OASIS and the TOSCA TC are pleased to announce that TOSCA v2.0 CSD07 is now available for public review and comment. 

TOSCA provides a language for describing application components and their relationships by means of a service topology, and for specifying the lifecycle management procedures for creation or modification of services using orchestration processes. The combination of topology and orchestration enables not only the automation of deployment but also the automation of the complete service lifecycle management.

The documents and all related files are available here:

TOSCA v2.0

Committee Specification Draft 07

09 October 2024

Editable source:

https://docs.oasis-open.org/tosca/TOSCA/v2.0/csd07/TOSCA-v2.0-csd07.md

HTML:

https://docs.oasis-open.org/tosca/TOSCA/v2.0/csd07/TOSCA-v2.0-csd07.html

PDF:

https://docs.oasis-open.org/tosca/TOSCA/v2.0/csd07/TOSCA-v2.0-csd07.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in a ZIP distribution file. You can download the ZIP file at:

https://docs.oasis-open.org/tosca/TOSCA/v2.0/csd07/TOSCA-v2.0-csd07.zip

How to Provide Feedback

OASIS and the TOSCA TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

The public review starts 8 November 2024 at 00:00 UTC and ends 25 November 2024 at 23:59 UTC.

Comments may be submitted to the project by any person through the use of the project’s Comment Facility. Members of the TC should submit feedback directly to the TC’s members-only mailing list. All others should follow the instructions listed here. 

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification. 

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the TOSCA TC can be found at the public home page here.

Additional references:

[1] https://www.oasis-open.org/policies-guidelines/ipr/

[2] https://www.oasis-open.org/committees/tosca/ipr.php, https://www.oasis-open.org/policies-guidelines/ipr#RF-on-Limited-Mode

Intellectual Property Rights (IPR) Policy

The post Invitation to comment on TOSCA v2.0 appeared first on OASIS Open.

“Show me the incentives and I’ll show you the outcome.”

Authors: OriginTrail Core Developers

Date: November 8th 2024

Since the inception of AI in the 1960s, two main approaches have emerged: neural network-based AI and symbolic AI. Neural networks are statistical systems that generate outputs by detecting patterns in training data, while symbolic AI employs deterministic models with explicit knowledge representations and logical connections. Today, transformers within the Large Language Model (LLM) group dominate neural networks, while knowledge graphs are the leading technology in symbolic AI for representing structured knowledge.

Used alone, each approach has limitations. Neural networks are probabilistic and can produce unwanted outputs (hallucinations), risk intellectual property issues, exhibit biases, and face model collapse with a growing amount of AI-generated (training) data online. Symbolic AI, meanwhile, is constrained by its rule-based reasoning, limiting creativity and user experience. Hybrid neuro-symbolic systems combine the strengths of both, leveraging neural networks’ usability and creativity while grounding them in knowledge graphs. This approach can enhance reliability, mitigate biases, ensure information provenance, and promote data ownership over IP risks.

OriginTrail Decentralized Knowledge Graph (DKG), together with NeuroWeb (the AI — tailored blockchain) is surfacing as one of the key components of the symbolic AI branch, enhancing knowledge graph capabilities with the trust of blockchain technology, and powering, Collective Neuro-Symbolic AI.

This RFC addresses the following key development milestones to further enhance the Collective Neuro-Symbolic AI and will serve as a basis for one of the most extensive roadmap updates to date:

DKG V8 Testnet results and learnings, DKG Core and Edge Nodes Economics, Collective Programmatic Treasury (CPT), DKG V8 Mainnet launch in December

After reading the following OT-RFC-21, you may leave your comment here: https://github.com/OriginTrail/OT-RFC-repository/issues/47

“Show me the incentives, and I’ll show you the outcome.”

The quote by Charlie Munger speaks to the importance of setting the right incentives in any system. As the DKG network matures in scalability and adoption, the incentives can become more refined in their implementations and more aligned with supporting the key metric — growth of usage of the DKG network.

There are multiple roles in the OriginTrail ecosystem that are incentivized with both TRAC and NEURO. TRAC is incentivizing Core node operators and TRAC delegators while NEURO incentivizes Neuroweb blockchain (Collator) node operators, NEURO delegators, and knowledge publishers (henceforth best represented by DKG EDGE node operators) for incentivized paranets.

The establishment of Collective Programmatic Treasury (detailed in a dedicated section below) will give the most active DKG paranets, by volume of new knowledge assets published to the DKG, an opportunity to take part in building the future of the technology.

The incentives updates and novelties will be released as a part of the DKG V8 mainnet release.

DKG V8 testnet results and learnings

In the first 5 weeks since the DKG V8 Testnet launch, the community has deployed over 500 V8 core nodes, which as part of the incentive program submitted over 3.7 terabytes and 13.7B lines of core node operational logs, and over 8 million Knowledge Assets published. These have proven very valuable inputs for the core developers who have introduced several optimizations to the DKG based on the submitted telemetry, including performance boosts on the new paranet syncing features, testing curated paranets, and other performance updates.

Chart of log lines submitted by V8 Core Nodes telemetry

The number of nodes on the V8 testnet highlights another key insight: even with a fixed reward budget of 100k TRAC, which was allocated to test the behavior of V8 Testnet Core Nodes, achieving an economically viable node count requires the full implementation of the DKG delegated staking feature. Delegated TRAC acts as a market mechanism to balance the node count according to the rewards available in the network at any time. This underscores the critical role TRAC delegators will play in maintaining stability and economic balance within the V8 DKG ecosystem.

As the initial phase of the V8 testnet wraps up, advancing V8 features and validating them requires an environment where all economic incentives are active to support the full deployment of the DKG V8. Key V8 components, such as the Edge Node and Core Node, will now continue to be deployed and optimized on the V6 mainnet, with the V8.0 mainnet launch set for December this year. This launch will initiate the Tuning Period, during which V8 will gain enhanced performance with features like Batch Minting, Random Sampling, and a new staking interface, all backed by real economic incentives.

In addition, synergistic effects between publishers (represented by DKG Edge Nodes, once the V8 network is deployed) and Core DKG Nodes will be fostered through horizontal scaling. This approach aims to refine network signaling, enabling an optimal network size by aligning the number of nodes more precisely with network demands.

The details in the following chapters of this RFC create a level playing field to prepare for updates on existing incentives on the DKG Core node and access to Collective Programmatic Treasury (CPT).

DKG Core and Edge Nodes Economics

The DKG V8 has been designed with major scalability improvements at multiple levels, with a prototyped implementation tested in collaboration with OriginTrail ecosystem partners from data-intensive sectors.

The major advancement that DKG V8 is making is in expanding the OriginTrail ecosystem’s product suite to two key products:

DKG Core Node V8 — highly scalable network nodes forming the network core, persisting the public replicated DKG DKG Edge Node V8 — user-friendly node applications tailored to edge devices (phones, laptops, cloud, etc)*

*The expansion to more devices is intended to be based on ecosystem builders’ capacity and market needs.

Internet scale with DKG Edge nodes

Edge nodes enable the DKG to reach every part of the internet we know today — any device, any user, any chain. Being a light-weight version of the DKG node, Edge nodes can support both accessing the private and public knowledge on the DKG as well as publishing new knowledge.

Having this capability, DKG Edge node is a very useful tool:

for paranet operators to enable knowledge miners to publish new knowledge onto their paranets; for solution builders as a flexible interface for their neuro-symbolic AI products that can access both private and public parts of the DKG; for DKG Edge node operators that want to start publishing to the DKG so they could transform their DKG Edge node into a DKG Core node.

The continuation of V8 development focuses on teams looking to deploy their paranets & Edge nodes on DKG Mainnet to generate substantial usage. Therefore, the DKG Edge Node Inception Program budget of 750k TRAC is dedicated to builders launching paranets on both the V6 and V8 mainnet, with up to 100k TRAC per builder available as reimbursement for TRAC used for publishing to a particular paranet.

More details on how you can apply for the DKG Edge Node Inception Program can be found here.

Horizontal scaling with DKG Core nodes

The backbone of the DKG network in V8 is formed of DKG Core nodes, whose purpose is to ensure secure hosting of the public DKG and facilitate network communication in a decentralized fashion. DKG Core nodes are incentivized through competing for DKG publishing fees in TRAC tokens, which are distributed among the best performing nodes in the network.

The success of a Core node in capturing fees in DKG V6 is currently a function of 3 factors: (1) node uptime and availability, (2) total TRAC stake delegated to a node, and (3) network hash distance (enabling efficient knowledge content addressing).
Several learnings have been acquired in V6 through the period of the system running in production, most notably on how to improve scalability and further fine-tune the incentive system for DKG growth, by updating the relevant parameters in the tokenomics formula.

Particularly, the community of node operators has been indicating the hash distance factor as the most problematic one, causing randomization and impacting the system in an unpredictable and asymmetric way (the nodes with the same amount of stake and uptime could perform differently in terms of rewards due to a different hash ring network position).

On the other hand, the builders’ feedback is that the friction to contributing to the DKG needs to be significantly lower, specifically in terms of publishing price per knowledge asset (addressed with scalability) and accessibility to publishing through available nodes, expressing the need for an approach similar to blockchain RPC services, which allow sending transactions to the blockchain without running a blockchain node.

Therefore V8 introduces an updated Core node incentive system with the following factors:

Node uptime & availability, in positive correlation, as nodes need to prove their commitment of hosting the DKG by submitting proofs to the blockchain (through the new V8 random sampling proof system), TRAC Stake security factor, in positive correlation — the more stake a node attracts, the higher the security guarantees and therefore the higher chance of rewards (same as in V6), Publishing factor, in positive correlation — the more new knowledge has been published via a specific core node (measured in TRAC tokens), the higher the chance of rewards, Node fee (formerly “ask”), in negative correlation — the nodes with lower fees are positively impacting the system scalability, and therefore have a higher chance of rewards.

The illustrative incentive formula is therefore:

where the specific functions are to be validated on both the testnet (for technical functionality) and mainnet (for market functionality) during the V8 Tuning period.

This addition creates further alignment of Core nodes with the ecosystem growth as Core nodes that take up roles of driving adoption will become more successful. Importantly, it also creates an aligned horizontal scaling approach, since additional Core nodes in the DKG become required with growing adoption. This creates a positive self-reinforcing feedback loop: new adoption leads to new nodes, which leads to increased scale, which unlocks further adoption. We can imagine core nodes almost acting as a “solar panel” that allows publishers to capture TRAC fees from the network so they could use it for their publishing needs.

Network security via staking

TRAC delegators are using their TRAC to secure the DKG network by delegating it to selected Core nodes. In exchange for a delegation (and increasing the core node’s chance of capturing rewards), the node operator splits a part of the captured rewards with the delegators. When selecting the core node to support, the delegators take all the key elements of a successful Core node into account which will, from DKG V8 onwards, include the amount of knowledge added to the DKG.

NEW: Those who use it, will build it: 60MM TRAC Collective Programmatic Treasury (CPT)

To achieve that those who use the network have incentives to build it in the future, the future development fund will be deployed as a 60MM TRAC Collective Programmatic Treasury (CPT). The Collective Programmatic Treasury will be implemented with a programmatic release schedule emitting TRAC to eligible builders. The release schedule will follow the most famous example of emissions in the cryptocurrency space, that of the Bitcoin halving with minor alterations. The TRAC released from Collective Programmatic Treasury will be dedicated to (both conditions should be fulfilled) those who:

use TRAC tokens for publishing knowledge (paranets spending the most TRAC for publishing knowledge), AND have been confirmed eligible for incentives by the community (paranets who have completed successful IPOs and are deployed on NeuroWeb). The schedule

As mentioned above, the schedule draws inspiration from likely the most influential schedule process in Crypto, Bitcoin halvings. The halvings principle dictates that half of the outstanding amount is to be distributed in each following period in equal amounts throughout that period. While BTC halvings are set at 4 years, our schedule proposal is to set this period for 2 years in the case of TRAC. That said, the emissions schedule would be as follows:

The Collective Programmatic Treasury will be deployed on the NeuroWebAI blockchain and will allow paranet operators to trigger Collect reward transactions which will calculate the amount of rewards they are eligible for and pay it out accordingly.

The distribution

The distribution amounts will be tied to the core principle of “Those who use it, will build it”. The metric which will, therefore, define the amount of TRAC that a builder (represented by their paranet) will receive, is tied to their TRAC spending for creating knowledge on the DKG. A simple example would be as follows:

Paranet A spent 1,000 TRAC Paranet B spent 2,000 TRAC Paranet C spent 3,000 TRAC

Collective Programmatic Treasury amount for the period: 600 TRAC

Paranet A: 100 TRAC reward Paranet B: 200 TRAC reward Paranet C: 300 TRAC reward

*all numbers are placeholders, just exemplifying the relationship between the spent and received amounts..

The Collective Programmatic Treasury will be observing DKG network usage on the innovation hub of OriginTrail ecosystem, the NeuroWebAI blockchain, thus applying only to NeuroWebAI hosted paranets.

The eligibility & humans in the loop

Not every paranet on NeuroWebAI is by default eligible for the TRAC dev fund emissions. In order to achieve that status, a paranet must have been voted in via the IPO process, gaining support by the NeuroWebAI community through a NEURO on-chain governance vote. In this way, the community collectively decides on the dev fund & NEURO incentive emissions, transparently implementing the “humans in the loop” system via on-chain governance.

The Collective Programmatic Treasury (CPT) is expected to be implemented in March 2025.

DKG V8 release timeline

November

DKG V8 testnet layer 1 completed OT-RFC-21 release DKG V8 Edge node Inception program start

December

DKG V8.0 Mainnet and Tuning period launch Neuroweb collator staking

January 2025

DKG V8.1, Tuning period ends

February 2025

Neuroweb TRAC Bridge made available

March 2025

DKG V8.2 release — Collective Programmatic Treasury

OT-RFC-21 Collective Neuro-Symbolic AI was originally published in OriginTrail on Medium, where people are continuing the conversation by highlighting and responding to this story.

Digital Identity New Zealand (DINZ) is pleased to see the Government’s latest steps toward establishing safe and secure digital identity services, with the official publication of the Digital Identity Services Trust Framework (DISTF) Rules, effective today. This marks a significant milestone for digital identity in New Zealand, where DINZ has contributed its experienced advice from the outset.

The Complexity of Digital Identity
Building a robust yet adoptable digital identity framework is complex and demands ongoing collaboration and input. DINZ has been a part of this journey from the beginning, providing our expertise to help shape a framework that can work for New Zealand’s diverse communities and business needs.

Support for Our Members
As we pivot our DISTF Working Group’s focus from policy submissions to supporting members in adoption, DINZ is committed to helping organisations navigate their accreditation journey. For those engaging with the Trust Framework Authority, DINZ offers a range of resources to support their adoption and accreditation, including DISTF education and awareness sessions through our sustained and constructive engagement with the Department of Internal Affairs (DIA).  Additionally, through our partnership with InformDI (sponsored by DINZ member NEC) has made its online educational resource available and provided at no cost to DINZ members through March.

Open for Business – Together
The publication of the Trust Framework Rules enables the Trust Framework Authority to be “open for business,” and DINZ stands ready to support members as they work towards providing secure and trusted digital identity solutions. Together, we are building a safe, secure digital identity ecosystem that supports both privacy and innovation in New Zealand.

Learn More
To find out more about our mahi, our DISTF Working Group, sample our DISTF awareness sessions, or member access to our educational resources, visit our website.

The post DINZ Welcomes the Publication of the Digital Identity Services Trust Framework Rules appeared first on Digital Identity New Zealand.

The OpenID Foundation is pleased to announce the release of DPoP (Demonstration of Proof-of-Possession, RFC 9449) support in FAPI 2.0 Conformance Tests. Implementers can now certify their solutions with DPoP, adding an additional layer of security for client authentication. This update follows the beta phase and addresses the community’s feedback on DPoP testing.

DPoP tests now support essential features, including DPoP nonces, bringing the ecosystem closer to full FAPI 2.0 certification. Thank you to all contributors who helped make this possible.

https://datatracker.ietf.org/doc/html/rfc9449

Additional resources:

Join the OpenID Foundation FAPI Working Group OIDF Certification Program Contact the OIDF certification team

The post FAPI 2.0 Conformance Tests Now Support DPoP first appeared on OpenID Foundation.

Younger generations see passwords as outdated and are opting for passkeys, a FIDO-backed technology offering more secure, passwordless authentication. With increasing support from popular apps and services, young users are helping to drive this transition towards safer, FIDO-endorsed security solutions.

“Consumer expectations are changing, and this data should serve as a clear call to action for brands and organizations still relying on outdated password systems,” noted Andrew Shikiar, CEO at FIDO Alliance.

“Consumers are actively seeking out and prefer passwordless alternatives when available, and brands that fail to adapt are losing patience, money, and loyalty – especially among younger generations.”

“When consumers know about passkeys, they use them. Excitingly, 20% of the world’s top 100 websites and services already support passkeys. As the industry accelerates its efforts toward education and making deployment as simple as possible, we urge more brands to work with us to make passkeys available for consumers. The pace of passkey deployment and usage is set to accelerate even more in the next twelve months, and we are eager to help brands and consumers alike make the shift,” Shikiar concluded.

The FIDO Alliance’s fourth annual Online Authentication Barometer reveals significant growth in awareness and adoption of passkeys, with 57% of surveyed consumers now familiar with the technology (up from 39% in 2022). As awareness increases, FIDO is urging more brands to adopt passkey support to help combat the rising sophistication of online threats and scams.

The post Roundtable on Verifiable Credentials: Trust and Truth in an AI-enabled Talent Acquisition Mark appeared first on Velocity.

In a remote stretch of Argentina’s Patagonia, Sheriff Miguel Hernández isn’t just keeping the peace. He has also become the town’s online shopping expert. The sheriff on horseback purchases items...

When Granill Ding Simon moved to the Malaysian state of Johor six years ago, the mechanical engineer traded city life for what he thought would be a slower pace among...

With disruptions becoming more frequent, companies must adapt or risk falling behind.

To stay ahead, many are embracing new technology, with AI emerging as a powerful tool for enhancing supply chain agility and resilience.

In this episode, Steve Hochman, VP of Research at Zero100, joins hosts Reid Jackson and Liz Sertl to talk about the key trends shaping the future of supply chains. He highlights the need for organizations to adapt by improving cross-functional collaboration and leveraging artificial intelligence.

In today’s rapidly changing global environment, organizations must focus on their people, processes, and technology to build lasting supply chain resilience.

 

In this episode, you’ll learn:

Effective ways to leverage AI for automating supply chain operations The importance of cross-collaboration for a more integrated and responsive system How to implement small-scale AI experiments for meaningful impact

 

Jump into the conversation:

(00:00) Introducing Next Level Supply Chain

(03:10) The rise of supply chain volatility

(08:12) Cross-functional collaboration in supply chains

(15:35) Innovation through AI experiments

(17:48) Case study: Shein’s use of AI for e-commerce

(21:07) The importance of data management

(25:40) Considering the ethical implications of AI

(31:16) Future trends of AI in supply chains

(32:39) Steve Hochman’s favorite tech

 

Connect with GS1 US:

Our website - www.gs1us.org

GS1 US on LinkedIn

 

Connect with the guest:

Steve Hochman on LinkedIn

Check out Zero100

In the world of digital security, protecting sensitive data with robust encryption is essential. AWS Key Management Service (KMS) plays a crucial role in this space. It serves as a highly secure, fully managed service for creating and controlling cryptographic keys. What many may not realize is that AWS KMS itself operates as a Hardware Security Module (HSM), offering the same level of security you'd expect from dedicated hardware solutions.

Sunil Thakur, a 24-year-old engineering graduate, once planned to build a career as a civil engineer. But jobs were scarce, and so Thakur spent his days frying samosas for his...

Read the full case study here.

How key industries are preparing for eIDAS with DIDComm

The successful formal verification of DIDComm paves the way for tremendous DIDComm adoption. To help provide an understanding of this important technology, we’ve outlined some of the industries where DIDComm can play an important role. 

To learn more about DIDComm, visit DIDComm.org or join us for a meeting of the DIDComm users group. All are welcome! 

In the evolving landscape of digital communication, the need for secure, private, and efficient data exchange has never been more critical. This is especially true for the businesses, governments, and individuals who will be affected by eIDAS regulation in the European Union as they seek to protect their information while also enhancing user experiences. This blog explores the concept of DIDComm, its relationship with eIDAS, and how it stands to revolutionize five key industries.

What is DIDComm?

DIDComm (Decentralized Identifier Communication) is an open standard for secure and private communication using Decentralized Identifiers (DIDs). DIDs are a type of digital identifier that allow for verifiable, self-sovereign identities. Unlike traditional communication protocols, DIDComm enables peer-to-peer communication without relying on centralized authorities, tools, or platforms. 

Key technical aspects of DIDComm include:

Use of DIDs for addressing and authentication End-to-end encryption for message confidentiality Decentralized architecture, allowing direct communication between parties, including the devices humans use such as phones, laptops, and tablets. Support for various transport protocols (HTTP, Bluetooth, NFC, etc.)

This technology leverages advanced cryptographic techniques to ensure data integrity, privacy, and security. This is particularly beneficial in scenarios where trust and security are paramount, such as in financial transactions, healthcare data sharing, and cross-border communications.

Understanding eIDAS

eIDAS (Electronic Identification, Authentication, and Trust Services) is a regulation by the European Union aimed at creating a single, standardized digital identity framework across member states. eIDAS enables secure and seamless electronic interactions between businesses, citizens, and public authorities. It also ensures that electronic signatures, seals, and other trust services are recognized across all EU member states. By fostering trust and security in the digital economy, eIDAS is a key enabler of cross-border digital services and is central to the EU’s Digital Single Market strategy.

DIDComm and eIDAS: A Powerful Combination

The combination of DIDComm's decentralized, secure communication with eIDAS's standardized, legally recognized digital identity framework opens up new possibilities across various industries. Like OID4VC, the communication protocol that is expressly mentioned in eIDAS, DIDComm can be used for exchanging verifiable credentials and initial login. However, DIDComm goes beyond that. Using DIDComm, organizations can leverage eIDAS-compliant identities for ongoing secure, private communication, while also providing a flexible infrastructure that can adapt to future changes in regulatory requirements.

In addition to the standards and specifications explicitly required by legislation, it is important to enable collaboration and communication using adjacent technologies. The best results will be obtained by using the right combination of technologies integrated seamlessly together.

1. Finance: Secure Cross-Border Transactions

In the finance sector, the need for secure, efficient, cross-border transactions is a constant challenge. Traditional methods involve multiple intermediaries, each adding cost, delay, and potential points of failure or vulnerability. With DIDComm, financial institutions can dramatically streamline cross-border transactions by engaging in direct, encrypted communication to verify identities and transaction details, bypassing the need for intermediaries. 

The reduction in intermediaries not only cuts down on transaction times and associated fees, it minimizes the potential points of failure and security vulnerabilities. This approach ensures that sensitive financial data is handled with the utmost privacy, meeting the rigorous security standards expected in the finance industry while enhancing the user experience and making it easier to do business. Furthermore, customers benefit from a more efficient, transparent process, enhancing trust and satisfaction with financial services across the EU.

Example: A European bank conducting a transaction with a bank in another EU country could use DIDComm to securely exchange verified credentials for the transaction. By integrating eIDAS-compliant digital identities and DIDComm, the banks can communicate with the relevant stakeholders on trusted channels to ensure that the parties involved are authenticated and that the transaction is legally binding across borders. This not only reduces transaction times and costs but also enhances security and privacy by limiting data exposure to unnecessary parties.

2. Industrial Machinery: Automated Event Notifications

In industrial settings, the efficient operation of machinery is crucial to maintaining productivity. Timely notifications about the status or needs of machinery, such as maintenance requirements or operational events, can significantly reduce downtime and improve overall efficiency and security.

By leveraging DIDComm combined with eIDAS-compliant digital identities, the system ensures that only authorized personnel receive and can act on this information. This approach not only improves efficiency by ensuring that the right people are notified in real-time, but also enhances security by preventing unauthorized access to sensitive operational data. The use of DIDComm in this scenario ensures that communication is encrypted and tamper-proof, providing a trustworthy and streamlined method for managing industrial operations across large and complex environments.

Use Case: Imagine a large warehouse in Germany where various pieces of industrial machinery are operating. When a specific mechanical event occurs, such as a temperature spike in a critical component, the machinery can automatically trigger a notification. Using DIDComm, this notification can be securely communicated to interested parties, such as the maintenance team, the machinery manufacturer, and the warehouse management system.

Read More: Gaia-X Secure and Trustworthy Ecosystems with Self Sovereign Identity (Gaia-X)

3. Travel: Seamless and Secure Traveler Verification

The travel industry relies heavily on the secure verification of travelers' identities, whether for boarding flights, crossing borders, or checking into hotels. The challenge is to ensure that this verification process is both secure and efficient, enhancing the overall travel experience while protecting personal data.

Using DIDComm, the traveler can securely share their eIDAS-compliant digital identity with the airline, airport authorities, and border control via their mobile device. This digital identity is verified in real-time, and the traveler is seamlessly cleared through each checkpoint without the need to repeatedly present physical documents.

DIDComm ensures that the traveler’s data is encrypted and only accessible by the intended parties, reducing the risk of identity theft or unauthorized access. Additionally, this process improves the user experience by speeding up the verification process and reducing wait times. The use of secure, decentralized communication also allows for more flexible travel arrangements, such as automated hotel check-ins or renting a car, where the traveler’s verified digital identity can be securely communicated directly to service providers.

Use Case: Consider a scenario where a traveler from France is flying to another EU country. Upon arrival at the airport, they need to go through multiple identity verification steps—at the airline check-in counter, security checkpoints, and immigration control. Traditionally, this involves presenting physical documents like a passport, which can be cumbersome and slow.

Read More:

Travel Digital Identity – Seamless Travel Powered by Digital Identity (Goode Intelligence) Biometric Digital Identity Travel and Hospitality (Prism) Aruba Makes Steady Progress In Launching New Digital Travel Credential 4. Supply Chain Management: Secure and Transparent Tracking

Supply chain management involves coordinating numerous stakeholders, often across different countries and regulatory environments. Ensuring the authenticity and integrity of goods and documents as they move through the supply chain is critical.

Integrating DIDComm into supply chain management enhances transparency, security, and efficiency across all stages of the supply chain. By enabling secure, encrypted communication between manufacturers, suppliers, and logistics providers, DIDComm ensures that all parties have access to accurate and verified information in real time. This is particularly valuable when supply chains are not running smoothly. Communicating about part acceptance, quality measurement, and delivery schedules can benefit from standards based secure communication. 

The use of eIDAS-compliant digital identities further strengthens trust, as each stakeholder's identity and credentials are authenticated and legally recognized across borders. This reduces the risk of fraud, errors, and delays, leading to a more reliable and efficient supply chain. Ultimately, businesses benefit from improved operational efficiency and reduced costs, while customers receive products that are securely tracked and delivered with greater transparency.

Use Case: A manufacturer in France could use DIDComm to securely communicate with suppliers and logistics providers across the EU, using eIDAS-compliant digital identities to verify the credentials of each party involved. This secure communication can include encrypted data about the origin, handling, and delivery and acceptance of goods, ensuring transparency and trust throughout the supply chain. By using DIDComm, supply chain managers can reduce the risk of fraud, improve efficiency, and ensure compliance with various regulatory requirements.

Read More:

Implementing Digital Product Passports using Decentralized Identity Standards (Spherity Blog) EU Digital Product Passports and Enabling Compliance in the US Pharmaceutical Supply Chain (DIF Blog) Identity Use Case Spotlight Supply Chains (Indicio Blog) 5. Government Services: Secure Citizen-to-Government Interactions

Governments are increasingly moving towards digital services to improve efficiency and accessibility. However, ensuring that these services are secure and that citizens’ data is protected is a significant challenge.

Implementing DIDComm for citizen-to-government interactions revolutionizes how public services are accessed and utilized. It becomes more convenient for citizens to share information and their communications with government entities are encrypted and protected from unauthorized access. The integration of eIDAS-compliant digital identities ensures that these interactions are not only secure but also legally recognized across EU member states. This results in a more efficient public service system, where processes such as applying for permits or accessing social services are streamlined, reducing administrative burdens and enhancing the overall user experience for citizens.

Use Case: A citizen in Italy could use their eIDAS-compliant digital identity to securely communicate with government agencies via DIDComm. This could include applying for permits, submitting tax information, or accessing public services. DIDComm ensures that all communications are encrypted and that the citizen’s data is only accessible by the intended government agencies. This use case demonstrates how DIDComm can enhance the security and privacy of digital government services while providing a better user experience by simplifying and streamlining interactions with public authorities.

Read more: 

Enhancing European Interoperability Frameworks to Leverage Mobile Cross-Border Services in Europe (Association for Computing Machinery) Preparing for eIDAS and beyond

DIDComm represents a powerful tool for enhancing security, privacy, and efficiency across various industries that are preparing for an eIDAS future. By enabling secure, decentralized communication and integrating legally recognized digital identities, these technologies are set to revolutionize how businesses, governments, and individuals interact in the digital world. 

As these technologies continue to develop and gain adoption, we can expect to see significant improvements in the way sensitive data is handled, trust is established, and user experiences are delivered across borders.

November 2024

DIF Website | DIF Mailing Lists | Meeting Recording Archive

Table of contents Decentralized Identity Foundation News; 2. Working Group Reminders; 3. Open Groups; 4. Announcements at DIF; 5. Community Events; 6. DIF Member Spotlights; 7. Get involved! Join DIF 🚀 Decentralized Identity Foundation News DIDComm: Formal Verification and Strengthened Security

DIDComm is a cornerstone protocol in Self-Sovereign Identity (SSI), enabling private, authenticated messaging between entities using Decentralized Identifiers (DIDs). In a breakthrough study, researchers have completed the first formal security analysis of DIDComm, marking a crucial milestone in verifying the protocol's security promises. The paper, "What Did Come Out of It? Analysis and Improvements of DIDComm Messaging", by Christian Badertscher, Fabio Banfi, and Jesús Díaz Vico not only validates DIDComm's core security model but also introduced significant improvements:

Formal proof of DIDComm's anonymity and authenticity goals A new encryption algorithm that doubles performance while maintaining security Enhanced privacy protections that minimize information leakage

The findings position DIDComm as a rigorously verified protocol ready for widespread adoption in secure identity frameworks and data spaces. Dr. Carsten Stöcker, CEO of Spherity GmbH, highlights DIDComm's role in facilitating secure peer-to-peer communication, highlighting relevance to business-to-business (B2B) and machine-to-machine (M2M) communications.  

Read the research paper

DIF at IIW 39: Leading Privacy, Interoperability, and Practical Solutions in Decentralized Identity

At Internet Identity Workshop (IIW) 39, DIF leadership and members joined with global identity experts to address some of today’s most pressing digital identity challenges. Sessions led by the DIF community underscored its commitment to building secure identity systems that foster privacy, trust, and digital interactions. Here are key takeaways and themes from the event:

Verifiable AI: Proof of Approved AI Agent, Proof of Personhood, Content Credentials… and much more

The complex interdependencies of AI and digital identity were a hot topic at IIW, with DIF's leaders and members leading the discussions. Ankur Banerjee of cheqd lead a comprehensive discussion in the session Verifiable AI, focusing on ways to enable AI transparency and accountability in training data, models, and delegation chains.

This conversation continued across many sessions, covering Personhood Credentials issuance, schemas, risk frameworks, and legal implications in sessions featuring Otto Mora, Andor Kesselman, Steve McCown, and Linda Jeng.

DIF's Kim Duffy covered DIF's extensive work on Personhood Credentials (PHCs), including DIF's co-authorship of the Personhood Credentials paper with OpenAI, Microsoft, Harvard Society of Fellows, and more; PHC schema design, use cases, and risk frameworks; and upcoming Applied Crypto work item incorporating zero-knowledge proofs (ZKPs) for PHCs.

Come Build Your Identity Project With DIF Labs

Andor Kesselman, Ankur Banerjee, and Kim Duffy gave an update on the DIF Labs initiative, a program designed to accelerate practical implementation of decentralized identity technologies. This initiative addresses a crucial gap in the ecosystem between standards organizations and traditional incubators.

DIF Labs will provide a "safe space" for builders to collaborate on real-world projects, offering protection access to industry experts, and project evangelism support. Unlike traditional incubators or standards bodies, DIF Labs focuses on rapid development of practical solutions without taking equity or getting bogged down in lengthy standardization processes.

Golda Velez discussed her Linked Claims project, which will be part of DIF Lab's first cohort. Stay tuned to learn more about this and DIF Labs.

Privacy-First Identity Design

Privacy was a central theme across sessions, with DIF leaders and members emphasizing the need for identity systems that put user control and transparency first. Steve McCown joined Denise Farnsworth in leading the session “Verifiable ID with the State of Utah - Why are we different?’ to discuss Utah’s leadership in creating digital identity for residents that respects privacy from the ground up.

New DIF Associate Member Ken Griggs led a session on Anonymity vs Privacy, leading a nuanced discussion with technical and societal impacts.

DIDComm v2 Update

Sam Curren of Indicio presented the latest on DIDComm v2, a protocol for secure, transport-agnostic, peer-to-peer communication. DIDComm v2’s design enables flexible, private credential exchange across platforms. His presentation showed how DIDComm v2 not only strengthens interoperability but also lays a foundation for scalable, secure identity interactions. Sam highlighted DIDComm’s recent formal verification and security improvements. Stay tuned to learn about DIF’s upcoming DIDComm Interop-athon.

Credential Schemas for Interoperability

Otto Mora and Kim Duffy led discussions on DIF's credential schemas, including the Basic Person Schema. Credential schemas play a critical role in ensuring interoperability across finance, telecom, healthcare, and other sectors by creating a consistent structure for credentials.

Decentralized Identity in the Music Industry

Cole Davis from Switchchord shared insights into how decentralized identity is transforming the music industry by facilitating secure, direct engagement between artists and fans. This approach enables artists to retain control over their content, sidestepping intermediaries and providing a more transparent, direct relationship with their audience. The session demonstrated the broad potential for decentralized identity to bring fairness and trust to new areas.

DID Method Standardization

Markus Sabadello, Alex Tweeddale, and Kim Duffy led a session on DID Method Standardization, aimed at promoting maturity and adoption of the W3C Decentralized Identifier specification. Kim gave an update on DIF's upcoming DID Method Standardization Working Group, with joint participation from W3C, Trust Over IP Foundation, and International Association For Trusted Blockchain Applications (INATBA). Markus provided an update on DIF's DID Traits specification, which helps implementors choose DID methods according to method characteristics. Alex emphasized the importance of reducing complexity associated with selecting DID methods, and the disscusion centered around ways to balance the need for curation along with open, transparent processes.

SSI 101

IIW would not be complete without Limari Navarrete's SSI 101 session, describing the technical standards and – more importantly – foundational principles aimed at enabling human agency and privacy in our digital interactions.

🛠️ Working Group Reminders 💡Identifiers and Discovery Work Group

Identifiers and Discovery meets bi-weekly at 11am PT/ 2pmET/ 8pm CET Mondays

🪪 Claims & Credentials Working Group

The Credential Schemas work item meets bi-weekly at 10am PT / 1pm ET / 7pm CET Tuesdays

🔐 Applied Crypto WG

The DIF Crypto - BBS work item meets weekly at 11am PT/2pm ET /8pm CET Mondays

📦 Secure Data Storage

DIF/CCG Secure Data Storage WG - DWN Task Force meets bi-weekly at 9am PT/12pm ET/6pm CET Wednesdays

If you are interested in participating in any of the Working Groups highlighted above, or any of DIF's other Working Groups, please click join DIF.

📖 Open Groups at DIF Veramo User Group

Meetings take place weekly on Thursdays, alternating between Noon EST / 18.00 CET and 09.00 EST / 15.00 CET. Click here for more details

🌏 APAC/ASEAN Discussion Group

The DIF APAC call takes place Monthly on the 4th Thursday of the month. Please see the DIF calendar for updated timing.

🌍 DIF Africa SIG

The inaugural meeting of the DIF Africa Special Interest Group (SIG) kicked off with introductions by co-chairs Gideon Lombard of DIDx and Jack Scott-King of Vera Innovations, who emphasized the SIG’s goals: to raise awareness, encourage collaboration, and promote decentralized identity solutions tailored to Africa's needs.

The DIF Africa SIG call takes place Monthly on the 3th Wednesday of the month, 1pm SAST. Please see the DIF calendar for updated timing.

🌍 DIF China SIG

The DIF China SIG group recently launched an AI+DID research group. The chair of DIF China SIG, Xie Jiagui and co-chair, Professor Senchun Chai from Beijing Institute of Technology, jointly announced the formation of the group, aimed at exploring the intersection of Artificial Intelligence (AI) and Decentralized Identity to address growing challenges in digital identity and privacy.

📢 Announcements at DIF DIF Hackathon

The DIF Hackathon is entering its final week. See our playlist for in-depth challenge descriptions, including insights into the transformative solutions our participants will deliver.

Sessions include:

DIF Hackathon 2024 Opening Session Intro to Decentralized Identity Ethereum Foundation | PSE Hackathon Challenge NetSys Challenge | Seamless Traveler Experience Ontology's ONT Login Challenge TBD's Challenge: Known Customer Credentials (KCC) ArcBlock Framework and Tools for Building with DID/VC Pt. 1 Building Decentralized Identifier (DID) Applications with ArcBlock Pt 2 Building SSI Solutions: An Introduction to the Truvity SDK Pinata File Based Solutions A Deep Dive on Decentralized Identifiers Resolve DIDs and Verify VCs for Free with VIDOS Anonyome Labs Challenge: Personhood Credentials Crossmint’s Reusable Identity Challenge Components for Secure Identity and Information Verification with Extrimian Future of Education & Workforce Challenge Set Harnessing Decentralized Identity for Verifiable AI with cheqd 🗓️ ️DIF Members Extrimian / Quark ID in the News

DIF Associate Member Extrimian and Quark ID received accolades as over 3.6M Buenos Aires citizens received secure identity documents based on decentralized ID and ZKPs.

Buenos Aires is the first city to issue decentralized IDs to its citizens!

By integrating @Quark_ID into the miBA platform, over 3.6M Buenos Aires citizens now have control over their documents via blockchain and ZK proofs, with Era serving as the settlement layer.… pic.twitter.com/QS4lhvjpE8

— ZKsync (∎, ∆) (@zksync) October 22, 2024

This effort received attention from Vitalik Buterin, resulting in this call to action.

Glad to see our South American collaborators, including @Quark_ID and @Extrimian, being recognized! Check out the open challenge they’ve presented during the @decentralizedID hackathon: https://t.co/Afa3kO3s3s https://t.co/Ub7wfliwvG

— DIF (@DecentralizedID) October 22, 2024

👉Are you a DIF member with news to share? Email us at communication@identity.foundation with details.

New Member Orientations

If you are new to DIF join us for our upcoming new member orientations. Please see our contact information below for notifications on orientations and events.

🆔 Join DIF!

If you would like to get in touch with us or become a member of the DIF community, please visit our website or follow our channels:

Follow us on Twitter/X

Join us on GitHub

Subscribe on YouTube

🔍

Read the DIF blog

New Member Orientations

If you are new to DIF join us for our upcoming new member orientations. Find more information on DIF’s slack or contact us at community@identity.foundation if you need more information.

The OpenID AB/Connect Working Group recommends approval of the following specification as an OpenID Implementer’s Draft:

OpenID4VP: https://openid.net/specs/openid-4-verifiable-presentations-1_0-22.html

This would be the third Implementer’s Draft of this specification.

This version has 3 major changes: Introduces the Digital Credentials Query Language; this is an alternative to Presentation Exchange Introduces the transaction data mechanism that enables a binding between the user’s identification/authentication and the user’s authorization, for example to complete a payment transaction, or to sign specific document(s) using QES (Qualified Electronic Signatures). Removes the client_id_scheme parameter and instead makes the client id scheme a prefix on the client_id; this addresses a security issue with the previous solution.

The editors & chairs would greatly appreciate implementor feedback on the new Digital Credentials Query Language and we expect to further evolve the language based on feedback received.

An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note starts the 45-day public review period for the specification draft in accordance with the OpenID Foundation IPR policies and procedures. Unless issues are identified during the review that the working group believes must be addressed by revising the draft, this review period will be followed by a seven-day voting period during which OpenID Foundation members will vote on whether to approve this draft as an OpenID Implementer’s Draft. For the convenience of members, voting will actually begin a week before the start of the official voting period, for members who have completed their reviews by then. The relevant dates are: Implementer’s Draft public review period: Friday, November 1, 2024 to Sunday, December 16, 2024 (45 days) Implementer’s Draft vote announcement: Tuesday, December 3, 2024 Implementer’s Draft early voting opens: Tuesday, December 10, 2024 * Implementer’s Draft official voting period: Tuesday, December 17 to Tuesday, December 24, 2024 *

* Note: Early voting before the start of the formal voting period will be allowed.

The OpenID AB/Connect working group page is https://openid.net/wg/connect/. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration. If you’re not a current OpenID Foundation member, please consider joining to participate in the approval vote. You can send feedback on the specification in a way that enables the working group to act upon it by (1) signing the Contribution Agreement at https://openid.net/intellectual-property/ to join the working group (at a minimum, please specify that you are joining the “DCP” working group or select “All Work Groups” on your Contribution Agreement), (2) joining the working group mailing list at openid-specs-digital-credentials-protocols@lists.openid.net, and (3) sending your feedback to the list.

Marie Jordan – OpenID Foundation Secretary

The post Public Review Period for Proposed Implementer’s Draft of OpenID4VP Specification first appeared on OpenID Foundation.

Since launching AutoGreenCharge, an app aimed at reducing carbon emissions from electric vehicles (EVs), many early users and corporate partners have asked us to explain how it works — especially how it uses Energy Attribute Certificates (EACs). Today, we’ll break down what AutoGreenCharge does and how it helps EV drivers, fleet owners, and anyone interested in decarbonizing EV charging and the grid as a whole.

Understanding Energy Attribute Certificates (EACs)

First, let’s talk about electricity markets and EACs. These certificates are used to track and trade the environmental benefits of renewable energy. EACs represent the “green” qualities of renewable electricity, such as how it was produced (wind, solar, etc.), where it was generated, and when it was created. For every 1 megawatt-hour (MWh) of renewable electricity, one EAC is issued. These certificates can be sold separately from the actual electricity, so people or businesses can support renewable energy without being directly connected to a renewable power plant.

​​When someone wants to claim they’ve used renewable electricity, they “retire” the certificate in a registry, ensuring that only one person or business can take credit for that specific green energy. Governments and companies worldwide have been using EACs for years to help make their energy use cleaner.

Different regions have their own versions of EACs:

Europe uses Guarantees of Origin (GOs), which prove electricity came from renewable sources. North America uses Renewable Energy Certificates (RECs), similar to GOs, but often certified by a trusted third party. Other countries, like Australia and Japan, have their own systems that work in a similar way. International Renewable Energy Certificates (I-RECs) are used in many emerging economies and track renewable energy across borders.

EACs can be bought and sold on various platforms, and once purchased, they can be retired to claim a decrease in emissions.

How AutoGreenCharge Works

AutoGreenCharge simplifies the process of matching EACs to EV charging sessions. It takes into account where and when you charge your car, how much electricity you use, and then automatically selects and purchases EACs to offset any non-renewable energy in that session. Since most EV charging sessions use less electricity than a full MWh (the standard size of an EAC), AutoGreenCharge splits the certificates into smaller pieces to match your charge. This process is verified by Energy Web’s Worker Node network, which ensures everything is tracked accurately.

AutoGreenCharge also has a new feature for enterprise: “Bring Your Own EAC.” This allows companies to use EACs they’ve already purchased. If they don’t want to handle it themselves, the app can take care of buying and matching the right certificates for them. For example, the first certificates purchased by Energy Web for the app were high-quality wind RECs from the U.S.

Addressing Common Questions

One AutoGreenCharge tester asked the following: “How do you know I am not charging my vehicle using a diesel generator?”

First, we should note that while it is possible to run a diesel generator to charge a vehicle, it’s a fairly rare occurrence as it doesn’t make economic sense. Charging an EV with a diesel generator is expensive, and buying EACs to greenwash it would be even more costly. However, we can consider this scenario as an example to demonstrate how AutoGreenCharge works. If the app doesn’t have any further information about the physical grid connection of the charging station in use, it will assume that none of the electricity used was renewable. So in this scenario, an EAC would be matched to the full charging session volume to make sure it’s covered by 100% renewables.

EACs give control to each individual and organization to contribute to the success of renewable facilities by attracting more investments into a greener grid which will replace emitting electricity generators over time. AutoGreenCharge makes every charge event supportive of renewable energy — at least somewhere in your EAC region.

Limitations of EACs Today

While EACs are great for individual action supporting renewables, they have some limitations. For example, they usually don’t specify the exact time of electricity generation — just the year. They also don’t always account for physical grid limitations, meaning you could buy an EAC from another region even if it doesn’t match the electricity connection where you’re located.

Still, EACs are currently the most widely used system for tracking renewable energy. Efforts are already underway to make EACs more detailed. AutoGreenCharge supports several types of emerging protocols, like Trusted Green Charging and DIVE, which provide a more accurate environmental impact for specific charging events.

We’re excited about the future of AutoGreenCharge and welcome feedback! If you’re interested in learning more or want to share ideas, install the app for Android and iOS now or reach out to us.

Energy Web Insights: AutoGreenCharge, explained was originally published in Energy Web on Medium, where people are continuing the conversation by highlighting and responding to this story.

Imagine booking your dream vacation with just a single touch or a smile, without worrying about forgotten passwords or hackers.

This seamless experience is now possible thanks to HiTRUST’s latest collaboration with Taiwan’s leading travel platform, Colatour. Building on nearly a decade of trusted partnership, HiTRUST and Colatour have launched an innovative passwordless solution. Powered by global FIDO standards, it redefines the security of digital travel booking platforms.

Passkey Authentication On Colatour

Nowadays, in a fast-paced digital world, where real-time interactions and personalized travel experiences are a must; it’s essential for businesses to provide secure and user-friendly customer journeys. As cyber threats escalate, targeting personal and financial data, HiTRUST is leveraging the FIDO Alliance’s global standard for passwordless authentication, backed by industry giants like Apple, Google, and Microsoft.

Colatour users can now bid goodbye to passwords. HiTRUST’s FIDO-based solution replaces them with a more secure alternative: biometrics. Whether it’s a fingerprint or facial recognition, users can authenticate instantly without passwords into Colatour’s online platform. On the web version, this method is compatible with all major browsers, making it easy for users to access.

Supported by the FIDO Alliance and technology leaders like Apple, Google, and Microsoft, Passkeys transform online credential management by synchronizing devices within the same ecosystem, removing the need to re-register when upgrading or switching between devices. This ensures a simple, secure, and convenient user experience.

Registration Process

Passwordless Login Process

Mitigating Cyber Threats on Tourism Platforms

With HiTRUST’s passwordless authentication, Colatour’s users can enjoy a stress-free experience—no more complex passwords to remember or fear of account theft through phishing attacks. Instead, users authenticate securely using their unique individual biometrics, ensuring peace of mind across all devices.

For Colatour, FIDO secures customer accounts by preventing hacks and data leaks. With biometric authentication, it blocks fraudsters, lowers fraud risks, and builds stronger customer trust and safety.

On the other hand, Colatour users benefit from this advanced approach by replacing passwords with biometric authentication, providing a secure login and seamless experience. Users can easily log in to the website or app using facial recognition or fingerprint authentication, eliminating the hassle of entering account details while enhancing security. This creates a fast and safe digital tool for travelers, ensuring personal data and travel itineraries are protected from hackers and fraud.

Gaining a First-Mover Advantage with Passwordless Technology

Our partnership sets a new standard for secure, seamless user experiences in the travel industry. As more sectors adopt this innovative approach, Colatour leads the way. Not only can B2C members benefit from FIDO, but Colatour also offers B2B members access to biometric authentication on their website and app. Clients can easily log in with facial recognition or fingerprint authentication, ensuring a safer, worry-free travel experience and boosting customer engagement. By implementing advanced security measures like passwordless authentication, Colatour not only protects customers from potential fraud but also strengthens trust and loyalty. HiTRUST remains committed to delivering cutting-edge solutions, safeguarding Colatour and its travelers, and paving the way for a secure future in the travel industry.

About Colatour Travel Service CO., LTD.

Founded in 1978, Colatour Travel Service CO., LTD. is Taiwan’s largest travel agency in terms of group tours and a leading brand in the travel industry. With over 1,400 employees, Colatour operates one of the highest-traffic B2C websites and numerous physical stores. It is also the largest wholesale travel company in Taiwan. Over the past 40 years, Colatour has served more than 10 million outbound group travelers and issued hundreds of millions of airline tickets, earning numerous awards as a top partner from airlines, resorts, and hotels. The ColatourGroup includes Colatour Travel, Comfort Travel Service, and Polaris Travel Service.’

Discover more about how HiTRUST and Colatour are transforming the future of travel security:
TTN Media Article | 搶攻會員經濟可樂旅遊全新「可樂幣」回饋上線!

Read the Case Study

Global FIDO Alliance study reveals latest consumer trends and attitudes towards authentication methods and their perceived online security

Passkey familiarity growing – Just two years after passkeys were first announced and started to be made available for consumer use, awareness has risen by 50%, from 39% familiar in 2022 to 57% in 2024 Password usage stagnates as consumers favor alternatives – The majority of those familiar with passkeys are enabling the technology to sign in. Meanwhile, despite passwords remaining the most common way to log in, the number of people using passwords across use cases declined as alternatives continue to rise in availability Waning password patience is costing sales and loyalty, especially among younger consumers –  42% of people have abandoned a purchase at least once in the past month because they could not remember their password.​ This increases to 50% for those aged 25-34 versus just 17% of over 65s Online scams and AI alarming consumers – Over half of consumers reported an increase in the number of suspicious messages they notice and an increase in scam sophistication, driven by AI. Younger generations are even more likely to agree, while older generations remain unsure how AI impacts their online security

29 October 2024 – The FIDO Alliance today publishes its fourth annual Online Authentication Barometer, which gathers insights into the state of online authentication and consumer perceptions of online security in ten countries across the globe. 

Key findings 

The research revealed promising consumer momentum building around passkey adoption and clear signs people are recognizing the limitations of passwords and are choosing passwordless alternatives, like passkeys, where available. In the two years since passkeys were first announced, global awareness has jumped by 50%, rising from 39% familiar in 2022 to 57% in 2024. Awareness is driving adoption too – the majority of those familiar with passkeys (62%) are using them to secure their apps and online accounts.

The data also revealed the cost to organizations still relying on legacy password sign-ins – especially among younger generations. 42% abandoned a purchase in the last month due to a forgotten password, rising to over half of those under 35. Similarly, over half of consumers (56%) have given up accessing a service online because they couldn’t remember a password in the last month, rising to 66% of those under 35. 

The survey revealed other clear signs that password usage and trust are stagnating globally as more secure and user-friendly passwordless alternatives become available. Overall, the number of consumers entering a password manually across use cases decreased again from 2023, while biometrics ranked the authentication method consumers consider the best login experience and the method they consider most secure for the second year running. 

When consumers were asked about how they have improved account security in the last year, numbers continued to decline among those who increased the complexity of a password, while those choosing biometrics and using authenticator apps have steadily risen. 

Passkeys at two: the road to mainstream 

“Consumer expectations are changing, and this data should serve as a clear call to action for brands and organizations still relying on outdated password systems. Consumers are actively seeking out and prefer passwordless alternatives when available, and brands that fail to adapt are losing patience, money, and loyalty – especially among younger generations. 

When consumers know about passkeys, they use them. Excitingly, 20% of the world’s top 100 websites and services already support passkeys. As the industry accelerates its efforts toward education and making deployment as simple as possible, we urge more brands to work with us to make passkeys available for consumers. The pace of passkey deployment and usage is set to accelerate even more in the next twelve months, and we are eager to help brands and consumers alike make the shift,” comments Andrew Shikiar, CEO at FIDO Alliance. 

Notably, passkeys have seen strong adoption in high-growth, digitally advanced markets like China and India, which ranked top globally with 80% and 73% enablement, respectively. The UK followed close behind in third place, with adoption levels at 66%. 

Younger consumers most attuned to online scams and AI threats 

Consumer concerns about online security were also revealed to be high – and again, it is younger consumers most attuned to new threats. 

Over half of consumers (53%) cited an increase in the number of suspicious messages they noticed in recent months, driven mostly by SMS (53%) and email (49%). Similarly, 51% detected an increase in the sophistication of threats and scam messages, likely driven by AI-enhanced attacks. Zooming in on demographic data suggests older generations are at greatest risk: 54% and 61% of 18-24 and 25-34-year-olds respectively noticed scams getting smarter, while just a third of 55-64-year-olds and 25% of 65+ said the same. Similarly, 20% of people over 55 said they were unsure about the impact AI has on their online security. 

ENDS 

Notes to editors 

Research for the FIDO Alliance’s Online Authentication Barometer was conducted by Sapio Research among 10,000 consumers across the UK, France, Germany, US, Australia, Singapore, Japan, South Korea, India, and China. 

About FIDO Alliance 

The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services. 

Contact
press@fidoalliance.org

New Data Finds Brands are Losing Younger Customers Due to Password Pain, as Passkeys Gain Mainstream Momentum

Global FIDO Alliance study reveals latest consumer trends and attitudes towards authentication methods and their perceived online security

Key findings Passkey familiarity growing – In the two years since passkeys were announced and made available for consumer use, passkey awareness has risen by 50%, from 39% familiar in 2022 to 57% in 2024. Password usage stagnates as consumers favor alternatives – The majority of those familiar with passkeys are enabling the technology to sign in. Meanwhile, despite passwords remaining the most common way for account sign-in, usage overall has declined as alternatives rise in availability. Waning password patience is costing sales and loyalty, especially among younger consumers – 42% of people have abandoned a purchase at least once in the past month because they could not remember their password. This increases to 50% for those aged 25- 34 versus just 17% for over 65s. Online scams and AI alarming consumers – Over half of consumers reported an increase in the number of suspicious messages they notice and an increase in scam sophistication, driven by AI. Younger generations are even more likely to agree, while older generations remain unsure how AI impacts their online security. Read the Full Report Read the Press Release

Some practical tips to use AI with your team

The use of large language models (“LLMs”) such as ChatGPT can be a controversial topic. People have strong opinions about them for all kinds of reasons, from concerns around data privacy to the propagation of bias and inequality. The amount of energy used to train LLMs, and the amount of water used to cool data centres on which cloud-based versions run, is a particular concern. Our project with Friends of the Earth around Harnessing AI for environmental justice starts to unpack some of the environmental complexities of AI.

However, LLMs can be really useful as well, so in this post, we’re going to take a nuanced look at how various types of LLMs can be used together to improve both process and outcomes. We believe this is in keeping with the Spirit of WAO and our five focus areas, we believe in dialogue that leads to action. At WAO we’ve had a number of conversations around our personal use of AI and how we prefer to use it in our collective work.

WAO’s 5 focus areas, cc-by WAO Why use LLMs?

Having used them regularly as part of our daily work for over 18 months at this point, we can say that using LLMs is useful for us in a number of concrete ways:

Speed — outsourcing ‘grunt’ work to LLMs means that we can spend time doing more creative work. A good example of this is using the optical character recognition (OCR) capabilities of some LLMs to recognise virtual sticky notes from project pre-mortem sessions we run with clients. It can then turn these into text, categorise them, and produce a spreadsheet. What would take perhaps an hour can be done in a couple of minutes. Situational perspectives — Asking LLMs to perform a ‘red/amber/green’ or RAG analysis of work can also be useful. It’s easy to get carried away with personal interests or to miss an important part of a client brief. By asking LLMs to check your work using the RAG format against what has been requested, we can check that our work fits with what’s required. It can also help us think through problems: on Doug’s personal blog he discussed how he used an LLM in the process of deciding not to go through with a house purchase. The AI helped calculate things such as cumulative risk of flooding over time, using formulae he might not have otherwise known how to use. Text synthesis — LLMs are excellent at synthesising information quickly and efficiently. This is true of the recently-launched Google NotebookLM which allows users to share up to 50 data sources, synthesise and then query them. One important point, however, is that we need to be thoughtful and focused in checking the accuracy of synthesis and summarisation work because LLM’s are also great at hallucinating. Three ways to approach LLMs sustainably Start local

There’s a lot to unpack around the use of AI and the environmental impacts. As a tech and environmental activist, I was hesitant about using some of the popular, browser-based LLMs for a variety of reasons. I recently wrote up a quick, Captain Planet themed overview of some of the climate crisis issues that this kind of technology contributes to. Together with WAO members, I’ve discussed and debated various privacy, bias and attribution issues that are baked into our technology choices.

Having started to use AI across a lot of contexts and looking into the impacts that the use of AI has, we made the decision to use locally installed models and tools to help reduce our climate impact whenever possible. Locally installed models might not be updated as frequently as ChatGPT, but the climate benefits are huge. The processing happens locally, as does the storage, so your queries and conversations aren’t stored in big data centres and they remain private to you.

Use multiple models

There are many generative AI models, some of which are smaller and some which are larger. A good place to see the diversity of these models is Hugging Face, a slightly awkwardly-named AI community. Here you can find the latest versions of models, along with datasets, and implementations of AI for various purposes.

It can be complicated to use the command line to install, configure, and run LLMs locally. However, as macOS users one of the tools we’ve been playing with is RecurseChat which simplifies the use of multiple, local AI models within an easy-to-use app. It’s straightforward to install and has a privacy policy that doesn’t keep us up at night worrying about where our data is going.

Conduct experiments

When AI image generation first hit the scene, we were excited about its possibilities. Together, we made art projects like Time’s Solitary Dance or the PsychOps for Mental Health Awareness month, which I made pairing AI generated images with the fabulous Remixer Machine.

While we certainly had fun playing with image generation, we now default to simply searching for images (or asking Bryan Mathers to draw them for us ;) There is an incredible emission cost to image generation, so we think carefully before asking generative AI to make something for us.

This graphic, from p.156 of the Artificial Intelligence Index Report 2024 shows how ‘image generation’ has a much greater impact on CO2 emissions than, for example, ‘text classification’ or ‘question answering’/

Being environmentally conscious involves uncovering a great many complexities within our world. For example, when talking about the overall consumption of energy and water people tend to be quite alarmist. After a conversation with one of our gaming buddies about the annual energy use of a beer fridge, we calculated that it was the equivalent of prompting ChatGPT 4 over 2,200 times. Similarly, we calculated that you could prompt over 300 times for the same water usage as washing a car with a hose. While we recognise that using AI is an additional resource use, we try to put it in the context of wider consumption patterns.

Go forth and prompt together

If you are working alone and making use of LLMs, be sure and let people know what your “little robot friend” had to say. At WAO we let each other know when something we’re pasting into a chat is AI generated or if we’re about to prompt an LLM on something. Transparency is an important part of the process.

This AI Transparency statement was included in the recent CAST post about the Charity Digital AI Summit and is CC-BY Kester Brewin

Part of AI literacy is being able to spot common foibles of LLMs. For example, we’ve come to dislike the words ‘delve’ and ‘foster’ because of their overuse by ChatGPT. Once you start noticing particular models tend towards certain words or phrases, you start seeing them everywhere. This is another reason transparency is so important.

Using a local model and screen sharing while coworking with your team is a great way to learn about AI together. You can use AI prompting and team conversation to bounce ideas around and find some productive ambiguity. Another benefit of this process is, of course, the laughter. AI responds with some pretty hilarious things sometimes, so why not improve your team dynamic by making fun of AI together.

Do you need help with this kind of thing? Get in touch with WAO!

Cooperating through the use of AI was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

This topic was presented at IIWXXXIX Fall 2024 on October 29, 2024.

My name is Christopher Allen. In 2016, in advance of the ID2020 conference at the United Nations in New York, I wrote “The Path to Self-Sovereign Identity”, the article that described the ten precepts of Self-Sovereign Identity (SSI) and provided the name that defined our ecosystem. Eight and a half years later, I ask the SSI community to reflect on a difficult question, one that challenges the very foundation of SSI. Has our ecosystem strayed from our principles? Have we in the SSI community lost our moral compass?

I speak not only in response to the argument last year at IIW that “SSI didn’t work” but also to underscore a graver issue: that perhaps in our pursuit of mainstream adoption we’ve sacrificed the very principles that set SSI apart.

In a world increasingly threatened by authoritarian encroachments, with troubling examples growing by the day, we face the urgent need to protect freedom. Russia and China flout international borders and expand their influence through intimidation and repression. This rise of authoritarianism is undermining human freedom across Europe, especially in Hungary, with worrying echoes in Italy, the Netherlands, France, and across the EU. The number of refugees and stateless people are rising every year.

Closer to home, we also face disconcerting overreach, such as the Texas Attorney General’s request for DMV records of people who changed their names, an alarming step towards state-enabled discrimination against trans people. If Trump is re-elected, it’s chilling to imagine what might become acceptable next.

These are ominous signs of an escalating trend toward pervasive surveillance and control, not only over our private lives but also over the core of human dignity itself. SSI was meant to stand as a bastion against these encroachments, defending personal autonomy and integrity. It imagined a world where people, not institutions, controlled their identities, without fear of overreach, manipulation, or coercion.

However, instead of holding the line on decentralization, we’ve compromised by adopting watered-down specifications such as “did:web” that diminish the resilience and independence of self-sovereign identities.

Instead of insisting that Legally-Enabled Self-Sovereign (LESS) Identity enforce strict data minimization for both businesses and governments, we have allowed over-identification to proliferate. Further, we have failed to effectively counter the overblown threats posed by the so-called ‘Four Horsemen of the Digital Apocalypse’ — software pirates, organized crime, child pornographers, and terrorists — while also overlooking the far greater risk of tyranny and its potential for real harm against those powerless to defend themselves.

These compromises have left us vulnerable, eroding SSI’s unique value proposition compared to the centralized approaches of government. As a result, centralized government approoaches such as Apple and Google’s mDL/mDoc standards and federated corporate identity efforts are now winning the market battle against our SSI ecosystem.

This is the real reason the SSI ecosystem may be faltering: not due to market forces, but because we have failed to unequivocally commit to upholding the core values of decentralization and privacy and to resisting compromises that undermine human dignity. By doing so, we have become indistinguishable from the very systems we set out to disrupt.

The question is not whether SSI has “worked” in the marketplace. It is whether we have remained true to its ethical foundation and core principles, as envisioned from the start.

For another rebuttal to Riley Hughes’ Medium article, please see gabe’s “The Greatly Exaggerated Demise of SSI: A Rebuttal to Premature Eulogies”.

Webinar

Presented by: Stephen Deems, Director of Strategic Initiatives, Pittsburgh Supercomputing Center (PSC)

The essential role of Cyberinfrastructure (CI) in scientific research was discussed, highlighting the national resources available to support CI. Specifically, the NAIRR Pilot and the NSF-funded ACCESS Allocations program was explored showcasing how researchers and educators can take advantage of advanced computing systems—completely free of charge!

We encourage you to view the recording to learn more about how you can leverage advanced computing systems to enhance your work!

Please contact Forough Ghahramani (research@njedge.net) for additional information.

We are grateful for support from the National Science Foundation.

CC* Regional Networking: Connectivity through Regional Infrastructure for Scientific Partnerships, Innovation, and Education (CRISPIE) project (NSF OAC- NSF0311528)

Complete the Form Below to Access Webinar Recording [contact-form-7]

The post Leveraging National Supercomputing Resources for Research and Education appeared first on NJEdge Inc.

1. What are BPoS NFTs?

A: BPoS NFTs are unique tokens that represent staked ELA on the main chain network. They allow users to retain asset liquidity while securing the network, offering flexible options like trading and collateralizing staked ELA.

2. How do they function within Elastos?

A: Users first stake ELA on the main Elastos Blockchain, locking it in the BPoS model for a chosen period, during which their stake contributes to network security and governance. Following this initial lock period, users can mint a BPoS NFT on the Elastos Smart Chain (ESC) representing their locked ELA and the corresponding locked period yet still earning continuous rewards.

This NFT, based on the ERC-721 standard, represents the staked ELA and can be freely traded, transferred, or collateralized on the ESC without requiring the user to un-stake. As a result, the user retains liquidity while still maintaining their staked position in the network. This innovative approach to staking on Elastos allows assets to remain in circulation within decentralized finance (DeFi) applications or marketplaces, granting users greater flexibility.

3. How secure are BPoS NFTs?

A: The BPoS NFTs on Elastos are designed with security in mind by leveraging the ERC-721 standard and OpenZeppelin’s open-source, audited code. Here’s a breakdown of key security features:

NFT Contract: The BPoS NFT contract, following the ERC-721 standard, is immutable and ownerless, meaning no one can alter it post-deployment. Only the NFT holder has the authority to transfer their NFT. Claim Contract: The claim process requires users to sign their staked transaction ID and target ESC address, ensuring authenticity. The claim contract checks signatures before NFT creation, preventing unauthorized minting.

By combining these mechanisms, BPoS NFTs maintain strong security through verified code and strict transaction protocols, reducing risks of tampering and unauthorized claims.

4. Which wallet supports BPoS NFTs on Elastos?

A: Currently, Web3 Essentials is the only compatible wallet for managing BPoS NFTs on Elastos. This wallet supports the staking, trading, and transfer functions of BPoS NFTs on the Elastos Smart Chain (ESC), making it essential for users wanting to maintain flexibility with their staked assets.

For a complete guide on setting up and using Web3 Essentials with BPoS NFTs, you can follow the step-by-step instructions here.

5. What are the different options present on the BPoS NFT tab in the Essentials wallet?

A: In the BPoS NFT tab, the Send, Receive, and Destroy functions have specific roles:

Send: Allows users to transfer their BPoS NFT to another wallet, maintaining the staked position but changing ownership. Receive: Enables a wallet to accept the BPoS NFT, continuing the staking status in the new owner’s control. Destroy: This function permanently removes (or “burns”) the NFT and converts it back into its original staking status, i.e. only voting rights on the Main Chain without a corresponding NFT representing ownership of such voting rights. Noting that the staked ELA remains locked until the lock period ends.

For more detailed instructions, visit the Elastos BPoS NFT guide here.

6. Will I get my staked ELA back after I minted an NFT and sent it to a new wallet?

A: No, when you mint a BPoS NFT and send it to a new wallet, the new owner of the NFT gains control over the staked ELA on the main chain. This means they can choose to hold, transfer, or destroy the NFT, managing the staked ELA as they see fit. Additionally, they will also receive the rewards associated with the staked ELA.

7. Will I be able to destroy a BPoS NFT even though my wallet does not have a main chain address?

A: No, the Essentials app will not allow you to destroy or claim if your wallet does not have a corresponding Elastos main chain address.

8. What is the Elastos consensus model, and how does BPoS integrate with it?

A: Elastos operates using a multi-layered consensus mechanism called Elastic Consensus, which combines Auxiliary Proof of Work (AuxPoW) and Bonded Proof of Stake (BPoS) to secure the network and provide utility.

Auxiliary Proof of Work (AuxPoW): AuxPoW leverages Bitcoin’s mining infrastructure, allowing Bitcoin miners to secure both Bitcoin and Elastos simultaneously without extra energy costs. Approximately 50% of Bitcoin’s hash rate (about 293.69 EH/s) is used to secure Elastos, providing it with substantial security and network-wide trust. Bonded Proof of Stake (BPoS): In BPoS, users lock ELA on the Main Chain to secure the network and validate transactions. Validators must hold 80,000 staking rights to participate in block validation and share rewards with stakers. This incentivizes participation and contributes to the network’s stability. 9. How do BPoS NFTs unlock the value of staked ELA?

A: Traditional staking locks assets, limiting liquidity. BPoS NFTs solve this problem by converting main chain staking rights into ERC-721 standard NFTs that represent ownership to claim the underlying staked ELA and its accumulating rewards.

Staking and Minting: Users stake ELA tokens on the Main Chain using the Essentials Wallet. Once staked, they can mint BPoS NFTs on the Elastos Smart Chain (ESC). The NFT represents both the staked ELA and the accumulating APY rewards. Trading and Transfer: BPoS NFTs can be freely traded or transferred on the ESC, allowing users to unlock liquidity without ending their staking position or interrupting rewards. Burning and Claiming Rewards: NFT holders can burn NFTs at any time to claim APY rewards. The staked ELA remains locked until the lock period ends, at which point it can be withdrawn by BPoS NFT holder and their corresponding main-chain address. 10. What is the BeL2 Arbiter Network, and how will BPoS NFTs be used within it?

A: The BeL2 Arbiter Network is an upcoming layer in the Elastos ecosystem that will enable new financial applications such as BTC-based loans, stablecoin issuance, and dispute resolution services.

Collateralization in the BeL2 Arbiter Network: Arbiter Entry: Users can stake ELA BPoS NFTs as collateral to participate as nodes in the BeL2 network. Earning BTC and dApp Rewards: BPoS NFT arbiter nodes earn percentage-based BTC and decentralized application (dApp) rewards, alongside Main Chain ELA staking rewards, for supporting time-based transactions and dispute resolution services that reflect the value of their collateral. Decentralized Financial Services: The BeL2 network supports native BTC services, ensuring decentralized loans are completed, maintaining stablecoin pegs, liquidating assets based on market conditions, and providing dispute resolution services. This creates a secure, decentralized alternative to traditional financial systems without moving BTC off the mainnet. 11. What are the key advantages of Elastos BPoS NFTs?

A: The key advantages include:

Flexible Liquidity: Users can trade or transfer staked assets and their rewards as NFT receipts without waiting for the lock period to end. Bitcoin-Backed Security: With a significant portion of Bitcoin’s hash rate securing Elastos, the network benefits from high levels of trust and reliability. New Financial Tools: BPoS NFTs can be used as collateral for loans and arbitration services in the BeL2 network, creating new earning opportunities. Simple Wallet Management: Users can manage NFTs through the non-custodial Essentials Wallet, ensuring full control over staked assets. 12. How can I mint, claim, and manage BPoS NFTs using the Essentials Wallet?

A: To mint, claim, and manage BPoS NFTs, follow these steps:

Minting: Enter Your Votes: Stake ELA on the Elastos Main Chain using the Essentials Wallet and allocate your voting power. Initiate the Minting Process: Confirm the minting transaction to create a BPoS NFT. Wait for Confirmations: Wait for 6 block confirmations on the Main Chain. Switch to Elastos Smart Chain: Move to the ESC to complete the claim process. Claiming: Automatic Check for Claimable NFTs: On the ESC, Essentials will automatically search for any claimable BPoS NFTs tied to your wallet address. Claim the NFT: Click “Claim” to transfer the minted BPoS NFT to your wallet. Managing: Transfer the NFT: Select “Send” and enter the destination address to transfer the NFT to another wallet. Destroy the NFT: Choose “Destroy” to convert the NFT back into a vote on the Main Chain, regaining its original staking status. 13. Are there future plans for BPoS NFTs within the Elastos ecosystem?

A: Yes, future plans include:

Integration into Marketplaces: BPoS NFTs will be incorporated into platforms like Elacity for trading. Use in the BeL2 Arbiter Network: They will serve as collateral within the BeL2 network for BTC-based loans and dispute resolution services. Network Security Rewards: Opportunities to help secure the network in return for BTC rewards.

 

Glossary ELA: The native cryptocurrency of the Elastos blockchain. Elastos Main Chain: The primary blockchain network for Elastos. Elastos Smart Chain (ESC): A sidechain supporting smart contracts and dApps, compatible with EVMs. BPoS (Bonded Proof of Stake): A consensus mechanism where users stake tokens to secure the network. AuxPoW (Auxiliary Proof of Work): Allows Bitcoin miners to mine blocks on Elastos without extra effort. BeL2 Arbiter Network: An upcoming layer facilitating decentralized financial services using BPoS NFTs. ERC-721 Standard: A standard for non-fungible tokens, ensuring uniqueness and indivisibility. Additional Resources Elastos BPoS NFT Article: Click here for the official BPoS Release Article. Step-by-Step Minting Guide: Click here to learn how to mint your BPoS NFT. Elastos Official Documentation: Visit here for more information.

Thanks to passkeys, you may not need to remember a password ever again.

Apple thinks 249 of my passwords need attention. Some of them have been reused. Some of them have been caught up in data breaches. Some are just bad passwords.

That’s why, for the past 11 years, a group called the FIDO Alliance has been working to kill passwords — or at least make us less reliant on them. FIDO, short for Fast IDentity Online, wants to make signing into your accounts not only more secure but also, as the name implies, faster and easier. Since its members include Amazon, Apple, Google, Meta, and other architects of our online experience, the FIDO Alliance is in a position to accomplish this, too.

Whether you’ve realized it or not, FIDO’s efforts have already transformed the way you sign into everything online. You may have noticed a few years ago, for instance, that a lot more sites started requiring something called multifactor authentication, which adds an extra step to the login process, like texting a code to your phone so the site can verify you are you. That was FIDO’s doing.

But after years of making logging in more difficult but more secure, the alliance recently began a major push to get platforms and people alike to adopt a technology that may just kill passwords altogether: passkeys.

Join us in Santiago, Chile for 3 hours of inspiration and co-creation around the tensions and challenges that cyberfeminism faces with the rise of emerging technologies.

The post Meet us in Chile for a discussion about emerging technologies and cyberfeminisms appeared first on The Engine Room.

By: Joni Brennan, President of DIACC-CCIAN

The recent FINTRAC Special Bulletin on money laundering and sanctions evasion in the legal profession is a clear reminder that safeguarding our financial systems—and upholding security—requires both vigilance and innovation. At the core of these efforts lies a powerful tool: digital verification of client identification. This technology is crucial in preventing the misuse of legal services for illicit activities like money laundering and sanctions evasion.

While most legal professionals work with integrity, the bulletin underscores that a few actors may unwittingly (or intentionally) facilitate financial crime. This crime threatens the integrity of our financial system and erodes the public’s trust in our legal system, where the majority are acting in good faith.

So, where does DIACC fit in? How does digital verification help mitigate these risks?

DIACC’s Role in Strengthening Digital Verification

Our work—anchored in the Pan-Canadian Trust Framework (PCTF)—is focused on enabling secure, privacy-respecting digital trust and verification services that support consumers, businesses, and governments. These services are essential in a world where digital interactions are the norm, and ensuring information authenticity is critical to preventing fraud and criminal activities.

The Law Society Profile: Supporting Legal Sector Security

One of the most exciting initiatives DIACC has undertaken is the development of the PCTF Law Society Profile. Working closely with the Federation of Law Societies of Canada (FLSC) and essential interested parties, this project highlights how the legal sector can play a pivotal role in combating money laundering. By establishing auditable criteria to mitigate risk and build assurance for client verification, the PCTF Law Society Profile enables legal professionals to confidently select trusted services that verify their clients’ identities, providing evidence of investment in alignment with stringent anti-money laundering (AML) and Know-Your-Customer (KYC) requirements.

This certification process helps legal professionals choose services one step ahead of fraudsters, ensuring transparency and security as they navigate high-value or high-risk transactions.

As the trusted list of DIACC PCTF Certified Providers grows, DIACC also launched its Member Services Directory, a directory of services offered by DIACC members, certified providers, and applicants. And, let’s face it, digital verification can be hard to explain, so we’ve launched a growing Big Book of Digital Trust Stories. Our Digital Trust Stories explain the mechanics and benefits in simple language to help people and organizations understand the benefits of digital trust and verification. These are just some of the tools DIACC develops to help ensure legal professionals can access the digital trust tools they need.

Addressing Risks in Financial and Legal Transactions

The findings from FINTRAC serve as a call to action. Legal professionals—particularly those involved in high-risk sectors like real estate or corporate structuring—are in a unique position of trust. Digital verification can play a crucial role in mitigating risks by adding layers of security that protect against misuse.

By adopting robust digital client verification solutions, legal professionals can:

Mitigate real estate and corporate transaction risks, ensuring transparency around beneficial ownership.
Strengthen KYC processes, ensuring that clients are who they claim to be.
Safeguard solicitor-client privilege by securing client access to sensitive legal processes.

DIACC and the Path Forward

The need to protect our financial integrity has never been more apparent. DIACC’s commitment, mission, and vision align directly with the challenges identified in the FINTRAC bulletin. Our role is to ensure that digital trust and verification tools are practical, accessible, and secure across industries, particularly in high-risk areas like the legal profession.

We are proud to partner with industries, governments, and professionals who share our vision for a future where transparency, security, and trust are central to every transaction.

DIACC is an open and transparent community of leaders dedicated to one issue: the responsible adoption of digital trust and verification practices.

Contact DIACC to collaborate and build a future where transparency, privacy, security, and trust are at the forefront of every transaction.

The official voting period will be between Thursday, November 7, 2024 and Thursday, November 14, 2024 (12:00pm  PT), once the 45 day review of the specification has been completed. For the convenience of members who have completed their reviews by then, voting will actually begin on Thursday, October 31, 2024.

The AuthZEN work group page is  https://openid.net/wg/authzen/. If you’re not already an OpenID Foundation member, or if your membership has expired, please consider joining to participate in the approval vote. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration.

The vote will be conducted at https://openid.net/foundation/members/polls/343

Marie Jordan – OpenID Foundation Secretary

The post Notice of Vote for Proposed AuthZEN Authorization API 1.0 Implementer’s Draft first appeared on OpenID Foundation.

Kia ora,

October may bring Halloween, but I’m calling it “Crazy-month” with the whirlwind of activity – whether it’s the lead-up to Christmas or gearing up for the second half of the financial year ending in March. At Digital Identity NZ (DINZ), we’re delivering on the present while planning ahead for an even bigger and better Digital Trust Hui Taumata 2025 in August.

Thanks to the support of members AWS, Innovise, Worldline, and Xero we’ve submitted our input on the Consumer and Product Data bill and the open banking designation rules, ensuring our collective industry voices are heard.

It’s immensely satisfying to see the growing recognition of the vital role digital identity plays in eCommerce and secure online transactions across industries and government. DINZ’s involvement at the highest levels is paying off. Earlier this month, DINZ, our NZTech Group colleagues at FinTechNZ and RegTechNZ, along with DINZ members HGM, MERW, PaymentsNZ API Centre, and Sushlabs joined a roundtable with Minister Bayly. This followed our meeting with Minister Collins in August and focussed on fostering innovation in financial services. Workstreams are now underway, and we’ll report back to Minister Bayly in December. 

With today’s latest news that the Government will introduce a single supervisor and a new funding model in a major overhaul of New Zealand’s Anti-Money Laundering and Countering Financing of Terrorism, if you have thoughts on the digital identity aspect of this discussion, we’d love to hear from you. 

On the regulatory front, we’ve met with the Office of the Privacy Commissioner (OPC) to reinforce our well publicised views on the proposed biometrics code of practice, with media also showing interest in our biometrics mahi. Keep an eye out for details of our upcoming ‘Facial recognition in retail’ webinar on Tuesday 26 November, where we will discuss the benefits, ethical considerations, and privacy issues specific to New Zealand.

We’ve also resumed discussions with the Department of Internal Affairs (DIA) to support the implementation of the Digital Identity Services Trust Framework (DISTF). Raising community and industry awareness is key, which is why we’re pleased to support online educator InformDI and DINZ member NEC in offering members free online DISTF learning, which launched this month. If you’re a DINZ member and haven’t signed up yet, you can find more details on accessing the course here.

Speaking of education, we’re also teaming up with DINZ members Spark to provide AcademyEX’sMaster of Technological Futures students with a ‘Future of Identity’ online lecture soon.

For members, especially new ones – we encourage you to stand for election to our Executive Council to help guide our mahi and shape the future of digital identity in New Zealand.

Ngā mihi

Colin Wallis
Executive Director, Digital Identity NZ

Read the full news here: Industry engagement and future plans

SUBSCRIBE FOR MORE

The post Industry engagement and future plans | October Newsletter appeared first on Digital Identity New Zealand.

In this episode of “Unsafe at Any Click”, we talk to Julie Liddell, founding attorney of the EdTech Law Center. We gather insights from the legal side of privacy for students and parents as it relates to EdTech, and so much more.

 

The post “Unsafe at Any Click” – Episode 5 appeared first on Internet Safety Labs.

How to gaining additional perspectives by focusing on boundary judgements, interrelationships, and feedback loops Image CC BY-ND Visual Thinkery for WAO

“There are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns — the ones we don’t know we don’t know.” (Donald Rumsfeld)

In my recent post on the strategic uses of ambiguity I explored how, when used thoughtfully, it can be a powerful tool in complex environments.

Then, in my Introduction to Systems Thinking series I explained that by reflecting on boundary judgements, understanding interrelationships, and engaging with multiple perspectives we can gain deeper insights into the systems we navigate.

In this follow-up, written in collaboration with Laura Hilliger, I aim to demonstrate how ambiguity can be used alongside systems thinking in a ‘playful’ way to shine light on our assumptions.

Ambiguity and System Boundaries This diagram is explained in the post On the strategic uses of ambiguity

While ambiguity and systems thinking might seem like opposing concepts, when combined deliberately, productive ambiguity becomes a potent tool for exploring complex systems.

Productive Ambiguity — this represents ambiguity that is beneficial or intentional in generating positive outcomes because it helps people shift their view. For example, as part of a strategy where leaving things unsaid or open to interpretation can lead to more flexible and adaptable solutions. (On the Strategic Uses of Ambiguity)

Drawing boundaries around systems is essential for analysis. However, these boundaries often rest on assumptions that may go unexamined. Introducing productive ambiguity allows us to ‘play’ with the boundaries, questioning what we include or exclude and why. Productive ambiguity opens up space for new interpretations and challenges our assumptions in ways that are useful.

🛝🌳⛲ Example: Park Revitalisation Project

Let’s say you’re working on a project to revitalise a local park. The initial assumption might be that only park users and local authorities are the relevant stakeholders. This is the boundary. However, by embracing productive ambiguity, you might ask: “Could nearby schools, local businesses, or community groups influence or benefit from this project in ways we haven’t considered?”

This open-ended question uncovers a wider boundary than had been included in the initial planning — such as schools using the park for outdoor learning or local businesses benefiting from increased foot traffic. The approach reveals hidden dynamics and helps develop a project that serves a broader and more diverse community.

Reflecting on boundary judgements isn’t just about defining the limits of a system. Rather, it’s about acknowledging that these limits can obscure important elements. By introducing productive ambiguity into our boundary judgements, we can challenge rigid definitions and explore what might be hidden just beyond them.

Productive ambiguity encourages us to ask, “What if our assumptions about this boundary are incomplete?” This approach allows us to ‘play’ with the system’s edges, revealing blind spots that a strict boundary might conceal.

Understanding Interrelationships Image CC BY-ND Visual Thinkery for WAO

In systems thinking, understanding the interrelationships within a system is essential because these connections are complex and often hard to identify.

Productive ambiguity can help us explore these interrelationships by allowing us to entertain multiple interpretations of how components might interact. This, in turn, leads to insights that wouldn’t have emerged through a linear approach.

🛝🌳⛲ Example: Park Revitalisation Project

Returning to our park project, imagine that a local school starts using the park for outdoor activities. Asking open-ended questions helps bring in some productive ambiguity. What kinds of facilities or services might schoolchildren like to have? Let’s say they suggest an ice cream stand. By entertaining this idea, we begin to explore the wider interrelationships: What infrastructure would support this? We might need to consider water supply, electrical outlets, waste management, and accessibility for vendors and customers. As we dig deeper, we start to see how various systems — utilities, transport, local regulations — interconnect with the park in ways that weren’t immediately obvious.

By ‘playing’ with productive ambiguity, we can imagine alternative scenarios and question established cause-and-effect relationships. This exploration can uncover hidden feedback loops and leverage points — small changes that can have significant impacts.

For instance, something as simple as adding an ice cream stand might lead to greater foot traffic, which in turn could spark local businesses’ interest in park events or influence how the park is maintained. Productive ambiguity therefore helps us see beyond the obvious and consider connections that might influence the system in unexpected ways.

Engaging with Multiple Perspectives Image CC BY-ND Visual Thinkery for WAO

Bringing in diverse viewpoints is a crucial aspect of systems thinking, and productive ambiguity serves as a powerful tool for uncovering these perspectives. It opens the door to diverse interpretations, encouraging new perspectives and exposing areas where thinking may have become too narrow.

🛝🌳⛲ Example: Park Revitalisation Project

For instance, in the project to revitalise a local park, productive ambiguity could be introduced by presenting different possible uses for the space — such as turning it into a sports facility, a community garden, or a children’s play area — without making a definitive decision upfront. This uncertainty encourages people to imagine how these options might affect their lives or the community, drawing out diverse perspectives. As a result, the project might reveal multiple perspectives which have been overlooked, such as local businesses seeing the park as a venue for markets or under-represented groups desiring a space for cultural events. This approach helps encourage a richer, more inclusive and diverse vision for the park’s future.

By introducing some ambiguity into these discussions, we encourage others to challenge their assumptions and share insights that might not otherwise come forward. This collective ‘play’ with ideas can uncover areas of the system that need further attention. It also helps us avoid the trap of thinking that any one perspective is the only valid one.

Using Feedback Loops Image CC BY-ND Visual Thinkery for WAO

An essential part of systems thinking involves feedback loops: positive loops tend to reinforce certain behaviours, while negative loops work to maintain balance by counteracting them. Considering these loops alongside productive ambiguity can reveal how uncertainty either helps uncover hidden aspects of the system or, conversely, makes them more difficult to detect.

🛝🌳⛲ Example: Park Revitalisation Project

Again, using the park project as an example, the more ideas community members share about the park’s potential, the more excitement builds. This creates a positive feedback loop where new ideas inspire further participation. However, if the discussions remain too vague, some community members may grow frustrated with the lack of direction, creating a negative feedback loop that stalls the project. Here, productive ambiguity ensures that ambiguity leads to curiosity and exploration rather than confusion or paralysis, guiding the feedback loop toward uncovering blind spots rather than reinforcing them.

By understanding how feedback loops interact with productive ambiguity, we can steer systems toward more insightful outcomes. The key is to maintain just enough uncertainty to encourage exploration without allowing it to drift into confusion. This helps ensure that feedback loops support the uncovering of hidden system dynamics rather than obscuring them.

Conclusion

By integrating productive ambiguity into systems thinking practices, we enhance our ability to identify and address assumptions being made. Productive ambiguity allows us to ‘play’ with systems — testing boundaries, exploring interrelationships, and engaging with diverse perspectives. This helps reveal hidden elements, uncover predominant perspectives, and gain deeper insights.

Embracing productive ambiguity doesn’t mean creating unnecessary confusion. Instead, it acknowledges the complexity of systems and the value of multiple interpretations. The approach challenges fixed assumptions, encouraging us to develop more flexible, inclusive, and insightful strategies for navigating complex systems. Through productive ambiguity, we move beyond rigid boundaries and engage with the richness that systems — and the people within them — offer.

Do you need help with this kind of thing? Get in touch with WAO!

Finding Unexamined Assumptions Through Systems Thinking and Ambiguity was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

The Bonded Proof of Stake (BPoS) NFT system on Elastos allows users to mint, claim, manage, and redeem ELA-backed ERC721 NFTs, unlocking liquidity for Smart Chain utility whilst supporting the mainchain network’s security. Want to learn more about BPOS NFTs? Learn here! Today, we will walk you through the process of creating and using BPoS NFTs across the Elastos Main Chain and Smart Chain using the Essentials Wallet.

Step 1: Minting a BPoS NFT on the Elastos Main Chain

1. Enter Your Votes: Start by logging into your Elastos wallet and accessing the staking section on the Elastos Main Chain. Choose how you want to allocate your voting power with the staked ELA. For a guide on BPOS voting, please see here.

2. Initiate the Minting Process: After selecting your votes, confirm the minting transaction to create a BPoS NFT.

3. Wait for 6 Block Confirmations: The transaction will take some time to be confirmed by the network. You must wait for 6 blocks to be produced by the Elastos Main Chain before proceeding.

4. Switch to Elastos Smart Chain: Once confirmed, move over to the Elastos Smart Chain (ESC) to complete the claim process.

 

Step 2: Claiming Your BPoS NFT on Elastos Smart Chain

1. Automatic Check for Claimable NFTs: On the Elastos Smart Chain, Essentials will automatically search for any claimable BPoS NFTs tied to your wallet address. You will receive a notification once a claimable NFT is found.

2. Manual Check for NFTs: If you don’t receive a notification, you can manually check by going to the NFT claim section in the wallet.

3. Claim the NFT: Click “Claim” to transfer the minted BPoS NFT to your wallet. After the claim is successful, the NFT will appear under the “Collectibles” section of your wallet homepage.

 

Step 3: Managing Your BPoS NFT

Once the BPoS NFT is in your wallet, you can perform several actions:

1. Transfer the NFT to Another Wallet:

Navigate to the BPoS NFT in the “Collectibles” section. Select “Send” and enter the destination address to transfer the NFT.

2. Destroy the NFT (Convert Back to a Vote):
If you want to stop using the NFT and return to staking directly on the Elastos Main Chain:

Choose “Destroy” from the options. When destroyed, the BPoS NFT will be converted back into a vote and returned to the Main Chain, where it will regain its original staking status.

3. Future Utility: Upcoming BPOS NFTs plans include incorporating into Elacity’s marketplace for trading and the BeL2s Arbiter network for collateral, as well as opening opportunities to help secure the network in return for BTC rewards.

 

Unlocking Value

This BPoS NFT system provides users with flexibility, offering the ability to mint NFTs from staked tokens, claim them, and transfer or destroy them as needed. With these NFTs acting as new assets and voting receipts, users can engage with Elastos more dynamically—staking, earning rewards, and participating in governance, all while maintaining liquidity.

By following this guide, you can now confidently navigate the Elastos BPoS NFT ecosystem, unlocking new ways to maximize your staking rewards and explore opportunities within the BeL2 network. Did you enjoy this article? Follow Infinity for the latest updates here!

With less than 10% of warehouses currently automated, the industry is on the verge of a major transformation. 

As automation surges, one element will define success: the power of high-quality data.

In this episode, Ries Bouwman, Product Manager at KNAPP, and Gasper Gulotta, Director of Software Consultancy at KNAPP, join hosts Reid Jackson and Liz Sertl to discuss how accurate data is essential to the future of warehouse automation.

Reis and Gasper share examples of how poor data can disrupt automated systems, causing costly delays and inefficiencies. They emphasize that by improving data management, companies can not only prevent these issues but also unlock the full potential of automation. 

Automation isn’t just about the machines—it’s about ensuring accurate, complete data that systems can rely on to function smoothly.

 

In this episode, you’ll learn:

Why data accuracy is critical for successful warehouse automation

The challenges and costs associated with incorrect or incomplete data

The role of GS1 standards in improving data quality across supply chains

 

Jump into the conversation:

(00:00) Introducing Next Level Supply Chain

(02:28) KNAPP and its journey in automation  

(05:22) The importance of data quality in automation  

(08:38) Connecting KiSoft to ERP systems

(13:23) Verifying data accuracy  

(18:13) Raising industry standards for better data

(24:20) Bad data causing issues for warehouse automation  

(30:39) Ries and Gaspar’s favorite tech

(34:32) Smarter data collection through AI and quantum computing

 

Connect with GS1 US:

Our website - www.gs1us.org

GS1 US on LinkedIn

 

Connect with the guests:

Ries Bouwman on LinkedIn

Gasper Gulotta on LinkedIn

 

A pano from VRM Day in April 2015

VRM Days always happen the day before IIW starts, twice each year. Usually, we have about 50 registered and 30 showing up. (Some are online, though we’d rather have their bodies in the room.)  For the VRM Day this coming Monday, we’re expecting more than 100 people. So, like Sheriff Brody said in Jaws, we need a bigger room.

And we have one. So that’s good. Logistics will be challenging, but we’re on top of them.

IIW is also close to sold out. Last I checked, there were just nine tickets left.

Here is copy from our Eventbrite page as it now stands:

The Main Thing

At this VRM Day, Ben Moskowitz, VP Innovation and Ginny Fahs, Director of Product R&D at Consumer Reports will lead discussion of some of their early R&D concepts around a new approach to customer service: one in which personal AI agents represent customers’ best interests.

This is CX (Customer Experience) re-imagined and re-implemented in ways that are no less real and human but far more intelligent, mutually informative, and useful than what all of us have experienced thus far in the Digital Age. CR is looking for feedback and collaboration as they move forward. They plan to participate in IIW as well.

As usual, everyone who wants to share what they’re working on in the VRM space will have time to present, discuss, and prep for IIW.

Schedule

Morning:

9am – Noon. Consumer Reports presentation and discussion (on the above)

Lunch

Noon – 1:30 (Sports Page or Zareen’s (diagonal across the intersection)

Afternoon

Adrian Gropper on HIE of One, Medical AI Assistant (MAIA) and personal AI in health care Joe Andrieu on the Digital Fiduciary Initiative Cryptid / KwaaiNet demo Iain Henderson on Data Pal Richard Whitt on GliaNet Alliance Customer Commons on IEEE P7012 Paul Trevithick (Mee.Foundation) on Private Advertising

Discussion on any or all of the above

Listing planned IIW sessions

Subject to change, of course.

Since we have a lot to cover, please be there at 9am sharp, and be back from lunch at 1:30.

Note that there are only three lunch places nearby. Cucina Venti is good but relatively expensive and service is slow. Sports Page is makes good sandwiches and has lots of picnic tables. It’s where most of us usually go. Haven’t tried Zareen’s, behind the Sports Page, where Sunny Bowl and other restaurants used to be. It has “familiar & innovative halal spins on Indian & Pakistani cooking.”

 

 

 

Biometrics are transforming the integration of our physical and digital worlds, especially in decentralised identity systems. Technologies like fingerprint and facial recognition not only enhance security but also provide a seamless way to verify identities while safeguarding user privacy. As New Zealand progresses with its Digital Identity Services Trust Framework (DISTF), these innovations empower individuals with greater control over their personal data.

In September, DINZ hosted a webinar featuring industry leaders including Steven Graham and Graeme Prentice from NEC, Roger Ford from Innovise NZ, Dr Vica Papp, from Digital Identity NZ and James Little, from DIA. They shared insights on the pivotal role of biometrics in shaping the future of digital identity.

For an in-depth look, check out the review by Biometrics Update here.

Watch Recording

The post Biometrics Update: DINZ and NEC Webinar in Review appeared first on Digital Identity New Zealand.

The U.S. Department of Justice’s final rule on Title II of the Americans with Disabilities Act (ADA) has significant implications for public universities and community colleges regarding web content and mobile app accessibility. Finalized in April 2024 and effective from June 2024, the rule adopts Web Content Accessibility Guidelines (WCAG) 2.1 Level AA as the new standard for digital accessibility. This means that covered entities must ensure their digital platforms, including websites and mobile apps, comply with specific requirements for captioning and audio descriptions.

The compliance deadlines are set for 2026 and 2027, depending on the local government population size. While there are limited exceptions for archived web content and preexisting social media posts, password-protected content must also meet these standards. All state and local government entities across the United States and their third-party contractors and software vendors must comply. The rule impacts a wide range of public services, from municipal offices to schools, libraries, and museums.

Overall, the new rule represents a significant step towards improving digital accessibility in higher education, requiring institutions to take proactive measures to accommodate all users, including those with disabilities. While this sounds daunting, the key to success with these updated guidelines are early preparation and clear understanding of them and what they mean.

Working with an experienced partner like Edge to facilitate the transition to full compliance is key. Edge can help you take swift action to meet these new requirements. Compliance not only mitigates legal risks but also positions institutions as leaders in inclusive digital services. The potential return on investment in accessibility beyond legal compliance is astronomical, serving a broader audience and enhancing overall user experience for all your students, current and potential.

Time is of the essence with Title II of the Americans with Disabilities Act (ADA). If your institution requires expert guidance and support to ensure your web content and mobile app accessibility meet the new guidelines, connect with Edge’s Member Engagement Team today.

MICHELLE FERRARO
Senior Member Engagement Manager
michelle.ferraro@njedge.net
732.740.5092

ERIN BRINK
Member Engagement Manager
erin.brink@njedge.net
973.943.8088

About Edge

Edge serves as a member-owned, nonprofit provider of high performance optical fiber networking and internetworking, Internet2, and a vast array of best-in-class technology solutions for cybersecurity, educational technologies, cloud computing, and professional managed services. Edge provides these solutions to colleges and universities, K-12 school districts, government entities, hospital networks and nonprofit business entities as part of a membership-based consortium. Edge’s membership spans the northeast, along with a growing list of EdgeMarket participants nationwide. Edge’s common good mission ensures success by empowering members for digital transformation with affordable, reliable and thought-leading purpose-built, advanced connectivity, technologies and services.

The post ADA Title II appeared first on NJEdge Inc.

EdgeCon Autumn 2024: A Special Thank You to Our Sponsors

Edge would like to extend our heartfelt thank you to all the sponsors who made EdgeCon Autumn 2024 a resounding success. Hosted in partnership with Kean University, EdgeCon Autumn brought together thought leaders, professionals, and attendees from universities and community colleges. The conference focused on achieving sustained success by uniting strategy and innovation through enterprise architecture. The support of these sponsors have been instrumental in making this event possible.

Platinum Sponsor

Extron is Committed to Education. Every day, primary schools, colleges, and universities around the world use Extron audio and video products to harness the power of multimedia to enrich educational experiences. Extron’s AV systems for education provide sharp images, clear sound, simple control, and solid reliability. We constantly seek feedback from educators in order to engineer AV tools that help instructors present more engaging lessons, help students absorb and retain what they learn, and allow administrators to run institutions more efficiently at lower cost.

www.extron.com

Exhibitor Sponsors

Automate Your Processes, Integrate Your Applications, Accelerate with Expert Guidance

christine@aisww.com  •  aisww.com

Anthology delivers EdTech solutions that empower students to reach their full potential and learning institutions to thrive. Millions of students around the world are supported via Anthology’s ecosystem of flagship SaaS solutions and supporting services, including the award-winning Blackboard® (LMS), Anthology® Student (SIS/ERP), and Anthology® Reach (CRM).

info@anthology.com  •  www.anthology.com

At Aspire we believe in the power of collaboration to drive digital transformation in education. Our SLED Team provides essential solutions that help colleges, K-12 districts, and other entities meet desired business needs and thrive in today’s digital landscape. Let’s connect and explore how we can partner for a brighter, more connected and secure future in education!

Info@AspireTransforms.com  •  Kbuff@AspireTransforms.com  •  AspireTransforms.com

Cisco empowers higher education institutions to create secure, flexible, and innovative learning environments. By leveraging advanced collaboration tools, wireless solutions, seamless connectivity, and robust security measures, Cisco helps universities and colleges enhance student experiences, streamline administrative processes, and fuel cutting-edge research. With a focus on future-proofing networks and supporting digital transformation, Cisco ensures that educational institutions can adapt and thrive in an evolving technological landscape.

moam@cisco.com  •  www.cisco.com

Cloudflare’s mission is to help build a better Internet by improving security, resilience, and performance. We do this by reducing your attack surface, vendor count, and tool sprawl, while also helping you regain visibility and control of IT and security across on-prem, public cloud, SaaS, and the Internet.

jsingh@cloudflare.com  •  jennifer.tavella@cloudflare.com •  www.cloudflare.com

Delivering the best cybersecurity services comes with a responsibility to always operate in a way that is true to our core values. Be human. Be hungry. Be humble. Be honest. And lead with your heart.

cduekshire@driven.tech  •  driven.tech

Founded more than 20 years ago in Sunnyvale, California, Fortinet continues to be a driving force in the evolution of cybersecurity and the convergence of networking and security. Fortinet’s portfolio of over 50 enterprise-grade products is the largest integrated offering available, delivering proven cybersecurity everywhere you need it.

tgallo@fortinet.com  •  www.fortinet.com

Google Public Sector brings the magic of Google to the mission of government and education. With powerful technologies such as artificial intelligence (AI), advanced analytics, and security offerings, decision makers can streamline processes and improve student, faculty and staff services delivered by public sector organizations across all domains

kanoff@google.com  •  cloud.google.com

Joseph W Hendrickson, LLC. provides high quality professional consulting enterprise resource planning (ERP) and business intelligence (BI) project management and full project lifecycle implementation services for Higher Education, Public Sector, Healthcare industry clients.

Dfhllc@josephwhendricksonllc.com  •  www.josephwhendricksonllc.com

Identity Automation provides identity and access management (IAM) solutions for Higher Education. Our flagship platform, RapidIdentity, safeguards learning environments, maximizes instructional time, and minimizes the load on Information & Educational Technology teams. Technology leaders turn to RapidIdentity for its best-in-class security capabilities, time-saving automations, and flexible approach to managing digital identities.

kwood@idauto.net  •  www.identityautomation.com

At NICE, we are passionate about empowering colleges, universities, and organizations of all sizes to deliver amazing student, administrative and customer experiences on our award winning digital-first cloud native contact center platform with purpose-built CX AI. With over 30 years of experience, NICE has pioneered customer service innovations while demonstrating equal effectiveness for colleges, universities, and government entities. We are known for our innovation and comprehensive interaction-centric approach with specialized AI to boost student and customer satisfaction. Our unified open cloud platform, CXone, manages interactions from voice to next-gen digital and AI chatbots—enabling organizations to orchestrate the complexity of modern customer experiences on one platform. A comprehensive best-in-class unified combination of CX applications, from AI self-service to routing to workforce engagement and quality management. Meet your students and customers where they truly begin their journeys, supporting 30+ digital channels, self-help, messaging, proactive outreach, and knowledge management. Together, we can drive innovation, elevate the CX experience to new heights, and embark on a journey of, collaboration, and limitless potential.

glenn.grieshaber@nice.com  •  www.nice.com

With Nile, higher education institutions not only consume their entire wired and wireless access network with a performance guarantee for coverage, capacity and availability but also free up capital and resources, ensuring superior total cost of ownership. To meet the demands of modern education, institutions need resilient wired and wireless networks that provide extensive coverage, high speed, and unwavering reliability. Nile converges campus network into a next-generation architecture that integrates traditional local area network (LAN) technology stack and day -1 to day N lifecycle services into a single solution. This unique solution, named Nile Access Service, delivers the industry’s first performance guarantee on a per-building basis. Nile Access Service enables flexible per-user or per square footage consumption, eliminating the need for any upfront capital investment.

scott.wishnow@nilesecure.com  •  nilesecure.com

PKA Technologies is a leading IT solutions provider based in Montvale, NJ. With over 25 years of experience, PKA Technologies offers a comprehensive range of services, including cloud computing, data backup and recovery, and IT consulting. We specialize in providing customized solutions tailored to the unique needs of each client, ensuring that businesses of all sizes can benefit from our expertise. PKA Technologies’ commitment to delivering exceptional service and innovative solutions has earned us a reputation as a trusted partner for businesses looking to leverage technology to drive growth and success.

joanne.goodstadt@pkatech.com  •  www.pkatech.com

SailPoint is a leading provider of identity governance and administration (IGA) solutions. It helps organizations manage and secure least-privilege access to critical data and applications for their employees, contractors, and other users. SailPoint has the highest level of customer satisfaction and retention within the industry with a 95% customer retention rate across over 2,800 customers. Every single analyst report ever produced on IGA points to SailPoint as the leader – Gartner, Forrester, IDC, KuppingerCole. These accolades are largely due to our heritage in identity governance, our research & development, and our passion and focus to make every customer successful.

jared.roth@sailpoint.com  •  sailpoint.com

Splunk provides an industry-leading Data Analytics Platform recognized by Gartner as a leader in both Cybersecurity and Observability. Splunk is also powering a new Student-Led SOC initiative that was launched at NJIT and is expanding to other higher education institutions in New Jersey. Let us help you deliver on your School’s mission by leveraging unmatched visibility to your data.

dreagan@splunk.com  •  www.splunk.com

White Rock Cybersecurity is committed to strengthening security postures of our schools with best-in-class cybersecurity solutions, ensuring robust protection and peace of mind.

odessa@wrsecure.com  •  www.wrsecure.com

Thank you to these Sponsors for their support of EdgeCon Autumn 2024

About Edge: Edge serves as a member-owned, nonprofit provider of high performance optical fiber networking and internetworking, Internet2, and a vast array of best-in-class technology solutions for cybersecurity, educational technologies, cloud computing, and professional managed services. Edge provides these solutions to colleges and universities, K-12 school districts, government entities, hospital networks and nonprofit business entities as part of a membership-based consortium. Edge’s membership spans the northeast, along with a growing list of EdgeMarket participants nationwide. Edge’s common good mission ensures success by empowering members for digital transformation with affordable, reliable and thought-leading purpose-built, advanced connectivity, technologies and services.

The post Thank you to our EdgeCon Autumn 2024 Sponsors appeared first on NJEdge Inc.

Join us on November 14 for our Community Call to reflect on our first Deep Dive Week

The post Community Call: Learnings and reflections from our first ‘Deep Dive Week’ appeared first on The Engine Room.

Staking cryptocurrency assets typically means locking them away for months, leaving users unable to take advantage of new opportunities—a common frustration in the crypto space. But what if the Elastos ecosystem allowed users to unlock staked Mainchain ELA without unstaking? With Elastos BPoS NFTs, users can convert their staked assets and APY rewards into NFT receipts on the Elastos Sidechain’s (ESC) open market.

The Bonded Proof of Stake (BPoS) NFT system offers a novel solution by combining Bitcoin-backed ELA staking security, ELA APY rewards, and tokenized liquidity through ERC-721 standard NFTs. This system allows users to stake ELA with validators and mint BPoS NFTs, representing their staked assets and accruing Mainchain rewards. These NFTs can be traded, collateralized, or transferred using Smart Contracts. Let’s explore how BPoS NFTs work, the Elastos consensus model, and the essential role these NFTs will play in the upcoming BeL2 Arbiter network. 

 

Understanding Elastos’ Dual Consensus Model

Elastos operates using a multi-layered consensus called Elastic Consensus, combining Auxiliary Proof of Work (AuxPoW) with Bonded Proof of Stake (BPoS) to secure the network and provide utility.

1. Auxiliary Proof of Work (AuxPoW): Bitcoin-Backed Security Bitcoin’s Security: AuxPoW leverages Bitcoin’s mining infrastructure, allowing Bitcoin miners to secure both Bitcoin and Elastos simultaneously without extra energy costs. 293.69 EH/s of Bitcoin’s total 580.74 EH/s hash rate reinforces Elastos, giving it nearly 50% of Bitcoin’s security. Benefits of AuxPoW: Energy Efficiency: Elastos inherits Bitcoin’s security without additional energy consumption. Network-Wide Trust: This shared security protects the Elastos Mainchain and sidechains, making the entire ecosystem highly reliable. 2. Bonded Proof of Stake (BPoS): Securing the Network with Validators Long-Term Staking: Users lock ELA on the Mainchain to secure the network and validate transactions. Incentivizing Participation: Users earn 2-3% APR, with higher rewards for longer lock periods. Validators must hold 80,000 staking rights to participate in block validation, sharing rewards with stakers.

This hybrid consensus model ensures that Elastos is anchored in Bitcoin’s security, while BPoS validators provide a second layer of decentralized governance and stability.

 

How Elastos BPoS NFTs Unlock the Value of Staked ELA

Traditional staking locks assets, limiting liquidity. BPoS NFTs solve this problem for Elastos and by converting its mainchain voting rights into ERC-721 standard NFTs that represent the ownership to claim the underlying staked ELA and its accumulating rewards.

How BPoS NFTs Work Staking and Minting: Users stake ELA tokens on the Mainchain using the Essentials Wallet. Once staked, they can mint BPoS NFTs on the Elastos Smart Chain (ESC). The NFT represents both the staked ELA and the accumulating APY rewards. Trading and Transfer: BPoS NFTs can be freely traded or transferred on the Elastos Smart Chain. This allows users to unlock liquidity without ending their staking position or interrupting rewards. Burning and Claiming Rewards: NFT holders can burn NFTs anytime to claim APY rewards. The staked ELA remains locked until the lock period ends, at which point it can be withdrawn by the original staker.

 

BeL2 Arbiter Network: Unlocking New Financial Applications

In the upcoming BeL2 arbiter network, BPoS NFTs will act as collateral for BTC-based loans, stablecoin issuance, and dispute resolution services. Arbiter nodes using these NFTs as collateral will earn BTC-based and dApp rewards, in addition to Mainchain ELA rewards.

This decentralized financial infrastructure will allow users to participate in Bitcoin-native dApps without moving BTC off the mainnet, creating an easy integration between Bitcoin security and BeL2 DeFi applications, such as the upcoming Harvard student-led teams “New Bretton Woods (NBW)” project, incubated by the Harvard Innovation Labs.

Collateralization in the BeL2 Arbiter Network Arbiter Entry: Users can stake ELA BPoS NFTs as collateral to participate as nodes in the BeL2 network. Earn BTC and dApp Rewards: BPoS NFT arbiter nodes earn percentage-based BTC and dApp rewards, alongside Mainchain ELA staking rewards, for supporting time-based transactions and dispute resolution services that reflect the value of their collateral. Decentralized Financial Services: The BeL2 arbiter network supports Native BTC services, ensuring decentralized loans are completed, maintaining stablecoin pegs, liquidating assets based on market conditions, and providing dispute resolution services, offering a secure, decentralized alternative to traditional financial systems.

 

So What are the Key Advantages of Elastos BPoS NFTs? Flexible Liquidity: Trade or transfer staked assets and their rewards as NFT receipts without waiting for the lock period to end. Bitcoin-Backed Security: 293.69 EH/s of Bitcoin’s hash rate secures the Elastos Mainchain, providing trust and reliability. New Financial Tools: Use BPoS NFTs as collateral for loans and arbitration services in the upcoming BeL2 network. Simple Wallet Management: Manage NFTs through the non-custodial Essentials Wallet, ensuring full control over staked assets. Conclusion

The Elastos BPoS NFT system offers a groundbreaking solution by combining Bitcoin’s security with NFT liquidity. Users can mint, trade, or burn NFTs anytime, claiming APY rewards without interrupting their staking period. The ability to unlock staked ELA after the lock period ensures long-term rewards while maintaining flexibility.

With the upcoming BeL2 Arbiter Network, BPoS NFTs will serve as collateral for BTC-based loans and dispute resolution services, creating new earning opportunities. This innovative design reflects Elastos’ commitment to decentralization, offering secure and scalable financial tools for the future of blockchain-based finance.

With ELA’s fixed supply of 28.22 million, Bitcoin merge-mining security, and a 4-year halving cycle, participants benefit from both scarcity and sustainability. The Elastos BPoS NFT system sets a new standard for DeFi innovation by offering liquidity, security, and long-term value for users.

Want to mint a BPoS NFT? Tomorrow, we will release a step-by-step guide on how to mint your BPoS NFT. Did you enjoy this article? Follow Infinity for the latest updates here!

 

A subgroup of OpenID Foundation board members and key staff have been working to update the “OpenID Process” document based on issues raised by some board members to ensure the document aligns with how the Foundation currently works. This update addresses those original issues and also identified a significant number of mainly editorial issues and improvements that were possible. It also highlighted inconsistencies and other issues that required coordinating revisions with the “Intellectual Property Rights (IPR) Policy,” so that has been added to the scope and improvements proposed. Full details including material changes made can be referenced here.

The changes were unanimously approved by the board at the September 12, 2024 board meeting. Approving these changes also required a 21-day review and 14-day vote of the membership with a 30% quorum requirement.

I am pleased to announce that the update Process Document and IPR Policy were approved by the membership this past Saturday, October 19, 2024 with 34% member participation, greater than the 30% quorum requirement for the vote.

The voting results were:

Approve – 106 votes

Object – 1 vote

Abstain – 21 votes

Marie Jordan – OpenID Foundation Secretary

The post Revisions to OpenID Process Document and IPR Policy Approved first appeared on OpenID Foundation.

At LF Decentralized Trust, the driving force for our projects are the maintainers and contributors. These dedicated individuals are the ones who roll up their sleeves and do the important planning, development, and governance work that not only sustains our projects but pushes the boundaries of innovation, collaboration, and community growth. Their collective contributions are instrumental to a vibrant and dynamic ecosystem.

21 October 2024

Digital Identity NZ (DINZ), through its Policy and Regulatory Subcommittee, has provided feedback to the Ministry of Business, Innovation and Employment (MBIE) for the proposed open banking regulations and standards under the Customer and Product Data Bill. This collaborative submission reflects insights from DINZ members across New Zealand’s digital identity sector, representing both large and small organisations.

DINZ fully supports the Bill’s goal to unlock the value of customer data, fostering competition and innovation. However, our submission highlights specific areas where the proposed rules could be enhanced to better achieve these objectives.

Empowering Customers through Open Banking

DINZ appreciates the Bill’s focus on giving customers control over their data, which can drive a more competitive and dynamic marketplace. However, we raised concerns around the prioritisation of the banking and electricity sectors, believing that a broader scope of competitive third-party providers is essential for success. Additionally, affordability is crucial, as the cost of third-party services could hinder widespread adoption.

Data Security and Privacy

Maintaining data security is a key focus for DINZ. While the Bill requires transparency from data holders and accredited requesters, we recommend aligning with the New Zealand Privacy Act 2020 to safeguard consumers’ data without unnecessarily disclosing sensitive information. This ensures robust protection and trust.

Learning from Australia’s Open Banking Journey

Reflecting on Australia’s slow uptake of open banking, DINZ cautions against over-reliance on the Digital Identity Services Trust Framework (DISTF) as a singular solution. A more holistic approach is needed to address identity, verification, and consent challenges in the context of open banking. Colin Wallis, Executive Director of Digital Identity NZ says:

“DINZ supports the general direction indicated in the discussion paper, however it considers that not enough attention is being directed to the reasons behind the slow take-up in Australia. Additionally unintended consequences may arise from its seemingly over reliance on the DISTF as the magic bullet to resolve all the digital identity, verification, attribute exchange and consent – as much as we would all like that.”

DINZ is committed to working with MBIE to ensure a secure, efficient, and inclusive open banking framework that benefits all Kiwis.

You can read the full submission here: DINZ_Submission_on_CPD_Open_banking_designation_rules_10_Oct_2024_Final-Signed.pdf (digitalidentity.nz)

For media inquiries or further information, please contact:

Email: info@digitalidentity.nz
Phone: + 64 9 394 9032

About Digital Identity NZ

Digital Identity NZ (DINZ) is a not-for-profit, membership-funded association with around 100 organisations from both the public and private sectors. Representing diverse industries and individuals, DINZ is the leading voice for digital identity in Aotearoa. As part of the New Zealand Tech Group (NZTech), we connect the digital identity community and actively influence policy and solutions. Our members play a crucial role in advancing digital identity across various sectors—from public-facing government services to open banking, account opening, and customer and product data. These initiatives rely on digital identity, working alongside AI, biometrics, and cloud technologies.

The post Shaping the Future of Open Banking in Aotearoa: DINZ Responds to Proposed Designation Regulations and Standards appeared first on Digital Identity New Zealand.

As the landscape of decentralized trust continues to evolve, open source technologies play a pivotal role in driving innovation and fostering collaboration. At the forefront of this transformation is Hedera, a fully open source public ledger that is rewriting the rules of blockchain governance and energy efficiency. Powered by the Hashgraph consensus algorithm, which is recognized as the most energy-efficient blockchain today, Hedera boasts a unique governance model that includes 31 recognized global leaders such as Google, IBM, Dell, Boeing, and Standard Bank.

The FIDO Alliance is aware of passkey lock-in, and it’s actively working to address that:

With all relevant operating systems now natively supporting passkeys, companies have been increasingly adopting them as an alternative to passwords. Relying on passkeys minimizes the risk of getting hacked, as users don’t have access to their cryptographic keys, and intercepting them is significantly more challenging. However, those switching between different service providers may prefer traditional passwords, as there’s currently no easy way to import or export passkeys. To minimize the friction separating distinct platforms, the FIDO Alliance is working on a solution that makes moving passkeys between them a breeze.

The FIDO Alliance has published (via Neowin) a working draft encompassing specifications that would make moving passkeys between providers possible. When implemented, users would be able to securely import and export their passkeys, making switching platforms less challenging. Read more of the article.

Digital communities are collections of individual entities that are connected together. They can be modeled as graphs, with the individuals being nodes and their relationships being edges.

Traditionally, identity models have focused on the nodes, but in Musings of a Trust Architect: Edge Identifiers & Cliques, I suggested that both private keys and public-key identifiers could be based on the relational edges, and that when you combined a complete set of edges you could create a cryptographic clique, where the group was seen as an entity of its own, with the identities of any participants hidden through the use of a Schnorr-based signature.

My first look at cliques focused on the technical definition, which requires that cliques be “closed”, meaning that there’s a relationship between every pair in the group and that those pairwise edges form the clique identity among them.

However, creating closed graphs becomes increasingly difficult as the graph size grows. There are some alternatives which I discuss here: open cliques and fuzzy cliques. The entities forming a clique also don’t have to be people, as I discuss in cliques of devices.

Open Cliques

Cryptographic cliques don’t have to be fully closed. Open cliques are also possible. (In graph theory these technically are not called “cliques”, but I’m going to continue to use the term for cryptographic identifiers that are based on edges.)

While the concept of a fully connected clique provides clear value in graph theory, such structures can become computationally intensive, especially as the group size increases. Open cryptographic cliques, which are not completely interconnected, may then be used instead.

Open cliques support different sorts of modeling, for groups where not everyone is connected and where the relationships are fluid. They also allow for easier growth: a clique can organically add a new member when a single participant creates a relationship with them, without the need to define the new member’s relationship to everyone in the clique (especially as most of those relationships would not exist).

For example, Bob might not actually have a close or independent relationship with his mother-in-law, Anna, while Mary’s best friend from college, Beth, might join the clique when she stays with the family, despite the fact that she only has a real relationship with Mary. (However, more relationships, and thus edges, might develop over time!)

While open cliques may lack the complete interconnectedness of their closed counterparts, they offer a realistic representation of the evolving nature of dynamic social relationships. One of the main questions regarding them is when and how to recognize new edges as an open clique evolves, and thus when and how to rotate the clique’s overall keys.

Fuzzy Cliques

As discussed in the appendix to this article, there are currently two major Schnorr-based MPC signature systems that could be used as the foundation of cliques: FROST and MuSig2. Each comes with its own advantages and limitations, but one of the advantages of using FROST is that it allows for the creation of fuzzy cliques, thanks to its ability to create threshold signatures (with m of n agreement required to sign where m≤n).

This allows group decisions or representations to be based on a subset (threshold) of members rather than requiring unanimity, as would be required when using MuSig2 in its native form. Using thresholds to define group interactions adds a degree of “fuzziness” or flexibility to the representation of those groups and their actions, at the price of higher latency and the fact that the theoretical implications are not as well studied.

There’s one other catch: fuzzy cliques are the one situation where the Relationship Signature Paradigm can’t be used. Though we still create the relational edges, to allow any pair of participants in the clique to make joint decisions, the clique keys are created by the individual participants, not the edges, ensuring that we have thresholds of participants making decisions, not thresholds of edges (which would quickly become confusing!).

Even for a triadic clique, the privacy implications of using a threshold key to represent the clique are notable.

Imagine that the participants generated two FROST keys for the triadic clique, one that had a 2-of-3 threshold and one that had a 3-of-3 threshold. If every one agreed, they could all sign with their share fragments of the 3-of-3 private key, and anyone could compare it to the 3-of-3 public key and know that the group was in perfect consensus.

But what if you only required the consensus of two members of the group? After all, Joshua probably won’t be making a lot of decisions for a while. Theoretically, you could just sign with one of your relational edge keys, such as the Mary-Bob relational edge key. That demonstrates the consensus of two members of the clique and supports accountability: you know which two participants signed.

But, if you instead sign with the 2-of-3 threshold key for the clique you get to take advantage of the aggregatability that’s baked into Schnorr. With it, no one knows which two people signed (or indeed, if two or three people signed). They just know that at least the threshold of people within the group signed. It’s a powerful privacy enhancement that really shows off the power of fuzzy cliques.

Fuzzy cliques allow for real-world decision-making dynamics, where different sorts of decisions might require a single person’s agreement, a majority’s agreement, a super-majority’s agreement, and everyone’s agreement. This creates a model for fully decentralized decision-making that’s resilient and fault tolerant, all while supporting both individual privacy and group accountability (which still allowing for individual accountability using relational edges).

Cliques of Devices

Thus far, I’ve largely presumed that relational edges and cryptographic cliques are created by people. But, that doesn’t have to be the case: independent nodes in a graph can be entities of any type, including devices.

In my first article, I touched upon the idea that a clique could define not just a group, but also a singular person’s identity. This could be done using devices. Imagine that a person has a few devices that together form the basis of his digital identity: a hub of information that contains his credentials; a biometric ring that verifies his physical identity, primarily to unlock that hub; and a coordinator that allows a clique-identity to communication with the network. The following diagram shows how our old friend Bob could be defined as an open clique including devices:

Using the clique-of-cliques model, this then might be the identity that’s linked in with Mary and Joshua to form their triadic nuclear-family clique:

Though these examples suggest a clique where devices and real people are mixed together, that’s not the only option. Another example might be a fuzzy clique made up of three automated factcheckers, which are all devices. Together, any two can issue a finding of “TRUE” or “FALSE”:

Again using the clique-of-cliques model, these fact checkers could then interact with other identities, such as Dan and Ty, who write together.

The Fact Checkers interact with the authors’ edge relationship (known by their joint pseudonym, “James”), to sign off on the validity of their work. Thanks to the aggregatability of Schnorr signatures, no one knows (or cares) that the Fact Checkers are three devices or the authors are two people!

Conclusion

Cliques offer a powerful new model for identity control (and more generally, for control of many sorts of digital assets). But, using closed cliques has drawbacks.

Two other models offer different utility:

Open Cliques allow for the modeling of more realistic social situations while simultaneously reducing compuational costs, but create new questions for theoretical understanding and in figuring how to maintain public and private keys for the clique. Fuzzy Cliques open up the possibilities for authorizations, agreements, and other decisions to be made by portions of a group rather than the group as whole, but they depend on either FROST or some other (theoretical) threshold signature system, and they disallow the creation of a clique using relational edges.

In addition, cliques don’t have to be made up only of people:

Cliques of Devices show how cliques could also include AIs, oracles, fact checkers, hardware wallets, biometric rings, and other computerized programs, and that they could interact either as parts of cliques or as separate entities!

These possibilities are just the beginning. I think that edge identifiers and cliques could be a powerful new tool for expanding the design of identies online.

How could you use them? How would you expand them? What would you like to see next?

Appendix: FROST & MuSig

There are currently two major Schnorr-based signature systems, FROST and MuSig2, both of which support Multi-Party Computation (MPC) signing.

FROST is a Schnorr-based multisig system that originated in a 2020 paper. As of 2024, it’s just coming into wide use thanks to projects such as ZF FROST and wallets such as Stack Wallet.

🟢 Possible efficiency improvements for larger cliques. 🟢 Supports thresholds (m of n). 🟢 Privacy for thresholds. 🛑 Limited accountability for thresholds. 🛑 Can’t build clique from edges if using thresholds. 🛑 More rounds for signing. 🟨 Allows Distributed Key Generation or Trusted Dealer Generation.

MuSig2 is a Schnorr-based multisig system that dates back to 2020 (when MuSig2 was introduced) and before that 2018 (when MuSig1 was introduced). It’s been well-studied and is detailed in BIP 328, BIP 390, and BIP 373, providing strong integration with Bitcoin, especially since its recent merge into libsecp256k1.

🛑 No thresholds (n of n). 🟨 But can mimic thresholds with Taproot trees 🟢 Full accountability for signatures. 🟢 Fewer rounds for signing. 🟢 Can always build clique from edges.

Two of the features of Schnorr-based signature systems that best support edge identifiers and cryptographic cliques are aggregation and MPC.

Aggregation. Schnorr signatures are aggregatable. They’re mathematically added together, producing a final multisig that’s the same size as an individual signature would be. As a result, signatures are indistiguishable: you don’t know how many people signed or who signed, simply that a signature is valid (or not). MPC. Multi Party Computation means that each participant has a secret (here, a key share), which they can use together without revealing that secret. It’s what allows individuals to jointly create an edge-identifier key and then for edges to jointly create a clique key.

For more on Schnorr, see my Layperson’s Intro to Schnorr.

NEWARK, NJ, October 16, 2024 – Hosted in partnership with Kean University, EdgeCon Autumn on October 10 brought together attendees from universities and community colleges to explore how to achieve sustained success by uniting strategy and innovation through enterprise architecture. During the keynote panel, Blueprints for Success: Uniting Strategy and Innovation in Higher Education, Edge presented several awards to celebrate the incredible achievements and contributions that higher education institutions are making throughout the region. 

To recognize vision and leadership in the area of high performance computing, the New Jersey Institute of Technology (NJIT) was presented with the High Performance Computing Innovation Award. Over the past year, the technology and network teams at NJIT have built an exemplary HPC platform, including on-site and remote data center resources, that is secure, at scale, and meets the growing demands of their research community. 

At a time when higher education institutions are going through rapid change and facing unique challenges, Edge wanted to recognize the vision and leadership of the Metropolitan College of New York for seeking out the support and capabilities of the Edge network and community. To honor this commitment to collaboration, the College was presented with the Regional Network Partnership Award.

As attacks on higher education accelerate, and privacy regulations and compliance standards become increasingly complex, the cybersecurity burden on institutions has sharply increased. In acknowledgement of their dedication and diligent work in going above and beyond regulatory standards to keep their educational community safe, Middlesex College received the Community College Cyber-Preparedness Award.

Edge also recognized Jeremy Livingston, Chief Information Security Officer at Stevens Institute of Technology for his essential role in relaunching the Edge IT Security Community of Practice, which serves as a forum for collaboration and collective intelligence to fight cybersecurity threats. Livingston was presented with the Security Community Leadership Award for his outstanding commitment over the past year.

To help broaden the education community and support students in their learning journey, online learning programs are vital to the mission and success of modern higher education institutions. In recognition of their efforts to grow their online program rapidly, effectively, and without sacrificing quality, the award for Exemplary Online Program Leadership went to Rowan University.

Following EdgeCon Spring, which included a galvanizing keynote focused on artificial intelligence (AI), and the growing momentum and importance of the topic, the instructional team at Seton Hall University stepped up to engage the Edge community and partnered with Edge to host the first AI Teaching and Learning Symposium. To recognize the University’s continued leadership in the community and their participation in the initial cohort of the American Association of Colleges and Universities (AAC&U) Institute on AI, Pedagogy, and the Curriculum, Edge presented Seton Hall with the AI Education Leadership Award.

Edge also wanted to celebrate research that has had a significant scientific, societal, economic, or environmental impact. The Research Impact Award was presented to Stephen K. Burley, M.D., D. Phil. from Rutgers, The State University of New Jersey, for his Pioneering Work in Structural Biology: Transformative Contributions to Biomedical Research and Global Scientific Collaboration. Dr. Burley is an internationally recognized scholar and has published extensively in data science and bioinformatics, AI/machine learning, structural biology, and clinical oncology.

The Engaging Students in Collaborative Research Award recognizes research projects that involve significant collaboration between institutions or research teams that engage students in the research process. This honor was presented to Joseph Diaco, Professor, Camden County College, and Dr. Hieu Nguyen, Professor, Rowan University, who were principal investigators for the Precision Agriculture Using Drone/AI Technologies project, Blueberry Drone AI: Smart Farming of Blueberries using Artificial Intelligence and Autonomous Drones. The project aimed to equip students with hands-on experience in drone technology and AI, improve the accuracy of blueberry counting and health assessment through enhanced image recognition models, and achieve proof of concept for autonomous drone missions. 

EdgeCon Autumn 2024 not only served as a platform for meaningful dialogue on the future of higher education but also highlighted the remarkable efforts of institutions committed to excellence and innovation. Edge is excited to see how these inspiring achievements will continue to shape the landscape of higher education and empower students and institutions for generations to come.

About Edge: Edge serves as a member-owned, nonprofit provider of high performance optical fiber networking and internetworking, Internet2, and a vast array of best-in-class technology solutions for cybersecurity, educational technologies, cloud computing, and professional managed services. Edge provides these solutions to colleges and universities, K-12 school districts, government entities, hospital networks and nonprofit business entities as part of a membership-based consortium. Edge’s membership spans the northeast, along with a growing list of EdgeMarket participants nationwide. Edge’s common good mission ensures success by empowering members for digital transformation with affordable, reliable and thought-leading purpose-built, advanced connectivity, technologies and services.

The post Awards Presented at EdgeCon Autumn 2024 to Recognize Excellence appeared first on NJEdge Inc.

Mike Leszcz, OpenID Foundation Operations Director

This was a hybrid event with some CMF and ecosystem members participating in person in Santiago. OIDF was very fortunate to have founding member and long-time board member, John Bradley with Yubico, representing OIDF in person. The goal of the workshop was to introduce OIDF and OpenID specifications with a focus on FAPI 2.0 to the ecosystem as Chile will require FAPI 2.0 when the Chilean Open Finance System goes live.

OIDF Standards Overview

Victor Andrade, Senior Analyst with the CMF, opened the workshop welcoming approximately 190 participants. Gail Hodges, OIDF Executive Director, kicked off the agenda with a brief introduction to OIDF including how the Foundation operates including with other ecosystems and then highlighted how to get involved.

Mark Haine, OIDF Technical Director, presented an overview of current OpenID specifications including recommendations for new vs. existing ecosystems. This introduced a deeper dive into FAPI 2.0, delivered by Domingos Creado who represents OIDF certification team and is a valued FAPI Contributor. Domingos discussed key technical details from FAPI 2.0, including how it builds on FAPI 1.0 and is intended to be easier to implement. Domingos also confirmed that FAPI 2.0 is on track to be a Final Specification by the end of 2024.

At the request of the CMF, the workshop also included a high-level overview of the Shared Signals Framework (SSF) specification that improves API efficiency and security by providing privacy-protected, secure webhooks. It is in use by some of the largest cloud services to communicate security alerts and status changes of users, continuously and securely to prevent and mitigate security breaches. It is currently leveraged by two applications – the Continuous Access Evaluation Protocol (CAEP) and Risk Incident Sharing and Coordination (RISC) to achieve this result. Shared Signals WG co-chairs, Atul Tulshibagwale, CTO at SGNL, and Sean O’Dell, Senior Staff Security Engineer at Disney, provided this overview and addressed SSF questions.

Joseph Heenan, OIDF Specifications Specialist and Certification Director as well as a FAPI 2.0 Editor, provided an overview of the OpenID Certification Program. This included the value of certification including how ecosystems that mandate FAPI and FAPI certification are achieving high security within their ecosystems as well as enabling interoperability. He noted that FAPI 2.0 conformance tests and certifications are currently available with a number of OP and RP certifications from the ConnectID private ecosystem in Australia. Joseph highlighted a number of other conformance test suites for other OpenID specifications are currently in development and will be made available for certifications once in production.

Ecosystem Engagement

The workshop then turned to ecosystem engagement, facilitated by OIDF Operations Director, Mike Leszcz. Mike spoke about the ecosystems that OIDF has partnered with in recommending or mandating FAPI adoption and FAPI certifications. He noted that OIDF is also supporting some ecosystems that are in the process of going live with their open finance/open data ecosystems.

This overview introduced the strong partnership that OIDF has had with Open Finance Brazil (OFB) the last several years as OFB mandates FAPI adoption and certifications with annual recertifications required. We were privileged to have Elcio Calefi, CIO at OFB and OIF board member present, “Technology in Finance – Innovation, Security and Inclusion”, highlighting OFB’s journey from including FAPI into the Brazilian open finance regulation and then operationalizing the mandate for FAPI adoption and certification.

Questions Answered

After a lunch break, OIDF presenters and workshop participants reconvened for a Q&A session that addressed hot topic such as the lifecycle of the standards, the use of mTLS, the implementation of refresh tokens, the practical aspects of changing the scope of authorizations or grants, among others. Other topics during this session included:

Certification costs and OIDF’s recommendations regarding the implementation of certification processes. Adaptations to the applicable profile(s) for Chile and OIDF’s position on possible deviations that a local implementation may have from the plain vanilla standard. OIDF recommendations regarding the use of RAR / PAR, especially in replay attack threat scenarios. Questions on DCR single profile. Inclusion of data finality principles and their relationship to the FAPI standard. Questions on how OIDF has approached to embedded finance for FAPI compliance, in particular where authorizations come from or are managed by third parties.

John Bradley, representing OIDF and an author on a number of the specifications being discussed, took the lead on many of the topics during the Q&A session with support from the workshop presenters. The Q&A session allowed additional time for the Chilean Open Finance System participants to dive deeper into the workshop topics.

OIDF thanks our colleagues at the CMF for their support and coordination of these two important events in support of the Chilean Open Finance System.

Links to the session recordings and workshop deck can be found on the OpenID Foundation’s Presentations and Media page.

About the OpenID Foundation The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate.   Find out more at openid.net.

The post An Outreach Workshop for Open Banking Chile first appeared on OpenID Foundation.

One of the drawbacks to passkeys is that currently there’s no way to import or export them between devices. The FIDO Alliance wants to change that.

It’s been around two years since passkeys came onto the scene, and the technology has come a long way in making the world a passwordless place. Yet, one feature that’s been absent is the ability to import or export passkeys between devices.

That is set to change, as the FIDO Alliance — the working group behind the technology — has published a draft specification for Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) formats that would not only work for the secure transferring of passkeys but also other forms of authentication.

Amazon says 175 million customers now use passkeys to log in:

Amazon has seen massive adoption of passkeys since the company quietly rolled them out a year ago, announcing today that over 175 million customers use the security feature.

“Today, we’re excited to share that more than 175 million customers have enabled passkeys on their Amazon accounts, allowing them to sign in six-times faster than they could otherwise,” says Amazon.

FIDO Alliance Working on Making Passkeys Portable Across Platforms:

Passkeys are an industry standard developed by the FIDO Alliance and the World Wide Web Consortium, and were integrated into Apple’s ecosystem with iOS 16, iPadOS 16.1, and macOS Ventura. They offer a more secure and convenient alternative to traditional passwords, allowing users to sign in to apps and websites in the same way they unlock their devices: With a fingerprint, a face scan, or a passcode. Passkeys are also resistant to online attacks like phishing, making them more secure than things like SMS one-time codes.

The draft specifications, called Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF), will standardize the secure transfer of credentials across different providers. This addresses a current limitation where passkeys are often tied to specific ecosystems or password managers.

The OpenID Foundation is delighted to announce the formation of the Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) Working Group. This WG aims to tackle key challenges that underlie identity security in today’s enterprise environments. 

The Core Challenge

Identity and Access Management (IAM) within the enterprise is a multifaceted endeavor, as indicated by the growing Body of Knowledge maintained by IDPro. There is a broad range of specifications that are relevant to securing the many IAM functions that underpin operations. Some of these are OIDF standards – like OpenID Connect, FAPI, and Shared Signals – while others are maintained in different standards bodies. For example, IPSIE has already identified the IETF’s OAuth 2.0 and System for Cross-Domain Identity Management (SCIM) as relevant to their initial scope (below). But these specifications are written to support many contexts and use cases; they contain optionality that reduces the likelihood that independent implementations will interoperate. 

The IPSIE Working Group will develop secure-by-design profiles of these existing specifications with a primary goal of achieving interoperability across enterprise implementations.

Getting Involved

According to its Charter, the IPSIE WG will initially focus on standards that support:

Single Sign-On User Lifecycle Management Entitlements Risk Signal Sharing Logout Token Revocation.

As of this publication, the WG is meeting weekly on Tuesdays, though Contributors should always check the OpenID Calendar for any updates to the schedule. To stay up-to-date with the latest news, please join the IPSIE mailing list.

About the OpenID Foundation The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate.   Find out more at openid.net.

The post Announcing the IPSIE Working Group first appeared on OpenID Foundation.

J.R. Rao of IBM and Akila Srinivasan of Anthropic Elected to the OASIS Open Project's TSC Leadership

Boston, MA, USA, 15 October 2024 – The Coalition for Secure AI (CoSAI), an OASIS Open Project, announced the formation of its Technical Steering Committee (TSC), which is responsible for the overall technical health and direction of the project. The TSC will advise the Project Governing Board (PGB), oversee releases, and manage the efforts of the project’s three initial workstreams along with their respective chairs, contributors, and maintainers. The TSC will promote initiatives that align with CoSAI’s mission to promote secure-by-design AI systems.

J.R. Rao from IBM and Akila Srinivasan from Anthropic have been elected co-chairs of the TSC. They will play a central role in steering the direction of the workstreams to ensure that they contribute to the overall goals of CoSAI. J.R. and Akila bring a wealth of experience and leadership from their respective organizations and will be instrumental in driving CoSAI’s technical direction.

“Securing AI, openly and collaboratively, will be critical for inspiring trust and enabling its acceptance by consumers and enterprises alike. As TSC co-chair, I am committed to guiding CoSAI’s three workstreams to establish best practices and frameworks that enhance the security of AI systems,” said J.R. Rao, TSC co-chair, of IBM.

“As co-chair of the CoSAI TSC, I’m committed to developing frameworks and controls that help us attest to the trustworthiness and integrity of AI models,” said Akila Srinivasan of Anthropic. “By fostering transparency and control, we empower organizations to build secure and responsible AI systems that protect users and pave the way for a safe and innovative future.”

The TSC has launched three workstreams aimed at advancing the security of AI systems and will oversee their efforts to establish best practices, governance, and frameworks for AI security:

Software Supply Chain Security for AI Systems:
This workstream focuses on enhancing AI security by addressing the challenges of third-party model risks, provenance, and AI application security. It builds upon widely recognized security frameworks like the SSDF and SLSA, extending them for AI development. Preparing Defenders for a Changing Cybersecurity Landscape:
Designed to equip defenders with a comprehensive framework, this workstream will focus on identifying necessary security investments to counter emerging AI-driven offensive capabilities. AI Risk Governance:
This workstream will develop a comprehensive risk and controls taxonomy, checklist, and scorecard for assessing, managing, and monitoring the security of AI systems across industries.

The governance structure for these workstreams ensures community collaboration, transparency, and alignment with CoSAI’s long-term goals. For more details on the governance model, visit the TSC and Workstream Governance documentation in GitHub.

About CoSAI:

CoSAI is an open source ecosystem of AI and security experts from industry-leading organizations dedicated to sharing best practices for secure AI deployment and collaborating on AI security research and product development. CoSAI operates under OASIS Open, the international standards and open source consortium. 

Media inquiries: communications@oasis-open.org

The post Coalition for Secure AI Forms Technical Steering Committee to Advance AI Security Workstreams appeared first on OASIS Open.

Every click, share, and like adds value to others. Every online interaction you make generates valuable data that fuels advertising, shapes consumer insights, and drives the growth of tech giants. Yet, despite being constant producers of digital capital, most of us are neither recognised nor compensated for our contributions. Your online activities are not trivial—they are digital assets with significant value. Content is king, and distribution is queen. Digital empowerment means controlling both. You are the creator; you must own and profit directly from the value you generate online. Let’s dive in.

Traditionally, human labor has been viewed as a liability—a cost to be minimised. As automation increasingly replaces routine jobs, many people will feel displaced. Companies, understandably, seek greater productivity to stay competitive, favoring machines that don’t require salaries or breaks. So, where do humans fit in the future? We must shift from seeing ourselves as physical liabilities to recognising that we are digital assets in the online world. To achieve this, we need to capture the value that is our birthright.

Silicon Valley would be nothing without your data. Machines lack the creativity, empathy, and originality that are inherently human—AI even trains on these traits, but where is the value back? Authenticity is your strength. Recognise your unique human value. You can thrive where machines cannot by turning your talents into digital assets. Technology is a tool that empowers you, while you remain the creator—shaping a digital future where your strengths and individuality truly thrive.

Distribution, at its core, is the process of delivering goods from owners to consumers. Traditionally online, this has been facilitated by third-party servers and platforms that act as intermediaries between you and your audience. We connect to external servers because they provide the infrastructure and reach needed to share our content and thoughts widely. However, this reliance often comes with dependence, loss of control, and unfair revenue sharing, as these intermediaries may impose strict terms and conditions and dictate how and where your data is shared.

Elacity, built on the Elastos SmartWeb, offers a global marketplace for selling, leasing, and sharing content. Smart contracts—self-executing blockchain agreements—automate digital rights management, access control, and royalty payments. Content is encrypted using decentralized identities, with licensing terms embedded as tokenized rights for trading. Every time your content is sold, smart contracts enforce your terms, ensuring access for the buyer and immediate payments. Let automation work for you.

Now let’s imagine owning fractional rights to an AI model, where every subscription instantly pays you. Picture buying a song directly from your favourite artist or renting a movie through a global marketplace. Envision robotics-as-a-service: self-driving cars, 3D printing, healthcare support, and smart locks—all leased directly from owners, with instant access and payments for everyone involved. This is digital participation. 

Shifting focus from smart contracts for rights management to data distribution. The encrypted data you own still needs to be stored and managed. Imagine building your own distribution hub—storing data locally while making it available globally, streaming directly from your home. You can create and control communities, with access, security, and payments enforced by smart contracts on your blockchain. This is 100% independent, decentralised distribution—where you own both the content and the distribution.

By hosting a NAS-like station at home, connected to the Elastos SmartWeb network, you can store, process, communicate, and stream your content globally as an independent “Channel” on a decentralised, interconnected network. Instead of relying on third-party cloud servers, you distribute your content directly from your own property, whether as an individual or an organisation. Blockchain technology ensures that access, decryption, and playback rights are validated first, guaranteeing ownership and security. Alternatively, you can monetise your resources by renting out available storage space and computational power to others, creating a service where everyone can support the network.

Imagine millions of nodes cross-communicating, each owning their narratives, building authentic followers, and, for the first time, truly owning their digital selves. With Elacity on Elastos, smart contracts govern access and payments for your encrypted digital assets, creating a fully decentralised and automated system for security, privacy, and monetisation. This ensures that rights are honored and payments are fulfilled. Royalties are on autopilot, distributed instantly to all stakeholders across millions of smart contracts each time anyone globally interacts to purchase access rights for diverse assets and channels. This is the Elastos SmartWeb: a new internet layer—more open, secure, and user-centric.

Distribution hubs or “Channels” can be public, privately owned by groups, or managed individually. You have the freedom to collaborate with others to expand your reach. Whether you join community hubs with shared profits and collective decision-making or operate your own hub, you set the rules and create specialised environments. This approach fosters a sense of community and shared success.

By offering decentralised rights management and distribution, Elastos allows you to focus on what you do best—creating. You can own, distribute, and trade your digital assets, directly influencing the broader economy. Elastos sets the stage for the future of distribution, while Elacity launches the SmartWeb party, turning your online presence into real value and empowering you to control your economic destiny.

We must advocate for fair and inclusive digital policies, setting a new standard for transparency, inclusivity, and opportunity in the digital economy. Everyone should benefit from their contributions and recognise the shifting landscape of automation. Elastos stands for pure integrity, while Elacity sets new standards for fairness, ensuring your voice matters in the evolving digital world. Own your rights. Control your distribution. Now is the time to transition from being undervalued to becoming an empowered digital asset owner, with the freedom to reach a global audience on your terms.

Own. Distribute. Prosper. Join Elacity today. Embrace direct distribution, automate your rights management, and unlock your full potential in the digital economy. Take back control of your digital life. Explore Elastos and Elacity today, and become part of the movement to restore the internet to its rightful owners—you. Did you enjoy this article? Follow Infinity for the latest updates here!

Blockchain Commons’ work to create open, interoperable, and secure digital infrastructure continued in Q3 2024. Here were some of our main topics of interest:

Gordian Envelope Videos TPAC dCBOR & Unicode Seed Recovery BIP-85 SSKR for Ledger FROST FROST Implementers Meeting FROST in Gordian Stack Wallet Reference Upgrades Gordian SeedTool for iOS 1.6.2 Swift 6 Stack Upgrade More Envelope Signatures in Rust Developer Resources Stack Organization New Envelope Pages What’s Next? Gordian Envelope

Gordian Envelope, Blockchain Commons’ privacy-preserving data-interchange format for data at rest and (using GSTP) data on the wire, remains one of our top priorities. This quarter, we worked to make it more accessible and explored new cases for its usage.

Videos. We produced a trio of videos to offer an introduction to Gordian Envelope: a teaser, an overview, and a look at extensions. They’re must-watch viewing if you’re interested in adopting a data-storage and data-interchange format that actually focuses on privacy.

Envelope Teaser: Understanding Envelopes I: Understanding Envelopes II:

Presentations at W3C TPAC (Technical Plenary and Advisory Committee): We’ve worked extensively on using Gordian Envelope to store digital assets such as seeds and SSKR shares. At TPAC 2024 this year, we presented some new thoughts on using various Envelope and CBOR alternatives in the rechartered DID group, where Christopher is an Invited Expert. We also discussed using Gordian Envelope for some specific DID use cases, which we hope to explore more. There’s more in the minutes and the slides.

dCBOR & Unicode. Gordian Envelope is built on dCBOR, our deterministic CBOR profile. In Q3, we updated our dCBOR Internet-Draft to v11. This was to incorporate Unicode Normalization Form C (NFC), to ensure that Unicode strings, used for all text in Gordian documents, will always be deterministic.

Seed Recovery

The safe storage and recovery of seeds has long been a focus at Blockchain Commons, because it’s the heart of #SmartCustody. Our August 7th Gordian Developers Meeting focused on the topic and gave community members the ability to talk about their own efforts.

BIP-85. Aneesh Karve presented on BIP-85. This is a methodology for deriving many secrets from a single seed.

SSKR for Ledger. SSKR has been one of Blockchain Commons’ most successful releases because it allows developers to safely use Shamir’s Secret Sharing. Aido has incorporated SSKR into Ledger Seed Tool, which now allows you to shard your Ledger secrets yourself (without depending on Ledger Recovery and Ledger’s privacy-busting KYC-compliant partners).

Seed Recovery: BIP-85: SSKR for Ledger:

Our Gordian Developer community is one of our most important resources to ensure that we’re doing work that meets the needs of wallet developers. Sign up for our Gordian Developer announcements to get the latest info on our upcoming meetings!

FROST

FROST is an up-and-coming multisig method that takes advantage of Schnorr-based signatures and Multi-Party Computations (MPCs) for key generation and signing. It’s an important new technology for creating keys that are more resilient and more secure. We’ve been supporting it for more than a year now.

FROST Implementers Meeting. Our second FROST Implementers Meeting occurred on September 18th. It gave people working on FROST specs, libraries, and cryptography the ability to talk about their most recent challenges. We’ve got a full record of the event, including videos, slides, summary, and transcript. It was great to bring the community together and plan for the future!

ChillDKG:
FROST Federation:
secp256k1-zkp:
Serai DEX:
FROST UniFFI SDK:
ZF FROST Updates:

FROST in Gordian. We’ve been doing our own work with FROST! Our Rust and Swift Gordian stacks are switching to fully BIP-340 compliant Schnorr signatures. We’ve also been experimenting with FROST support, to allow the FROST signing method using the Trusted Dealer model. We’re waiting on an updated release of the secp256k1 Rust crate so that we can publish our own Rust crates and Envelope-CLI, but we hope to have our full reference implementation available within the month.

Stack Wallet. We did some light review of the Stack Wallet this quarter, which is the first wallet we know of that incorporates FROST. We’d love to see a security review of its FROST design, but from what we can see from usage, it not only implements FROST, but the ability to change thresholds on the fly, which is one of FROST’s rea2lly amazing capabilities.

We will have a FROST Developer’s Meeting on December 4th that will provide advice & support for wallet developers who want to implement FROST. We’ve already scheduled Stack Wallet to give a presentation, since they’ve already done it!

Thanks to The Human Rights Foundation for their support of our FROST work in 2024.

Reference Upgrades

Our reference apps and libraries suggest best-practices and offer examples on the uses of our specifications.

Gordian SeedTool for iOS 1.6.2. We released a minor update of Gordian Seed Tool for iOS that makes our card entropy compatible with other sources, that allows the export of SSKR Envelopes in UR format, and that resolves a few other incompatibilities.

Swift 6 Stack Upgrade. We also upgraded our entire Swift stack to Swift 6. This allows us to take advantage of the Swift 6 concurrency model, remove unnecessary dependencies on forked libraries, and convert the tests of some modules to the new Swift Testing framework. This work can already be found in our Swift libraries, but we’re waiting to release a new Seedtool for iOS until we have other new features to deploy.

More Envelope Signatures in Rust. Fully BIP-340 compatible signatures are just one of our expansions to our Envelope Rust reference libraries. You can now also do Ed25519 signing (again, as soon as we’re able to release our new crates).

Developer Pages

Our Developer Pages are intended to help wallet developers to use our specifications (and other important standards like FROST). If there’s anything you’d like to see that isn’t on the pages, please let us know. This quarter, we made some major updates.

Stack Organization. Our biggest upgrade was a reorganization of the website to focus on the technology stacks that we offer. We have a core stack (which is our fundamental techs like dCBOR and Envelope), a user experience stack (which makes it easier for users to transmit and view data), and a crypto stack (which does the heavy lifting of things like sharding seeds). This is how it all fits together!

New Envelope Pages. Last quarter, we did work on the Gordian Sealed Transaction Protocol. This quarter, we incorporated that into our developer pages, with new content for GSTP and Encrypted State Continuation, plus updates to our look at Collaborative Seed Recovery

What’s Next?

Our most exciting work planned for Q4 my be our December 4th FROST Implementers Meeting. If you are considering incorporating FROST into your own work, please be sure to sign up for our announcements-only Gordian Developers list to receive notifications on the meeting.

Or, our most exciting Q4 work may be our new work on cliques, which we think is an innovative new way to look at identity. We’ve released the first article on the topic, with a few more to come.

We’ll generally be talking with members of the identity and credentials community in Q4, including a presentation at the W3C Credentials Community Group, planned for October 22nd.

We’re also looking to roll out our work on FROST and Ed25519 signing, which just requires the official deployment of an updated secp256k1 Rust crate.

There are more projects under consideration! We’re thinking about producing a “Gordian Companion” to offer a reference for storing SSKR shares. We’re looking into more grants, as funding continues to be poor for many of our partners. (You can help by becoming a sponsor for us at any level!) And of course we’re looking forward to 2025!

TV screen courtesy Freepik.

Kia ora,

In December 2019, members elected the first Digital Identity NZ Executive Council. The Council is the governing group for the association, providing guidance and direction as we navigate the evolving world of digital identity in Aotearoa. Each Council member is elected for a two-year term, with elections held annually, and results notified at the Annual Meeting in December. As we approach the end of the year, it is time for nominations for the Council seats coming up for re-election.

Executive Council Nominations

There is now an opportunity to put yourself forward, or nominate someone else, for a role on the Digital Identity NZ Executive Council. This year we have vacancies for the following positions:

Corporate – Major (2 positions) Corporate – Other (2 positions) SME & Start-up (2 positions)

The nominees for the above positions must be from a Digital Identity NZ member organisation (including government agencies) and belong to the same Digital Identity NZ Membership Group they are to represent on the Executive Council. If you are unsure of your organisation’s membership category, please email elections@digitalidentity.nz.

All nominations must be entered into the online form by 5pm, Monday 4 November 2024.

Nomination Form

Digital Identity NZ Executive Council roles and responsibilities include:

Direct and oversee the business and affairs of Digital Identity NZ. Attend monthly Executive Council meetings, usually two hours in duration (video conferencing is available). Represent Digital Identity NZ at industry events and as part of delegations. Assist in managing and securing members for Digital Identity NZ. Participate in Digital Identity NZ working groups and projects. Where agreed by the Executive Council, act as a spokesperson for Digital Identity NZ on issues related to working groups or projects. Be a vocal advocate for Digital Identity NZ.

Online Voting

Voting will take place online in advance of the meeting, with the results announced at the Annual Meeting. Please refer to the Charter for an outline of Executive Council membership and the election process. Each organisation has one vote, which is allocated to the primary contact of the member organisation.

Annual Meeting 2024

The Annual Meeting is scheduled for 10:00am on Thursday, 5 December 2024, and will be held via Zoom.

REGISTER NOW

Notices and Remits

If you wish to propose any notices or motions to be considered at the Annual Meeting, please send them to elections@digitalidentity.nz by 5:00pm on the Thursday, 14 November 2024.

Key Dates:

14 October: Call for nominations for Executive Council representatives issued to members 4 November: Deadline for nominations to be received 11 November: List of nominees issued to Digital Identity voting members and electronic voting commences 14 November: Any proposed notices, motions, or remits to be advised to Digital Identity NZ 5 December: Annual Meeting, results of online voting announced

Background:

From the beginning, we have asked that you consider electing a diverse group of members who reflect the diversity of the community we seek to support. We ask that you do so again this year. The power of that diversity continues to shine through in the new working groups this year, particularly as we consider the importance of Te Tiriti, equity, and inclusion in a well-functioning digital identity ecosystem.

The Council has identified several areas where diversity, along with expertise in the digital identity space, could help us better serve the community. Nominations from organisations involved in kaupapa Māori, civil liberties, and the business and service sectors are particularly encouraged. We also encourage suggestions from young people within your organisations, as their viewpoint is extremely valuable and relevant to the work we perform. As an NZTech Association, Digital Identity NZ adopts its Board Diversity and Inclusion Policy, which you can read here.

The post DINZ Executive Council Elections & Annual Meeting 2024 appeared first on Digital Identity New Zealand.

“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced this month.

At the FIDO Alliance’s Authenticate Conference in Carlsbad, California, on Monday, October 14, researchers are announcing two projects that will make passkeys easier for organizations to offer—and easier for everyone to use. One is a new technical specification called Credential Exchange Protocol (CXP) that will make passkeys portable between digital ecosystems, a feature that users have increasingly demanded. The other is a website, called Passkey Central, where developers and system administrators can find resources like metrics and implementation guides that make it easier to add support for passkeys on existing digital platforms.

“To me, both announcements are part of the broader story of the industry working together to stop our dependence on passwords,” Andrew Shikiar, CEO of the FIDO Alliance, told WIRED ahead of Monday’s announcements. “And when it comes to CXP, we have all these companies who are fierce competitors willing to collaborate on credential exchange.”

Passkey Central provides leaders with education about passkeys and steps to implement them for consumer sign-ins

October 14, 2024 — Carlsbad, CA —  The FIDO Alliance today announced Passkey Central, a new web resource where consumer service providers can learn more about why and how to implement passkeys for simpler and more secure sign-ins.

Passkeys, an easy-to-use and secure replacement for passwords, are already available for consumer services around the world including Adobe, Amazon, Apple, eBay, Google, Hyatt, Microsoft, Nintendo, NTT DOCOMO, PayPal, PlayStation, Shopify and TikTok. More than 13 billion user accounts can now leverage passkeys. Passkeys offer significant benefits to implementing organizations, including faster user sign-ins, higher sign-in success rates, reduced account takeovers, reduced costs associated with authentication, and lower cart abandonment. Passkey Central provides product leaders and architects with the information required to implement and realize similar benefits with passkeys.

Passkey Central provides visitors with actionable, data-driven content to discover, implement, and maintain passkeys for maximum benefits over time. The comprehensive resources on Passkey Central include:  

Introduction to passkeys Business considerations and metrics  Internal and external communication materials Implementation strategies & detailed roll-out guides   UX & Design guidelines Troubleshooting And more implementation resources, such as glossary, figma kits, and accessibility guidance 

Service providers should go to passkeycentral.org to get started with passkeys.

“Passkeys are the simplest and most secure way for consumers to access the global connected economy,” said Andrew Shikiar, CEO of FIDO Alliance. “The early adoption of passkeys has been remarkable and it is now time to help more service providers break their dependence on passwords. Passkey Central will accelerate the use of passkeys by providing product leads and architects with independent and authoritative guidance on why and how to implement passkeys for their own website and services.”

A research-backed public resource

The content for Passkey Central is based on several years of FIDO Alliance research, including subject matter expert interviews, focus groups and UX testing, to determine what guidance businesses need when implementing passkeys. Investment and participation from the following companies as Founding Underwriters enabled the underlying research, web and content development costs required to launch Passkey Central: Craig Newmark Philanthropies, Google, Trusona and Yubico.

“Our adversaries attack nations in cyberspace using techniques that are blocked by passkeys and related technologies. We need to do what we can to accelerate passkey adoption, and to help regular people understand that passkeys protect countries, and make their online lives a little easier.” – Craig Newmark, Founder and ISR, Craig Newmark Philanthropies

“Trusona is committed to revolutionizing the authentication experience for digital businesses, ensuring customers can sign up and sign in simply, swiftly, and securely. Passkey Central brings that mission to life with a new resource that will positively impact people’s digital lives today and in the future.” – Ori Eisen, CEO, Trusona

“Phishing attacks resulting from stolen login credentials is one of the greatest cybersecurity risks facing individuals and enterprises today. In order to achieve a phishing-resistant passwordless future, the solution is clear: prioritize education on passkey implementation and broad support for passkey authentication options globally. Passkey Central is a major step toward achieving this goal, and we look forward to working with the FIDO Alliance toward accelerating adoption of passkeys.” – Derek Hanson, VP, Standards and Alliances, Yubico

“The best way to accelerate passkey adoption is to give website owners and app owners the information they need to get oriented with the benefits of passkeys and guidance on how they can start deploying passkeys. FIDO’s Passkey Central will be a key resource that helps meet this need.” – Sam Srinivas, Product Management Director, Google and FIDO Board Rep for Google.

For more information about Passkey Central, visit passkeycentral.org.

About the FIDO Alliance

The FIDO (Fast IDentity Online) Alliance was formed in July 2012 to address the lack of interoperability among strong authentication technologies and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services. For more information, visit www.fidoalliance.org.

Contact

press@fidoalliance.org

The FIDO Alliance has published a working draft of a new set of specifications for secure credential exchange that, when standardized and implemented by credential providers, will enable users to securely move passkeys and all other credentials across providers. The specifications are the result of commitment and collaboration amongst members of the FIDO Alliance’s Credential Provider Special Interest Group  including representatives from: 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung and SK Telecom.

Secure credential exchange is a focus for the FIDO Alliance because it can help further accelerate passkey adoption and enhance user experience. Today, more than 12 billion online accounts can be accessed with passkeys and the benefits are clear: sign-ins with passkeys reduce phishing and eliminate credential reuse while making sign-ins up to 75% faster, and 20% more successful than passwords or passwords plus a second factor like SMS OTP. 

With this rising momentum, the FIDO Alliance is committed to enabling an open ecosystem, promoting user choice and reducing any technical barriers around passkeys. It is critical that users can choose the credential management platform they prefer, and switch credential providers securely and without burden. Until now, there has been no standard for the secure movement of credentials, and often the movement of passwords or other credentials has been done in the clear.  

FIDO Alliance’s draft specifications – Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) – define a standard format for transferring credentials in a credential manager including passwords, passkeys and more to another provide in a manner that ensures transfer are not made in the clear and are secure by default. 

Once standardized, these specifications will be open and available for credential providers to implement so their users can have a secure and easy experience when and if they choose to change providers. 

The working draft specifications are open to community review and feedback; they are not yet intended for implementation as the specifications may change. Those interested can read the working drafts here, and provide feedback on the Alliance’s GitHub repo. Drafts are expected to be updated and published for public review often until the specifications are approved for implementation.

The FIDO Alliance extends a special thank you to its members in the Credential Provider Special Interest Group and its leads for driving and contributing to this important specification.

Building on the success of last year’s summit in Vietnam, the FIDO APAC Summit 2024 in Kuala Lumpur, Malaysia, once again brought together thought leaders, policymakers, technology innovators, and industry experts from across the Asia-Pacific region. With over 350 attendees from 15 countries—including Australia, China, France, Hong Kong, India, Indonesia, Japan, Malaysia, the Philippines, Singapore, South Korea, Taiwan, Thailand, the USA, and Vietnam—this year’s event served as a powerful platform for sharing knowledge, inspiring collaboration, and exploring the evolution of secure and convenient authentication technologies.

Watch the Recap Video

Malaysian Government Endorses Phishing-Resistant FIDO Authentication

In his keynote speech, CyberSecurity Malaysia Chief Executive Officer Datuk Amirudin Abdul Wahab emphasized, “Passwordless methods, such as FIDO-based biometric authentication, offer robust alternatives that are harder to compromise than traditional credentials. They also reduce the burden on users to remember complex passwords and mitigate the risks associated with credential theft.” 

The National Agency of Cyber Security (NACSA) officially announced that they have become the first Malaysian government entity to adopt FIDO and passwordless technology. The local organizations classified as National Critical Information Infrastructure (NCII) are now using FIDO Security Keys for authentication and safeguarding applications and sensitive data.

The summit also received extensive media coverage, about 40 stories both pre- and post-event, featured in numerous esteemed publications. Some highlights include:

[The Edge] Over 80% of data breaches tied to weak passwords

[Business Today] Malaysian Businesses Should Ditch Passwords for Better Cybersecurity

[The Sun] Malaysia Advocates Passwordless Authentication to Enhance Cybersecurity

[BERNAMA TV] Malaysia Advocates Passwordless Authentication to Enhance Security

[Astro Awani] Malaysia Supports Passwordless Authentication to Enhance Cybersecurity

40 Speakers from Various Sectors Highlight Key Industry Trends

The Summit featured more than 40 speakers from sectors such as banking, government, telecom, enterprises, defense, eCommerce, solution vendors, online service providers, and manufacturers. Speakers represented leading organizations including Google, Lenovo, Samsung, ETDA Thailand, NTT Docomo, Mercari, Visa, SBI Bank, TikTok, iProov, Okta, TWCA, RSA, OneSpan, Thales, and VinCSS. One of the key themes of the 2024 Summit was the adoption of passkeys and the push towards achieving a passwordless experience across platforms. Here are some notable lessons shared:

Google: Demonstrated passkeys as the key to providing personalized experiences that users love. Cases from X, Amazon, Roblox, Kayak, WhatsApp, Zoho, and 1Password were shared. Roblox reported, “Passkeys are a significant security and usability upgrade for all of our users. In the six months since our launch, we have seen millions of users adopting passkeys to enjoy a simpler, faster, and more secure login experience.” Kayak noted a “50% reduction in average sign-in time with passkeys. With passkeys available on most devices, we’ve phased out traditional password logins and eliminated passwords from our servers.” 1Password highlighted that “in 2023, more than 1 million passkeys were created and saved by our users, and trial users who interact with passkey features are roughly 20% more likely to convert to paying customers.”

Samsung: Presented on passkeys on Galaxy mobile devices. Samsung launched the Passkey Provider Service at the end of 2023, providing a convenient user experience with the passkey as the default provider on Galaxy mobiles. Users can easily log in with fingerprint authentication and manage passkeys at a glance. Samsung ensures safe passkey synchronization across multiple devices logged into a Samsung account, including utilization with Samsung Knox Matrix. Statistics from the seven-month record of Samsung Passkey Provider include 7,672,861 cumulative registrations, 1,000,000 average new monthly registrations, and 850,000 average monthly authentications. Plans are in place to expand passkey usage for home appliance connectivity, such as TVs.

NTT Docomo: Highlighted the advantages of passkeys as an ideal authentication method—simple, frictionless user experience with biometric authentication, taking just 4-7 seconds compared to up to 30 seconds for SMS OTPs. They emphasized that passkeys are the only practical phishing-resistant authentication method.

Visa: Introduced Visa Payment Passkey for cardholder authentication in modern e-commerce. Traditional consumer authentication methods reduce fraud but often add friction, whereas biometric authentication with passkeys reduces both fraud and friction, leading to a 50% lower fraud rate.

TikTok: Reported success with passkeys, noting that over 100 million users registered within a year of implementation, with a 97% login success rate and a 17x faster login experience. There was also a 2% reduction in SMS OTP logins, as users who adopted passkeys chose them over other methods, improving app performance and reducing costs.

Workshops, Panel Discussions, and Networking Opportunities

This year’s Summit offered morning workshops on Passkeys and FDO (FIDO Device Onboard), allowing participants to delve deeper into implementing FIDO solutions. Attendees had the chance to work with FIDO experts to learn about integrating FIDO authentication into their services, understand technical specifications, and explore best practices. Experts also discussed the impact of emerging technologies like AI and post-quantum computing (PQC) on the authentication ecosystem while highlighting vulnerabilities related to human elements that can be addressed through implementing passkeys and FIDO’s efforts on future-proofing security.

Networking sessions, including a gala dinner, provided attendees a venue to relax and connect with peers from different parts of the world and sectors, fostering collaboration on developing solutions tailored to regional needs. Many participants enjoyed and respected the local culture while finding value in exchanging ideas and experiences about overcoming specific challenges in their respective sectors.

Celebrating Progress and Looking Forward

The FIDO APAC Summit 2024 showcased the significant progress towards convenient and secure FIDO-based passwordless authentication in the region. Through the collective efforts of governments, private sector leaders, and technology providers, the adoption of FIDO standards across the Asia-Pacific is accelerating, delivering stronger security and a seamless user experience.

The Asia-Pacific region is at the forefront of building a phishing-resistant, passwordless future, serving as an inspiration for other regions. The spirit of innovation and collaboration at the Summit reflects the dedication of all stakeholders to creating a secure and user-friendly digital landscape.

We extend our gratitude to all speakers, sponsors, participants, and members for making this year’s Summit a success. Together, we are shaping a more secure, passwordless future.

Proudly Sponsored by:

The post Verifiable Credentials: Trust and Truth in an AI-enabled Talent Acquisition Market   appeared first on Velocity.

We are excited to announce the launch of the BeL2 SDK Portal, a powerful new toolkit that gives developers the ability to connect Bitcoin with the world of DeFi, all while maintaining Bitcoin’s renowned security and decentralisation. This marks an important step forward, opening up new possibilities in the decentralised finance ecosystem, allowing Bitcoin to play a key role in a space that was previously out of reach.

 

The BeL2 SDK: Bridging Bitcoin and DeFi

The BeL2 SDK serves as a bridge between Bitcoin and Ethereum-compatible chains, offering developers the ability to build secure, trustless applications that bring Bitcoin into DeFi platforms. This offers developers a new way to extend Bitcoin’s capabilities while keeping its core values of security and decentralisation intact. With the BeL2 SDK, developers can now unlock cross-chain operations that connect Bitcoin to the world of yield generation, lending, borrowing, and other DeFi opportunities — all while ensuring that Bitcoin stays on its native chain, maintaining its decentralisation and trustless structure.

 

Why This Matters for Developers

For the first time, developers have a reliable, developer-focused toolkit that simplifies complex cross-chain interactions and allows Bitcoin to interact with DeFi protocols on Ethereum-compatible chains. The BeL2 SDK removes the need for wrapped tokens, allowing Bitcoin to retain its core properties while gaining access to DeFi.

By using the BeL2 SDK, developers can:

Build secure and trustless applications that link Bitcoin with DeFi. Enable cross-chain participation without compromising Bitcoin’s security. Apply Zero-Knowledge Proofs (ZKPs) to ensure the privacy and security of cross-chain transactions. Open up new avenues for Bitcoin in DeFi lending, borrowing, and yield generation.

 

Unlocking Bitcoin’s Potential in DeFi

For years, Bitcoin has been limited to simple transactions or as a store of value, with restricted access to the growing world of DeFi. The BeL2 SDK changes that, unlocking Bitcoin’s full potential to participate in decentralised financial ecosystems, a new Bretton Woods monetary system. With this toolkit, developers can now build applications that bring Bitcoin into DeFi without bridging assets and giving up the values that make Bitcoin so important — its security, decentralisation, and trustless foundation.

The BeL2 SDK makes Bitcoin usable for:

DeFi lending and stablecoin issuance, allowing Bitcoin holders to access liquidity without selling their assets. Yield generation, enabling Bitcoin to generate returns in DeFi markets. Cross-chain transactions, preserving Bitcoin’s security while connecting with other blockchains.

 

Emphasising Security and Trustlessness

At the heart of BeL2 is a commitment to maintaining Bitcoin’s security and trustless operations. Developers can be confident that Bitcoin remains on its own network, with zero-knowledge proofs ensuring the privacy and accuracy of all cross-chain activities. This directly addresses the concerns of Bitcoin enthusiasts who prioritise decentralisation and are reluctant to move their Bitcoin off-chain. The BeL2 SDK allows developers to confidently build DeFi applications while knowing that Bitcoin’s integrity remains fully intact.

 

A Toolkit for a Global Developer Community

The BeL2 SDK is designed specifically for developers. It provides all the necessary tools for creating Bitcoin-focused DeFi applications without introducing unnecessary risks or complications. Whether you are a DeFi developer looking to integrate Bitcoin into your protocol or a Bitcoin enthusiast aiming to expand the use of your assets, the BeL2 SDK makes it easy.

With the BeL2 SDK, developers now have access to:

Developer-friendly tools that make building cross-chain solutions straightforward. The ability to bring Bitcoin into DeFi without relying on wrapped tokens or centralised custodians. A toolkit that preserves Bitcoin’s security and decentralisation while opening it up to DeFi.

 

The Future of Bitcoin in DeFi

The launch of the BeL2 SDK Portal marks a new chapter in the development of Bitcoin as a key player in decentralised finance. This toolkit provides the foundation for Bitcoin to interact with DeFi ecosystems while staying true to its role as a trustless, secure asset. By standing at the crossroads of Bitcoin’s security and DeFi’s financial opportunities, the BeL2 SDK is the gateway to a future where Bitcoin can fully engage in the decentralised economy.

We invite developers to explore the possibilities of the BeL2 SDK Portal and join us in shaping the future of Bitcoin in DeFi. You can explore the BeL2 SDK portal here! Did you enjoy this article? Follow Infinity for the latest updates here!

 

did:webs is an interoperable more secure version of did:web, applying the principles of KERI to layer on additional security while retaining usability. Today on the show we talk with Markus Sabadello and Lance Byrd, contributors to and implementers of, the did:webs specification. References Danube Tech https://danubetech.com/  Decentralized Identity Foundation (DIF) https://identity.foundation/  did:webs for Muggles https://docs.google.com/presentation/d/1BC9y4YvLPwOJwnwpwl8puJYwJHUONLovLITxOCOK8FY/edit?usp=sharing ...

did:webs is an interoperable more secure version of did:web, applying the principles of KERI to layer on additional security while retaining usability. Today on the show we talk with Markus Sabadello and Lance Byrd, contributors to and implementers of, the did:webs specification. References Danube Tech https://danubetech.com/  Decentralized Identity Foundation (DIF) https://identity.foundation/  did:webs for Muggles https://docs.google.com/presentation/d/1BC9y4YvLPwOJwnwpwl8puJYwJHUONLovLITxOCOK8FY/edit?usp=sharing ...

On October 10, 300+ attendees from institutions and organizations from across the country came together at EdgeCon Autumn 2024 for an exciting day of panel discussions, breakout sessions, awards, and peer and exhibitor networking. Hosted at Kean University’s state-of-the-art STEM building, EdgeCon welcomed esteemed presenters from around the region who shared their insight and expertise into overcoming challenges and seizing opportunities in today’s dynamic educational landscape.

Blueprints for Institutional Success

EdgeCon’s keynote panel discussion, Blueprints for Success: Uniting Strategy and Innovation in Higher Education, delved into how higher education institutions, from research-intensive universities to community colleges, can achieve sustained success by uniting strategy and innovation through enterprise architecture. Moderated by Ed Wozencroft, Vice President for Digital Strategy, Chief Digital Officer, and CIO, New Jersey Institute of Technology, this session discussed that no matter the unique challenges an institution is facing, collaboration across the organization is key.

The keynote presentation included panelists, Henry Pruitt, Enterprise Architect, NYU, Christopher Markham, Executive Vice President, Edge, and Mark Sedlock, Vice President and Chief Technology Officer, Rowan University, who shared how a well-integrated approach to technology and strategic planning can align every facet of an institution, from leadership to front-line staff, driving progress toward an institutional mission. Attendees learned more about leveraging enterprise architecture to foster a culture of collaboration, streamline operations, and propel an institution toward enduring excellence in a dynamic educational landscape.

Generative AI Literacy for Everyone

One of the first breakout sessions of the day was led by Gamin Bartle, CIO, William Paterson University, where he explored putting Generative AI literacy for students, faculty, and staff at the center of the University’s AI strategy. William Paterson is currently developing two Gen AI policies, one for Academic Affairs and the other for the operational and support divisions, and is incorporating Gen AI Literacy into University Core Curriculum courses so that students can start gaining experience during their first semester. Bartle explained how faculty development has been underway across campus since 2023, and many faculty members and staff have been engaged in learning more about Gen AI Literacy over the past year. Attendees gained a closer look at Gen AI Literacy programming, the policies that are in progress, and the importance of equipping the entire university community with the skills to navigate and leverage these emerging technologies responsibly.

Enhancing Student Success through AI-Powered Applications

The morning sessions also included a presentation that demonstrated how AI, specifically ChatGPT, can significantly enhance student and faculty success in higher education. Sahana Varadaraju, Senior Cloud Application Developer from Rowan University, introduced a Python programming language-based application that integrates with ChatGPT to handle natural language queries related to courses, schedules, and seat availability. Varadaraju showed how students and faculty can ask simple questions through the application, and the background process will provide appropriate solutions based on the database information stored.

The session showcased examples in the context of Section Tally, demonstrating the application’s real-time response capabilities. Attendees learned about the benefits of an AI-powered approach and its potential to transform the higher education landscape by providing timely and accurate information to users, ultimately contributing to their success and satisfaction.

“Good selection of sessions.  Nice mix of professional development and meeting with the vendors.”

– Henry Pruitt, Enterprise Architect, New York University

Empowering Your Network for Education and Innovation

Edge’s Jim Stankiewicz, Principal Network Architect, and Bruce Tyrrell, AVP, Programs and Services, gave an in-depth update on EdgeNet and explored how Edge is modernizing and simplifying networking to deliver exceptional value to their members. Attendees saw how the innovative network is designed to reduce power consumption while ensuring a superior quality of service. Edge discussed their commitment to keeping members at the forefront of modern technology, including advance line monitoring to improve dark fiber visibility, and support for campus managed optical fiber and high-speed transport for colocation. The session also included an attendee roundtable to discuss how their organizations are managing guest network services, enabling network segmentation, and operating residence hall networks.

Revolutionizing Campus Networks

In a breakout session led by Shaliesh Shenoy, Assistant Dean for Information Technology, Albert Einstein College of Medicine, and Austin Hawthorne, VP Solution Architecture, Nile, attendees were taken on a transformative journey from a traditional campus network to a cutting-edge, automated Network-as-a-Service (NaaS) model. The presentation explored the strategic decisions and key benefits behind this transition, focusing on how the new approach has enhanced security, operational efficiency, and user experience across the College. Whether participants were IT professionals, network architects, or academic administrators, they gained actionable insights into how automation and zero-trust principles can help revolutionize their institution’s network infrastructure.

Implementing an Esports Hub at Your Institution

In this interactive session, David Bruno, Associate Dean, Educational Programming and External Relations, and Sean Dwyer, Esports Director from Camden County College joined Joshua Kell, CEO, Horizon AVL Esports Integration, to explore the key components of building a successful esports program, from securing institutional support to creating inclusive spaces for competitive and casual gamers alike. Designed for educators, administrators, and leaders eager to establish or enhance an esports hub at their institution, this workshop covered the essentials of setting up infrastructure, such as gaming arenas and online platforms, and discussed strategies for recruiting and retaining a diverse group of participants. Attendees left with a clear roadmap for launching or expanding an esports hub at their institution, along with practical tools and resources to support their efforts. 

Enhancing Data Governance and Literacy with Modern Technologies

In the pursuit of efficient data management, Rowan University is embracing modern technologies and methodologies to establish a robust data governance framework and promote data literacy across the university community. Shante Walker, Institutional Research Analyst, Rowan University, discussed how fostering data literacy can promote informed decision-making, drive innovation, and enhance the overall effectiveness of an institution. Walker shared how they are leveraging Informatica’s Cloud Data Governance and Catalog (CDGC) to develop a comprehensive Data Catalog, visualize data lineage, and apply data quality rules to critical data elements. The presentation delved into the latest trends in data governance, the practical benefits of modern data technologies, and how it is helping empower the Rowan community with the tools and knowledge they need to thrive in an increasingly data-driven world.

Crafting a Cybersecurity Blueprint

Dr. Dawn Dunkerley, Lead Virtual Chief Information Security Officer, Edge, and Moe Rahman, Chief Information Officer, Rider University, led the session, From Policy to Practice: Crafting a Cybersecurity Blueprint That Everyone Owns and Governs. Together they explored the journey of transforming cybersecurity policies into actionable practices that involve participation and governance at all levels of an institution. The focus was on developing a cybersecurity blueprint that not only adheres to the highest standards of security and regulatory mandates but is also embraced and implemented by everyone within the organization, from IT staff to administrative leaders to faculty and students.

Reviewing Websites of Top 100 Universities

In this breakout session, Jake Martar, eLearning Coordinator, University of Arkansas for Medical Sciences, presented findings from a review of the top 100 non-profit U.S. universities with online bachelor programs, as ranked by U.S. News & World Report 2024. Martar explained by analyzing the range of Generative AI resources across these institutions, we can identify key themes and best practices that institutions should consider when developing their AI-related support systems. Participants gained insights into the current landscape of Generative AI resources in higher education, including common themes and gaps, and how to enhance their institutional resources to better prepare for the ongoing integration of AI in academia.

Selecting Technology to Realize Institutional Goals

At most institutions, the search for a new technology solution involves responding to institutional initiatives, contending with flat or shrinking technology budgets, or addressing specific pain points. However, a growing number of higher education leaders are balancing these considerations with a solution’s fit within an ecosystem or with broader organizational goals. This workshop, led by ListEdTech’s Justin Menard, CEO, and James Wiley, VP of Product and Research, explored how these institutions are ensuring fit and identifying the decision points for technology acquisition to increase the chance of alignment between technology and institutional goals. Participants left the session being able to identify ways to evaluate technology solutions and determine how they might support their institutional goals.

“Outstanding event. Right mix of technology, education, and industry. Attracted meaningful thought leaders and continued to build collaboration.”

— Chris Treib, Vice President of Information Technology, Geneva College

Leveraging Generative AI Tools

Shevon Jackson, Senior Director of Information Technology, Rutgers Business School, and Adam Deer, Industry Executive for Public Sector, EDU, Google, led the afternoon breakout session, Empowering Institutions and Learners While Taking Back Control of Generative AI. They discussed how Google AI for Campus is revolutionizing the way institutions manage and leverage generative AI tools and provides a centralized hub for these AI tools, as well as Large Language Models, including Gemini, Claude, Copilot, and GPT-4o. Attendees learned about the benefits of streamlined management, enhanced security, and the potential for innovative applications across various academic domains. The team at Rutgers Business School also shared how they rolled out Google AI for Campus to students, faculty, and staff, their experience in early-phase deployment, and how they plan to leverage the platform moving forward.

Using the Cloud to Enhance Agility, Security, and Collaboration

In an era of rapid technological advancement, universities must adopt forward-thinking IT strategies to remain competitive and responsive to the needs of students, faculty, and researchers. This presentation by Paul Fisher, Chief Information Officer, Seton Hall University, and Matthew J Stevenson, Executive Director – IT, Seton Hall University, explored the comprehensive cloud strategy implemented at Seton Hall and how it was designed to enhance institutional agility, security, and collaboration. Driven by the need for scalability, cost-efficiency, and improved service delivery, the institution went through a strategic shift that began more than 10 years ago, from on-premises infrastructure to a cloud-first approach. Presenters highlighted how this strategy has enabled the university to streamline operations, foster innovative teaching and research, and respond swiftly to evolving challenges. Attendees also gained practical knowledge on developing and executing a cloud strategy in higher education, ensuring it aligns with institutional goals while addressing the unique challenges of academia.

Building Student-Led SOCs in Higher Education

Higher Education Security Teams are often understaffed and underfunded and are at greater risk for cybersecurity threats. While many schools recognize the potential of student internships in their Cybersecurity programs, they often struggle with the management and training required to integrate these students into their Security Teams. Building Student-Led SOCs in Higher Education led by Ed Wozencroft, Vice President for Digital Strategy, Chief Digital Officer, and CIO, NJIT, and Matt Clemmons, Managing Director, Splunk Services, TekStream, showcased how Louisiana State University (LSU) formalized its Student Led SOC program to create a framework that trains students to become productive members of a real-world Security Team alongside partner TekStream Solutions. Attendees saw how university-built partnerships with peer institutions and the State of Louisiana support cybersecurity initiatives and cultivate a skilled workforce in the state. The session also explored how this model is currently rolling out in New Jersey and ways institutions can participate.

Success with the Student Experience

Attendees of this breakout session received an up-close look at how Thomas Edison State University (TESU) moved from the original Ellucian Portal to the new myEdison Experience and how this new technology provides a single sign-on (SSO) approach to all student systems. August “Chip” Stoll, Senior Director, Enterprise Applications, and Christine Carter, Director of Graduate Admissions, Recruitment, and Enrollment Technology, from TESU talked about how they set up the system, some of their customized cards, their launch of Experience this past June, and their plans for governance as they roll it out to additional constituencies.

Modernize the Student Experience

Nishika Gupta, Assistant Vice President, IT, Bergen Community College, and Patricia Clay, Associate Vice President & CIO, Hudson County Community College, led a dynamic discussion about improving on-campus processes so institutions can focus on student retention and engagement. They explored cutting-edge technologies, proven methodologies, and best practices tailored to the unique needs of today’s learners. Whether an institution is spearheading digital transformation efforts or seeking to stay ahead of the curve in higher education innovation, the session provided an opportunity to be part of a collaborative group who is helping shape the future of education.

Elevating the Institution’s Global Profile

In an increasingly competitive global educational landscape, institutions must leverage technology to enhance student support and engagement. The session, Elevating the Institution’s Global Profile Through Student Support Applications and OIT Support, led by Angela Sen, Developer/Analyst I, Software and Application Services, Office of Information Technology, Princeton University, highlighted the critical role of student support applications and the Office of Information Technology in advancing a university’s global profile. By adopting and optimizing these technologies, universities can enhance student satisfaction, academic performance, and institutional reputation on the global stage.

Innovation in Procurement

Dan Miller, AVP for EdgeMarket, introduced attendees to the EdgeMarket Higher Education Ecosystem RFP and how this solution is changing the game for higher education procurement. He shared how this strategic approach is designed to simplify the procurement process, foster collaboration between members and solution providers, and drive better outcomes for institutions. The session introduced the Business Capability Model and the Business Outcomes Framework and how they can connect solution investments to tangible business results and align solution portfolios with the operational needs of higher education institutions. Miller shared that by leveraging these powerful tools, institutions can access a streamlined procurement pathway that empowers them to make more informed and effective system selections.

“Always a great conference for networking with my peers at other institutions. There is consistently the right mix of vendors and the sessions/presentations are always very timely in discussing challenges/solutions that other institutions have encountered.”

– Ron Spaide, CIO, Bergen Community College

Awarding Excellence in the Education Community

To celebrate the incredible achievements and contributions that higher education institutions are making throughout the region, Edge presented several awards at this year’s event.

 New Jersey Institute of Technology (NJIT) was recognized with the High Performance Computing Innovation Award for their vision and leadership in the area of high performance computing. In the last year, the technology and network teams at NJIT have developed a remarkable HPC platform, incorporating both on-site and remote data center resources. This platform is designed to be secure and scalable, effectively addressing the increasing needs of their research community.

Edge recognized the Metropolitan College of New York with the Regional Network Partnership Award for their commitment to collaboration and seeking out the support and capabilities of the Edge network and community during a time of rapid change and transformation.

Middlesex College was honored with the Community College Cyber-Preparedness Award in recognition of their commitment and exceptional efforts to exceed regulatory standards, ensuring the safety of their educational community.

Edge honored Jeremy Livingston, Chief Information Security Officer at Stevens Institute of Technology with the Security Community Leadership Award for his pivotal contribution in relaunching the Edge IT Security Community of Practice, a forum for collaboration and collective intelligence to fight cybersecurity threats.

The award for Exemplary Online Program Leadership went to Rowan University for their efforts to support student success and grow their online program rapidly, effectively, and without sacrificing quality.

Following EdgeCon Spring, which featured an inspiring keynote on artificial intelligence (AI) and highlighted the growing significance of the subject, the instructional team at Seton Hall University took the initiative to engage the Edge community. They collaborated with Edge to organize the inaugural AI Teaching and Learning Symposium. To acknowledge the University’s ongoing leadership and their involvement in the first cohort of the American Association of Colleges and Universities (AAC&U) Institute on AI, Pedagogy, and the Curriculum, Edge awarded Seton Hall the AI Education Leadership Award.

Stephen K. Burley, M.D., D. Phil. from Rutgers, The State University of New Jersey, was honored with the Research Impact Award to celebrate his Pioneering Work in Structural Biology: Transformative Contributions to Biomedical Research and Global Scientific Collaboration. As an internationally recognized scholar, Dr. Burley has published extensively in data science and bioinformatics, AI/machine learning, structural biology, and clinical oncology.

Joseph Diaco, Professor, Camden County College, and Dr. Hieu Nguyen, Professor, Rowan University, who were principal investigators for the Precision Agriculture Using Drone/AI Technologies project, Blueberry Drone AI: Smart Farming of Blueberries using Artificial Intelligence and Autonomous Drones, were presented with the Engaging Students in Collaborative Research Award. This accolade acknowledges research projects that promote meaningful collaboration among institutions or research teams, while actively involving students in their research activities. Their project focused on providing students with practical experience in drone technology and AI, enhancing the accuracy of blueberry counting and health assessment through advanced image recognition models, and demonstrating proof of concept for autonomous drone missions.

Along with showcasing the outstanding thought leaders in the education space, events like EdgeCon Autumn 2024 provide a collaborative platform for engaging discussions about the future of higher education and how the community can work together to drive positive change and find solutions that can benefit all organizations.

Thank you to EdgeCon Autumn Sponsors

EdgeCon Autumn was made possible, in large part, to our participating vendors and their sponsorship and support of this event. With a wide array of products, services, and solutions to support your institutional ecosystems, we want to thank our sponsors for their invaluable contributions and commitment to enhancing the experience for all attendees. Visit the Sponsor Thank You Page here »

Platinum Sponsor VIP Reception Sponsors VIP Dinner Sponsors Exhibitor Sponsors

The post EdgeCon Autumn 2024 appeared first on NJEdge Inc.

As supply chains become increasingly complex and stringent regulations like DSCSA and FSMA become more prevalent, understanding how to leverage EPCIS (Electronic Product Code Information Services) for granular visibility and efficient data management is more crucial than ever.

In this episode, hosts Reid Jackson and Liz Sertl are joined by Matt Andrews, Global Standards Director at GS1 US. Matt unpacks the fundamentals and applications of EPCIS, from its role in modeling supply chain processes to its transformative impact across industries like healthcare, food, retail, and logistics.

EPCIS can help your organization achieve unparalleled supply chain visibility, improve compliance, and drive competitive advantage.

 

In this episode, you’ll learn:

The intricacies of EPCIS (Electronic Product Code Information Services) and its universal application across industries for enhanced supply chain visibility, compliance, and efficiency.

How EPCIS can revolutionize inventory management with real-time data accuracy, from monitoring cycle counts to tracking product movement from back of house to point of sale.

How industries such as healthcare and food service leverage EPCIS to comply with regulations like DSCSA and FSMA 204, ensuring traceability down to the unique item level.

 

Jump into the Conversation:

(00:00) Introducing Next Level Supply Chain

(06:25) Benefits that organizations are seeing by leveraging EPCIS

(08:00) Full granular visibility, item-level tracking, inventory management

(13:54) How EPCIS can log events from manufacturing to sales

(17:03) Enhanced supply chain visibility through real-time EPCIS data

(18:28) Accessing claims compliance through advanced visibility

 

Connect with GS1 US:

Our website - www.gs1us.org

GS1 US on LinkedIn

 

Connect with the guests:

Matt Andrews on LinkedIn

EdgeCon Winter 2025

Date: January 9, 2025
Time: 9 am – 5 pm
Attendee Ticket: $49

Non-sponsoring Vendor Ticket: $250

Event Location:
Princeton University

EdgeCon will provide a wealth of opportunities for networking and professional development, engaging in a marketplace of ideas, and community building.

This year’s conference will consider the growing impact of technology across the institution and throughout the student lifecycle. You’ll experience insightful, inspiring content which will invite you to reimagine ways that technologies like data analytics, AI, and more can come together with strategy to transform the way our institutions operate, enhance the educational experience, and bring greater long-term resiliency to the institution as a whole.

Our premier event returns to the campus of Princeton University, featuring general sessions and panels, breakout sessions, a variety of exhibitors, and more. Recent EdgeCons have sold out for attendees and sponsors, so sign up early and get ready to connect with the Edge community again this Winter!

Register Now » Vendor/Sponsorship Opportunities at EdgeCon

Exhibitor Sponsorship and Branding/Conference Meal sponsorships are available. Vendors may also attend the conference without sponsoring, but at a higher ticket price of $250.

Contact Adam Scarzafava, Associate Vice President for Marketing and Communications, for additional details via adam.scarzafava@njedge.net.

Download the Sponsor Prospectus Now » Call for Proposals

Submit your presentation topic for the upcoming EdgeCon Winter 2025 conference! This year’s conference will consider the growing impact of technology across the institution and throughout the student lifecycle. This year’s event will focus on ways that technologies like data analytics, AI, and more can come together with strategy and process to transform the way our institutions operate, enhance the educational experience, and bring greater long-term resiliency to the institution as a whole.

Submit Proposal » Accommodations

For those requiring overnight accommodations while attending EdgeCon Winter 2025, a Group Rate has been arranged for attendees at: Nassau Inn »

10 Palmer Square, Princeton, NJ 08542

Secure your room here »

Or, for Attendees who want to make reservations over the phone, please call the Nassau Inn Reservation Desk directly at 609-921-7500 and reference the booking #29477 in order to receive the group rate. This rate is only valid until 12/8/24.

The post EdgeCon Winter 2025 appeared first on NJEdge Inc.

Ethereum addresses, with their 42 characters, have become a hallmark of the web3 ecosystem. However, memorizing these long strings is nearly impossible for most users. The Ethereum Name Service (ENS) addresses this issue by offering a decentralized naming protocol on the Ethereum blockchain. 

The Future of Education & Workforce track, sponsored by Jobs for the Future and the Digital Credentials Consortium, invites you to explore a future where education is accessible to all learners and acts as a true gateway to economic advancement.

Building on the work of the JFF Plugfest competitions, participants can use tooling and resources that give them a quick start, and the confidence that their submission will provide real value to learners and workers.

Jobs for the Future (JFF)

Jobs for the Future is a nonprofit organization committed to transforming the US workforce and education systems to achieve equitable economic advancement for all. JFF drives change by designing innovative solutions, scaling best practices, influencing public policies, and investing in the development of a skilled workforce. JFF Labs is the innovation arm of the organization, focused on building the infrastructure for a skills-based talent marketplace, supporting an ecosystem of open standards-based interoperability that enables credential portability, and empowering individuals to use their data to access opportunity.

Digital Credentials Consortium (DCC)

The Digital Credentials Consortium is a network of leading universities and institutions advancing the use and understanding of portable, verifiable digital academic credentials in higher education through open source technology development and leadership, research, and advocacy. Founded by MIT and partners worldwide, DCC encourages a learner-centered ecosystem where portable, verifiable digital credentials are universally recognized and easily shared. By fostering collaboration among academia, industry, and standards organizations, DCC is working towards a future where these credentials are more accessible, secure, and verifiable. 

The Challenges

Participants can choose from multiple challenges designed to push the boundaries of what's possible with VCs:

1. Verifiable Learner / Worker IDs and Records

Demonstrate the transformative potential of user-controlled data in learning and professional experiences. Use VCs such as Student IDs, Employee IDs, and Employment History to showcase compelling use cases such as:

Applying for new job opportunities using proof of employment history Accessing platforms based on verified credentials Demonstrating essential skills through verifiable records Implementing selective disclosure principles to share only necessary information 2. Powerful New VC Tools a. Multiple Language Support

Promote cross-border mobility by enabling educational credentials to be meaningfully used internationally. Build a tool that constructs VCs in any language, with a special emphasis on non-Latin scripts, using the renderMethod attribute

b. Browser Integration

Enhance convenience and usability by developing a browser plugin for displaying and verifying VCs. This challenge also requires the use of the VC renderMethod attribute.

3. Feature Enhancement a. Learner Credential Wallet

Add support for the Learner Credential Wallet to use the VC renderMethod attribute, enabling rich displays of credentials within the application.

b. VerifierPlus

Enhance VerifierPlus to support rich displays using the renderMethod attribute, including capabilities for PDF rendering.

4. Bonus Design Challenge: Establishing Credibility in Digital Credentials

Explore innovative ways organizations can integrate VCs into their processes to build trust among users. Design the equivalent of a "browser padlock" for Verifiable Credentials, helping users understand that verification checks are valid and trustworthy.

Prizes

This track offers a substantial prize pool totaling $15,000, distributed among top submissions that meet the challenge criteria and demonstrate exceptional innovation and impact.

Submission Requirements

All submissions must adhere to the following criteria:

Open Source Licensing: Projects must be open source under the MIT license to promote transparency and collaboration. Technical Interoperability Standards: Submissions must comply with the technical standards used by the JFF Plugfest, including: Credential Format: Open Badges 3.0 (using Verifiable Credential format) Issuing Credentials: Utilize VC API with CHAPI or OpenID for Verifiable Credential Issuance Exchanging Credentials: Use CHAPI, OpenID for Verifiable Presentations, or WACI-DIDComm Interop Profile

Participants are encouraged to build upon tools provided by the Plugfest, such as VC Playground, CHAPI, and the Digital Credentials Consortium Wallet.

Why Participate?

By joining this track, you have the opportunity to:

Contribute to solutions that can have a real-world impact on education and workforce development Collaborate with leading organizations in the decentralized identity space Showcase your innovative ideas and technical skills to a global audience Be part of a movement that is shaping the future of learning and work

Sharon Leu, Executive in Residence at JFF Labs, highlights the importance of the challenges: “The challenges that we proposed are critical to the infrastructure that will help learners and jobseekers find meaningful opportunities at all stages of their learning and employment journey. We are excited for this community to work together to create the tools that will give people control of their data in wallets, data models that allow them to express their different identities as workers and learners, multi-language support for verifiable credentials, and a seamless verification experience for relying parties with minimal technology capacity.” 

“The Digital Credentials Consortium advocates for open source, open standards, and open community to foster transparency, collaboration, and innovation in the development of digital credentialing systems,” adds Kerri Lemoie, Director at MIT Digital Credentials Consortium.  “Hackathons foster creativity and collaboration, bringing together diverse minds to solve real-world problems in a short amount of time. Through experimentation, skill development, and community building we hope the participants are inspired to make tools and technologies that will enhance trust of portable, verifiable digital credentials that democratize access to educational achievements and skills verification.”

Kim Hamilton Duffy, Executive Director of DIF, emphasizes the transformative potential of this track: "Education and workforce development have the power to change lives. This challenge embodies the core reason I became involved in decentralized identity – to ensure people have control over credentials that are portable, verifiable, and meaningful across borders and contexts. I'm thrilled to see the innovative solutions our participants will create to address these critical issues."

Join Us in Revolutionizing Education and Workforce Development

Whether you're a seasoned developer in the decentralized identity space or new to the field, your participation can make a significant difference. Together, we can build the next generation of tools that will empower learners and workers worldwide.

Ready to Take on the Challenge?

Register for the DIF Hackathon 2024 and select the Future of Education & Workforce track. Let's collaborate to create a more accessible and verifiable future for education and career advancement.

Register now: https://difhackathon2024.devpost.com/ Join our informational session: https://www.eventbrite.com/e/education-and-workforce-track-overview-tickets-1029330524307 Read details about the challenges, prizes, and submission requirements: https://identity.foundation/hackathon-2024/docs/sponsors/edu/  Join the discussion on the DIF Hackathon discord: ​​https://discord.gg/WXPzWvBCjD 

Join us in shaping the future of education and work through innovation and collaboration.

The DIF Hackathon 2024 is in full swing, and we’ve got a fantastic lineup of challenges waiting for you! From reusable identity to revolutionizing digital identity in education, this is your chance to innovate, compete for amazing prizes, and help shape the future of decentralized identity. Below is the full lineup of sessions for the coming week!

🌟 ONT Login Challenge – Unlock Seamless Authentication!📅 Date: Tuesday, October 8 | 8 AM PST / 5 PM CEST Ontology is bringing you the ONT Login challenge! Learn how to integrate a decentralized universal authentication component for secure, reusable identity in Web2 and Web3 applications. Demonstrate how ONT Login can transform your app’s login experience while keeping user privacy intact.

💰 Prizes: 1st Place: $1000 USD | 2nd Place: $500 USD | 3rd Place: $300 USD🔗 Register Now

💥 tbDEX Challenge – Power Up Payments with Known Customer Credentials!📅 Date: Tuesday, October 8 | 9 AM PST / 6 PM CEST Get ready to dive into the payments world with the tbDEX challenge! As a business or developer, you’ll use the Web5 SDK to streamline KYC processes with Known Customer Credentials (KCC). Join this session to unlock a future where seamless decentralized identity enhances payments.

💰 Prizes: 1st Place: $2500 USD | 2nd Place: $1500 USD | 3rd Place: $1000 USD🔗 Register Now

🚀 How to Resolve DIDs and Verify VCs for Free with VIDOS📅 Date: Tuesday, October 8 | 10 AM PST / 7 PM CEST This session will unlock the power of DIDs and Verifiable Credentials in recruitment and reusable identity. Explore two dynamic challenges to develop solutions that make identity verification more secure and efficient for real-world applications.

💡 Challenge 1: Employer Portal Using DIDs and VCs (Education Track)Build a proof-of-concept that allows recruiters to verify and onboard candidates securely using verifiable credentials.

💡 Challenge 2: VC Interoperability (Reusable ID Track)Create a solution that demonstrates VC interoperability across scenarios, like using a passport for travel or age-gated entry.

💰 Prizes: Total prize pool of $4,500 USD🔗 Register Now

🚀 Join the Future of Education and Economic Advancement!📅 Date: Wednesday, October 9 | 9 AM PST / 6 PM CEST

This track invites innovators to develop solutions that make education and economic opportunities more accessible through decentralized identity. Dive into challenges that use Verifiable Credentials (VCs) for educational records, employment history, and more.

💡 Challenge C1: Verifiable Learner/Worker IDsBuild VCs representing Student IDs, Employee IDs, and Employment History. Show how they can be used for job applications, skill verification, and more.

💡 Challenge C2: Build Tools for Global UseDevelop tools that support VCs across borders, languages, and digital platforms, creating a more universal decentralized identity solution. 

💰 Prizes: Total prize pool of $15,000 USD🔗 Register Now

🔑 Crossmint's Reusable Identity Challenge!

📅 Date: Wednesday, October 9 | 10 AM PST / 7 PM CST

Unlock the potential of reusable digital identities to simplify KYC, KYB, and age verification processes. Use Crossmint’s Verifiable Credentials API to build secure, scalable identity solutions for various platforms. Let's tackle identity verification and compliance with a focus on privacy and usability!

💰 Prizes:

1st Place: $800 USD + $2,000 in Crossmint credits

2nd Place: $500 USD + $1,000 in Crossmint credits

3rd Place: $200 USD + $500 in Crossmint credits

🔗 Register Now

🏨 Revolutionize Hotel Check-Ins with Verifiable Credentials (VC)!📅 Date: Thursday, October 10 | 9 AM PST / 6 PM CEST Imagine a world where hotel check-ins are seamless and secure. This challenge, led by Mateo Manfredi, Senior Full Stack Developer at Extrimian, invites you to build a privacy-focused check-in system using government-issued Verifiable Credentials. Let’s reimagine how hotels handle guest data and create a safe, smooth experience.

💰 Prizes: 1st Place: $1000 USD + $1800 in Extrimian Platform credits🔗

Register Now

🤖 Harness the Power of Decentralized Identity for Verifiable AI📅 Date: Thursday, October 10 | 10 AM PST / 7 PM CEST In the age of AI, trust is more important than ever. This challenge, led by Ankur Banerjee, Co-founder and CTO of cheqd, invites you to create solutions that ensure AI-generated content is trustworthy and verifiable using decentralized identity and Verifiable Credentials.

💰 Prizes: Total prize pool of $7,500 USD in CHEQ tokens🔗 Register Now

Don’t miss your chance to innovate, compete, and win big at the DIF Hackathon 2024! Whether you're passionate about education, AI, payments, or hospitality, there’s a challenge for you. Let’s build the future of decentralized identity together.

Best regards,

The DIF Hackathon Team

Since the mid-1990s, I’ve been advocating for the creation of secure digital infrastructures that protect human rights, civil liberties, and human dignity online. My mission has always been to decentralize power and give individuals control over their digital lives, from my early work co-authoring the TLS standard to my recent efforts supporting DIDs and Verifiable Credentials.

We now stand at another crossroads in digital identity. The current paradigm, where an individual’s private key is the cornerstone of their identity, has served us well but it also has significant limitations—especially as we move toward a more interconnected, collaborative digital world. Fortunately, advances in cryptography allow us to rethink single-key self-sovereign identity systems, suggesting the possibility for new options such as edge identifiers and cryptographic cliques.

The Single Signature Paradigm

Identity management has long centered on the use of single-signature cryptographic keys. Operating on a straightforward principle, this “Single Signature Paradigm” requires the possession of a unique private key for cryptographic signatures, allowing actions such as authentication, data encryption, and transaction validation.

The security of this model hinges on the confidentiality of the private key: a compromise of the key means a compromise of security. To reduce this threat, standards often require private keys be stored in specialized hardware, providing a fortified environment. This model is the cornerstone of security strategies endorsed and required by entities such as the National Institute of Standards and Technology (NIST), European Union government standards, and various international standards groups such as the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C).

There has been very limited success in strengthening this fundamental methodology through protocols such as key rotation. Meanwhile, the Single Signature Paradigm has many flaws, the most serious of which are Single Point of Compromise (where a key can be stolen) or Single Point of Failure (where a key can be lost). If anything, these problems are worsening, as demonstrated by recent side-channel attacks that can extract keys from older hardware. Other issues include scalability limitations, hardware dependency, operational inflexibility, and numerous legal, compliance, and regulatory issues.

There are fundamental limits to what can be achieved within the confines of a Single Signature Paradigm, making the need for evolution clear.

The Keys to Self-Sovereign Identity

The Single Signature Paradigm is problematic for many use cases surrounding digital assets, but particularly so for the management of digital identities, because identities are both central to our digital experience and largely irreplaceable. You can’t just create a new identity to replace a compromised one without losing credentials and connections alike.

When I first conceived of my ideas for the personal control of digital identity, known today as self-sovereign identity, I didn’t want to be limited by the Single Signature Paradigm. Instead, I modeled self-sovereign identity to be an identity that existed in a social context, not an isolated identity defined by singular keys. I wrote some on this in The Origins of Self-Sovereign Identity.

One of the key principles of living systems theory is the concept of the membrane. This is not just a physical barrier but a selective boundary that controls the exchange of energy, matter, and information between the system and its environment. The membrane allows certain things to pass through while restricting others, thereby maintaining the system’s integrity and autonomy. It’s a delicate balancing act: the system must allow enough interaction with the environment to sustain itself while ensuring that it isn’t overwhelmed by external forces.

…

Though I meant for it to be something that would protect the individual, self-sovereignty doesn’t mean that you are in complete control. It simply defines the borders within which you can make decisions and outside of which you negotiate with others as peers, not as a petitioner.

Implementing practical solutions that encapsulate this interconnectedness has historically been challenging due to the dominance of the Single Signature Paradigm. This has led to self-sovereign identity systems that actually adhere to the Single Signature Paradigm, which in turn causes the to overemphasize individualism, which was not my intent.

It’s not the only way.

Relational Edge Identity

Living systems theory suggests that identity isn’t just about oneself, but about one’s connections to the rest of society.

Consider the process of a child’s identity formation. They may be named “Joshua” upon birth, suggesting a unique, nodal form of identity. But, there are many Joshuas in the world. To truly define the child’s identity requires linked local names (or pet names) that define relationships. The father and mother say “my child”, attesting to the relationship between each of them and the child. A sibling says, “My brother’s child” and a grandparent says “my grandchild”.

Though unidirectional descriptors are useful to help identify someone, each link is actually bidirectional, creating an edge between two individual nodes of identity:

At this point we must ask: does the node really define identity or is it the edges? The most complete answer is probably that an identity is defined by an aggregation of edges sufficient to identify within the current graph context: “Joshua, who is filially linked with Mary, who is filially linked with Anna.”

Relational Edge Keys

We can model the interconnectedness of edge-based relationships in an identity system by using Schnorr-based aggregatable multisig systems that support Multi-Party Computing (MPC), such as MuSig2 or FROST (see the Appendix in the next article for more on the technology and the differences between the two systems). Schnorr-based systems are an excellent match for edge identity because their peer-based key construction technique matches the peer-based model of an identity graph: two users come together to create a joint private key.

To create a relational edge key, the two identities (nodes) connected by an edge each generate a private commitment. These commitments are combined in a cryptographic ceremony to form the edge’s private key. The associated public key then effectively becomes an identifier for this two-person group, indiscernible from a single user’s public key thanks to Schnorr.

Leveraging the Multi-Party Computation (MPC) of MuSig2 or FROST allows for the creation of a private key that doesn’t exist on a single device. It exists only in a distributed cryptographic construct, colloquially called a “fog”. Through unanimous consent, users can use this “fog” to sign collectively, allowing (even requiring) joint agreement for joint actions.

This relational-edge identity model begins to resolve the issues with current self-sovereign identity models by recognizing identity as being about more than just a single self-sovereign person. It also offers substantial benefits including better security, trust, resilience, and verification due to full keys existing only in this distributed cryptographic “fog”. Finally, it allows relationships to dynamically grow and change over time through the addition or removal of edges in a graph.

Clique Identity

Edge identity is just the first step in creating a new model for identity that recognizes tthat personal digital identity is founded in relationships. The next step is to expand pairwise relationships by forming a clique, specifically a triadic clique.

A clique in graph theory is “a fully connected subgraph where every node is adjacent to every other node.” Thus, in a complete graph, no node remains isolated; each is an integral part of an interconnected network. This concept is core to understanding the transition from simple pairwise relationships to more complex, interconnected group dynamics.

In our example, there is an obvious triadic clique: the nuclear family of Mary, Bob, and Joshua.

Remember that the term “nuclear family” comes from the word “nucleus”.That’s a great metaphor for a tight, strongly connected group of this type. A triadic clique fosters strong social cohesion and supports a robust, tightly-knit network.

Cryptographically, we form a triadic clique by generating a relational edge key for each pair of participants in the group. This represents the pair’s joint decision-making capability. Once these pairwise connections are in place, the trio of edges participates in a cryptographic ceremony to create a shared private key for the whole group, which in turn creates a clique identifier: the public key. This identifier represents not just an individual or a pair but the collective identity of the entire triadic group (and, once more, their decision-making capability).

Although my examples so far suggest that nodes in a clique are all people, that doesn’t have to be the case: I’ll talk about cliques of devices as one of three variations of this basic formula in my next article.

Why Cliques of Edges?

As noted, a clique is formed by the pairwise edges jointly creating a key, not by the original participants doing so. There are a number of advantages to this.

Most importantly, it builds on the concept of identity being formed by relationships. Call it the Relationship Signature Paradigm (or the Edge Signature Paradigm). We’re saying that a group is defined not by the individuals, but by the relationships between the individuals. This is a powerful new concept that has applicability at all levels of identity work.

Individually, we might use the Relationship Signature Paradigm to create an individual identity based on edge-based relationships. My relationship to my friends, my relationship to my company, my relationship to my coworkers, my verifiable credentials (which are themselves relationships between myself and other entities), and my relationship to my published works together define the “clique” that is me. Crucially, this identity is built upon the relationship with other participants, not the participants themselves.

At a higher-level, we can also use this paradigm to form a clique of cliques, where each member is not a participant or even an edge, but instead a clique itself! Because we already recognized cliques as being formed by relational groups when we defined a first-order clique as a collection of edges, we can similarly define a clique as a collection of cliques (or even a collection of edges and cliques), creating a fully recursive paradigm for identity.

There is one clique-based design where the Relationship Signature Paradigm can’t be used: fuzzy cliques, which is another variation of clique identity. But more on that in the next article.

Higher Order Graphs

There is no reason to limit cryptographic cliques to three edges. However, the larger the group is, the harder it is to close the graph: as the number of nodes (n) in a clique increases, the number of edges grows following the formula (n*n-1)/2, which is the number of unique edges possible between n nodes.

A “4-Clique” (or K4), for example, is a complete graph comprising 4 nodes, where each node is interconnected with every other node, resulting in a total of (4*3)/2 = 6 edges.

This pattern continues with larger cliques:

K5 = (5*4)/2 = 10 edges; K6 = (6*5)/2 = 15 edges; K7 = (7*6)/2 = 21 edges; etc.

In practice, as the number of nodes in a clique increases, the complexity of forming and maintaining these fully connected networks also escalates: each additional connection requires its own key-creation ceremony with every existing member of the graph.

Complete graphs, or closed cliques, have valuable applications across various disciplines, from computer science to anthropology, but they aren’t the only solution for cryptographic cliques. I’ll talk more about the alternative of open cliques as another variation of the clique identity model in my follow-up article next week.

Conclusion

The Single Signature Paradigm has been at the heart of the digital world since the start. It’s always had its limitations, but those limitations are growing even more problematic with the rise of digital identity.

Relational edge keys and closed cliques offer a next step, modeling how identity is actually based on relationships and that many social decisions are made through the edges defined by those relationships.

Other advantages of using clique-based keys and identities include:

Decentralized Identity Management. Peer-based edge and clique identifiers are created collaboratively, bypassing third-party involvement, thus supporting self-sovereign control and improving anonymity. Identity Validation. Peer-based identifiers help to authenticate social identities, creating trust. Resilience Against Single Points of Failure: Distributing control among multiple parties in a clique guards against single points of failure. Secure Group Decision Making. Relations or groups can securely and irrevocably made decisions together. Enhanced Privacy in Group Interactions. Aggregatable Schnorr-based signatures keep the identities of the members of a relationship or a clique private.

Cliques can be quite useful for a number of specific fields:

Blockchains. The use of aggregatable signatures creates smaller transactions on blockchains. Collaborative Projects. Collaborative projects and joint ventures can use clique keys to authenticate shared resource usage and other decisions. Financial Fields. Dual-key control is often required in financial fields, and that’s an implicit element of relational edge keys. Internet of Things (IoT) & Other Smart Networks. Relational edge keys can ensure secure and efficient communication among diverse devices that have paired together. Medicine & Other Sensitive Data. When data is sensitive, cliques can ensure all parties have agreed to the data sharing terms, maintaining both security and collaboration integrity.

By leveraging cryptographic cliques for group identification and decision-making, we open a wide array of opportunities. These are just the beginning: open cliques, fuzzy cliques, and cliques of devices can offer even more opportunities, as I discuss in my next article in this series (which also talks a little bit about the cryptography behind this).

Public review ends November 7th

OASIS and the Energy Interoperability TC are pleased to announce that Energy Interoperation Common Transactive Services (CTS) Version 1.0 is now available for public review and comment. 

Common Transactive Services (CTS) permits energy consumers and producers to interact through energy markets by simplifying actor interaction with any market. CTS is a streamlined and simplified profile of the OASIS Energy Interoperation (EI) specification, which describes an information and communication model to coordinate the exchange of energy between any two Parties that consume or supply energy, such as energy suppliers and customers, markets and service providers.

The documents and all related files are available here:

Energy Interoperation Common Transactive Services (CTS) Version 1.0
Committee Specification Draft 04
09 September 2024

Editable Source: https://docs.oasis-open.org/energyinterop/ei-cts/v1.0/csd04/ei-cts-v1.0-csd04.pdf (Authoritative) 

HTML: https://docs.oasis-open.org/energyinterop/ei-cts/v1.0/csd04/ei-cts-v1.0-csd04.html

DOCX: https://docs.oasis-open.org/energyinterop/ei-cts/v1.0/csd04/ei-cts-v1.0-csd04.docx

For your convenience, OASIS provides a complete package of the specification document and any related files in a ZIP distribution file. You can download the ZIP file at:  

https://docs.oasis-open.org/energyinterop/ei-cts/v1.0/csd04/ei-cts-v1.0-csd04.zip

How to Provide Feedback

OASIS and the Energy Interoperability TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

The public review starts October 7, 2024 at 00:00 UTC and ends November 7, 2024 at 23:59 UTC.

Comments from TC members should be sent directly to the TC’s mailing list. Comments may be submitted to the project by any other person through the use of the project’s Comment Facility: https://groups.oasis-open.org/communities/community-home?CommunityKey=70a647c6-d0e6-434c-8b30-018dce25fd35

Comments submitted for this work by non-members are publicly archived and can be viewed by using the link above and clicking the “Discussions” tab.

Please note, you must log in or create a free account to see the material. Please contact the TC Administrator (tc-admin@oasis-open.org) if you have any questions regarding how to submit a comment.

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification. 

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the Energy Interoperability TC’s can be found at the TC’s public home page: https://www.oasis-open.org/committees/energyinterop/

Additional references:

[1] https://www.oasis-open.org/policies-guidelines/ipr/

[2] https://www.oasis-open.org/committees/energyinterop/ipr.php

The post Invitation to Comment – Energy Interop (CTS) Version 1.0 appeared first on OASIS Open.

The OpenID Connect Final specification was launched on February 26, 2014 with a vision of increased security, privacy, and usability on the internet. Ten years after that publication, we are delighted to announce that 9 OpenID Connect specifications are now published as ISO/IEC standards.

ISO/IEC 26131:2024 — Information technology — OpenID connect — OpenID connect core 1.0 incorporating errata set 2 ISO/IEC 26132:2024 — Information technology — OpenID connect — OpenID connect discovery 1.0 incorporating errata set 2 ISO/IEC 26133:2024 — Information technology — OpenID connect — OpenID connect dynamic client registration 1.0 incorporating errata set 2 ISO/IEC 26134:2024 — Information technology — OpenID connect — OpenID connect RP-initiated logout 1.0 ISO/IEC 26135:2024 — Information technology — OpenID connect — OpenID connect session management 1.0 ISO/IEC 26136:2024 — Information technology — OpenID connect — OpenID connect front-channel logout 1.0 ISO/IEC 26137:2024 — Information technology — OpenID connect — OpenID connect back-channel logout 1.0 incorporating errata set 1 ISO/IEC 26138:2024 — Information technology — OpenID connect — OAuth 2.0 multiple response type encoding practices ISO/IEC 26139:2024 — Information technology — OpenID connect — OAuth 2.0 form post response mode

We would like to thank the AB/Connect Working Group for their tireless efforts building and maintaining this family of specifications, including the process of applying errata corrections to the specifications, so that the ISO versions would have all known corrections incorporated. 

OpenID Connect has been used by millions of developers and deployed in billions of applications worldwide. Publication by ISO as a Publicly Available Specifications (PAS) will enable even broader global adoption by enabling deployments within ecosystems and jurisdictions that require the use of specifications from standards bodies recognized by international treaties (such as ISO).

The OpenID Foundation remains committed to helping people assert their identities wherever they choose – and to do so by building identity standards that are secure, interoperable, and privacy-preserving. For the benefit of individual and ecosystem security all over the world, OIDF will soon follow this same process with other specification families. These include the FAPI 1.0 and eKYC-IDA specifications, and once they’re final, the  FAPI 2.0 specifications.

Many thanks to all of OIDF spec authors, implementers, members, and contributors who have ensured the success of OpenID Connect over the last 10 years!

About the OpenID Foundation The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate.   Find out more at openid.net.

The post 10 Years On: OpenID Connect Published as an ISO/IEC Spec first appeared on OpenID Foundation.

CAP Standard Has Transformed Emergency Communication and Continues to Save Lives

Boston, MA – 7 October 2024 – This month marks the 20th anniversary of the Common Alerting Protocol (CAP) being established as an OASIS Open Standard. CAP, part of the EDXL suite of standards, provides an open, non-proprietary message format for delivering all-hazard alerts and notifications. Over the past two decades, CAP has become a model of global collaboration and a fundamental component of emergency communications systems worldwide. Its use across multiple platforms has helped save countless lives through timely, reliable messaging. Today, 87% of the world’s population lives in a country with at least one national-level CAP news feed for emergency notifications. 

CAP enables a consistent message to be disseminated simultaneously over a variety of communication pathways, including radio, television, mobile phones, emails, and other media. This all-hazards, all-media format ensures that critical alerts (e.g., weather events, earthquakes, tsunami, volcanoes, public health crises, power outages, fires, child abductions, and more) reach the public swiftly and efficiently, regardless of the medium.

“As we celebrate 20 years of CAP, I’m incredibly proud that it has become the backbone of emergency communication worldwide, recognized by the UN as the standard for the Early Warnings for All program. The success of CAP is a testament to the dedication and collaboration of so many over the years, and I extend my sincere thanks to everyone who has played a part in making it the global standard it is today,” said Elysa Jones, chair of the OASIS Emergency Management Technical Committee (EMTC). “CAP’s ability to deliver consistent, interoperable alerts through multiple channels has made it indispensable for disaster management. We’ll continue to evolve CAP to ensure it serves communities in need.”

The CAP community will commemorate this significant anniversary milestone at the CAP Implementation Workshop from 22-24 October in Leuven, Belgium. OASIS is a co-sponsor of the event, which will focus on the use of CAP and its consistent use throughout the world. OASIS and the EMTC will continue to work with nations and organizations to explore future advancements in global emergency alerting.

The fundamental need for CAP was identified by the Partnership for Public Warning (PPW) in response to the 9/11 attacks when there was no consistent method for informing the nation. The 2004 Indian Ocean tsunami highlighted the urgent need for improved emergency alert communication across the globe. With the support of Eliot Christian, longtime CAP advocate and former chief architect of the World Meteorological Organization (WMO) Information System (WIS), and Elysa Jones, chair of the OASIS EMTC, along with EMTC members, CAP was officially adopted by the International Telecommunications Union (ITU) in 2007 as ITU-T Recommendation X.1303. Since then, many international organizations like the WMO, the International Federation of Red Cross and Red Crescent Societies (IFRC), and the United Nations Office for Disaster Risk Reduction (UNDRR) have embraced CAP as an essential standard for emergency alerting. In 2021, the Call to Action on Emergency Alerting set a goal to achieve 100% CAP implementation by 2025, an initiative that has since been integrated into the UN’s Early Warnings for All initiative. 

OASIS and its partners are committed to increasing global CAP adoption. Participation in the EM TC is open to all through membership in OASIS, with interested parties encouraged to join and contribute to shaping the future of alerting. To get involved in the TC, visit www.oasis-open.org/join-a-tc. 

The post OASIS Celebrates 20th Anniversary of Common Alerting Protocol, Global Standard for Alerts and Warnings appeared first on OASIS Open.

DIF is proud to introduce Vidos as a Silver sponsor of the DIF 2024 Hackathon! Vidos Hackathon challenges tackle real world challenges of transforming the recruitment process and streamlining access to digital services using Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs)

About Vidos

Vidos’s mission is to empower a digital evolution that prioritizes user centric control of identity, data, and communications. By providing tools for builders and services for enterprises, Vidos makes it easy for organizations across finance, education, legal, and travel & hospitality sectors (and beyond) to work with digital identity and verifiable credential services.

Two Challenges, Limitless Innovation

This year, Vidos is presenting two challenges that highlight the practical applications of DIDs and VCs in recruitment and reusable identity:

Challenge 1: Employer Portal Using DIDs and VCs: Imagine a world where recruiters can instantly verify candidate qualifications, automate onboarding processes, and even personalize training programs using verifiable credentials. This challenge invites you to build an "employer portal" that leverages DIDs and VCs to create a seamless and secure experience for both recruiters and candidates.

Example use cases include:

● Matching candidates to job openings based on verified skills and qualifications

● Automating the verification of educational and professional credentials

● Creating a marketplace for qualification issuers and recruitment agencies

Prizes for this challenge total $2,250 with additional social promotion opportunities!

Challenge 2: VC Interoperability: This challenge tackles the power of reusable identity. Build a solution that demonstrates how a single VC, such as a passport, can be used for various purposes, including age verification and travel authorization. By showcasing the interoperability of VCs across different issuers and scenarios, you'll be at the forefront of shaping a future where individuals have more control over their data and how it's used.

An example use case could be use of a travel document such as passport or mobile drivers license for both travel and age-gated entry to an online service.

Prizes for this challenge total $2,250 with additional social promotion opportunities!

A Word from Vidos

”The DIF 2024 Hackathon is an exciting opportunity for builders to create practical, user-centric solutions with decentralized identity. At Vidos, we're sponsoring challenges focused on real-world adoption in recruitment, travel, and digital services. We believe DIDs and VCs transform how businesses can handle identity verification and data sharing, putting more control in the hands of individuals. Our goal is to inspire developers to build tools that organizations can implement today, driving adoption of decentralized identity while enhancing user privacy and control.” said Tim Boeckmann, CEO of Vidos.

Why Build with Vidos? Real-World Impact: Vidos’s challenges are designed to address real-world problems faced by the recruitment and travel industry for digital service providers. Industry Exposure: As an active member of the decentralized identity space, Vidos is offering participants the chance to showcase their skills and gain valuable exposure to potential employers and partners. Cutting-Edge Technology: Work with the Vidos tech stack and tools from our partner network to build innovative solutions that push the boundaries of decentralized identity. Expert Mentorship: Participants will have access to Vidos's team of mentors for guidance and support throughout the hackathon. DIF's Executive Director on Vidos’s Participation

Kim Duffy, Executive Director of DIF, shares her excitement about Vidos' participation:

"Vidos' challenges for the DIF 2024 Hackathon showcase how decentralized identity can tackle real-world issues and create a more equitable digital future. By focusing on revolutionizing recruitment and enabling reusable identity, we're opening doors to increased economic mobility and fairer access to opportunities. I'm excited to see how participants will use DIDs and VCs to transform identity verification and data sharing in professional settings, potentially making the job market more accessible and inclusive for all."

Ready to get started?

Explore Vidos Digital Identity Hack Pack for resources, tools, and inspiration Join the conversation on the DIF Hackathon Discord server Register for Vidos' information session Read the details of Vidos’ challenge: Employer Portal using DIDs and VCs VC Interoperability Visit Vidos website to learn more about Vidos and their vision for the future of identity

Don't miss this opportunity to work with cutting-edge decentralized identity technology and make a real impact on the future of recruitment and digital identity!

The Human Colossus Foundation (HCF) was honored to participate in the Global Digital Public Infrastructure (DPI) Summit in Cairo, under the auspices of H.E. President Abdel Fattah El-Sisi, President of The Arab Republic of Egypt.

The Global Digital Public Infrastructure (DPI) Summit in Cairo was the world's first summit dedicated to DPI. Bringing together a diverse ecosystem of experts. The summit featured insightful keynotes, engaging discussions, and practical focus panels where participants shared real-world DPI implementation experiences. Success stories spanned across national digital identity, payments, government services, and data exchange initiatives. However, discussions highlighted challenges, particularly in cross-governance data exchange and the interoperability layer, signaling a need for improved solutions to ensure a seamless DPI ecosystem across sectors and borders.

At the summit, discussions emphasized the need to start thinking about implementation of DPI, beyond service oriented use cases such as finance, public services, and governance. These sectors have benefited from DPI adoption, but as noted during the summit, there remains much work to do in improving its application across industries.

One of the key discussions revolved around the evolution of DPI. First iteration of DPI  provided the initial frameworks for public digital infrastructure, focusing on secure and efficient digital services. However, the future version promises to shift the focus towards interoperability, with a higher emphasis on connecting different systems and ensuring they work together seamlessly. This is a critical development as governments and organizations look to build more integrated, accessible, and collaborative infrastructures. This trend is welcomed by HCF as it goes in the direction the Foundation has been promoting since its creation in 2020, a total interoperability within and across ecosystems.

Data exchange was a recurring theme during the event.In particular, the necessity of cross  borders governance frameworks was raised and discussed. While there has been much progress within individual countries or regions, many experts admitted that the global community still lacks a clear pathway to enable effective cross-governance data exchange. The complexities of regulatory frameworks, governance structures, and varying legal standards pose significant challenges. At present, there seems to be no clear consensus on how to tackle this issue, highlighting the urgent need for collaborative innovation. HCF witness these complexities in the projects we are involved (see Governance Periscope blog post of Sep.16). There is not one single digital governance framework that will capture the world’s diversity. 

HCF was pleased to see a strong emphasis on inclusion and the need for vendor-agnostic solutions, ensuring that digital public infrastructure is accessible to all, regardless of geography or socio-economic status. This aligns with HCF’s mission of building decentralized, scalable infrastructure that works for everyone, not just for those in advanced economies or within specific vendor ecosystems.

HCF’s vision for a digital infrastructure that scales horizontally was widely accepted at the summit. The need for a common infrastructure that can be applied across various industries and sectors was highlighted as critical for the next phase of DPI development. This closely aligns with HCF's work, which focuses on enabling cross-sector digital infrastructure that is decentralized, scalable, and interoperable.

The first DPI summit was a great success, setting the stage for the continued development of global digital public infrastructures. The next DPI Summit is scheduled for November 4-6, 2025, and it promises to build on the momentum from Cairo, with even more insights and innovations expected to emerge. 

HCF is excited to continue contributing to these important discussions, helping shape the global DPI ecosystem and ensuring that it meets the needs of people across all sectors and regions.

In conclusion, the Global DPI Summit in Cairo highlighted the critical role DPI will play in shaping the future digital economy, and HCF’s work in decentralized infrastructure aligns perfectly with this vision. We look forward to further collaborations and innovations in the years to come.

The internet isn’t dying. It’s already dead, taken over by bots and AI. Let’s bring it back to life for real people. The internet in the early days was a boundless frontier teeming with human connection, creativity, and unfiltered authenticity. It was a place where communities blossomed around shared interests, where originality thrived, and every voice could find an audience.

Today, that vibrant space is less than 50% of the internet. We’ve drifted into an era where bots outnumber real users, corporate algorithms dictate our experiences, and genuine human interaction is suffocated under increasing layers of automation. The essence of the internet—that which made it a rebellious tool for unity and expression—is fading away.

The transformation didn’t happen overnight. Slowly but surely, the internet morphed into a sterile version of itself—a curated environment dominated by corporate interests and government oversight. The organic growth of communities gave way to controlled ecosystems where user engagement is meticulously engineered. Social media platforms, once the epicenters of human interaction, have become echo chambers filled with recycled content, inflammatory bias, and automated posts.

Recent studies suggest that bots and automated accounts now constitute 49.6% of overall web traffic, and 65% of these bots are malicious.  On platforms like Twitter, it’s estimated that bots make up around 15% of all accounts. These automated participants flood timelines with repetitive messages, manipulate trending topics, and distort public discourse. They create a dense fog that obscures the line between genuine human expression and automated noise. The fakery is gross and superficial.

The corporate control of the internet extends beyond social media. Search engines, content platforms, and even news outlets are influenced by algorithms designed to maximize profit and personal agendas, often at the expense of user experience. Personalized ads follow us relentlessly, and content is filtered through the lens of what will keep us clicking, not what informs or enriches us. This has led to a fundamental erosion of trust.

Users are either hypnotized or increasingly skeptical of the content they consume, unsure whether it’s genuine or manipulated. Fake news proliferates, and the ability to engage in open, honest dialogue diminishes. The internet, once a tool for enlightenment, has become a battlefield of misinformation. However, the core purpose of blockchain technology is to reinstate trust, and new layers are forming.

Elastos is a decentralized internet designed to restore digital sovereignty to individuals. Unlike the current internet, which relies on centralized servers, Elastos uses blockchain technology and peer-to-peer networks to let users own their data and digital identities.

With Elastos, you have a digital shield protecting your online activities. Holding your own “freedom key”, you control your privacy and security in a new safe zone. Your data isn’t stored on corporate servers; it’s securely encrypted and accessible only by you and who you let in, verified using blockchain technology. This marks a significant shift in how we interact with the digital world.

Elastos creates a new digital commons—a decentralized platform where communities form organically without centralized gatekeepers. Developers can build decentralized applications (dApps) that operate securely and privately. Content creators can share work directly with audiences, free from algorithmic suppression or monetization schemes favouring platforms over individuals.

By decentralizing the internet’s infrastructure, Elastos frees users from the monopolistic grip of large tech companies. Users become active participants in a network valuing privacy, security, and autonomy. This change reclaims the internet as a safe space for genuine human connection and empowerment—a true rebirth of the authentic Internet.

Building on Elastos’ decentralized infrastructure, Elacity provides access control systems which allow owners, creators and communities to regain control over their digital environments. This platform fosters a rebirth of authenticity for direct interaction directly, securely, and profitably with audiences.

Elacity is more than a marketplace; it’s a blockchain-governed platform where everyones’ rights are safeguarded using tokenized rights in decentralized wallets, and where genuine engagement is rewarded. In its upcoming v2 release, anyone can create an Elacity channel—a special economic environment for communication. This marks a platform for a creative explosion!

Users can be independent, set up business models like “Buy Now” or “Subscribe” to their property, or establish token-gated access—for example, “hold 28 ELA to enter.” Users gain access only if they meet owners’ specific terms enforced through smart contracts, bringing privacy and trust back online. This mechanism also produces a blockchain-powered AI bot filter for this new internet layer.

Central to Elacity is non-custodial ownership. Creators retain full control over their digital assets, free to license, sell, or share without handing over ownership to intermediaries. Elacity functions as a world computer marketplace, a new economy for creativity powered by blockchain technology and smart contracts.

Elacity’s decentralized Digital Rights Management (dDRM) system lets you set terms for how your content is used and monetized. Transactions are secure, immediate, and transparent, eliminating delays typical of traditional platforms. This new era of creative empowerment extends beyond individual creators to community builders and social environments.

By removing intermediaries and implementing transparent systems, Elacity lays the foundation for a digital renaissance—an internet where creativity thrives and authenticity is celebrated, all whilst bots and corporate control is denied!

The internet is at a crossroads. We can either continue down a path of automation, corporate control, and detachment, or we can forge a new way forward—one in which individuals reclaim their digital sovereignty, creators flourish without intermediaries, and communities thrive through real, meaningful connections.

Take back control of your digital life. Explore Elastos and Elacity today, and become part of the movement to restore the internet to its rightful owners—you. Did you enjoy this article? Follow Infinity for the latest updates here!

 

New Jersey Community College Opportunity Summit

As a vital part of the higher education ecosystem, community colleges play a key role in responding to the economic, demographic, technological, social, and environmental shifts impacting New Jersey. To discuss these current challenges and the strategies for helping transform education to better support student success, the New Jersey Council of County Colleges (NJCCC) held their inaugural Opportunity Summit on June 11-13, 2024 in Atlantic City. Along with community college leaders, faculty, and staff, the Summit welcomed partners from high schools, college, universities, unions, community-based organizations, state and local government, and the public workforce system.

The three-day event focused on NJCCC’s Opportunity Agenda which is centered around equity, collaboration, opportunity, and innovation. “We’re in a time of rapid change and our colleges are working diligently to respond to these changes and keep on the cutting edge of helping more students earn degrees and credentials that will help them lead quality lives,” says Aaron R. Fichtner, Ph.D., President, New Jersey Council of County Colleges. “We felt it was important to bring colleges together to share insights and information, while also hearing from national thought leaders about the challenges many of us are confronting in higher education.”

Expanding Education and Workforce Partnerships
The first day of the Opportunity Summit focused on the Opportunity Agenda where state and national experts shared unique insights into navigating the evolving world of education. The second day was the NJ Pathways to Career Opportunities Summit and discussed ways to expand innovative education and workforce partnerships. In partnership with the New Jersey Business and Industry Association, the NJ Pathways to Career Opportunity Initiative has joined together government, industry, union, and education partners to build stackable education and training opportunities.

The third day highlighted the Community to Opportunity Initiative which provides holistic support to community college students and addresses food insecurity, childcare issues, and mental health and wellness. “This event was uniquely structured and offered the opportunity to attend one or two days or all three,” says Maria Heidkamp, Chief Innovation and Policy Officer, New Jersey Council of County Colleges. “We had five hundred attendees in total and many colleges had teams of five or six people representing different areas, including leadership, academic affairs, student services, data services, and workforce development. We heard through feedback that they appreciated being able to come to one conference together and participate as a team.”

“The lunch panel, Serving New Jersey’s Justice-Impacted Individuals, discussed the work that our colleges are doing to serve justice-impacted student. Governor McGreevy was a part of this session and the presentation had many great speakers and inspiring moments. It highlighted three amazing programs that are helping individuals who are either in prison or are on probation and giving them opportunities to succeed.”

— Aaron R. Fichtner, Ph.D.
President, New Jersey Council of County Colleges

Building Pathways to Equity and Economic Prosperity
New Jersey’s community colleges continue to help a diverse group of students achieve their academic goals and have worked within their organization and collectively with other institutions to expand instruction, build partnerships with high schools, four-year colleges and universities, nonprofits, and businesses; and improve student outcomes. To meet this core mission and effectively address equity challenges, community colleges within the state have committed to following four action pillars outlined in the Opportunity Agenda. Dr. Fichtner explored these pillars with Summit attendees and how these collective priorities can help promote equitable academic, social, and economic mobility for the greater community:

Pillar 1: Helping all high school students access pathways to postsecondary and career success. Strategies include ensuring all high school students have the opportunity to earn at least six college credits while in high school and understand their options for further education and a career.

Pillar 2: Fostering student success and completion in postsecondary education and training. To achieve this mission, there is a commitment to make community college tuition-free through an expansion of the Community College Opportunity Grant (CCOG) program. There is also a drive to invest in a statewide student success initiative targeting low-income and underrepresented students, student parents, justice-impacted students, students with disabilities, veterans, and others.

Pillar 3: Building transparent, seamless, and stackable pathways that respond to the changing economy. In collaboration with four-year institutions, state leaders, and technologists, New Jersey community colleges aim to revitalize general education and address the implications of AI for students, staff, and faculty. Strategies also include ensuring all students can complete paid internship work experience, embedding workforce credentials in community college programs, and building statewide and regional pathways connecting students to credentials, degrees, and lifelong learning.

Pillar 4: Helping adults attain the credentials they need for career mobility and labor market success. To achieve this goal, strategies include funding noncredit programs for low-income students and developing a consistent, statewide approach to Credit for Prior Learning (CPL)/Prior Learning Assessment (PLA).

“The Opportunity Agenda was released publicly in March, and we were able to do a larger public rollout at the Summit,” says Fichtner. “To get the buy-in and support of all eighteen community colleges in New Jersey, it took several months of discussion around which pillars to select,” adds Heidkamp. “We reached a consensus around these action pillars and the strategies that support them. The community recognizes that technology is advancing and what that means for the workforce. Colleges are also identifying that there are large equity gaps. The point of the Agenda is to build upon the current momentum happening within community colleges around holistic student support and workforce development and determine how we can capitalize on what is already underway to shape our focus going forward.”

Fichtner adds, “We’re making a series of bold efforts to help our eighteen community colleges continue to make strides in equity, access, and success. Each pillar iIs part of a broader strategy and we want to empower institutions as they innovate and evolve to meet the rapidly-changing world that we live in.”

In addition to sharing details of the Opportunity Agenda, day one of the Summit included the session, Amid AI Revolution: Opportunities for Community College Innovation, presented by Dave Cole, Chief Innovation Officer, State of New Jersey, and Developing Community College AI Programs: Lessons from an AI Pioneer on Equity, Academics, Industry Partnerships, and Degrees, presented by Dr. Madeline Burillo-Hopkins, Vice Chancellor Workforce Instruction and President Southwest College, Houston Community College.

Expanding Innovative Education and Workforce Partnerships
The second day kicked off with a breakout session, Reckoning with Relevance: 2024 State of the Sector, led by Dr. Tara Zirkel, Director, Strategic Research, EAB, followed by The Success of the New Jersey Pathways to Career Opportunities Initiative, presented by Dr. Michael McDonough, President, Raritan Valley Community College, and Catherine Starghill, Esq., Vice President, New Jersey Council of County Colleges and Executive Director, New Jersey Community College Consortium for Workforce and Economic Development. “Day one invited nationally known speakers who spoke on very timely and important topics,” says Heidkamp. “Day two was a mix of national speakers and presenters who highlighted some of the workforce projects going on at our colleges.”

Additional sessions included Education Pathways and The Future of Work presented by Charlotte Cahill, Associate Vice President, Education, Jobs for the Future, and Industry and Pathways: The Intersection of Education and Workforce Development, led by Amanda Winters, Program Director, Post-Secondary Education, National Governors Association; Keith Witham, Vice President of Education Philanthropy, Ascendium Education; and Paul Fain (Moderator), Journalist, Work Shift and The Job, and The Cusp Podcast. The afternoon session, New Jersey Pathways to Career Opportunities: Centers of Workforce Innovation Highlights, included representation from a variety of industries, including aseptic processing and biomanufacturing, film and television production, esports production, and robotics and automation.

“This event was uniquely structured and offered the opportunity to attend one or two days or all three. We had five hundred attendees in total and many colleges had teams of five or six people representing different areas, including leadership, academic affairs, student services, data services, and workforce development. We heard through feedback that they appreciated being able to come to one conference together and participate as
a team.”

— Maria Heidkamp
Chief Innovation and Policy Officer, New Jersey Council of County Colleges.

Expanding Innovative Education and Workforce Partnerships
The second day kicked off with a breakout session, Reckoning with Relevance: 2024 State of the Sector, led by Dr. Tara Zirkel, Director, Strategic Research, EAB, followed by The Success of the New Jersey Pathways to Career Opportunities Initiative, presented by Dr. Michael McDonough, President, Raritan Valley Community College, and Catherine Starghill, Esq., Vice President, New Jersey Council of County Colleges and Executive Director, New Jersey Community College Consortium for Workforce and Economic Development. “Day one invited nationally known speakers who spoke on very timely and important topics,” says Heidkamp. “Day two was a mix of national speakers and presenters who highlighted some of the workforce projects going on at our colleges.”

Additional sessions included Education Pathways and The Future of Work presented by Charlotte Cahill, Associate Vice President, Education, Jobs for the Future, and Industry and Pathways: The Intersection of Education and Workforce Development, led by Amanda Winters, Program Director, Post-Secondary Education, National Governors Association; Keith Witham, Vice President of Education Philanthropy, Ascendium Education; and Paul Fain (Moderator), Journalist, Work Shift and The Job, and The Cusp Podcast. The afternoon session, New Jersey Pathways to Career Opportunities: Centers of Workforce Innovation Highlights, included representation from a variety of industries, including aseptic processing and biomanufacturing, film and television production, esports production, and robotics and automation.

Holistic Student Supports
Day three of the Opportunity Summit explored a variety of topics, including enhancing institutional access through online learning, transforming the local workforce ecosystem, and flexible work arrangements. Attendees could also learn more about AI in teaching, integrating grant offices into finance and procurement, and SNAP employment and training. “After sending out a request for presentations, we added sessions to the Summit agenda by a selection committee,” explains Linda Scherr, Chief Academic Officer, New Jersey Council of County Colleges. “Along with invited keynotes and plenary sessions, we wanted to give faculty and staff within the community an opportunity to share best practices and insights with their peers. It was a great blend of topics and presenters and led to unique collaborations that may not have been previously possible.”

Heidkamp adds, “Along with giving us an opportunity to officially kick off the Opportunity Agenda, this event allowed us to connect with several organizations we hope to partner with moving forward. Many are social justice groups, like the New Jersey Institute for Social Justice and the United Way. We also had business groups, like the Statewide Hispanic Chamber, the New Jersey Business and Industry Association, and the Council on Humanities. These are all partners that are reflected in the four pillars and we look forward to joining forces and creating a stakeholder group who can help move the needle in a positive direction.”

“We see students at many different stages of their lives. They may come to community college for one goal, and then come back later for further career development. We want to be their partner for life and be an anchor institution for our communities. A conference like the Opportunity Summit allows us to showcase this mission and identify how we can work together in a coordinated fashion to help students gain the knowledge and skills necessary to make an impact in the workforce.” 

— Linda Scherr
Chief Academic Officer, New Jersey Council of County Colleges

Memorable Event Highlights
Throughout the Summit and the Holistic Student Supports Convening, national and state thought leaders shared their perspectives on key issues facing higher education and how all organizations can work together to ensure students and workers are prepared to thrive in an innovative economy. “There were so many great moments throughout the three-day event,” reflects Fichtner. “I really enjoyed Dr. Chauncy Lennon’s presentation, Pathways: Equity and Access to High Quality Industry Credentials and Associate Degrees. He did an excellent job framing where we are in higher education and our society and what actions we will need to take going forward.”

“The lunch panel, Serving New Jersey’s Justice-Impacted Individuals, discussed the work that our colleges are doing to serve justice-impacted students,” continues Fichtner. “Governor McGreevy was a part of this session and the presentation had many great speakers and inspiring moments. It highlighted three amazing programs that are helping individuals who are either in prison or are on probation and giving them opportunities to succeed.”

The session, Developing Community College AI Programs: Lessons from an AI Pioneer on Equity, Academics, Industry Partnerships, and Degrees, led by Dr. Madeline Burillo-Hopkins, Vice Chancellor, Workforce Instruction and President Southwest College, Houston Community College, was among Heidkamp’s favorites of day one. “Dr. Burillo-Hopkins has helped lead the efforts at her college to develop AI associate degrees, as well as bachelor’s degrees in AI and robotics. She was very energetic and passionate about the subject and encouraged attendees to embrace this rapidly growing trend.”

Putting on such an event involves a great deal of planning and moving parts, but overall NJCCC feels it was a great success. “I think we were able to maximize the range of topics and engage people across many issues,” shares Heidkamp. “We continue to receive tremendously positive feedback and there is already momentum and encouragement to prepare for next year.” Fichtner adds, “From our conversations with college presidents and leaders, there was a real excitement about being together with colleagues from across the state. Many community colleges said they appreciated having an opportunity for their teams to spend time together off campus and listen to national experts and partners explore different topics that are pertinent to everyone in the education space.”

The Important Role of Community Colleges
Community college graduates play a vital role in the success of the state’s key industries, including manufacturing, technology, health care, education, and renewable energy. “NJCCC serves 240,000 students, where half of all undergraduate students in public higher education and forty percent of all college students in New Jersey are at a community college,” says Fichtner. “Our colleges are comprehensive institutions that serve a wide variety of purposes and help people advance their lives and gain family-supporting careers. We want to make sure that everybody in our community has opportunities, which is where our relentless focus on equity comes into play. We also place priority on helping high school students earn college credit and become inspired to continue their journey after graduation.”

“We see students at many different stages of their lives,” adds Scherr. “They may come to community college for one goal, and then come back later for further career development. We want to be their partner for life and be an anchor institution for our communities. A conference like the Opportunity Summit allows us to showcase this mission and identify how we can work together in a coordinated fashion to help students gain the knowledge and skills necessary to make an impact in the workforce.”

Heidkamp says businesses are increasingly turning to community colleges to be their academic and workforce partners. “The value of community colleges continues to gain recognition and we’ve done a great deal in recent months to show the important role these institutions play in New Jersey. Historically, there was some stigma attached to community colleges, but thankfully, that viewpoint is changing and more people are recognizing the unique service they can provide in creating a skilled workforce, advancing the state’s innovation economy, and enriching the community for all.”

To learn more about the NJCCC’s vision, initiatives, and upcoming events, visit njcommunitycolleges.org.

View Article in View From The Edge Magazine »

The post Building Pathways to Equity and Economic Prosperity appeared first on NJEdge Inc.

By Erin Miller, Hector Falcon, and Joel Francis, Space ISAC

As space operations become increasingly complex, the need for effective threat intelligence sharing is more crucial than ever. The increase in data transmission across space networks brings both opportunities and heightened risks, as cyber threats increasingly target critical space infrastructure. Protecting these assets demands a coordinated and proactive approach to threat intelligence sharing. To address this, the OASIS global standards body is working with Space ISAC to form the Space Automated Threat Intelligence Sharing (SATIS) Technical Committee (TC). The group will formally launch on Oct 9, but initial members include NSA, Northrup Grumman, Cyware, MITRE, Peraton, and Carnegie Mellon University. SATIS will build on existing frameworks like Structured Threat Information Expression (STIX) and Trusted Automated eXchange of Intelligence Information (TAXII) to help secure space operations against evolving threats…

Read more here.

The post Advancing Cybersecurity in Space at OASIS appeared first on OASIS Open.

The OpenID Foundation membership has approved the following three OpenID Connect for Identity Assurance specifications as an OpenID Final Specifications:   OpenID Identity Assurance Schema Definition 1.0 – https://openid.net/specs/openid-ida-verified-claims-1_0-final.html OpenID Connect for Identity Assurance Claims Registration 1.0 – https://openid.net/specs/openid-connect-4-ida-claims-1_0-final.html OpenID Connect for Identity Assurance 1.0 – https://openid.net/specs/openid-connect-4-identity-assurance-1_0-final.html   A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. These Final Specifications are products of the eKYC & IDA Working Group.   The voting results were: Approve – 89 votes Object – 0 votes Abstain – 18 votes   Total votes: 107 (out of 402 members = 26% > 20% quorum requirement)    Marie Jordan – OpenID Foundation Secretary

The post Three OpenID Connect for Identity Assurance Final Specifications Approved first appeared on OpenID Foundation.

Imagine standing at the base of a mountain, watching an unstoppable avalanche of debt cascading towards you. This is the precarious situation the global economy faces today. National debts are accumulating at unprecedented rates. In the United States, the national debt crossed $35 trillion in July 2024, a staggering figure that took 200 years to reach $1 trillion but now grows by $1 trillion every three months. Unchecked inflation acts as the silent thief, eroding the value of our hard-earned money. The dollar has lost at least 25% of its value in the past four years due to inflation and interest rate hikes.

Families worldwide are grappling with rising living costs as their savings lose value, and the dream of financial security slips further out of reach. The combined market capitalization of major tech companies like Apple, Microsoft, NVIDIA, Google, Meta, and Tesla stands at $14 trillion—less than 10% of the $175.3 trillion owed by the U.S. government when including entitlements like Social Security and Medicare. Influential figures like Elon Musk and Ray Dalio foresee a sovereign debt crisis worse than the 2008 financial meltdown, however, this time it’s a melt-up as currencies are destroyed to prop up a failing system and wealth is wiped globally.

The urgency of the situation cannot be overstated. The escalating debt isn’t just an economic threat; it’s a debt as a precursor to conflict. History has shown that severe economic instability often leads to social unrest, political polarization, and even geopolitical conflicts. The Federal Reserve made more emergency loans in 2023 than during the 2008 financial crisis, indicating the severity of the current financial stress. The world is witnessing increasing finger-pointing and blame, creating fertile ground for division and discord.

The debt crisis isn’t just about numbers; it’s a deep generational theft burdening our youth with debts they didn’t create. No political election or administration can pay off the worlds $305 trillion debt; only extensive use of the printing press can temporarily address it. Young people are entering a world where opportunities are scarce, unable to buy homes or start families—a loss of future prospects and generational equality. This unfair burden diminishes their hopes for a stable and prosperous life.

This atmosphere has given rise to a populism trap, where charismatic leaders offer simplistic solutions to complex problems. They capitalize on public discontent, exacerbating divisions rather than healing them. Interest payments on national debts have become the largest government expense, surpassing costs like defence and social security. Instead of promoting unity and constructive dialogue, this finger-pointing deepens societal rifts and distracts from finding real solutions.

Is there a way out of this looming catastrophe? Yes, there is. A Native Bitcoin Stablecoin is a beacon of hope in a sea of financial turmoil. This novel solution proposes a transition from Fiat-Based Instability to a new Bitcoin-Backed Stable Solution, positioning Bitcoin as a way out of an inherently flawed system. Bitcoin, often hailed as digital gold, has a fixed supply that cannot be manipulated—no government can print Bitcoin to cheat the system—making it a reliable store of value.

But what if holders could unlock liquidity without selling their bitcoins? By collateralizing their Bitcoin holdings, they can issue stablecoins backed by Bitcoin itself. This stablecoin is secured algorithmically by blockchain miners, ensuring that its peg cannot be broken—unlike the old Bretton Woods system, where in 1971, President Nixon severed the US dollar’s tie to gold due to mounting debt, unleashing a wave of money printing and manipulation that led us to the crises we face today.

The Bitcoin Standard metaphor suggests that Bitcoin, much like gold in the original Bretton Woods Agreement, can anchor a new, trustworthy financial system free from manipulation by centralized institutions. With China, the largest foreign holder of U.S. Treasury bonds, rapidly selling off its holdings, and BRICS countries increasingly buying gold instead of U.S. debt, the global financial landscape is shifting. The Bitcoin-backed stablecoin offers the best of both worlds: stability through a pegged value and the strength of Bitcoin as a store of value. It acts as a volatility shield, protecting users from the wild price swings commonly associated with cryptocurrencies while providing a secure and trustworthy alternative to fiat currencies.

As more people flock to Bitcoin as a store of value, the issuance of stablecoins opens the door to the world of decentralized finance and rights management. Through smart contracts, entire economies can enter into a new world which operates under blockchain protocols, providing transparency and trust in an environment where trust is scarce. This represents a new paradigm for smart economies—a means to replace the failing debt-based system through creative destruction. This shift lays the foundation for a new global financial order, one based on those who accumulate Bitcoin early and offers society a system everyone can verify and trust. By embracing this Bitcoin-Backed Stable Solution, we can transition from Fiat-Based Instability to a future where financial sovereignty is in the hands of the many, not the few.

So where are we on this journey? In a exciting development, a team of Harvard students and alumni has launched the New Bretton Woods Project (NBW) to tackle the global debt crisis head-on. Incubated at Harvard Innovation Labs, NBW is developing a Native Bitcoin stablecoin using the BeL2 infrastructure. This initiative reframes Bitcoin not just as a store of value but as the foundation of a decentralized financial system. Jacob, the Lead Member of NBW at Harvard University, stated: “Our goal is to create a ‘New Bretton Woods’ system anchored in Bitcoin, bringing stability through the utility of a stablecoin. This stablecoin lets users avoid Bitcoin’s price swings while keeping the benefits of holding Bitcoin.”

The NBW project aims to reshape global finance by building a Bitcoin-backed stablecoin, NBW provides stability while preserving Bitcoin’s decentralization and security. This stablecoin allows users to bypass Bitcoin’s price volatility while retaining the potential for long-term gain, making it practical for daily use. What’s more it it will be build on BeL2, an interoperability protocol which uses $ELA arbiters to allow Bitcoin and EVM networks to talk to each other without bridging assets, avoiding security concerns related to wrapped coins like WBTC. Sasha Mitchell, Head of Operations at BeL2, added: “Financial empowerment comes from both freedom and stability. By offering a stablecoin backed by Bitcoin on the BeL2 platform, NBW gives people a way to protect their wealth and access new financial opportunities, especially in times of economic volatility.”

The implications of adopting a Bitcoin-backed stablecoin extend far beyond individual benefits. This shift could transform national economies, ushering in an era of sound money, transparency, and fairness. Imagine a new bitcoin-based Bretton Woods, where Bitcoin serves as the foundation for a stable, decentralized global currency. The global debt crisis is an existential challenge that demands bold and creative solutions. It’s time to move beyond the failing fiat system and embrace the potential of a Bitcoin-backed stablecoin. Projects like the New Bretton Woods offer a tangible path toward a more equitable and transparent economic future. This is the next big step for Bitcoin—a stable, unmanipulated currency for everyday spending, backed by the strongest asset of our era.

Did you enjoy this article? Follow Infinity for the latest updates here!

In the MyData Matters blog series, MyData members introduce innovative solutions and practical use cases that leverage personal data in line with MyData values. Author: StJohn Deakins, CEO at DataSapien […]

Are you ready to transform the way we interact with digital identities? ArcBlock invites you to participate in a challenge that demonstrates Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) as practical tools for solving real-world problems. As a Silver sponsor of the DIF 2024 Hackathon, ArcBlock is calling on developers, innovators, and decentralization enthusiasts to create applications that have a tangible impact on everyday life.

The Challenge: Real-World Applications of DIDs and VCs

Your mission is to develop practical applications using DIDs and VCs that address genuine needs and simplify everyday tasks. Whether it's enhancing privacy, streamlining processes, or empowering users with control over their data, show how you can leverage decentralized identity technologies to make a real difference.

Tools and Resources ArcBlock's Comprehensive Blockchain Platform: Access user-friendly interfaces and scalable solutions to build your application. Developer Support: Utilize ArcBlock's documentation and resources to accelerate your development process. Community Engagement: Join discussions and collaborate with peers on the DIF Hackathon Discord server. Rewards Worth Your Effort

Innovation deserves recognition, and this challenge offers a total of $7,500 in prize money, as follows:

1st Place: $3,000 2nd Place: $1,500 3rd Place: $1,000 Honorable Mentions: 10 prizes of $200 each

Bonus: All participants will receive a DID/VC "Proof of Participation" badge as a token of appreciation for your efforts.

Why Participate? Accessible to All: Whether you're a seasoned developer or new to coding, ArcBlock's tools make it possible to contribute. Make an Impact: Develop solutions that could improve daily life for people around the world. Enhance Your Skills: Gain hands-on experience with cutting-edge blockchain technologies. Get Recognized: Winners may have the opportunity to feature their projects in ArcBlock's Blocklet Store. Network: Connect with industry leaders and like-minded innovators in the decentralized identity space.

Kim Duffy of DIF, notes, “ArcBlock's challenge at the DIF 2024 Hackathon is particularly exciting because it opens the doors for a wider range of participants, including those with low-code or no-code experience.” 

By providing accessible tools and resources, ArcBlock empowers more people to contribute to the decentralized identity ecosystem. “This inclusivity is crucial for driving innovation and adoption of DIDs and VCs. We look forward to seeing how participants will leverage these user-friendly resources to build practical solutions that make a real difference in everyday life,” she adds.

About ArcBlock

ArcBlock simplifies decentralized application development, empowering innovators to build, deploy, and manage with ease. ArcBlock’s goal is to make decentralized technology accessible, enabling you to focus on creating solutions that can change the world.

Robert Mao, CEO of ArcBlock, notes "At ArcBlock, we are committed to empowering developers by providing a comprehensive framework and tools that make building Decentralized Identity (DID) applications easier than ever.” 

He adds, “Even more exciting, our AI No-code apps engine, AIGNE, allows anyone—even without coding experience—to leverage DID and Verifiable Credentials (VC) to create powerful applications. We're thrilled to support the DIF Hackathon and inspire innovation at every level of technical expertise." 

Ready to Innovate?

Register for ArcBlock’s informational sessions: ArcBlock and DID: A Suite of Frameworks and Tools for Building Applications, Register now (Thursday 10/3/2024 10:00 am PT) Building Decentralized Identifier (DID) Applications: Demo and Quick Start, Register now (Friday 10/4/2024 10:00 am PT) Explore ArcBlock's Resources: Visit our website to learn more about our platform and tools. https://arcblock.io  Dive into the Documentation: Access detailed guides and tutorials to help you get started. https://www.arcblock.io/docs/hackathon/en/dif-hackathon-2024   Join the Conversation: Engage with the community on the DIF Hackathon Discord server or a dedicated discussion forum from ArcBlock community: https://community.arcblock.io/discussions/boards/hackathon-support 

Your project could be the breakthrough that brings decentralized identity solutions into everyday use. We can't wait to see what you'll create!

October 2024

DIF Website | DIF Mailing Lists | Meeting Recording Archive

Table of contents Decentralized Identity Foundation News; 2. Working Group Updates; 3. Announcements at DIF; 4. DIF Members; 5. Get involved! Join DIF 🚀 Decentralized Identity Foundation News The DIF Hackathon 2024 is Now Live!

We're excited to announce that the Decentralized Identity Foundation (DIF) Hackathon 2024 is officially underway! This highly anticipated event brings together developers, innovators, and enthusiasts to explore groundbreaking solutions in decentralized identity.

Key Details:

Hacking Period: October 1 - November 4, 2024 Tracks: Education, Reusable Identity, Travel, and ZKPs Prize Pool: ~$70,000 USD

Whether you're a seasoned decentralized identity developer or new to the field, this hackathon offers a unique opportunity to push the boundaries of innovation. With challenges spanning education, reusable identity, travel, and ZKPs, there's something for everyone interested in shaping the future of digital identity.

How to Participate:

Register on DevPost: https://difhackathon2024.devpost.com/ Explore the challenge details: https://identity.foundation/hackathon-2024/ Sign up for educational sessions: https://www.eventbrite.com/o/decentralized-identity-foundation-26691849135 Join the Discord community: https://discord.gg/WXPzWvBCjD

Don't miss out on this chance to collaborate, learn, and potentially win prizes while contributing to the advancement of decentralized identity technology. Register now and be part of the next wave of innovation. Happy hacking!

DIF Africa SIG Launch

DIF announced the launch of the DIF Africa Special Interest Group (SIG). This initiative aims to promote and advance decentralized identity technologies and standards across the African continent. Led by Chairs Gideon Lombard from DIDx and Jack Scott-King from VERA, the DIF Africa SIG will focus on addressing Africa's unique requirements and use cases in the decentralized identity space.

The SIG's primary objectives include raising awareness, fostering collaboration among stakeholders, contributing to standards development, and advocating for the adoption of decentralized identity solutions in Africa. Gideon and Jack invite all interested organizations, institutions, and individuals to join the inaugural meeting on October 16th, 2024, from 1:00 to 2:00 PM South African Standard Time. This marks an exciting step forward in ensuring that decentralized identity technologies are developed and implemented with Africa's specific needs in mind.

Read the full article:

Launch of the DIF Africa Special Interest Group Dear DIF Community, We are excited to announce the launch of the Decentralised Identity Foundation (DIF) Africa Special Interest Group (SIG). This initiative represents a significant milestone in our collective efforts to promote, advance, and support the development and adoption of decentralised identity technologies and standards across Africa. About the Decentralized Identity Foundation - BlogFoundation DID Traits and Trust DID Web: Significant Work Items Added to ID & Discovery Working Group

DIF is thrilled to announce the launch of two significant new work items within our Identifiers & Discovery Working Group. DID Traits and Trust DID Web are set to enhance the functionality and security of Decentralized Identifiers (DIDs), bringing the next level of trust, interoperability, and ease of use to the ecosystem.

Markus Sabadello, Founder & CEO of Danube Tech and Co-Chair of the ID & Discovery WG, highlights the significance of these initiatives: "Identifiers are the foundation of any digital identity system. The new work items, DID Traits and Trust DID Web, are vital steps forward in building robust identifier systems that other technologies and protocols can rely on."

Read the full article:

DIF Announces Two New Work Items in Identifiers & Discovery Working Group The Decentralized Identity Foundation is at the forefront of innovating standards and technologies for decentralized digital identity. Today, we’re excited to announce the launch of two new work items within our Identifiers & Discovery Working Group, aimed at improving the functionality and security of Decentralized Identifiers (DIDs). Markus Sabadello, Founder & CEO Decentralized Identity Foundation - BlogWorking Groups DID Method Standardization Initiative

DIF held the kickoff meeting for DID Method Standardization efforts. Here's a quick rundown of our latest developments:

Held the kickoff meeting on 22 September with around 50 participants. Regular schedule to be announced in early October. Presented the collaboration to W3C Technical Plenary / Advisory Committee meetings. Published a comprehensive update on our progress and next steps. Launched a central hub for collaboration and information sharing, featuring an overview of mission and goals, pointers to ongoing efforts, and general discussions

Your participation is crucial in shaping the future of interoperable DID Methods. Whether you're a seasoned expert or new to DIDs, we welcome your input and involvement.

🛠️ Working Group Updates 💡Identifiers and Discovery Work Group

The Identifiers & Discovery WG launched DID Traits and did:tdw work items. Read more in the featured section above

Identifiers and Discovery meets bi-weekly at 11am PT/ 2pmET/ 8pm CET Mondays

🪪 Claims & Credentials Working Group

Reminder that the Claims & Credentials WG is accepting input on the Basic Person schema, relevant for reusable identity claims.

The Credential Schemas work item meets bi-weekly at 10am PT / 1pm ET / 7pm CET Tuesdays

🔐 Applied Crypto WG

The Applied Crypto WG released BBS v07!

The DIF Crypto - BBS work item meets weekly at 11am PT/2pm ET /8pm CET Mondays

📦 Secure Data Storage

Additional improvements to the specification and implementation continue.

DIF/CCG Secure Data Storage WG - DWN Task Force meets bi-weekly at 9am PT/12pm ET/6pm CET Wednesdays

If you are interested in participating in any of the Working Groups highlighted above, or any of DIF's other Working Groups, please click join DIF.

📢 Announcements at DIF

Internet Identity Workshop (IIW) #39

The Fall IIW is taking place in Mountain View, California from 29 - 31 October. Book your ticket here.

🗓️ ️DIF Members DIF Member Spotlight: Moises Jaramillo of Dentity

We sat with Moises Jaramillo, Principal Engineer at Dentity and veteran software developer, to discuss his journey in decentralized identity and his current work pushing the boundaries of digital identity with Web3/Web5 and Decentralized Web Nodes.

Moises also shares insights into Dentity's groundbreaking partnership with ENS Labs and offers valuable advice for participants in the upcoming DIF hackathon.

Read more from Moises.

DIF Member Spotlight: Nick Lambert, CEO of Dock

We interviews Nick Lambert, CEO of Dock, who has been at the forefront of empowering individuals with control over their digital identity for over a decade.

In our interview, Nick shares valuable insights on:

The evolution of decentralized identity solutions and the power of industry-wide collaboration Dock's approach to verifiable credentials and their recent blockchain merger with Cheqd The potential of reusable KYC and Customer Identity Access Management (CIAM) as key growth areas A unique use case involving anonymous cyber incident reporting for the University of Arkansas

This spotlight offers a glimpse into the future of digital identity and the power of cooperation in solving complex challenges in our field. Read the full interview to dive deeper into Nick's perspectives on the evolving landscape of decentralized identity.

TBD Features DWNs in Hacktoberfest

TBD has added their DWN SDK to the annual Hacktoberfest! Check out the github repository to participate!

GitHub - TBD54566975/dwn-sdk-js: Decentralized Web Node (DWN) Reference implementation Decentralized Web Node (DWN) Reference implementation - TBD54566975/dwn-sdk-js GitHubTBD54566975 DIF Members in the News

Spruce announced their partnership with California DMV on the Mobile Drivers' License

SpruceID Partners with California DMV on the Mobile Driver’s License SpruceID has partnered with the State of California Department of Motor Vehicles (DMV) to bring mobile driver’s licenses to residents of California. SpruceIDSpruceID

Trinsic released their reusable ID SDK

Trinsic introduces SDK to ease reusable digital ID integration | Biometric Update Allows businesses to perform identity verification for their customers 10 times faster than before by accepting digital IDs within their existing IDV flow. BiometricUpdate.comChris Burt

👉Are you a DIF member with news to share? Email us at communication@identity.foundation with details.

New Member Orientations

If you are new to DIF join us for our upcoming new member orientations. Please subscribe to DIF’s eventbrite for upcoming notifications on orientations and events.

🆔 Join DIF!

If you would like to get in touch with us or become a member of the DIF community, please visit our website or follow our channels:

Follow us on Twitter/X

Join us on GitHub

Subscribe on YouTube

🔍

Read the DIF blog

New Member Orientations

If you are new to DIF join us for our upcoming new member orientations. Find more information on DIF’s slack or contact us at community@identity.foundation if you need more information.

Truvity brings the future of global digital identity management to life with its innovative challenges at the DIF 2024 Hackathon. A leader in user-centric digital identity systems, Truvity is dedicated to making the benefits of self-sovereign identity seamless and accessible for individuals and businesses alike. Their two innovative challenges aim to revolutionize digital identity management for our increasingly global and mobile world, leveraging the power of decentralized identity and verifiable credentials.

Alexander Mikhailov, Product Manager at Truvity shares his thoughts: “We’re excited to see Truvity’s SDK come to life through the creativity and innovation of the DIF 2024 Hackathon participants. Our goal is to make it easy for developers to build with technology like verifiable credentials, so they can have a real impact on how we exchange information and move away from physical documents to a digital future of credentials.”

Streamlining relocation-related digital identity complexities with SSI

Truvity invites participants to explore how decentralized identity and verifiable credentials can streamline complex eKYC processes and digital identity management using self-sovereign identity solutions.

At the heart of these challenges is Miko, a talented backend developer embarking on an international relocation. Her journey from outside Europe to Amsterdam serves as the backdrop for exploring innovative applications of digital wallets, smart to-do lists, and interlinked verifiable credentials.

The Challenges Challenge 1: Miko’s Journey to Amsterdam

In the first challenge, you will create a Digital Identity Wallet with an embedded to-do list that guides Miko as she relocates to Amsterdam and navigates the complexities of settling in a new country. The wallet should:

Manage and submit Verifiable Credentials (VCs) for various steps of the relocation process Handle interlinked VCs to maintain data integrity across different procedures Simplify tasks from obtaining employment contracts to securing housing Challenge 2: eKYC Compliance Officer Panel

Building on Miko's journey, design a user-friendly Compliance Officer Panel for financial institutions. This challenge focuses on streamlining the verification process when Miko opens a bank account. Key aspects include:

Reviewing and approving interlinked Verifiable Credentials Providing an efficient interface for compliance officers to manage digital identity documents Ensuring the integrity and completeness of submitted credentials

Both challenges encourage participants to leverage Truvity's SDK and explore innovative ways to make digital identity management more accessible and secure in our increasingly mobile world.

Prize Pool and Participation

Truvity is offering a total prize pool of $5,000, with each challenge awarding:

1st Place: $1,500 2nd Place: $700 3rd Place: $300

To participate, leverage the Truvity SDK (available in TypeScript and Java) and ensure your solutions use W3C-compliant verifiable credentials.

Why Join Truvity's Challenge? Tackle real-world identity management issues faced by global citizens and financial institutions Work with cutting-edge technology in the decentralized identity space Gain visibility among leaders in fintech and digital identity sectors Contribute to making digital interactions simpler, more secure, and user-centric Have your entries featured on the Truvity blog and across their social channels with over 15,000 followers and readers.

Kim Hamilton Duffy, DIF's Executive Director, expresses enthusiasm for Truvity's choice to anchor the challenges in a real user journey: "By following Miko's relocation story, participants can focus on creating solutions that genuinely simplify people's lives. Concentrating on practical, human-centered use cases is the key to setting a new standard for convenience and agency in daily interactions.”

Ready to Innovate?

Register for Truvity’s information session ”Building SSI Solutions: An Introduction to Truvity SDK”, this Wednesday at 10/3/2024 noon ET (18:00 CEST).

We can't wait to see how you'll leverage decentralized identity and verifiable credentials to create a more connected, efficient, and user-friendly digital world!

1. What is the mission and vision of VoxMind?

At VoxMind, our mission is to revolutionize digital security by providing cutting-edge voice biometrics solutions that protect identities and ensure secure authentication. Our vision is to create a world where identity verification is effortless, secure, and universally trusted—one where your voice is your most secure digital asset. We aim to set the gold standard in voice biometrics, delivering scalable and innovative solutions that address the evolving security needs of individuals and organizations worldwide.

2. Why is trustworthy digital identity critical for existing and emerging markets?

In today’s increasingly digital world, a trustworthy digital identity is crucial for secure transactions, both for established industries and emerging markets. As the global economy becomes more interconnected, consumers and businesses demand frictionless and secure authentication processes. Without trustworthy digital identities, fraud and identity theft risks increase, eroding user confidence. By incorporating secure and scalable biometric solutions like voice authentication, businesses can protect against these threats while delivering seamless customer experiences.

3. How will digital identity transform the Canadian and global economy? How does your organization address challenges associated with this transformation?

Digital identity will enable a secure, efficient, and inclusive global economy. By ensuring secure access to services, whether financial, healthcare, or government, it can streamline operations, reduce fraud, and increase user trust. At VoxMind, we address challenges like identity fraud, AI-driven threats like deepfakes, and the need for easy-to-use solutions. Our voice biometrics technology offers a future-proof solution that can adapt across industries, safeguarding users while simplifying the digital verification process.

4. What role does Canada have to play as a leader in this space?

Canada, through organizations like DIACC, plays a pivotal role in shaping global standards for secure digital identity. With its commitment to innovation and inclusivity, Canada is well-positioned to lead in developing scalable, privacy-preserving solutions that can be adopted globally. By collaborating with global partners, Canada can help set the benchmark for interoperable and secure digital ecosystems that benefit both individuals and businesses.

5. Why did your organization join the DIACC?

VoxMind joined DIACC to be part of a visionary network shaping the future of digital identity. By collaborating with DIACC and its members, we aim to contribute to the creation of secure and interoperable identity standards. DIACC’s mandate aligns with our commitment to protecting individual identities in a scalable, secure, and privacy-preserving manner. As a Sustaining Member, we look forward to sharing our voice biometrics expertise and helping build a secure digital identity infrastructure for Canada and beyond.

6. What else should we know about your organization?

VoxMind is pioneering voice biometrics as a secure, convenient, and adaptive identity verification solution. We address modern security threats such as deepfakes and voice cloning while ensuring seamless user experiences across various industries, including finance, healthcare, and IoT. Our technology is designed to be language-agnostic, scalable, and adaptable to evolving security challenges. As we continue to innovate, we are committed to building partnerships that enhance global security and trust in digital identities.

Do not hesitate to contact us for more information at contact@voxmind.ai

Energy Web’s innovative app enables EV owners to decarbonize charging sessions with renewable energy

Zug, Switzerland — October 1, 2024 — Energy Web is proud to announce the beta launch of AutoGreenCharge, a mobile app designed to decarbonize electric vehicle (EV) charging. With AutoGreenCharge, users can ensure that every EV charging session is powered by renewable energy. The app is accessible to owners of popular electric vehicles, including Tesla, BMW, Mercedes, and others, bringing the promise of green charging to a worldwide, mainstream audience.

Powered by the decentralized technology of Energy Web’s EnergywebX and secured by the Polkadot blockchain, AutoGreenCharge offers a simple, secure, and verifiable solution to ensure EV charging is not just electric, but 100% renewable. By integrating renewable energy certificates (RECs), the app will automatically match EV charging sessions with clean energy, providing verifiable green charging in real time. While in the beta phase, users can familiarize themselves with the app’s core features and experience the future of EV charging firsthand.

AutoGreenCharge allows EV owners to easily connect their vehicles through a partnership with Smart Car. Once connected, every charging session is automatically tracked, giving users detailed insights into their energy consumption and environmental impact. As the app evolves toward full production, users will be able to retire real renewable energy certificates with each charging session, ensuring their cars are powered by clean, sustainable energy sources. Additionally, they will have the option to specify preferences for the type and location of renewable energy, offering personalized access to solar, wind, and other clean energy sources from around the globe.

Mani Hagh Sefat, CTO of Energy Web, shared, “AutoGreenCharge represents a major step forward in the electrification and decarbonization of transportation. By providing EV owners with a seamless way to ensure their cars are charged with renewable energy, we’re empowering drivers to make more sustainable choices and actively contribute to the global energy transition.”

AutoGreenCharge’s integration with the Polkadot blockchain ensures that every transaction and certificate retirement is securely recorded and verifiable, enhancing transparency and trust in the system. This cutting-edge app is a key development in the broader mission to build a more resilient, efficient, and sustainable energy system.

With the beta version now available, EV owners are encouraged to download the AutoGreenCharge app and start participating in this transformative initiative. The app can be easily found on the testflight Apple and Google Play Stores. As the app moves towards its full production release, users will play a crucial role in refining its features and improving the future of green charging.

For more information, visit Energyweb.org

Energy Web Launches AutoGreenCharge Beta App to Decarbonize EV Charging, Secured by Polkadot was originally published in Energy Web on Medium, where people are continuing the conversation by highlighting and responding to this story.

Privacy & Scaling Explorations (PSE) brings cutting-edge cryptography challenges to the DIF 2024 Hackathon as a Gold sponsor. PSE invites you to develop applications that enhance privacy, security, and interoperability in Self-Sovereign Identity (SSI) systems using advanced cryptographic techniques like Zero-Knowledge Proofs (ZKPs), Multi-Party Computation (MPC), and Fully Homomorphic Encryption (FHE).

The Track: Pushing the Boundaries of Privacy in SSI

This track is designed to foster innovation and collaboration among developers, researchers, and industry experts to advance the use of programmable cryptography in digital identity solutions. You’ll design and build solutions that use advanced cryptographic methods to empower users with greater control over their digital identities.

Objectives:

1. Innovate with ZKPs, MPC, FHE: Develop creative applications using programmable cryptography to enhance privacy, security, and interoperability in SSI systems.

2. Collaborate and Learn: Engage with ZKP experts to learn about best practices, existing tools, and solutions.

Potential Project Ideas: Solidity verifier for BBS+: Build a Solidity Verifier for VC issued with the BBS+ algorithm. Build a GPC builder + visualizer MPC-Based Social Recovery: Build a privacy-preserving social recovery system for Identity wallets using Multi-Party Computation (MPC). MPC-Based Credential Issuance: Develop a VC issuance system where credentials are computed via Multi-Party Computation (MPC). Decentralized PKI infra: Build a decentralized PKI for DIDs. The Prize Pool

Prizes in this track total $10,000 USD:

🥇 1st Place: $5,000 🥈 2nd Place: $3,000 🥉 3rd Place: $2,000 Why Participate? Collaborate with Experts: Work alongside PSE's team of cryptography specialists. Innovate at the Cutting Edge: Utilize advanced cryptographic techniques to solve real-world privacy challenges. Make a Real Impact: Your solutions could redefine digital privacy and identity management. Network with Leaders: Connect with industry pioneers in ZKPs and SSI. About PSE: Leaders in Privacy and Scaling Technologies

Backed by the Ethereum Foundation, PSE is dedicated to advancing scaling solutions and programmable cryptography for privacy-enhancing technologies. Their focus on ZKPs, MPC, and FHE positions them at the forefront of cryptographic innovation.

DIF Recognizes the Critical Role of ZKP in Advancing SSI

ZKPs and other advanced cryptographic techniques are essential for achieving the privacy and security goals of SSI. While numerous efforts are underway within the ZKP and SSI communities, they are often fragmented.

According to DIF’s Executive Director, Kim Duffy: "DIF is intensifying its focus on applying privacy-enhancing cryptographic techniques to SSI. We're keen to unify efforts and drive standardization in this crucial area, and PSE's sponsorship accelerates these initiatives. We're especially excited to see participants use advanced cryptography to create unified, privacy-preserving identity solutions that empower users and set new standards for digital trust."

Get Involved

Ready to make a difference in the world of digital privacy? Join PSE’s informative webinar session to learn more. Register today

DIF is thrilled to announce Pinata as a Gold sponsor of the DIF 2024 Hackathon! Pinata is bringing challenges that use decentralized file storage in digital identity solutions.

About Pinata

Pinata, the Internet’s File API, provides simple-to-use decentralized storage solutions for enterprises and individuals. Building on the secure foundation of IPFS (InterPlanetary File System), which enables content authenticity by design, their tools abstract away the complexity typically associated with decentralized storage and management. Further, it offers robust features for scalable, responsive applications. This includes a global CDN (content delivery network) to boost load times and simple access control options.

Pinata's technology is widely used in decentralized applications, and its architecture makes it a perfect foundation for decentralized identity applications and solutions.

The Challenges

Pinata presents three challenges that highlight the role of decentralized storage in enabling decentralized identity solutions:

1. Verifiable File Storage

Associate files with users via verifiable credentials. Both files and verifiable credential metadata can be stored publicly or privately using Pinata's immutable Files API. This challenge invites you to demonstrate your creativity in using immutability and verifiable content hashes to solve real-world problems.

2. Proof of Personhood Credentials

In this open-to-interpretation challenge, we want to see creative solutions to personhood credentials that leverage immutable file storage. Participants can use private file storage through Pinata's Files API or public file storage through Pinata's IPFS pinning service.

3. Identity-Based Access Controls for Private Files

Build an identity-based access control system for retrieving files stored privately on Pinata's Files API. This challenge should focus on private file storage through the Files API, not IPFS, as IPFS is a public network.

Prizes:

Prizes total $10,000, broken down as follows:

Grand Prize: $5,000 Per-Challenge Prize: $1,500 (1 for each of the 3 challenges above) Honorable Mentions: 5 x $100 Why Participate in Pinata's Challenges? Innovative Technology: Work with Pinata's cutting-edge file storage solutions and explore their applications in digital identity. Real-World Applications: Develop solutions that address practical challenges in file management and access control. Skill Development: Enhance your expertise in decentralized storage, identity management, and access control systems. Industry Recognition: Showcase your creativity and technical skills to leaders in the decentralized storage and identity spaces. Why this Matters

The application of decentralized storage to decentralized identity presents exciting opportunities for innovation. Pinata and DIF share their thoughts on the potential impact of these challenges:

Justin Hunter, Vice President of Product at Pinata, emphasizes the practical applications: "Decentralized identity has shown that it can solve complex real world problems, and we’re excited to help facilitate continued progress in this area through complementary file storage. Pinata’s been building file storage solutions since 2018, and we’ve expanded to solve both decentralized storage and private file storage. Combined with decentralized identity, we think there can be some incredible applications."

Kim Duffy of DIF highlights the broader impact: "Pinata's challenges for DIF's Hackathon address a crucial aspect of decentralized identity adoption: making security, privacy, and scalability easily integrable into products by default. Their approach to simplifying decentralized storage is exactly what enterprises need to embrace these technologies at scale." 

She further adds, "I'm personally excited that Pinata is supporting innovation in the Proof of Personhood Credentials challenge. As AI advancements render traditional methods like CAPTCHAs ineffective, we need innovative, privacy-preserving ways to differentiate human users without over-collecting personal data."

Ready to Revolutionize File-Based Identity Solutions? Attend the sessions Register for the Hackathon opening session: https://www.eventbrite.com/e/opening-session-tickets-1027651562487  Regiter for Pinata's educational session with Steven Simkins, Pinata's Head of Developer Relations: https://www.eventbrite.com/myevent?eid=1029330564427 See Pinata’s challenges and developer resources: Hackathon site: https://docs.pinata.cloud/events/dif Docs: https://docs.pinata.cloud  App/Signup: https://app.pinata.cloud  Website: https://pinata.cloud  Join the DIF Hackathon Discord server to connect with other participants and Pinata mentors DIF’s Hackathon discord: https://discord.gg/WXPzWvBCjD  Channel: #pinata

Don't miss this chance to work with state-of-the-art decentralized storage technology and contribute to the future of file-based identity solutions!

The fourth revision of the draft NIST SP 800-63-4 Digital Identity Guidelines is now open for public comment.

The FIDO Alliance hosted a webinar on September 24, 2024, with top digital identity experts to discuss the latest updates to the standard and what they mean for passkeys.

Megan Shamas, CMO of the FIDO Alliance, was joined by guests Ryan Galluzzo, Digital Identity Program lead of NIST NCCOE, Teresa Wu, co-chair of the FIDO Alliance Government Deployment Working Group and VP of Smart Credentials at IDEMIA. The panel unpacked the latest changes to the draft and shared what it means for passkeys.

Webinar attendees also had an opportunity to get questions answered before the public comment submission deadline next month. NIST requests that all comments be submitted by 11:59 pm Eastern Time on October 7, 2024.

View the webinar slides below.

Webinar: NIST SP 800-63 Digital Identity Standard: Updates & What it Means for Passkeys.pptx from FIDO Alliance

Virginia, US – 30 September 2024 – the Board of Directors of Kantara Initiative has announced that Dr Carol Buttle is to join the organization in the newly created role of Chief Technology Officer (CTO). 

Carol joins from the UK government’s Department of Science, Innovation and Technology (DSIT) where she was Head of Certification and Assurance. She brings with her unrivalled expertise in designing trust frameworks and identifying the implications of specific regulations and standards designed to support personal data privacy and security. Carol has input regularly into the development of identity trust frameworks across the globe.  As demand for identity certification extends into new markets and territories, she will ensure that Kantara maintains its role as leaders in identity assurance, offering challenge and guidance to support all our members, clients, and partners.   

“Standards are everywhere,” said Carol. “We all seek assurance that the products we use, the medicines we consume – even the restaurants we visit – meet the appropriate standards and will not cause us harm. It is no different with identity. I see my role not just about certification and approvals. It is about how I can steer the wider industry to improve for the good of individual citizens, and particularly the most vulnerable.”

We asked Kantara Executive Director, Kay Chopard, about what she sees as the greatest impact of the new role. “Our investment in a Chief Technology Officer demonstrates significant commitment to the future of the industry as a whole, particularly with regard to the potential for international growth and greater interoperability across sectors and territories. Carol’s appointment follows on from the recent arrival of UK-based auditors James Keenan and David Nutbrown as our Head of Certification Delivery and Head of Regulatory Compliance, respectively. Their expertise greatly strengthens our existing operations and will secure confidence in the future direction of certification and identity assurance.”

Commenting on Carol’s appointment, Kantara Board Chair Andrew Hughes stated: “Carol’s appointment brings a real depth of regulatory and operational expertise to our leadership. It underpins the valuable contribution we already make through our Work Groups and certification programs. Carol brings with her thorough knowledge and expertise of UK requirements and how they might apply in the US. This will benefit those Kantara members who are engaged with US Federal Agencies or those wishing to become certified under the UK Digital Identity & Attributes Trust Framework (DIATF).”

Click here to understand more about our US assurance program approval process

The post Dr Carol Buttle joins Kantara Initiative as Chief Technology Officer (CTO) appeared first on Kantara Initiative.

In this episode, Lisa and Bryce are joined by privacy advocacy expert Zach Edwards as they sit down and discuss the hidden world of Identity Resolution and Customer Data Platforms.

The post “Unsafe at Any Click” – Episode 4 appeared first on Internet Safety Labs.

In our recently published research on the worldwide web of commercial surveillance, we took a close look at the global infrastructure connecting and correlating personal information across platforms, devices, and even from physical world sources like point-of-sales systems. The connectivity is, in a word, staggering. At some point, however, there is a first-party relationship with a data subject. From that starting point, personal information is systematically being shared with countless entities including data brokers. In such a hyper-interconnected infrastructure, how can a single publisher make promises about where customer data is going? Moreover, how could a user possibly consent to the sharing of their data with thousands of recipient organizations?   But the complexity and unknowability of system behavior isn’t just with these hyper-interconnected marketing networks. As we touched on in a recent podcast with Zach Edwards, very large platforms (like Google, Facebook, X) are just as complex and opaque as the identity resolution and customer data platform networks. Software is increasingly a leaky, hyper-connected, unpredictable sieve of personal data sharing. In this blogpost, we take a closer look at the opacity and leakiness of the “big dogs”–large online platforms with hundreds of millions and billions of users.  

1. Types of Commercial Identity Resolution 

I’ve been digging into this more since the publication of our research on identity resolution and customer data platforms and have revised my framing of identity resolution. To wit, I observe three co-existing types of commercial identity resolution architectures or systems happening in the world: 

The first one I call distributed by design. This is the LiveRamps, The Trade Desks, mParticles, etc. of the world. These systems enjoy the power of massive data aggregation with [too] little of the risk and responsibility, as they are designed to be third-parties relative to the data subject. These platforms are architected to ingest and process (resolve) personal information from a disparate array of services and devices.   The second one I call company-centric.  This is the “big dog” platforms with millions or billions of users; the universes unto themselves. A company-centric identity resolution can also be distributed by design in the sense that it provides numerous small pieces of functionality which can be embedded as third-party resources into other companies’ apps and websites, allowing the big dogs to collect data external users despite not necessarily having direct relationships with them. Microsoft is a good example of this. It’s also true that company-centric identification schemes can and are ingested by distributed systems like LiveRamp. The lines implied by these two categories are fuzzy.  The third one I call standardized.  This is the hiding-in-plain-sight globally coordinated efforts in Unified ID 2.0 and European Unified ID. Note that these efforts are championed primarily by distributed by design identity resolution and customer data platforms. Scanning the partners of just the Unified ID 2.0 standard is enough to give one pause: these are the platforms that want to know who you are and what you’re doing at all times. Notably absent are the big dogs.  

A brief word about national/governmental identification schemes, like India’s Aadhaar and the US Internal Revenue Service’s id.ME: these systems operate somewhat like a big dog company-centric identification system, orchestrating personal information across their own services, with the exception that we don’t expect these systems to be either ingesting or sharing data with external, commercial platforms1.   At Internet Safety Labs (ISL), we rate “big dog” platforms as critical risk “data aggregators”2. We do so for the following two reasons: 

These corporate entities monetize personal information, either through ownership of advertising platforms, the selling of audience information, or other monetizing behaviors, and   These entities run multiple consumer products and services with inadequate transparency of how personal information flows across product lines.  

The remainder of this post takes a closer look at Google and Facebook (Meta) personal data strategies and why they’re so risky. 

1.1 GAIA and Narnia: Google’s Universal Identification and Cross-Product Personal Data Aggregation Grand Plan 

In the wake of the recent Google search antitrust case in the US, Jason Kint published a long thread on a recently unsealed 325-page Google strategy document. The document titled “Display, Video Ads, Analytics and Apps” contains a coordinated and synthesized set of business strategies describing how Google can: 

More effectively coordinate the extraction of user information,  Better leverage user data across all of their AdTech, and   In general, increase ad revenues across its entire portfolio of products and services: “make it easier to add monetization to other Google O&O [owned and operated] properties.”3 

The document also covers how Google doesn’t make as much money from sites it doesn’t own and would like to assert its control to make them more like sites it does own, thereby increasing revenues.   Nearly every product line’s strategy contained in the document mentions the use of “GAIA signals” or “GAIA data”. GAIA is Google’s proprietary “universal ID”4. The plan clearly outlines how they can better utilize the massive trove of personal information joined by their GAIA “universal IDs”, amassed across their various owned and operated (O&O) properties, like Gmail and Chrome to name two of the largest. This highlight from page 126 (section on “Smart Campaigns”) makes clear Google’s intention to share user information across all its properties to enrich their advertising services (project Narnia and Narnia2):  But it’s not enough to join user data across Google properties; they also indicate an intention to join external data sources, such as streaming and TV ad networks (pg 150):  The second highlighted section above describes the ingesting of external customer data and resolving the data (i.e. identity resolution) to Google’s GAIA IDs.   Overall, the document describes an organization-wide, orchestrated plan to amass and unify user data (via GAIA IDs) to better leverage Google ads (Narnia 2.0) for both internal and external properties.  How can Google users understand–nevermind consent– to the use of their personal information in this wide-reaching way?  

1.2 Facebook Admits Unknowability of User Data Processing 

One of my favorite references for explaining why the world needs software safety labels is this story about two Facebook architects explaining how it’s virtually impossible for Facebook to know where user data is going. The complexity and dynamism of software is making it so it’s not a bounded system—and it’s never the same river twice.   The story came out two years ago and I recently read the discovery document written in April 2021 and it is really good. This excerpt outlines the fundamental problem of the unknowability of Facebook software’s behavior:  And this: The discovery document contains fascinating information on what Facebook must do to track personal data usage within its system [implement Curated Data Sources and a Purpose Policy Framework], and it’s a massive undertaking: 450-750 engineer years over three calendar years. And even that’s not enough. It also requires “heavy Ads refactoring and adoption work in warehouse.”  Let’s go back to that “closed form system” described by the Facebook engineers. It comes from mathematics’ “closed-form expression”, describing an equation comprised of “constants, variables and a finite set of basic functions connected by arithmatic operations and function composition.”5 If we look at realtime bidding as one example of a programmed system, we see that it is necessarily dynamic and unbounded. The participants (buyers) in the realtime bidding network are dynamic; also the ad inventory itself is dynamic. Realtime bidding is, by design, never the same river twice. The system is not a closed form system.   Machine learning (ML) is another example: virtually all of the ML technologies generating much recent hype are also not closed form systems by design. They are constantly changing based on the training set, based on ongoing learning, and based on dynamic rule-making.  

2. Have We Agreed to Be Always Known and Tracked Online? 

To summarize the situation: industry has developed techniques (distributed by design and company-centric) to interconnect and aggregate personal information such that we are always known and tracked online. As noted in the earlier mentioned research paper, there are at least $9T (as in trillion) worth of industries that want to know who we are and what we’re doing at all times. It’s unlikely that we can stop this financially motivated juggernaut of universal identification. So what’s to be done?

2.1 To Do List  Consent is dead. It’s impossible and the more we pretend like it’s possible to have informed consent when it comes to the unbounded nature of software, the more we are lying to ourselves.   Privacy policies protect companies but not the people who use technology. Know how you’ve consented into the worldwide web of commercial surveillance? It’s through this phrase found in many privacy policies: “…and we [may] share your data with our marketing partners.”  We need more exposure of actual measured software behavior (ala ISL’s App Microscope: https://appmicroscope.org/app/1579/).  One day, it will be possible for systems to generate machine-readable records of processing activities–a kind of passport stamp showing how your data was processed (used by first party, shared and used by third parties). This will be a landmark moment in empowering people through transparency of actual system behavior.    Data broker regulation is inadequate.   If a platform has your data, it should de facto have a first party relationship with you, and as such, you are entitled to all the proactive data governance rights allowed to you. In other words, nothing about me, without me. Data brokers aren’t and never have been just 3rd parties.  Note that these data rights are unexercisable if people don’t know that they’re actually in a relationship with a particular platform. Thus, there also needs to be a requirements for these platforms to proactively notify all data subjects for which they hold information.  Is the selling of personal information safe for humans and humankind? We’ve agreed as a society that certain things are sacrosanct and the selling of which unacceptably degrades and devalues them (such as votes, organs, children). We need to have a much deeper think about whether or not personal information should fall in that category.  Are data broker laws effective in their current form? It seems clear to ISL that all actual data brokers are not currently registered in the states requiring registration.    Privacy and safety experts–and perhaps regulatory experts–need to get more aware of and involved in the two universal commercial identification standards (Unified ID 2.0 and European Unified ID) pronto.   Identity resolution platforms and customer data platforms demand substantially more regulatory attention.   Minimally, the massive troves of personal information are ripe for data breaches.   Maximally, the public needs assurances that platforms that are amassing this data are held to accountability.  

 

Footnotes: Note that ISL has not confirmed this. List of ISL designated data aggregators at the time of this writing: Adobe, Amazon, Apple, Google, Meta, Microsoft, and X.  https://storage.courtlistener.com/recap/gov.uscourts.vaed.533508/gov.uscourts.vaed.533508.1132.2_1.pdf, page 7. See ISL paper on Identity Resolution and Customer Data Platforms for more information on universal identification schema.  https://en.wikipedia.org/wiki/Closed-form_expression

The post Identity Resolution and the Big Dogs appeared first on Internet Safety Labs.

The fourth revision of the draft NIST SP 800-63-4 Digital Identity Guidelines is now open for public comment.

The FIDO Alliance hosted a webinar on September 24, 2024, with top digital identity experts to discuss the latest updates to the standard and what they mean for passkeys.

Megan Shamas, CMO of the FIDO Alliance, was joined by guests Ryan Galluzzo, Digital Identity Program lead of NIST NCCOE, Teresa Wu, co-chair of the FIDO Alliance Government Deployment Working Group and VP of Smart Credentials at IDEMIA. The panel unpacked the latest changes to the draft and shared what it means for passkeys.

Webinar attendees also had an opportunity to get questions answered before the public comment submission deadline next month. NIST requests that all comments be submitted by 11:59 pm Eastern Time on October 7, 2024.

Watch the presentation below.

Author: Christopher Wilson, Executive Director at MyData Global. I am very happy to welcome the new members of the board of MyData Global. Their appointment marks a new era for […]

Kia ora,

Recent weather extremes in Aotearoa reminds us of life’s delicate balance. As I gaze at our last daffodils and watch the remaining lamb playing in the paddock – having sadly lost two to the cold earlier in the month – I’m reminded of the circle of life. This theme resonates with the recent closure of the Open Identity Exchange (OIX) at the end of August, a significant player in the digital identity industry, also facing a challenging financial climate.

Fortunately, Digital Identity NZ is thriving, with more organisations joining our mission. We’re excited to welcome 3PlusConsulting, Arrowhead, BeingAI, PaymentsNZ, QubitCyber, techHappy and Voco as new members. A heartfelt thank you to all our members who contribute to our mahi.

In recognition of International ID Day, individual member Vica Papp shared a blog post highlighting its significance. We continue to make progress, as seen in the PaymentsNZ – DINZ Digital Identity May 2024 sprint report, with more updates on collaborations to come.

I had the honour of being a panellist alongside the mighty Holly Rennie, Ralph Bragg and Adrian Smith at FSC24 on September 4. We explored how global innovation is shaping New Zealand’s future in ‘FinTech Innovation and Open Banking.” Don’t forget to take advantage of our 10% discount offer for DINZ news readers to attend The Point 2024 – thank you Payments NZ! More information below.   

Still basking in the glow of Digital Trust Hui Taumata 2024, we’re excited to share the wealth of content including the Opening Keynote on Trust Frameworks and an Innovation Spotlight on identity-centric solutions for enterprise security. Attendees received links to the presentations, and our Coffee Chat attendees engaged with Slido questions posed to our speakers and panellists – sparking great discussions! Look out for more insights from the Hui coming soon.

Recently, DINZ members AWS, Worldline and Xebo along with myself, met with Minister Collins to share our observations on the landscape. We left the meeting with a clear understanding of her expectations, reflecting a very positive engagement.

Looking ahead, we’re entering DINZ’s annual election cycle for the Executive Council. As we begin this process, we want to take a moment to sincerely thank and recognise our outgoing Councillors. Their contributions have been invaluable in shaping the direction and growth of our community.

We eagerly look forward to welcoming the next cohort of passionate members, ready to step into these important roles. This is the essence of spring – embracing new opportunities and growth while acknowledging what has brought us to this point.

Ngā mihi

Colin Wallis
Executive Director, Digital Identity NZ

Read the full news here: Spring Clean | September Newsletter

SUBSCRIBE FOR MORE

The post Spring Clean | September Newsletter appeared first on Digital Identity New Zealand.

DIF is excited to announce our impressive lineup of 2024 Hackathon sponsors and provide a preview of our challenges. This year’s hackathon promises to push the boundaries of decentralized identity innovation with challenges focused on education, reusable identity, frictionless travel, and more!

Meet Our Sponsors

We are honored to have the following organizations supporting this year’s event, contributing challenges, prize pools, and guidance for participants.

Gold Tier Sponsors Jobs for the Future Foundation & Digital Credentials Consortium: Driving the Future of Education & Workforce Track, invite you to explore a future where access to education is available to any learner and where education opens the door to economic advancement. Pinata: Specializing in file-based identity solutions, Pinata offers challenges that use verifiable credentials and immutable content to create secure and innovative access control systems. Privacy + Scaling Explorations Focusing on advanced cryptographic techniques like Zero-Knowledge Proofs (ZKPs), Privacy + Scaling Explorations aims to improve privacy and security in SSI solutions. Silver Tier Sponsors ArcBlock invites you to use its developer-friendly framework and tools (including the No-code AI Application Studio) to build Decentralized Identifiers (DIDs) and VCs, creating privacy-preserving, secure identity solutions. Standout projects will have the opportunity to be showcased in ArcBlock's Blocklet Store. Truvity offers a challenge focused on streamlining digital identity management, helping users navigate complex processes like eKYC with seamless integration of digital wallets and VCs.The challenges focus on building innovative applications that simplify the journey of individuals like Miko, an expat moving to Amsterdam, by leveraging digital wallets, to-do lists, and interlinked VCs. Vidos offers two challenges - one focuses on decentralized identity solutions for recruitment and employee onboarding using secure, verifiable credentials. The other challenge explores reusable identities and credentials for multiple scenarios e.g. a single passport credential used for travel and age verification. Bronze Tier Sponsors Anonyome focuses on privacy-preserving Personhood Credentials (PHCs), allowing users to interact anonymously while maintaining control over their data. Cheqd's challenge, "Harnessing Decentralized Identity for Verifiable AI," invites participants to build solutions that address societal and technical challenges arising from the rise of generative AI.  Crossmint challenges participants to create reusable identity solutions for KYC/KYB, ensuring compliance and security with minimal friction across platforms. NetSys NetSys aims to streamline frictionless travel experiences, using verifiable credentials to make traveling more secure and seamless. Ontology focuses on building decentralized authentication systems, using DIDs and VCs to create reusable identity solutions for secure logins and verification. TBD/Block offers challenges in reusable identity and decentralized storage, simplifying KYC processes through verifiable credentials and decentralized web nodes.

Tooling Sponsors

We’re excited to announce that Trinsic is providing its global document and identity verification tooling for free to hackathon participants.Participants who want IDV as part of their wallet onboard, reusable identity creation, etc can optionally integrate this into their solutions.

What You’ll Be Building

This year’s hackathon offers challenges that align with DIF’s mission of advancing privacy, security, and interoperability in decentralized identity systems. 

We previously announced our original hackathon tracks, including Frictionless Travel, Future of Education & Workforce, and Reusable Identity.

We are thrilled to add three more challenge focuses thanks to our generous sponsors: File-based Identity Solutions, Personhood Credentials, and Zero-Knowledge Proofs in Self-Sovereign Identity.

Full challenge details and requirements will be available on our DevPost site, coming October 1 at 9am ET. Highlights are described below.

File-Based Identity Solutions

Create file-based identity solutions using VCs to associate files with users, protect data, and build secure access control systems. Your solutions will explore the use of immutable file storage to ensure data integrity and privacy, with the flexibility of public or private storage options.

Sponsors: Pinata

Frictionless Travel

Build seamless travel systems using decentralized identity technologies that allow travelers to share information securely across booking and transport platforms. Leverage VCs to create frictionless, portable identities for a hassle-free travel experience.

Sponsors: NetSys

Future of Education & Workforce

This track focuses on building solutions that empower individuals to control their education and employment data. Participants will showcase transformational experiences enabled by verifiable learner/worker IDs and records, develop tools for multilingual credentials and browser integrations, and enhance existing tools like Learner Credential Wallet and VerifierPlus. The challenge emphasizes cross-border recognition and skills verification to open new opportunities for learners and workers globally.

Sponsors: Digital Credentials Consortium, Job for the Future, and Vidos

Personhood Credentials (PHCs) and Verifiable AI

These challenges aim to enhance AI safety and trustworthiness using decentralized identity. You'll focus on attestations of AI- and/or human-initiated interactions and content, and combinations such as proof of authorized AI agents. These challenges draw from ideas in the Personhood Credentials (PHCs) paper. PHCs enable anonymous interactions, ensuring user privacy by making digital activity untraceable by issuers and unlinkable across service providers, even in cases of collusion, effectively countering scalable deception.

Sponsors: Anonyome, Cheqd, and Pinata

Reusable Identity 

Develop reusable identity solutions that enable credentials issued for one use (like KYC) to be repurposed for others, such as age verification or employment history. Highlight the benefits of interoperable identity systems across platforms.

Sponsors: Anonyome, ArcBlock, Crossmint, TBD, Truvity, and Vidos

Zero-Knowledge Proofs in SSI 

Build applications that use Zero-Knowledge Proofs to enhance privacy and security in digital identity. You’ll work with advanced cryptographic tools to create privacy-preserving SSI systems. This is a chance to apply cutting-edge technology to real-world identity challenges and set new standards in data privacy and interoperability.

Sponsors: Privacy + Scaling Explorations

Key Dates Hacking Period: October 1, 2024 (6:00 am PT) – November 4, 2024 (3:00 pm PT) Educational Sessions: October 1, 2024 – October 10, 2024 Sponsor-Run Office Hours: October 14, 2024 – November 1, 2024 Judging Period: November 7, 2024 – November 17, 2024 Winners Announced: November 20, 2024 (9:00 am PT) How to Get Involved Pre-registration as a participant is open now! Don’t miss your chance to be part of this exciting event. Register here to secure your spot as a participant.  DevPost Site Goes Live on October 1, 2024, where you’ll learn details of the challenges, submit your projects, and track the competition. Educational Sessions start October 1, with sponsors leading workshops to provide technical guidance. Register to attend the opening ceremony. Office Hours will run from October 14 to November 1, offering participants the chance to ask questions directly via DIF’s Discord channel. Join the DIF Hackathon Community by the DIF-Hackathon Discord. Prizes and Recognition

With cash prizes approximately $70,000, participants will also have the chance to network with other decentralized identity builders and experts, participate in educational sessions, and receive public recognition.

Join Us in Shaping the Future of Decentralized Identity

This hackathon is your opportunity to innovate and build solutions that can change the world of identity as we know it. Whether you’re tackling privacy challenges, building reusable identity systems, or reimagining the future of education and workforce, the DIF Hackathon is the place to be.

Pre-register now and be part of the next wave of decentralized identity innovation!

Imagine if barcodes not only speed up your grocery checkout but also transform logistics, healthcare, and the overall efficiency of global supply chains.

In this episode, hosts Reid Jackson and Liz Sertl are joined by Rich Eicher, Director of codeREADr. With his extensive experience in barcode innovation, Rich shares insights into how modern camera-based barcode readers surpass traditional laser readers and why dedicated barcode scanning devices are preferred in specific environments.

Rich explains barcodes' critical role in various business applications, from facilitating accurate inventory management to preventing costly supply chain errors. He also elaborates on the industry's adaptation to consumer demands, the significant challenges of barcode inaccuracies and their impact on delivery services, and how advancements in AI and ChatGPT are poised to revolutionize data capture and processing across industries.

 

In this episode, you’ll learn:

The differences between laser and camera-based barcode readers commonly used in grocery stores.

The importance of barcodes in various business applications and the issues caused by barcode discrepancies in the supply chain.

The upcoming GS1 Sunrise 2027 initiative is transitioning to QR codes for enhanced data capture.

 

Jump into the Conversation:

[00:00] Introducing Next Level Supply Chain

[01:01] Who Rich Eicher is, and what he does

[03:08] The different barcodes and their significance

[10:13] All about laser reading barcodes

[13:12] The importance of using barcodes and why companies are shifting to using them more

[16:22] The problems that come along with not using barcodes

[22:16] Other trends happening outside of barcodes

[27:22] Rich’s favorite technology he is using right now

[29:51] Closing

 

Connect with GS1 US:

Our website - www.gs1us.org

GS1 US on LinkedIn

 

Connect with the guest:

Rich Eicher on LinkedIn

At the Digital Trust Hui Taumata in August, Juliana Cafik, Microsoft’s Identity Standards Architect, delivered a thought-provoking keynote on global digital identity frameworks. With over 27 years of experience, Juliana provided valuable insights into how trust frameworks enable secure, interoperable digital transactions worldwide.

What are Digital Trust Frameworks?

Trust frameworks establish rules for:

Ensuring secure digital interactions Verifying identities in both public and private sectors Applying region-specific levels of assurance for various transactions

Global Examples of Trust Frameworks

eIDAS (European Union)

Goal: Enable cross-border identity verification for 80% of EU citizens by 2030 Focus: Electronic signatures, digital wallets, and consistent identity proofing across member states.

DIACC (Canada)

Focus: Economic growth through the adoption of digital identity Approach: Public-private collaboration to ensure compliance and usability

New Zealand’s Unique Position

Juliana praised New Zealand’s approach, emphasising these key elements:

Focus on Safety: New Zealand uniquely integrates safety into its trust framework Key Framework Pillars: Identity management, privacy, security, data management, and facilitation Collaborative Potential: Strong public-private partnerships can enhance adoption

Challenges and Opportunities

Global Challenges: Trust frameworks are complex, evolving alongside technology and regulations. Opportunity for New Zealand: Learning from other countries’ implementations, New Zealand can lead in trust framework innovation.

Conclusion

Juliana encouraged New Zealand to embrace its potential by fostering collaboration across sectors to build a robust, trusted framework that supports digital identity verification and secure interactions.

The post DINZ Hui Keynote: Juliana Cafik on Digital Identity Trust Frameworks appeared first on Digital Identity New Zealand.

In today’s digital landscape, data breaches and cyber threats are rapidly evolving. At a recent conference, Marc Airo-Farulla, Regional Sales Director of Entrust, discussed the importance of identity-centric security solutions as the cornerstone for enterprise data protection. He highlighted how identity management is reshaping cybersecurity strategies and shared insights on how organisations can safeguard their data effectively.

Shifting Threat Landscape

Traditional security methods are no longer enough: Perimeter defences like firewalls fail to address evolving threats. Phishing remains a top concern: 85% of security breaches stem from phishing attacks, often exploiting employee vulnerabilities.

The Role of Identity Access Management (IAM)

Identity is now the frontline defence: Managing user access, including employees and contractors, is critical to mitigating risk. Fragmentation challenges: As more systems and technologies are introduced, IAM becomes harder to manage and protect, leading to vulnerabilities.

Zero Trust Frameworks

Adopt a zero-trust mindset: Zero trust means no user or device is trusted automatically, even within the organisation’s network. Data security first: Protecting sensitive data is key, ensuring minimal access and maintaining strict oversight of who has access to what.

Real-World Breach Examples

Marc shared a cautionary tale of an Australian e-subscription company that collapsed after a cyberattack. Within two months, the business was wiped out, emphasising the dire consequences of inadequate cybersecurity.

The Future of Security with Entrust

Investing in live identification solutions: Entrust has been at the forefront of developing future-proof security systems, like their partnerships with Onfido for live identification. Securing digital assets: Using tools like hardware security modules (HSM) can safeguard critical business data.

Best Practices for Enterprises

Educate and train employees: From C-suite executives to the newest team members, everyone needs to understand the importance of security measures. Limit data collection: Only store what is necessary, minimising the risk in case of a breach.

Identity-centric security solutions are the future of enterprise protection. By shifting the focus to identity management and implementing zero-trust frameworks, organisations can better protect their digital assets and reduce the risk of devastating breaches.

Thanks to Entrust for this insightful talk, and for supporting the Digital Trust Hui Taumata in 2024.

The post DINZ Hui Innovation Spotlight: Why Identity-Centric Security is Crucial for Enterprise Protection appeared first on Digital Identity New Zealand.

Observed annually on 16 September, International Identity Day aligns with the United Nations’ Sustainable Development Goal (SDG) 16.9, which aims to provide legal identity, including birth registration, to all people by 2030. While most of us can easily prove our identity, for millions around the world, the lack of legal identity remains a significant barrier to accessing even the most basic services.

If you’re reading this, the chances are that you have a legal identity and can prove it. But without one, life is vastly different. Without legal documentation, children may miss out on vaccinations and education, adults are unable to secure formal employment, access healthcare or welfare, vote in elections, start a business, use banking services, travel abroad, register their children’s births, or even claim inheritance or pensions. In effect, you don’t officially “exist.”

The Global Picture: Millions Left Behind

In 2021, the World Bank’s ID4D Global Dataset reported that over 850 million people worldwide had no way to prove their identity. Around 540 million of these individuals were in Africa, and half of all women in low-income countries lacked identification. Although progress has been made since then, it is difficult to determine how much progress has been achieved until the next dataset is published.

Globally, civil registration programmes are being increasingly integrated with healthcare systems to ensure children are enrolled early. National birth registration initiatives have been launched or accelerated in countries like Cameroon, Zimbabwe, Nigeria, and Papua New Guinea. This issue is not confined to low-income nations, as high-income countries, including Australia, are also making strides in streamlining identity processes. A recent pilot in New South Wales, for instance, allowed parents to register the birth of their baby across federal and state government agencies using a single account. This “tell us once” approach eliminates the need for parents to interact with multiple government agencies—reducing up to seven separate interactions.

The Challenges Closer to Home

Whilst Aotearoa New Zealand may seem far removed from these global statistics, we are not without our own identity challenges. Certain groups in our population struggle to prove who they are, including rural communities, blind and deaf citizens, former refugees, unhoused people, those who have escaped domestic abuse, and individuals recently released from prison. These groups often remain legally invisible. This raises the question: can Aotearoa help address this before 2030, or will we run out of time to meet the goal?

Take Action and Learn More

International Identity Day serves as a reminder that the right to identity is fundamental. Without it, people are denied basic human rights. For a deeper understanding of this global issue and the progress being made, we recommend listening to the ID16.9 podcast, which offers valuable insights into the state of identity inclusion around the world. The podcast is available on Spotify, Apple, Google, or at ID16.9 podcast.

As we move towards 2030, it is clear that achieving universal legal identity is not just about meeting a target set by the UN. It’s about unlocking access to opportunities, dignity, and human rights for everyone. Let’s continue to push for meaningful change, both here in Aotearoa and globally.

By Vica Papp

The post International Identity Day 2024: Why Legal Identity Matters for Everyone appeared first on Digital Identity New Zealand.

Many great use cases are served by Besu in the blockchain space. We are proud of this engagement with public Ethereum, private networks, enterprise, L2s, and more. However, the Besu code base has become a monolithic swiss-army knife. 

White label service to enable travel agencies to bring the benefits of decentralization to travel suppliers and consumers Agreements traded via Bitcoin-denominated Smart Contracts facilitated through Elastos’ BeL2 protocol  Partnership highlights opportunity for Real World Asset (RWA) to eliminate friction and inefficiencies in the travel sector

Singapore: September 24, 2024 – Elastos today announced a partnership with the Real World Asset (RWA) application (dApp), BukProtocol, to extend decentralization to the travel sector, direct in native Bitcoin.  

BukProtocol converts travel booking and other agreements into tokenized, fully transferable ‘Dynamic Assets’ which can subsequently be monitored, exchanged or traded, in the event of cancellation or itinerary change. Tokenization covers all aspects of the travel experience, from travel to accommodation but can potentially extend to other travel-related services such as hospitality, guides or local attractions.  

Through Elastos’s BeL2 protocol, the tokenization process will be completed directly in native Bitcoin, to maximize the integrity, security and liquidity of resulting Smart Contracts.  Travel is notoriously unpredictable, with itineraries, schedules and routes subject to change at the last minute often due to unforeseen incidents, the consequences of which can range from unused accommodation to multiple reimbursement claims.
Tokenization – and the transparency offered by decentralization – has the potential to mitigate much of the resulting friction faced by travelers and suppliers alike.  

To date, over 2.2 million properties have been on-boarded onto the BukProtocol system, including rooms from brands such as The Hilton Group, Marriott and Wyndham Hotels & Resorts. BukProtocol is available as a white label service for travel suppliers and agencies to better manage their bookings and inventories, which can subsequently be traded across Web2 or Web3 marketplaces. 

According to Arul Prakesh, Founder and CEO of BukProtocol, explains that the Elastos partnership is about much more than reaching new audiences for its dApp.

“While a presence within the Elastos ecosystem will certainly boost our visibility and reach, what’s really compelling is BeL2’s potential to complete the entire tokenization process directly in Bitcoin, a token that most of our audiences are familiar and comfortable with. Bitcoin denomination also maximizes the liquidity – and ‘tradability’ – of resulting assets; a crucial consideration for users,” he says. 

Elastos’s BeL2 Protocol enables the tokenization of any travel-related experience – from a journey to accommodation – based on terms defined in a Bitcoin-assured Smart Contract. Thanks to the protocol, this process can be completed without bridging, wrapping or otherwise interfering with the Bitcoin layer; this both assures the integrity of the currency and avoids network congestion and additional fees that would otherwise result.  

Jonathan Hargreaves, Elastos’ Global Head of Growth, describes the partnership as the perfect intersection between Bitcoin tokenization and Real World Assets (RWA). 

“BeL2’s unique ZK-proof process – ensuring complete interoperability while leaving the Bitcoin layer entirely untouched – means that Bitcoin’s integrity is fully leveraged throughout the tokenization process.  In practice, this means that members of the travel community can trade assets (Smart Contracts) directly with each other, completely eliminating the need for intermediaries and the inefficiencies that inevitably result.  The BUK Protocol is really demonstrating the practical – and exciting – opportunities that can emerge from decentralization; within a sector that’s characterized by unpredictability and sub-optimized inventories,” says Jonathan.

 About BukProtocol

Buk Protocol is a solution stack to create secondary markets for Dynamic Assets
We are enabling flexibility and liquidity for RWAs by allowing users buying event tickets, hotel room bookings, airline bookings and other industries which associate an expiration date to their assets and services

Discover more : https://bukprotocol.io/

About Elastos

Elastos is a public blockchain project that integrates blockchain technology with a suite of reimagined platform components to produce a modern Internet infrastructure that provides intrinsic protection for privacy and digital asset ownership. The mission is to build accessible, open-source services for the world, so developers can build an internet where individuals own and control their data.

The Elastos SmartWeb platform enables organizations to recalibrate how the Internet works for them to better control their own data.

Media Contact

Roger Darashah

roger.darashah@elastoselavation.org 

On September 18, 2024, Blockchain Commons held its second Round Table on FROST. Almost twenty expert cryptographers, designers, and developers came together to share the challenges and successes they’ve had with FROST over the last year as well as the advances of their differing approaches.

A full log of the meeting is now available, including video, rough transcript, rough summary, and PDFs of all of the presentations.

Our next FROST meeting will be a FROST Developers meeting, focused on helping wallet developers to implement FROST (and why they might want to). It’s scheduled for December 4th. Sign up for our Gordian Developers mailing list or Signal channel to receive an invite.

Thank you to HRF for supporting Blockchain Commons’ FROST work in 2024.

Dear DIF Community,

We are excited to announce the launch of the Decentralised Identity Foundation (DIF) Africa Special Interest Group (SIG). This initiative represents a significant milestone in our collective efforts to promote, advance, and support the development and adoption of decentralised identity technologies and standards across Africa.

About the DIF Africa SIG:

The DIF Africa SIG has been established to foster collaboration among African organisations, institutions, and individuals who are passionate about decentralised identity technologies. Operating under the Decentralised Identity Foundation (DIF), the SIG aims to create an open ecosystem for decentralised identity, focusing on Africa’s unique requirements and use cases.

Purpose and Scope:

The primary goals of the DIF Africa SIG include:

Promoting awareness, understanding, and education about decentralised identity within the African community. Encouraging collaboration among stakeholders to address specific issues, opportunities, and use cases relevant to the African market. Contributing to the development of decentralised identity standards with an emphasis on Africa’s needs. Advocating for the adoption of decentralised identity solutions among African enterprises, government bodies, and individuals.

The SIG will engage in various activities, including technical collaboration with other DIF working groups, outreach and education initiatives, and advocacy efforts to drive the adoption of decentralised identity technologies across the continent. We are committed to ensuring that the solutions developed are interoperable and tailored to the African ecosystem.

Membership and Leadership:

Membership in the DIF Africa SIG is open to any organisation, institution, or individual interested in supporting the mission and objectives of the SIG. We encourage broad participation from African entities and experts, regardless of DIF membership status.

We are pleased to announce the leadership of the DIF Africa SIG, with Gideon Lombard from DIDx, serving as the Chair, and Jack Scott-King, representing VERA, as the Co-Chair. Together, they will lead the group’s activities, represent the SIG within DIF, and ensure alignment with the charter.

Inaugural Meeting:

We invite you to join us for the inaugural meeting of the DIF Africa SIG on 16 October from 1:00 to 2:00 PM South African Standard Time. This meeting will be a great opportunity to discuss our goals, outline our roadmap, and explore ways to get involved.

Link: https://calendar.app.google/8QVaRaFP9U1YQ9Ms8

Meetings and Communications:

The SIG will conduct its meetings primarily through teleconferences, email lists, and online collaboration tools, holding regular sessions to discuss progress and share updates. We will adhere to the DIF Code of Conduct in all our activities.

We are eager to begin this journey and invite you to participate in the DIF Africa SIG. We look forward to your engagement and insights as we explore how best to collaborate. 

Thank you for your support and enthusiasm for advancing decentralised identity technologies in Africa!

Best regards,

The DIF Africa SIG Team.

Join us for a series of online conversations about the work of strengthening information ecosystems in these regions.

The post Join our October online event series: strengthening information ecosystems  appeared first on The Engine Room.

1. What is the mission and vision of Docusign?

Docusign’s mission is to bring agreements to life by accelerating the process of doing business and simplifying people’s lives. With its Docusign IAM platform, Docusign unleashes business-critical data that is trapped inside of documents and disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign IAM, companies can create, commit, and manage agreements easily. Focusing on the ‘commit’ capability, where identity verification is more relevant, Docusign’s extensive portfolio of identity verification solutions make it simpler for stakeholders to commit to agreements through advanced, AI-enabled identity verification solutions and multiple levels of authentication. Supporting capabilities such as Phone authentication, ID verification, biometric detection, and FINTRAC-compliant-workflows, not only can signers easily confirm their identities, but senders (i.e. businesses) can also securely capture and store the identity information provided during the agreement completion process. This ensures that all parties are who they claim to be, and agreements are enforceable.

2. Why is trustworthy digital identity critical for existing and emerging markets?

Over the last few years we’ve seen the highest volumes of fraudulent cases ever on record (Cifas, Fraudscape 2024). Therefore, it’s understandable why we’re starting to notice drastically higher levels of regulatory scrutiny, and more requirements being imposed on businesses in terms of introducing strong identity verification methods for digital interactions. This scrutiny isn’t just in mature markets, but also in emerging ones where the rapid-adoption of new technologies that’s accompanying fast-paced growth, is necessitating urgent regulatory oversight. Therefore, having trustworthy digital identity for both existing and emerging markets is essential for secure, efficient, and inclusive digital economics. For emerging-economies specifically, widely available identity verification tools that are easy to use can help promote secure, sustainable and long-term economic growth that ensures equitable access to increasingly digital services.

3. How will digital identity transform the Canadian and global economy? How does your organization address challenges associated with this transformation?

The local and international benefits of digital identities are transformative, in the sense that they can help enhance the security of increasingly digital interactions, improve the efficiency of these interactions, and also make them more accessible across various sectors. For example, the adoption of digital identities can further enhance trust in online interactions, making it easier for consumers to engage in e-commerce transactions. This will likely lead to the expansion of the digital economy in Canada, where secure and convenient online shopping experiences will become safer and, therefore, more adopted. Globally, this could drive the growth of e-commerce, particularly in developing economies where digital identities can securely bridge the gap between offline and online markets. That’s where Docusign’s portfolio of identity verification solutions comes in. Our extensive portfolio offers enhanced signer identification and authentication capabilities built into any agreement workflow, enabling organizations to transact a full range of agreements with increased trust and ease of use.

4. What role does Canada have to play as a leader in this space?

Canada has introduced a series of anti-fraud initiatives that have made a significant impact on combating various forms of fraud across the country (public awareness campaigns, industry collaboration (‘Canadian Bankers Association’s Fraud Prevention Month’), strong legislative frameworks (FINTRAC), etc.). These initiatives have made significant progress in reducing fraud, increasing awareness, and improving recovery efforts locally. By advocating for similar initiatives internationally, Canada can influence the global development of digital identity systems to ensure other countries can reap similar benefits. Through innovation, collaboration, and advocacy, Canada can help ensure that digital identity becomes a force for good in the global economy.

5. Why did your organization join the DIACC?

Focused on securing the online agreement space for everyone, Docusign joined the DIACC to help shape the future of digital identity in Canada and contribute towards developing a more secure, inclusive and beneficial digital agreement ecosystem for its Canadian customers. Being able to collaborate with like-minded industry leaders and drive innovation across the country makes DIACC membership a valuable investment for Docusign.

6. What else should we know about your organization?

Agreements are based on intention and identity: organizations need to be able to trust that signers are who they say they are. The standard practice of verifying a signer’s identity is to send a link to the signer’s email address. But agreement value, sensitivity, business risk, regulation, or legal requirements can drive the need for enhanced identification. The challenge is to deliver stronger verification, while keeping the overall experience user-friendly. That’s where Docusign Identify comes in. Identify provides a portfolio of enhanced signer identification and authentication capabilities built into the agreement workflow, enabling organizations to transact a full range of agreements with increased trust. These solutions include: * ID Verification: FINTRAC-compliant digital identity proofing of participants in agreements workflows via biometric checks such as AI-enabled liveness detection, verification of passports, driver licenses, or permanent resident cards * Phone Authentication: multi-factor authentication via text message or phone call * ID solutions for digital signatures: meet requirements for UK and EU electronic identification, authentication and trust services (eIDAS) compliant Advanced (AES) and Qualified Electronic Signatures (QES) * Network of trust service solutions: Easy access to our tightly-integrated global network of trust service providers for region-specific compliance To learn more, visit www.docusign.com/en-ca/products/identify

Join us on the latest episode of the Identity at the Center podcast as we explore the critical components of a successful IAM program. We break down the key elements required to build a solid foundation for your IAM program and set you up for success.

Watch at https://www.youtube.com/watch?v=5-kRe187AG0 or listen in your podcast app.

#iam #podcast #idac

We are delighted to announce that Paul Knowles, Head of the Advisory Council at the Human Colossus Foundation (HCF) and co-founder of the Foundation, will attend the 9th International Conference on Data Mining & Knowledge Management (DaKM 2024) in Copenhagen, Denmark, on the 21st-22nd September 2024.

DaKM 2024, September 21-22, 2024, Copenhagen, Denmark

Paper Presentation

In addition to his active role at HCF, Paul will present his paper titled "Data-Centric Design: Introducing an Informatics Domain Model and Core Data Ontology for Computational Systems."

This paper marks a significant leap forward in redefining system architectures through the Informatics Domain Model and Core Data Ontology (CDO), promoting a shift from traditional node-centric designs to a data-centric paradigm. These models enhance data security, semantic interoperability, and scalability across distributed data ecosystems with their quadrimodal domain structure: objects, events, concepts, and actions.

You can find further details and the abstract of the paper here.

Session 3 Chair

As part of his contribution to DaKM 2024, Paul has been invited to chair Session 3. The session will cover various topics, from AI-powered assistive technologies to virtual reality and intelligent community-driven platforms. It promises to explore cutting-edge solutions with potential applications in HCF's ongoing initiatives around distributed data ecosystems and AI development.

Paul will oversee discussions on the following topics during Session 3 at DaKM 2024:

Topic 1: An Immersion Sailing Experience and Simulation Feedback System for Disabled People using Artificial Intelligence and Virtual Reality – Presented by HoiNi Yeung and Ang Li, this talk will showcase a virtual reality sailing simulator designed to help individuals with disabilities practise sailing in a realistic environment using AI and VR technology.

Topic 2: An Intelligent Robot Arm used to Automate Chores to Eliminate Time Waste using Computer Vision – Presented by Yifei Zhang and Jonathan Sahagun, this presentation will cover the use of computer vision and AI to automate household tasks, improving adaptability and efficiency in daily chores.

Topic 3: Enhancing Indoor Environments through Augmented Reality and Artificial Intelligence for Personalised Plant Integration – Presented by Yingqi Wang and Marisabel Chang, discover how AR and AI are used in PlantAR to enhance indoor environments by providing personalised plant recommendations, promoting better air quality and well-being.

Topic 4: A Smart Community-Driven Tutoring Mobile Platform using Artificial Intelligence and Machine Learning – Presented by Haoyun Yang and Yu Cao, this platform leverages AI for personalised quizzes, encouraging peer-to-peer learning and technological innovation in education.

Topic 5: An Intelligent System to Help Individuals with Mobility Issues Crack Eggs using an App and a Bluetooth-Connected Mechanical Device – Presented by Alexander Xu and Jonathan Sahagun, a Bluetooth-enabled device designed to help individuals with mobility issues by automating egg-cracking using machine learning.

Topic 6: Medifact: A Reliable Mobile Application for Combating Medical Misinformation using Verified Data Sources – Presented by Annabel Shen Tu and Andrew Park, this mobile app tackles the spread of medical misinformation through verified health data and AI-driven validation processes.

Topic 7: An Intelligent Mobile Platform to Recognise and Translate Sign Language using Advanced Language Models and Machine Learning – Presented by Arlene Chang and Jonathan Sahagun, this platform translates American Sign Language (ASL) into English and vice versa, bridging communication gaps between Deaf and hearing individuals using AI.

Topic 8: A Smart Medicine Mobile Platform for Injury Diagnosis and Mental Stress Management using Artificial Intelligence and Machine Learning – Presented by Zelin Jason Hu and Garret Washburn, this mobile app provides AI-generated injury diagnoses and mental stress management solutions, improving accessibility to healthcare.

Topic 9: A Policy Report Evaluating the National Assessment Program for Literacy and Numeracy (NAPLAN) Reform in Australia – Presented by Wenya Zhang, a critical evaluation of the NAPLAN reform, focusing on its impact on students and proposing policy improvements for standardised testing in Australia.

For more details about the programme schedule, visit the Programme schedule.

If any of these topics align with your work in distributed data ecosystems or DDE-related issues, don't hesitate to contact Paul Knowles or the HCF advisory team to explore potential synergies. Email: Ac@humancolossus.org  

About Paul Knowles 

Paul Knowles is a leading figure in decentralised semantics and co-founder of the Human Colossus Foundation. He chairs the Decentralised Semantics Working Group and has over 25 years of experience in pharmaceutical biometrics, having worked with companies such as Roche, Novartis, GlaxoSmithKline, Amgen, and Pfizer. His contributions include the Overlays Capture Architecture (OCA) for semantic interoperability. He also holds advisory roles at Secours.ai and Global Privacy Rights at 0PN Governance Architecture.

About the Human Colossus Foundation 

At the Human Colossus Foundation, we envision a Dynamic Data Economy (DDE) where data is harmonised, secure, and framed by robust governance principles. Our mission is to empower businesses and individuals with the tools and frameworks they need to make better-informed decisions through real-time, accurate data. The DDE bridges existing standards while embracing new data-centric structures that respect human and jurisdictional differences.

Are you concerned about data brokers and commercial surveillance, but never heard of identity resolution platforms? This webinar is for you! This webinar provides an overview and explanation of the infrastructure that powers the worldwide web of commercial surveillance, which is a data aggregating force, powering data brokers and a lack of online anonymity. In this webinar, we look deeply at:

Identity resolution and customer data platforms, How they work, Why they’re risky, and what you can do to protect yourself.

The target audience for this webinar is for privacy professionals (lawyers, regulators, and industry) and concerned users of technology.

Geekiness Level: Medium

Open PDF

The post Webinar: The Worldwide Web of Commercial Surveillance Identity Resolution & Customer Data Platforms appeared first on Internet Safety Labs.

Blinder, Cranium, Cyware, Dell Technologies, Fr0ntierX, Harvey, HiddenLayer, Invariant Labs, Lasso Security, Legit Security, Logitech, Mozilla, Styrk AI, Thomson Reuters, TrojAI, and VE3 Join a Growing Roster of Organizations Committed to Advancing AI Security

Boston, MA – 19 September 2024 – The Coalition for Secure AI (CoSAI), an OASIS Open Project that launched on 18 July 2024, is announcing the addition of EY, Protect AI, Trend Micro, and Zscaler as its newest Premier Sponsors. These industry leaders join CoSAI’s expanding alliance of organizations, which now includes more than 30 partners dedicated to advancing the security of artificial intelligence (AI). Together, they support CoSAI’s mission to develop and share open-source methodologies, standardized frameworks, and tools for secure AI development and deployment.

CoSAI is a collaborative open-source initiative designed to give all practitioners and developers the guidance and tools they need to create Secure-by Design AI systems. Three strategic workstreams have been established within CoSAI, with plans to add more over time: software supply chain security for AI systems, preparing defenders for a changing cybersecurity landscape, and AI risk governance.

In addition to welcoming new Premier Sponsors, CoSAI is pleased to introduce its latest General Sponsors: Blinder, Cranium, Cyware, Dell Technologies, Fr0ntierX, Harvey, HiddenLayer, Invariant Labs, Lasso Security, Legit Security, Logitech, Mozilla, Styrk AI, Thomson Reuters, TrojAI, and VE3. These organizations further diversify and strengthen CoSAI’s community of stakeholders committed to advancing AI security.

“Joining CoSAI underscores the EY organization’s dedication to fostering innovation while at the same time enhancing the security and integrity of AI technologies,” said Yang Shim, EY Americas Technology Consulting Leader. “By working alongside other industry leaders, we aim to contribute to the development of robust frameworks that will empower enterprises and individuals to shape the future with confidence through the secure integration and deployment of AI,” added Kapish Vanvaria, EY Americas Risk Leader.

“At Protect AI we are on a mission to create a safer AI-powered world. As the prevalence of AI within organizations grows, so must the ability to secure it,” said Ian Swanson, CEO and Co-founder, Protect AI. “We are proud to join CoSAI as a Premier Sponsor. Through this collaboration, we aim to help shape the development of frameworks and standardized MLSecOps processes that enhance the security, safety, and trust for AI applications across industries.”

Eva Chen, CEO at Trend Micro, said, “We are dedicated to leading the charge in securing AI deployment, ensuring that security is seamlessly embedded from the ground up. Our collaboration with CoSAI reflects our commitment to pioneering efforts that not only protect organizations but also leverage AI to enhance security and uphold the trust of consumers. By bringing together industry leaders, we aspire to set new standards for the integrity and safety of AI systems, driving positive change across both the industry and broader society.”

“Zscaler is proud to join CoSAI to collaborate with industry leaders. Our collective aim is to establish best practices that ensure AI technologies are not only innovative but also trustworthy,” said Deepen Desai, Chief Security Officer, Zscaler. “This partnership will enable Zscaler to leverage the power of AI in order to deliver the most advanced security solutions for our customers. Through this collaboration, we’re striving to set a new standard for AI-driven security that prioritizes transparency, reliability, and excellence.”

These Premier and General Sponsors will join forces with CoSAI’s founding Premier Sponsors – Google, IBM, Intel, Microsoft, NVIDIA, and PayPal – and founding General Sponsors, including Amazon, Anthropic, Cisco, Chainguard, Cohere, GenLab, OpenAI, and Wiz. With the support of these industry leaders and experts, CoSAI is poised to make significant strides in establishing standardized practices that enhance AI security and build trust among stakeholders globally.

Participation 

Everyone is welcome to contribute technically as part of the CoSAI open-source community. OASIS welcomes additional sponsorship support from companies involved in this space. Contact join@oasis-open.org for more information.  

Support for CoSAI 

Blinder:
“AI is the most transformative technology of our generation. As attorneys and corporate legal departments adopt AI, data and IP security are at the forefront of their priorities. Blinder is proud to join CoSAI and further the mission of accelerating secure AI development. The open source OASIS model aligns with our focus on fair use IP, and democratizing AI security.”
— Nils Tracy, CEO & Founder, Blinder

Cranium:
“Cranium is proud to join CoSAI to advance AI security. As the leading enterprise AI security and trust software firm, we believe that by sharing our insights and best practices with other industry leaders we can collectively and securely develop and deploy AI. Only through collaboration can we truly strengthen AI security to build trust in each organization’s and third-party AI.”
— Felix Knoll, COO & CRO, Cranium AI, Inc.

Cyware:
“AI is transforming cybersecurity, enabling speed and scale at unprecedented levels. However, the opportunity AI presents is only matched by the risk it introduces. We are committed to developing secure, ethical AI to not only protect our systems but also to build trust with our clients and the broader community. Joining CoSAI was a natural decision, aligned with our mission to drive innovation while ensuring that safety and integrity are at the core of everything we do.”
— Sachin Jade, Cyware Head of Product

Dell Technologies:
“We share an unwavering commitment to collaboration and innovation within the AI ecosystem which includes empowering organizations globally to adopt AI safely and securely. By working alongside industry leaders in the Coalition, we aim to help establish necessary industry standards and contribute to the development of secure open-source solutions.”
— John Roese, Global Chief Technology Officer and Chief AI Officer, Dell Technologies

Fr0ntierX:
“AI is reshaping the world, and security must evolve with it. By joining the incredible lineup at CoSAI, we’re excited to be part of a global effort to ensure AI continues to push boundaries safely and responsibly. We look forward to driving innovation in AI and building systems people can rely on every day without compromising their security.”
— Jonathan Begg, CEO, Fr0ntierX

Harvey:
“Trust is the most important factor to the future success of AI. From Day 1, Harvey has built its platform with the highest security standards to become a reliable AI partner for its high-performing legal clients. We are thrilled to join CoSAI to share our experience and contribute to AI security standards for everyone.”
— Winston Weinberg, CEO and Co-Founder, Harvey

HiddenLayer:
“AI has never been easier to develop, use, and implement within organizations. As deployment continues to surge, so does the need to adopt common security standards and best practices in AI security. HiddenLayer is proud to join the CoSAI in our shared mission to support the widespread adoption of AI security principles.”
— Malcolm Harkins, Chief Security & Trust Officer, HiddenLayer

Invariant Labs:
“As AI systems and agents rapidly become integral parts of any organization, addressing their security and reliability is one of the key challenges blocking wider adoption. At Invariant Labs, we are proud contributors to open-source AI security, and we are excited to join the CosAI ecosystem and democratize secure AI together.”
— Mislav Balunovic, Co-Founder and CTO, Invariant Labs

Lasso Security:
“LLM and GenAI technologies are now non-negotiable assets for businesses striving to maintain a competitive advantage. However, as GenAI deployment accelerates, organizations must prioritize security standards and best practices to ensure safe and responsible use. At Lasso Security, we are proud to lead the way in securing GenAI deployments and to join CoSAI in our shared goal of protecting organizations from existing and emerging threats.”
— Elad Schulman, CEO & Co-Founder, Lasso Security

Legit Security:
“As AI grows more integral to how we build and deploy software, ensuring the security and integrity of AI systems throughout the software development lifecycle is more urgent than ever. Legit Security is proud to join CoSAI in advancing the security standards for AI systems and infrastructure, enabling organizations to innovate with confidence, safeguarded against emerging AI threats. Together, we will drive forward a secure future for AI in software development.”
— Liav Caspi, Co-Founder and CTO, Legit Security

Logitech:
“Logitech is proud to join CoSAI in its mission to enhance AI security. As a leader in developing human-centric technologies, we recognize the importance of ensuring that AI is developed and deployed responsibly. We are committed to collaborating with CoSAI and industry partners to create a safer and more secure AI ecosystem.”
— Nabil Hamzi, Head of Product Security, Logitech

Mozilla:
“Mozilla has contributed for decades in security and privacy and that is evident within the standards and protocols that we all use today. We’re proud to support OASIS and CoSAI’s mission in making AI safe and secure. We can’t wait to collaborate in building new and innovative technologies in making AI trustworthy in an open and transparent way.”
— Saoud Khalifah, Director from Mozilla

Styrk AI:
“The partnership with CoSAI allows Styrk to further its mission of enabling safe and secure usage of AI for all. CoSAI’s community focused efforts both in standardization and research in the critical area of AI security fills a very timely need and Styrk will now be able to leverage the platform to contribute back to the community while democratizing AI adoption.”
— Vilayannur Sitaraman, CTO of Styrk AI

TrojAI: 
“TrojAI is committed to developing comprehensive security solutions to safeguard AI applications and models from evolving threats. We are thrilled to join CoSAI in their mission of advancing the security and trustworthiness of AI systems to ensure the responsible and secure deployment of AI. Together, we will set new standards for AI integrity and security.”
— Lee Weiner, CEO, TrojAI

VE3:
“VE3 is proud to support CoSAI’s mission to establish a global framework for AI safety and security. As a pioneer in AI development, we recognize the paramount importance of advanced AI security and governance. Joining CoSAI represents our commitment to advancing security in AI development and implementation.”
— Manish Garg, Managing Director, VE3

About CoSAI:

CoSAI is an open ecosystem of AI and security experts from industry-leading organizations dedicated to sharing best practices for secure AI deployment and collaborating on AI security research and product development. CoSAI operates under OASIS Open, the international standards and open source consortium.

Media inquiries: communications@oasis-open.org

The post OASIS Coalition for Secure AI Welcomes EY, Protect AI, Trend Micro, and Zscaler as Newest Premier Sponsors appeared first on OASIS Open.

We’ve got another sponsor spotlight episode of the identity at the center podcast for you this week. We talked to Marta Nappo of Panini about their role in the identity verification space and how they are addressing that need for their customers. You can learn more by watching the episode at https://www.youtube.com/watch?v=Ekak4H6ccss or listening in your podcast app. Learn more about Panini at panini.com

#iam #podcast #idac

Development vs Engagement in a Collaborative Setting

Our new Mozilla Foundation-funded Friends of the Earth ‘Green Screen’ project has the express aim of developing a set of AI principles that the climate movement can use. The project involves desk research and a gathering of experts to influence and contribute to these principles, creating a co-designed starter for ten that others can build upon. We will then take what we’ve learned to report for the Friends of the Earth policy site.

Part of this involves setting up an online roundtable to gather insights from a diverse range of experts. In our project kickoff call last week, we realised that clarifying the ambitions and aims of such an event is something we do instinctively.

We’re big fans of community calls, but the roundtable we will be putting together is something slightly different. In this post, we’re going to give you a few things to think about when you’re gathering people together to co-design a policy or set of best practices — or when you’re more on the development side of the continuum.

cc-by-nd Bryan Mathers for WAO The Development-Engagement continuum

First off, there’s tons of value in getting people together and working collaboratively towards something. There is also a lot of nuance in such an endeavour, so it’s best to understand what your long term goal for the project might be. We like to determine where on a continuum between ’development’ and ’engagement’ a particular project might sit.

Development is the side of the continuum that focuses on the final output of the project. This could be, for example, a report, article, or set of recommendations. Engagement, on the other hand, can serve as a launchpad for building community. While there may be outputs along the way, the main goal is to find and engage with people who are interested in a particular topic. As it happens, we’ve written extensively about how to build a community of practice in this short (and free!) resource.

If you’re mostly focusing on development, as we are with our Friends of the Earth (FoE) roundtable, you will need a different kind of preparation and facilitation than if you’re focused on a longer term community- building initiative.

Of course, many projects have an eye on both the short term and the longer term, and so are looking to do development and engagement. However, it’s important to understand that community building requires designated moderation, facilitation and a place to interact. If there is no one to actively manage and engage the community, it can become stagnant!

Co-designing for Development

It’s important to note that every collaborative effort does not need to lead to a fully fledged community. For example, with our FoE Green Screen project, the focus is very much on the set of principles that other organisations can build upon.

If you find yourself looking to engage a group of people around a particular project, like policy development or a set of principles, you should have a think about how your co-design event fits into the “project management triangle”.

Let’s take each point in turn.

PM triangle cc-by Laura Hilliger for WAO 1. Funding

How much funding is available for the co-design piece of your project? Can you afford to pay people to participate?

If you can pay people for their input, you absolutely should. Even a small portion of your overall budget can work, offering people a one-time fee or goodwill payment shows them that you value their contribution. However, we know that sometimes remuneration is not possible.

If there isn’t enough funding to pay people for their time, make sure you plan to spotlight their contribution in other ways. You can issue badges to contributors, ensure all contributors are named in final outputs and publicly thank people when you share the final outputs.

cc-by-nd Bryan Mathers for WAO 2. Scope

Based on the funding available, what is the scope of the collaboration? How can you ensure that you are building collaboratively?

Will you host a single event? You might also have three events or five of them. You might set a six month timeline for your project. Be clear about what you’re asking of people as you are asking them to participate. Are you inviting them to the first of a series of events or a singular event? Is there prep work or ‘homework’ involved? How will their contributions be attributed?

Together with other contributors, you’ll need to establish procedures to receive feedback and inputs, as well as how you will process them to create iterations. As always, documentation goes a long way and writing openly about the scope and decisions made along the way will help contributors understand the plan.

3. Time

How much time and effort can you ethically ask others to put in? How much time are you putting in?

Depending on your budget, you’ll need to figure out how much time you need to complete your policy, principles, best practices or whatever the output actually is. You’ll also want to think about how much time you require from the people you’d like to invite.

If you are looking for open contributions to your project, it’s best to try to minimise the amount of time other people will need to participate. Help contributors give good insight quickly by asking specific questions and giving people the opportunity to give feedback via email or a voice text.

Bringing things together

The three sides of the project management triangle play together to shape your co-design event. Depending on your parameters, it might make sense to do some of the development work on your own and then ask for input and feedback. Alternatively, you might want to get everyone involved from the beginning and co-design the entire project through a series of events. Be adaptable and flexible as you begin to work with others and refer back to the 5 principles of open to remind yourself of what it means to work openly.

Knowing where you sit on the ‘development/engagement’ continuum and mapping out your funding, scope and time will help you plan a codesign event that leads to great outputs and strengthened relationships.

Need help figuring out how to design your co-design initiative? Get in touch!

How to build a co-design event was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

Nick Lambert, CEO of Dock, has been a driving force in the digital identity space for over a decade, consistently working towards empowering individuals with control over their personal data. His decentralized identity journey began at MaidSafe, where as COO he spearheaded the SAFE Network, an ambitious project aimed at creating an autonomous data network that prioritizes user privacy and data sovereignty. At Dock, Nick continues his mission to revolutionize digital identity, focusing on solutions that streamline processes and reduce friction for both individuals and organizations.

Nick joined us to share his insights on the evolving landscape of decentralized identity. He discusses the recently announced blockchain merger with Cheqd, Dock's unique approach in the market, and key sectors for growth in the coming years. Nick emphasizes that the collaborative approach in decentralized identity, with shared standards and toolsets, accelerates innovation towards user empowerment, with industry players "all pointed in roughly the same direction." 

Your journey from MaidSafe to founding Dock reflects a long-standing interest in digital identity and personal data control. How did these experiences shape your vision for Dock?

It started back around 2012. I was a technology marketer and wasn't very familiar with decentralized technology. We were a startup looking to decentralize web services: enabling users to store their own data and provide it back to social media networks or other service providers. This introduced me to relevant decentralized technology, and also the blockchain and cryptocurrency industry.

It made me realize how important it is that we control our own data, whether that's documents we store, music, or academic files, and to be able to control it on our own device. You also don't want companies removing your access to it, which they can do and have done, even by mistake. 

When I left MaidSafe and saw Dock, it made sense that the most important type of data you have is your identity data. Identity takes many forms, but it seemed like a critical area with work still to be done. Dock was an opportunity to take a narrower view (than MaidSafe) and ensure we could provide people with the ability to control their own identity. And for the last twelve years, that's what's really got me out of bed in the morning.

Your path perfectly captures how long-term builders and leaders in the space become focused on giving people control over their identity data. Can you elaborate on that?

Absolutely. It's such a big problem, but what's encouraging about the identity space is that it's a more focused challenge compared to something like decentralized storage. With identity, there's a much larger group of people working on the problem with, for the most part, an agreed-upon set of tools and standards. It's almost like a movement of companies and organizations solving it together.

We might have minor disagreements about implementation details, but we're all pointed in roughly the same direction. That's what makes it feel solvable. We're not all trying to work in isolation - we're collaborating, building on each other's work, and moving towards a common goal.

This approach is crucial because giving people control over their identity data is too big and important a problem for any one company to solve alone. By working together, sharing standards, and building interoperable tools, we're making real progress. 

How does Dock's approach to verifiable credentials and digital identity differ from other solutions in the market?

We have a big focus on the business aspect. It's easy to fall in love with the technology, but it's the problems it solves that ensure technology is adopted and builders can make their solutions operate effectively as a business. We focus on tools that can enable business models.

An essential part is an online trust registry. Just because something's in a system or blockchain doesn't mean it's true. You need a linkage between real-world verification of a company or individual and their representation within a system. Trust registries (and the appropriate business partners) provide this, and having them programmatically exist inside your system is key.

Once you have that, it enables businesses to think about how they wish to monetize the credentials. This is important because it's very hard to get businesses to change unless you can point them to a specific business model. We're enabling credential issuers to turn what today is a cost center into a revenue source. When you combine that with our ecosystem enablement and the rest of our stack, it makes us differentiated in the market.

You've been at the forefront of communicating the business value of decentralized identity, including popularizing the term "reusable identity." Tell us your perspective on the evolution of narrative over time.

At the start, many focus their communications on the tooling -- that it's decentralized, uses certain types of cryptography, etc. You put that all over your website, thinking people will care. But the only people who care are others building those solutions.

The companies that will use and pay for these solutions are looking for solutions to problems. They don't care whether it's decentralized or what type of cryptography you're using - they just want a problem fixed.

We've made a conscious effort with our communications to focus more on the benefits we can provide. We try to understand the specific problem a group of prospects and customers are having and how we can fix it. Then we build the narrative around that. This has been the biggest shift we've had, and we're starting to see some success from it.

When discussing decentralized identity with investors, what aspects do you focus on to convey its potential value? 

Investors are typically looking for returns within a defined time period. They're looking for things like size of opportunity and potential market growth. They also want to see something that doesn't completely disrupt existing businesses. Evolutionary changes that complement existing businesses in a relatively easy-to-integrate way are often more interesting to investors.

We also talk about market drivers pushing adoption, like eIDAS regulations, mobile driver's license initiatives in the US, World Bank investments in digital identity, LinkedIn's use of Microsoft Entra ID for credentials, and Google's recent release of the Credentials API. These developments indicate the level of adoption we're likely to see, which excites investors.

What are some common questions or misconceptions about decentralized identity that you encounter, and how do you address them?

One common misconception is that identity only refers to government-backed identity, like a driver's license. In reality, we're talking about identity in a much broader sense. It can be anything from a website's understanding of who you are to your access to their system. Fundamentally, it's about control over your data.

Another misconception about decentralized identity is that every single aspect of it must be decentralized. What we're really talking about is the decentralized consumption of data - the presentation and verification. This typically happens in a wallet where the individual has control. They're presenting a credential given to them by a third party to another entity, who can verify it without knowing who they're verifying or what they're verifying. That's the important part of decentralization. Of course, you'll still have centralized entities issuing those credentials.

The recent merger between Dock and cheqd is significant news. What was the vision behind this decision?

Keep in mind it's a blockchain merge rather than a full company merger; the legal entities are remaining separate. We're migrating all of our chain-related elements (like revocation registries, DIDs, testnets) over to Cheqd.

The vision behind this is to allow Dock to focus on what differentiates us in the market: our issuing and verification platform, API, and our various platform features. Not all of these innovations take place at the blockchain layer but above it. As a small team, managing the entire stack was becoming a challenge.

We feel our strengths lie in the areas above the chain, and Cheqd is highly competent in the blockchain area. This allows us to focus on what really interests us and where we think we can make the most difference for our customers.

Additionally, being part of the Cheqd ecosystem with other great projects feels like a big step towards interoperability with a number of other providers. This addresses a concern I had about Dock potentially isolating itself on its own chain.

Your partnership with the University of Arkansas involves anonymous cyber incident reporting. How does this project demonstrate the capabilities of verifiable credentials?

The University of Arkansas, Little Rock is involved with some Department of Defense and energy-related projects. They're building what they call ET-ISAC (Emerging Threat Information Sharing and Analysis Center). They needed a way for people to report things anonymously, like a whistleblowing service, without fear of reprisal.

Using Dock's technology, they've created a system where someone can become a member and use that membership credential to access the reporting tool in a way where the system knows they're a member but doesn't know who they are. This is achieved using zero-knowledge proof technology.

A member of ET-ISAC receives a credential, which they can use to create a QR code in a wallet on their phone. They can then scan that QR code to gain access to the site and report an incident anonymously.

It's a unique use case that demonstrates the versatility of verifiable credentials and zero-knowledge proofs in solving real-world problems.

What use cases for decentralized identity have you found to be particularly impactful or promising?

Our current focus is on KYC (Know Your Customer) and biometrics companies. We see this as a market that's ready for innovation, especially with regulations like eIDAS 2.0 and mDL coming into play. We can make their verification checks portable, which is what reusable KYC is all about.

There's a good value transfer throughout the KYC process:

Companies can make their verifications portable and generate new revenue streams. Individuals get more control over their data and can short-circuit painful onboarding processes. Relying parties (verifiers) don't have to start from scratch and can benefit from previous verification checks.

Beyond that, I'm excited about Customer Identity Access Management (CIAM). Many large corporations, especially in the US, have different divisions that often act as separate entities. Regulations sometimes prevent them from sharing information about individuals across these divisions. This leads to tremendous pain for both the company and the individual.

Imagine if they could give individuals control over their information, allowing them to consent and decide what they want to release to another business unit within the same corporation. This could solve many problems for large companies and enable individuals to manage their own information seamlessly.

The challenge with CIAM is that it's a slow-moving, risk-averse industry. They're just getting used to passkeys, so introducing verifiable credentials and different applications for managing those credentials might take some time. However, the potential is enormous, and I'm excited to see what happens in the next year or two.

The post Sertifier Joins Velocity Network Trust Framework   appeared first on Velocity.

We're happy to share progress in the DID Method Standardization initiative. This effort aims to drive Decentralized Identifier (DID) adoption through standardization maturity and ecosystem engagement. Here's what's new:

DIF Working Group Kickoff Meeting

DIF's kickoff meeting for the DID Method Standardization working group is happening this Friday:

📅 20 September
🕘 9:00am PT / 12:00 pm ET / 18:00 CET
🔗 Add to calendar

This meeting will set the stage for our ongoing efforts. The recurring meeting schedule will be set based on participant feedback.

Coordination Hub Launched

We've created a neutral coordination hub to facilitate collaboration and information sharing:

https://github.com/did-method-standardization

This hub will serve as the go-to resource for all things related to DID Method standardization. Here you can:

Join the Discussion: Engage with the community, share your thoughts, and contribute to the conversation in our GitHub Discussions Hear the Latest Announcements: Learn about activities and upcoming events Read our Mission & Goals: Get acquainted with our objectives and the vision driving this initiative. Read our Mission & Goals.

We're just getting started, so check back for updates.

In case you're not familiar with GitHub: Note the coordination hub uses GitHub. Create a GitHub account and then "follow" the did-method-standardization GitHub organization (detailed instructions)

W3C TPAC Discussion

The DID Method Standardization initiative will be a topic of discussion at the upcoming W3C Technical Plenary / Advisory Committee (TPAC) meetings. This presents an excellent opportunity to align our efforts with the broader web standards community.

Action Items for the Community Attend the First Meeting: Join us this Friday to help shape the future of DID Methods. Add the event to your calendar and come prepared with your ideas and questions. Explore the Coordination Hub: Visit our GitHub organization, read through the Mission & Goals, and familiarize yourself with our objectives. Participate in Discussions: Engage with the community in our GitHub Discussions area. Share your perspectives, ask questions, and collaborate with others passionate about DIDs. Spread the Word: Help us expand our community by sharing this update with colleagues and on social media. The more diverse voices we have, the stronger our effort will be.

Your input shapes the future of interoperable DID Methods, enabling secure digital interactions based on a foundation of trust.

Stay tuned, and we look forward to seeing you at our first meeting!

Editors

Husnan Bajwa, Beyond Identity
Josh Cigna, Yubico
Jing Gu, Beyond Identity

Abstract

For enterprises that have implemented a second factor, such as SMS OTP, to mitigate the risk of credential stuffing, this paper will provide guidance on displacing passwords + OTP with passkeys.

Audience

This white paper is intended for ISRM and IT staff tasked with deploying and maintaining multi-factor authentication (MFA) sign-in processes.

1. Introduction

Many enterprises aiming to secure their workforces have deployed SMS and application-based one-time passcodes (OTPs) as an additional factor of authentication to passwords. This whitepaper is aimed at these organizations that are now considering a move to FIDO authentication with passkeys. While this whitepaper focuses on OTPs specifically, the discussion and recommendations can be generalized to any system using phishable second factors including application-based OTP and push notifications.

This whitepaper compares OTPs as an additional authentication factor to passwords and passkeys in terms of security, user experience and ease of deployment. And it provides general guidance about migrating from OTPs to passkeys in order to improve user experience while strengthening the organization’s overall security posture. The guidance within this paper will cover key steps for moving towards passkeys, including planning, use case identification and documentation, pilot considerations, as well as deployment and training guidance. This document targets low-assurance use cases, including internal authentication, external authentication and third party and B2B authentication strategies. Given that organizations typically implement OTPs as the second factor to passwords, for this document all references to OTPs should be assumed as being used as a second factor to passwords.

This document will not cover specific vendor technologies or implementations. For guidance on moderate or high assurance use cases please refer to additional whitepapers published by the FIDO Alliance [1]. As this document is a part of a series of whitepapers, it is recommended that the reader start with the introductory document [2].

download the white paper 2. OTP MFA vs Passkeys: Why Choose Passkeys

Passkeys offer several benefits to security, user experience, and ease of deployment when compared to OTPs.

2.1 Security

OTP-based MFA has been widely adopted to mitigate the risk of credential stuffing and reuse. SMS and authenticator application-based OTP are the most commonly deployed solutions due to their relative low-cost and ease of deployment across a broad set of users and use cases. The relative simplicity of this type of MFA, however, leaves it vulnerable to social engineering and many MFA bypass toolkits, because no bidirectional communication exists between the secrets generator and the validating identity provider (IDP), meaning that an OTP can be intercepted and used by a third party without the knowledge of the end user or IDP.

Additionally, OTP-based MFA requires trust in a device that an organization may not manage nor have visibility into its security posture. This means that organizations are relying on end-users to maintain the security of their own device and their ability to discern phishing attempts. While user training can help to address some of these attacks, historic guidance like checking for secure connections and familiar URLs, still relies on an ever-vigilant user base.

Passkeys provide phishing-resistant, replay-resistant sign-ins that reduce the cognitive load on users and strengthen organizations’ overall security posture. This is achieved because passkeys implement a cryptographic challenge-response protocol scoped to the relying party’s domain. The authenticators then rely on secure behaviors, like biometric proofs or PINS to unlock the credentials on the authenticator while retaining a user-friendly experience. With passkeys, an organization can have a strong first-factor of authentication for passwordless scenarios OR a strong second factor for traditional MFA workflows.

2.2 User Experience

Passkeys improve the user experience over passwords and OTPs in several ways, including: Passkeys work even when there is poor cell coverage whereas SMS OTPs require mobile network connectivity. For example, a user can have wireless access on an airplane but are not permitted to use SMS. In this instance, the SMS OTP cannot be delivered whereas passkeys can be used to authenticate. AutoFill UI enables seamless integration within browsers on mobile devices and on desktops. Up to four times faster login, no need to wait for code delivery [3] Protection against mis-keyed passwords and codes Passkeys build on common behaviors for authentication like biometric proofs (face or fingerprint).

2.3 Ease of Deployment

For some micro, small, and medium sized businesses without large, dedicated support staff, end-user deployment of dedicated
authentication hardware tokens can create roadblocks. This includes both OTP hardware tokens or FIDO security Keys. Historically, the ease of deployment of SMS/App based OTPs made them a more favorable option. Procurement, logistics, and configuration are a constant battle fought by operations and IT teams. With updates to the FIDO2 ecosystem to expand the authenticator landscape, this problem is alleviated and allows the use of many different devices as passkey stores.

All of this comes together to mean that the deployment of passkeys is much easier and less costly compared to SMS OTP for a few reasons: There is no SMS integration required. Enterprises will not need to configure or maintain interfaces with mobile carriers or third-party SMS vendors which reduces deployment complexity. Enterprises will not have to pay per-transaction fees associated with SMS OTP therefore reducing the total cost of ownership for authentication. FIDO authentication uses passkeys. Passkeys are simple to implement across a range of devices and applications. SMS OTP rely on carrier-specific APIs or third-party vendor APIs that are not standardized which increases risk of vendor lock-in and lack of interoperability. No time-synchronization is needed. Passkeys avoid the time-synchronization requirements of SMS time-bound OTPs (TOTPs). Codes don’t need to be entered within a short time window, and deliverability issues with SMS do not result in login failures.

FIDO authentication with passkeys has been embraced by operating system (OS) and browser providers. This existing OS support from most major vendors means that, in most cases, existing hardware in the enterprise, such as laptops, phones, and tables, can be leveraged to deploy FIDO with passkeys without costly updates and replacements.

In some cases, enterprises use shared, single user devices such as iPads. For these use cases, a passkey stored in the integrated platform authenticator may not be appropriate, since any user of the device has access to the credential. In these cases, organizations should use roaming authenticators (hardware security keys) to generate and store passkeys for use on the shared device. This offers the same ease of use and convenience. Keep in mind, there may be an additional cost to purchase and manage these hardware keys for users. In many cases using hardware keys there may be a need to issue users a second hardware key as a backup to reduce the risk of the user being locked out of their account(s).

3. Deployment Strategy for Migration from OTP to Passkeys

3.1 Identifying the Deployment Model

Planning for a successful passkey deployment requires organizations to consider the needs of the user and the computing devices they use in their role to maximize the utility of passkeys for staff. At a minimum, organizations should consider the following questions when planning a passkey deployment in order to make passkeys accessible to the broadest audience possible:

What kind of computing devices are used? Are your users working on laptops or desktop computers? Mobile devices? Tablets? Are the devices single user devices or multi-user (e.g., shared) devices? Are the devices provisioned by the company or are users using their own personal devices at work? Are there limitations on using USB ports, Bluetooth, or NFC? Are there limitations on access to the internet? Are your users commonly wearing gloves or masks which limit the use of on-device biometrics?

Based on the answers to the previous questions, organizations can choose one of a few types of authenticators to store user’s passkeys. The flexibility of passkeys means that organizations can mix and match as their security posture and UX needs dictate. Other documents in this series go into more detail on each type of authenticator.

3.2 Deployment Testing

After determining the deployment model and deploying a FIDO server with applications integrated, it is recommended that organizations use pilot groups to test registration, authentication, and recovery processes (see below) with users. Then use the feedback from the pilot to improve processes and address issues raised by the pilot population before embarking on a broad rollout of passkeys.

3.3 User Experience

3.3.1 Registration

Enterprises should implement a reliable registration process to ensure that users are correctly and securely associated with their passkeys, as stated in earlier FIDO whitepapers. The registration experience is critical to consider because it is a user’s first interaction with passkeys. Here are a few elements to consider when it comes to designing the registration experience:

Identity Proofing – Physically or remotely having the user prove their identity at the start of the registration process is recommended to ensure a strong, abuse resistant process. This may involve SMS OTP for the final time. Self-service registration – Users use their existing credentials to bootstrap a new passkey. Supervised registration – work with IT/helpdesk for registration. This reduces the risk associated with self-service models that are vulnerable to phishing the original creds. Pre-provisioned credentials – high effort, high assurance, but a mechanism is needed to get the credential into the user’s hands. Remote users – self-service or pre-provisioned, but a mechanism is needed to provide the PIN to the user to unlock the device the first time.

3.3.2 Sign-In

The first step in designing a FIDO deployment with passkeys is to understand the user base, common work paradigms, and available devices – phones, tablets, laptops, desktops. This step is critical because enabling user-friendly workflows that work with the user’s existing devices is core to developing a successful rollout.

Common users’ environments and equivalent suggestions include:

Environments with users who primarily operate on mobile devices or tablets – Look into built-in unlock capabilities. Mixed device environments or environments that rely on a variety of SaaS tools – Leverage SSO provided by IDP or build flexible login workflows. Shared accounts – FIDO RPs can be configured to allow for more than one credential to be associated with a login. Investigate
cross device hybrid authentication or roaming authenticators.

3.3.3 Recovery

Any authentication process is only as strong as its weakest point, which is why recovery processes have often been abused by attackers to compromise systems. Synced passkeys are durable credentials that can survive device loss and unintentional wiping by restoring from a passkey provider and reduce the need to perform account recovery to establish new credentials for the user. With passkeys, users are expected to lose their credentials less frequently. However, there may be cases where passkeys, or access to the passkeys, is lost, thus requiring account recovery.

For passkey implementations utilizing device-bound passkeys that cannot be backed up or recovered, account recovery should be performed using the backup authentication method, such as using a backup authenticator, to bootstrap enrollment of a new authenticator. In the event that a backup authentication mechanism is not available, organizations must provide alternative pathways to recovery. Organizations should take a risk-based approach to designing and implementing account recovery systems. The specific implementation details will vary widely depending upon organizational requirements. In general, recovery mechanisms should never depend on weaker factors than the credential that the user is trying to recover. In the case where passkeys need to be re-registered, organizations should design mechanisms, either automated or manual, to prevent the use of passkeys no longer registered to that user.

For passkey implementations where synchronized passkeys are used, be sure to document the bootstrapping/enrolment process for new devices as well as building a risk averse process (including identity proofing) for full provider account recovery or replacement. While these catastrophic events should be low, it may still be necessary to have users go through this process. Knowing the proper process ahead of time will insulate organizations against manipulations and stop work events.

For additional considerations around account recovery, please see the FIDO Alliance’s Recommended Account Recovery Practices for FIDO Relying Parties. [5]

3.4 Admin Considerations:

Monitoring of implementation and adoption metrics are critical to ensuring the success of the deployment and ensuring that the security benefits of FIDO authentication with passkeys is realized. Below are recommendations for metrics and processes that are indicative of the success of enterprise passkey migrations.

3.4.1 Monitoring and Visibility into Utilization

Admins are strongly encouraged to use groups or other segmentation structures to allow graceful transition of subsets of users and applications to passkeys. Pilot populations should be carefully constructed and should be composed of a variety of end user types and levels in the organization. Monitoring the usage of items below, both before and after the migration, will provide critical insights into the effectiveness of the program and guide important adjustments.

Device enrollment: How long did it take the user to enroll their first device? Security events: Where was the device at time of onboarding? What, if any, identity proofing approaches were used to ensure that the correct user was onboarded? If manager, IT support, or peer approval workflows were used, who provided attestation? Are there any time of day or device location anomalies that did not previously exist? User authentication: Was the user able to successfully authenticate? Are there any observable changes in their daily authentication patterns that would suggest problems or added friction? Does analysis of day-of-week and time-of-day suggest any issues? Key management: Are keys being used as expected and only from known devices? Some authenticators support device attestation which provides key provenance and assurance of the identity of the authenticator. If the source of the passkey is an important security control for your implementation, be sure to verify if your chosen authenticator solution supports this kind of attestation. How many keys are associated with an individual’s account? Normal guidance would be to expect the number of passkeys associated with a user’s account to be close to the number of devices that a user leverages. For example, if your users use Android phones & Windows laptops then you should expect to see two to three passkeys associated with a users’ account, one stored on each platform authenticator, and possibly one backup from a security key. In this scenario if an account had five to six passkeys registered, then it would be time to investigate and potentially remove excessive keys. Every organization’s definition of excessive may vary, and should be defined based on observations from their environment. Additionally, depending on your deployment, consider the number of applications that you have enabled for passkey authentication. If you deployed passkeys as credentials for an SSO integration, your users may only have one passkey per device. If you deployed passkeys on an application-specific basis, there may be one passkey per device per application. Organizations are recommended to monitor the number of keys associated with each user and use this data as context for informing passkey management. Whose keys are associated with administrative/service/break-glass accounts? In the same way that it is best practice to segregate administrative access from normal user access, generating a separate set of passkeys for administrative accounts is also recommended. If they are shared, be sure to include rotation, monitoring, and good cleanup practices. How will passkeys be removed?If an employee leaves the company or moves into a different role, their accounts should be disabled, deleted, or access should be evaluated and vetted. In situations where this is not reasonable due to legal requirements, passkeys should be promptly removed to prevent unauthorized account access as part of the disablement process. Similarly, if a user reports a device missing or stolen, any passkeys associated with those devices should also be removed. Compatibility assurance: Do any combinations of applications and endpoint platforms show unusual changes or decline in authentication events? Are all invocation methods for passkey authentication continuously functioning, including after upgrades? Next Steps: Get Started Today Enterprise organizations should consider migrating to FIDO authentication where possible. Use FIDO standards. Think about what your relying parties are supporting as well as your own enterprise security requirements. Passkeys are far more secure than traditional OTP mechanisms. Passkeys are far more secure than passwords. Look for the passkey icon on websites and applications that support passkeys.

For more information about passkeys, check out the FIDO Alliance passkeys resource page [6] and the FIDO Alliance knowledge base [7].

5. Acknowledgments

The authors acknowledge the following people (in alphabetic order) for their valuable feedback and comments:

Dean H. Saxe, Amazon Web Services, Co-Chair FIDO Enterprise Deployment Working Group John Fontana, Yubico, Co-Chair FIDO Enterprise Deployment Working Group FIDO Enterprise Deployment Working Group Members Dirk Balfanz, Google Jerome Becquart, Axiad Vittorio Bertocci, Okta Greg Brown, Axiad Tim Cappalli, Microsoft Matthew Estes, Amazon Web Services Rew Islam, Dashlane Jeff Kraemer, Axiad Karen Larson, Axiad Sean Miller, RSA Tom Sheffield, Target Corporation Johannes Stockmann, Okta Shane Weeden, IBM Monty Wiseman, Beyond Identity Khaled Zaky, Amazon Web Services 6. Glossary of Terms

Please consult the FIDO Technical Glossary for definitions of these terms.

7. References

[1] FIDO Alliance Enterprise Deployment Whitepapers – https://fidoalliance.org/fido-in-the-enterprise/
[2] FIDO Alliance Enterprise Deployment Introduction Whitepaper –
https://media.fidoalliance.org/wp-content/uploads/2023/06/June-26-FIDO-EDWG-Spring-2023_Paper-1_Introduction-FINAL.docx.pdf
[3] Forrester Report of Total Economic Impact of YubiKeys –
https://resources.yubico.com/53ZDUYE6/at/6r45gck4rfvbrspjxwrmcsr/Forrester_Report_Total_Economic_Impact_of_Yubico_YubiKeys.pdf?format=pdf
[4] High Assurance Enterprise FIDO Authentication –
https://media.fidoalliance.org/wp-content/uploads/2023/06/FIDO-EDWG-Spring-2023_Paper-5_High-Assurance-Enterprise-FINAL5.docx-1.pdf
[5] Recommended Account Recovery Practices for FIDO Relying Parties –
https://media.fidoalliance.org/wp-content/uploads/2019/02/FIDO_Account_Recovery_Best_Practices-1.pdf
[6] Passkeys (Passkey Authentication) – https://fidoalliance.org/passkeys/
[7] FIDO Alliance Knowledge Base – https://fidoalliance.org/knowledge-base/

By Eric Drury

If you’re in the digital trust space, like me you might be encouraged by the number and variety of inspiring developments—appearing on an almost weekly basis—which illustrate the momentum that responsible technology is gaining in the drive towards a more trustworthy and sustainable future.

One of the latest and more interesting initiatives comes—yet again—from the Kingdom of Bhutan in the form of Gelephu Mindfulness City (GMC). GMC is the Kingdom’s unique version of a smart city. They call it a Special Administrative Region, integrating economic growth with mindfulness, holistic living, and sustainability.

How does digital trust fit into GMC?

In October of last year, Bhutan launched the world’s first self-sovereign national digital identity system, Bhutan NDI. And as a pillar of digital public infrastructure (DPI), a digital identity system forms the basis for trusted interactions between individuals, government, and business.

The NDI system, which Bhutan is currently rolling out nation-wide, will be part of the core infrastructure that provides cutting-edge digital connectivity for GMC. As such, this is an exciting opportunity to further cement the viability of emerging SSI and other trust technologies for implementation at population scale.

Trust Over IP is proud to have contributed to Bhutan’s NDI system both formally and informally.

Drummond Reed, one of ToIP’s founding board members, provided inspiration—and a road map of sorts—for the development of SSI systems via the book he co-authored called ‘Self-Sovereign Identity – Decentralized Digital Identity and Verifiable Credentials’. Drummond and other ToIP members also provided expertise and input for Bhutan’s National Digital Identity Act, the NDI Act of Bhutan, relying heavily on the ToIP governance metamodel which was developed by the ToIP’s Governance Stack Working Group led by Scott Perry.

For an in-depth case study on the Bhutan NDI program, refer to Bhutan NDI, Digital Trust Ecosystem, written by DHI’s Pallavi Sharma and Eric Drury, co-chair of ToIP’s Ecosystem Foundry Working Group.

Trust Over IP and Gelephu Mindfulness City further align in that both espouse the intertwining of governance and technology as a core enabler of digital trust.

From a governance perspective, GMC blends robust policies that ‘build trust and accountability with mindful incentives designed to empower both residents and businesses alike to reach their fullest potential’. From a technology perspective, Gelephu Mindfulness City will be built on a foundation of ‘world-class infrastructure seamlessly integrating state-of-the-art technology with sustainable practices’.

In support of GMC, the Kingdom is convening the first Bhutan Innovation Forum (BIF), a global initiative uniting international leaders, innovators, and entrepreneurs to support Bhutan’s vision of a Mindfulness City.

The BIF takes place in less than two weeks, October 1-3, 2024. ToIP members Drummond Reed and Eric Drury are honored to be invited to attend, representing the ToIP community and continuing the engagement with Bhutan’s digital trust community.

Drummond and Eric will appear on panels to promote the principles of digital trust and will share their experience and expertise on all things digital trust, including the emergence of cross-border digital trust networks.

ToIP is thrilled to once again walk the path with Bhutan towards a more sustainable, trustworthy, and equitable digital future. We look forward to sharing our learnings after the Forum so that the entire digital trust community benefits.

The post Trust Over IP Members to Participate in Bhutan Innovation Forum appeared first on Trust Over IP.

Geneva, September 16 2024

As we enter the second half of 2024, a time full of global digital governance initiatives, we're excited to share our progress at the Human Colossus Foundation from the governance perspective. This update encapsulates the recent strides of the Swiss E-ID, G20 Digital Public Infrastructure, UN Development Program, and the inaugural event for European Digital Independence.

Distributed Governance Progress update

In the summer of 2023, the Human Colossus Foundation published Part 1 of the HCF Distributed Governance Model[1]. The model, though abstract in concept, tackles governance through the lens of the Principal-Agent problem. The core idea is to view information systems (i.e. technology) as agents serving users (i.e. humans) -whether individuals, businesses or any sovereign organisation with a decision power. 

In today's hyper connected digital society, we lose control over information. It has become challenging to know what happens to the data we share and even more difficult to assess the accuracy of the data we use. Part 1 addressed this need for control and accuracy by introducing a governance framework integrating digital technology with existing (non-digital) frameworks. 

While Part 1 lays the conceptual foundation, Part 2 turns theory into action. By collaborating directly with the key players in digital transformation across various sectors, we are building the technology stack that will demonstrate the crucial role of data authenticity and integrity in shaping a digital governance model. This practical approach is a prerequisite to our future work on AI governance for example.

Therefore, Part 2 develops a concept into a reality we shape through multiple projects. We are well underway and excited to share the progress here.

Switzerland’s E-ID - a Sovereign Digital Legal Identity

Swiss High Chamber adopts the E-ID

Sep.10 -Bern The Swiss parliament's high chamber (States Council) agreed to the design principles of the Swiss E-ID by a clear 43 against 1 vote[2]. Together with the low chamber (National Council), they will iron out the remaining differences and pave the way for parliamentary approval in 2024. This agreement further confirms the readiness of the legislative basis for introducing the Swiss E-ID[3]. 

HCF Contribution: The E-ID project, led by the Federal Department of Justice, has selected HCF's decentralised semantic architecture, Overlays Capture Architecture (OCA) [4] as a core technology for the first E-ID implementation.

As highlighted during the September 5th E-ID Participation Meeting, Swiss E-ID leverages OCA to present verifiable credentials in digital wallets securely. We are proud to be part of this significant project, and more information is available on the E-ID project's official Git-Hub repository[5].

Europe -moves Toward EU Digital Independence 

Sep. 24 -Brussels Kick-off event.

A diverse group EU parliament members from different parties and leading European and international experts will gather to engage and discuss the critical building blocks for a secure, accountable digital public infrastructure. The ultimate goal is to firmly establish the objective of European Digital Independence in the next EU Commission agenda. The Human Colossus Foundation has accepted the in-person invitation to participate in this efforts.

Horizon Europe Grant No101093126

HCF Contribution: Digital independence requires technological independence. The Human Colossus develops an Open-Source distributed technology stack to implement applications based on a distributed governance model. Creating these technologies and making them accessible to everyone requires developing an ecosystem of tools to harmonise data across multiple stakeholders (possibly millions) and ensure interoperability across different jurisdictions. The Foundation is creating some of these tools as part of the digital healthcare NextGen EU Horizon project[6] with funding from the EU, Switzerland and UK to integrate sensitive health data (including genomics) in personalised medicine for cardiology. The press release of the European Society of Cardiology provides more information [7].

International -Momentum behind Digital Public Infrastructure

Oct. 1 to 3 -Cairo Global Summit on DPI -Digital Public Infrastructure

The Human Colossus Foundation will be present at this convening of stakeholders in the Digital Public Infrastructure (DPI) ecosystem. This event will present how the HCF Dynamic Data Economy governance model and technology stack can support DPI implementation strategies for sustainable horizontal scaling. Our approach enables effective data exchange for economic development.

HCF Contribution: In 2023, the UN Development Programme (UNDP) published a Legal Digital Entity Framework[7]. Within that framework, UNDP develops the model governance assessment for data exchanges that respect the country's (i.e. sovereign entities) existing governance and fundamental Human Rights principles. The Human Colossus Foundation is part of a UNDP Advisory Board that provides its expertise in developing this work.

Current Work at the Foundation:

The above initiatives provide input for the continuous development of the core HCF technologies. They help to demonstrate the essential relevance of accurate data for digital governance. From a governance perspective, we can summarise them as follows:

The 'Ambient Infrastructure' is a reputation-based authentication system built upon the decentralised key management infrastructure KERI (Key Events Log Receipts Infrastructure). Launched in 2023 as part of the EU Horizon 2020 eSSIF-Lab project[9], the Ambient Infrastructure is now advancing in NextGen, an EU Horizon project focused on personalised cardiovascular medicine.

Version 2.0 of the OCA specification[4] supporting the OCA ecosystem. Decentralised semantics architectures are significant developments for digital governance to  ensure the respect of different sovereign digital governance.

OCA Ecosystem v1.0. Community based solutions and tooling including extensions (i.e. overlays not part of the core specification). The Human Colossus Research and Technology Councils have open a dedicated focus group to collect community requirements.

This ecosystem, featuring a suite of tools and protocols, ensures consistent and interoperable  data flows across multiple stakeholders and jurisdictions.

Conclusion

The Human Colossus Foundation has a busy autumn ahead. If you would like to help map a distributed governance framework into real-world applications, the HCF Research Council invites you to join its new Focus Group.

Joining this group will provide you with the opportunity to work closely with our team, share your expertise, and help shape the future of digital governance. We are also expanding our network of subject matter experts. Please get in touch with rc@humancolossus.org to learn more and express your interest.

References

[1] “Distributed Governance: a Principal-Agent Approach to Data Governance -- Part 1 Background & Core Definitions”, P.Page, P.Knowles, R.Mitwicki, arXiv:2308.07280v2 [cs.CY] , Aug. 15 2023

[2] “PARLAMENT IST SICH ÜBER AUSGESTALTUNG DER E-ID IM GRUNDSATZ EINIG”, SDA
KEYSTONE-SDA-ATS AG, September 10 2024

[3] “Parliament gets closer to finalising new digital ID scheme”, Swiss Info.ch, September 10 2024

[4] “Overlays Capture Architecture: Official Resources”, ColoSSI Network website, August 2023

[5] “Specification de Design pour les preuves électroniques”, Swiss E-ID Participation-Meeting, September 9 2024

[6] “Next Generation Tools for Genome-Centric Multimodal Data Iintegration in Personalised Cardiovascular Medicine”, EU Horizon Grant Number 101136962, funded by the EU, the Swiss State Secretariat for Education, and UK Research & Innovation.

[7] “Heart patients set to receive treatment tailored to their genetic and health information”, European Society of Cardiology Press Release, February 12 2024
[8] “UNDP Model Governance Framework for Digital Legal Identity Systems“, United Nation Development Programme & Norwegian Ministry of Foreign Affairs. Link as of September 16 2024

[9] “Decentralized Key Management Infrastructure for SSI by The Human Colossus Foundation“, NGI eSSIF-Lab project July 2021

Subscribe to our newsletter

The Identity at the Center podcast was on the scene in Washington DC attending the Identity Week America conference. We had the opportunity to sit down with Ryan Galluzzo from NIST to talk about the process of updating NIST standards, assurance levels, and existential questions from Ryan’s son.

You can watch the episode here https://www.youtube.com/watch?v=NtWRrmoltQQ or listen to it in your favorite podcast app.

#iam #podcast #idac

Part 3: Identifying leverage points

This is the third in a series of posts about Systems Thinking, an approach that helps us make sense of complex situations by considering the whole system rather than just the individual pieces from which it is constituted.

This series is made up of:

Part 1: Three Key Principles Part 2: Understanding Feedback Loops Part 3: Identifying Leverage Points (this post)

In the first post, we laid the groundwork by exploring the foundational principles of Systems Thinking. We then explored feedback loops in the second post, examining how they drive system behaviour and contribute to stability or change.

In this concluding post, we turn our attention to Leverage Points — those critical areas within a system where a small shift can lead to profound changes. By understanding and identifying these points, you can uncover powerful opportunities for intervention, allowing you to drive meaningful and lasting change within complex systems.

1. What are leverage points?

“When we must deal with problems, we instinctively refuse to try the way that leads through darkness and obscurity. We wish to hear only of unequivocal results, and completely forget that these results can only be brought about when we have ventured into and emerged again from the darkness.” — Carl Jung

Leverage points are specific areas within a system where a small change can produce a significant impact on the entire system. These points often require careful analysis and a deep understanding of the system’s structure and behaviour, as they are not always immediately obvious. Identifying leverage points can be challenging because they are often hidden beneath the surface of the system’s visible components.

For example, in the world of technology, offering short, simple, clear (e.g. no legalese) ‘Terms and Conditions’ might be a leverage point. By helping users understand exactly how your organisation uses their data, you might improve customer satisfaction, increase trust, and reduce misunderstandings — all by making it easy for people to understand your company’s policy on privacy.

Leverage points, therefore, offer a way to create meaningful change by focusing on areas where even minimal effort can lead to substantial results. Recognising these points requires stepping back and viewing the system holistically, understanding not just the individual parts but how they interact and influence each other.

2. The role of paradigms in leverage points

“Inquiry is the controlled or directed transformation of an indeterminate situation into one that is so determinate in its constituent distinctions and relations as to convert the elements of the original situation into a unified whole.” — John Dewey

Paradigms are the underlying beliefs and assumptions that shape how we understand and interact with a system. These paradigms represent some of the most powerful leverage points, as changing a paradigm can fundamentally alter the way a system operates. Shifting these beliefs requires questioning what is often taken for granted and being open to new perspectives.

To go back to our Terms and Conditions example, a paradigm shift from prioritising user convenience to emphasising data privacy can serve as a transformative leverage point. Traditionally, many tech companies have focused on creating products that are easy to use, often at the expense of data privacy. However, as the paradigm shifts towards valuing privacy, we see significant changes in how technologies are designed and deployed.

This shift has been significantly driven by policy changes, such as the implementation of the European General Data Protection Regulation (GDPR). The GDPR has forced companies to rethink how they collect, store, and manage user data, prioritising privacy by design. As a result, this new perspective has encouraged the development of more secure products, the adoption of stricter data management practices, and an overall increase in consumer trust. The influence of GDPR illustrates how policy can drive paradigm shifts, leading to widespread changes not just in product development but also in corporate strategies, legal frameworks, and consumer expectations. This example demonstrates the profound impact that changing a paradigm, supported by regulatory measures, can have on an entire system.

By addressing paradigms, especially through supportive policies, you are working at the root of the system’s behaviour. Changing the underlying beliefs that drive a system can lead to widespread and lasting change, making paradigm shifts one of the most effective leverage points in Systems Thinking.

3. Small, incremental changes as leverage points

“Of any stopping place in life, it is good to ask whether it will be a good place from which to go on as well as a good place to remain.” — Mary Catherine Bateson

Small, well-placed actions can serve as powerful leverage points within a system. These might involve slight adjustments in policy, processes, or resource allocation. The key is to identify where these small changes can have a disproportionately large impact, leading to significant shifts in the system without the need for extensive interventions.

For example, in the context of data privacy, implementing a small but strategic change, such as requiring explicit user consent for data sharing, can have a profound impact. A great example of this is the introduction of GDPR-compliant consent forms across digital platforms in the EU. This seemingly minor policy change has led to a significant increase in user awareness and control over their personal data, contributing to greater trust in online services. The increased transparency and control have demonstrated how a small, well-placed policy change can lead to substantial benefits for both users and organisations, highlighting the power of incremental changes at the right leverage points.

The success of such small interventions lies in their ability to trigger widespread behavioural changes without the need for drastic overhauls. By carefully identifying and implementing these changes, we can achieve meaningful and lasting impacts across various systems.

4. Communication as a leverage point

“We are changed not only by being talked to but also by hearing ourselves talk to others, which is one way of talking to ourselves. More exactly, we are changed by making explicit what we suppose to have been awaiting expression a moment before.” — Geoffrey Vickers

Communication within a system can serve as a crucial leverage point. The way information is shared and understood can significantly influence the system’s behaviour, impacting everything from decision-making processes to overall system efficiency. Improving communication channels, ensuring transparency, and making sure all stakeholders are heard can lead to more effective decision-making and positive outcomes.

For instance, in our work at We Are Open Co-op, practicing open communication and transparency is central to our project management approach. By sharing progress, challenges, and decision-making processes openly with all stakeholders, we foster a culture of trust and collaboration. This openness extends to how we handle privacy; by being transparent about how we collect, use, and protect data, we build confidence among our partners and clients. Implementing tools that enable open documentation and communication, such as public repositories or shared workspaces, not only keeps everyone informed but also reinforces accountability and integrity in our practices. This small adjustment in how information is shared and protected can lead to significant improvements in project outcomes, ensuring that tasks are completed effectively while respecting privacy concerns.

The power of communication as a leverage point lies in its ability to unify and align the various components of a system. By enhancing the flow of information and ensuring that all voices are heard, you can create a more cohesive, responsive, and effective system.

5. Feedback Loops as Leverage Points

“The major problems in the world are the result of the difference between how nature works and the way people think.” — Gregory Bateson

Feedback loops, as discussed in the second post, can also act as leverage points within a system. By altering how these loops operate, you can influence the system’s overall behaviour. Identifying and adjusting these loops — whether reinforcing (positive) or balancing (negative) — can be a powerful way to steer the system toward desired outcomes.

For example, in the context of data privacy, feedback loops between user behaviour and data management practices can be effectively leveraged to enhance privacy protection. By providing users with real-time feedback on how their data is being used and giving them the ability to adjust their privacy settings, you create a positive feedback loop. As users become more aware of how their data is handled, they are often motivated to take greater control over their privacy settings. This increased control leads to further trust in the platform, encouraging users to engage more actively with privacy tools. Over time, this feedback loop can significantly strengthen overall data protection practices, leading to better compliance with regulations and higher user satisfaction.

This example highlights how adjusting feedback loops can lead to substantial changes in system behaviour with relatively simple interventions. By strategically modifying these loops, you can achieve desired outcomes more effectively and sustainably.

Conclusion

Leverage points offer powerful opportunities to influence complex systems with relatively small, strategic actions. By identifying where these points lie and understanding how to use them effectively, you can create meaningful and lasting change within any system. Whether you are looking to improve organisational processes, drive social change, or enhance personal decision-making, the principles of Systems Thinking can help you navigate complexity with greater clarity and purpose.

This post, along with the previous two in this series, provides an introduction to the foundational principles of Systems Thinking and their practical applications. These insights are drawn from my studies toward an MSc in Systems Thinking in Practice through the Open University, and they are just the beginning of what Systems Thinking can offer.

If you’re interested in applying these principles to your work, We Are Open Co-op is here to help you implement effective systemic interventions tailored to your unique challenges. Thank you for following this series — your journey into Systems Thinking doesn’t have to end here. Continue to explore, apply, and refine these concepts, and watch how they can transform the way you approach complex problems.

References Ackoff, R.L. (1974). Redesigning the Future: A Systems Approach to Societal Problems. New York: Wiley. Bateson, G. (1972). Steps to an Ecology of Mind. San Francisco: Chandler Publishing Company. Bateson, M.C. (1994). Peripheral Visions: Learning Along the Way. New York: HarperCollins. Beer, S. (1972). Brain of the Firm. New York: Herder and Herder. Checkland, P. (1981). Systems Thinking, Systems Practice. Chichester: John Wiley & Sons. Dewey, J. (1938). Logic: The Theory of Inquiry. New York: Holt, Rinehart, and Winston. Jung, C.G. (1957). The Undiscovered Self. New York: Little, Brown, and Co. Meadows, D.H. (2008). Thinking in Systems: A Primer. White River Junction: Chelsea Green Publishing. Vickers, G. (1965). The Art of Judgement: A Study of Policy Making. London: Chapman & Hall.

An Introduction to Systems Thinking was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

Today marks a significant moment for the Linux Foundation and the entire decentralized technology landscape. I’m excited to announce the official launch of LF Decentralized Trust, a new umbrella organization dedicated to fostering innovation and collaboration across decentralized technologies. Built on 8+ years of open development and community building, Linux Foundation Decentralized Trust (LF Decentralized Trust) is the new home for a growing ecosystem of blockchain, ledger, identity, interoperability, cryptographic, and related technologies. We are launching with more than 100 founding members and 200 local, regional and industry groups that convene tens of thousands of participants globally. We have 17 projects and well over 50 labs and a mature standards project with Trust OverIP. And we are just getting started.

In the ever-evolving landscape of decentralized technologies, few innovations stand out like the Hedera network. Offering unparalleled speed, security, and scalability, Hedera's Hashgraph consensus algorithm has demonstrated its ability to power enterprise-grade distributed ledger solutions. Today, we are excited to announce the next chapter in the Hedera network's journey—its core software will be contributed to Linux Foundation Decentralized Trust under the new name Hiero.

Public review ends October 14th

OASIS and the KMIP TC are pleased to announce that KMIP Version 3.0 and KMIP Profiles Version 3.0 are now available for public review and comment. 

The OASIS KMIP TC works to define a single, comprehensive protocol for communication between encryption systems and a broad range of new and legacy enterprise applications, including email, databases, and storage devices. By removing redundant, incompatible key management processes, KMIP will provide better data security while at the same time reducing expenditures on multiple products.

The documents and all related files are available here:

Key Management Interoperability Protocol (KMIP) Version 3.0
Committee Specification Draft 01
23 August 2024

Editable Source: https://docs.oasis-open.org/kmip/kmip-spec/v3.0/csd01/kmip-spec-v3.0-csd01.docx (Authoritative)

HTML: https://docs.oasis-open.org/kmip/kmip-spec/v3.0/csd01/kmip-spec-v3.0-csd01.html

PDF: https://docs.oasis-open.org/kmip/kmip-spec/v3.0/csd01/kmip-spec-v3.0-csd01.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in a ZIP distribution file. You can download the ZIP file at:  https://docs.oasis-open.org/kmip/kmip-spec/v3.0/csd01/kmip-spec-v3.0-csd01.zip

Key Management Interoperability Protocol (KMIP) Profiles Version 3.0
Committee Specification Draft 01
30 November 2024

Editable Source: https://docs.oasis-open.org/kmip/kmip-profiles/v3.0/csd01/kmip-profiles-v3.0-csd01.docx (Authoritative)

HTML: https://docs.oasis-open.org/kmip/kmip-profiles/v3.0/csd01/kmip-profiles-v3.0-csd01.html

PDF: https://docs.oasis-open.org/kmip/kmip-profiles/v3.0/csd01/kmip-profiles-v3.0-csd01.pdf

Test Cases: https://docs.oasis-open.org/kmip/kmip-profiles/v3.0/csd01/test-cases/

For your convenience, OASIS provides a complete package of the specification document and any related files in a ZIP distribution file. You can download the ZIP file at: https://docs.oasis-open.org/kmip/kmip-profiles/v3.0/csd01/kmip-profiles-v3.0-csd01.zip

How to Provide Feedback

OASIS and the KMIP TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

The public review starts September 13, 2024 at 00:00 UTC and ends October 14, 2024 at 23:59 UTC.

Comments from TC members should be sent directly to the TC’s mailing list. Comments may be submitted to the project by any other person through the use of the project’s Comment Facility: https://groups.oasis-open.org/communities/community-home?CommunityKey=2b5e5c66-cc41-4aa5-92ee-018f5aa7dfc4

Comments submitted for this work by non-members are publicly archived and can be viewed by using the link above and clicking the “Discussions” tab.

Please note, you must log in or create a free account to see the material. Please contact the TC Administrator (tc-admin@oasis-open.org) if you have any questions regarding how to submit a comment.

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification. 

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the KMIP TC’s can be found at the TC’s public home page: https://www.oasis-open.org/committees/kmip/

Additional references:

[1] https://www.oasis-open.org/policies-guidelines/ipr/

[2] http://www.oasis-open.org/committees/kmip/ipr.php

Intellectual Property Rights (IPR) Policy

The post Invitation to comment on two KMIP specifications appeared first on OASIS Open.

1. What is the mission and vision of IndyKite?

Backed by leading venture firms and based in San Francisco, IndyKite is building a new category of data management and digital identity services by capturing, connecting and controlling data across the enterprise and surrounding ecosystem. With an identity-centric approach to data, IndyKite enables companies to achieve higher trust in their data products, AI and applications with enhanced visibility, data governance and granular access controls. Leveraging knowledge graph technology and machine learning, IndyKite delivers a powerful operational data layer to enable developers with flexible APIs through a growing open-source ecosystem. Learn more at [www.indykite.com](http://www.indykite.com/)

2. Why is trustworthy digital identity critical for existing and emerging markets?

Digital identity is a core enabler of applications and services and will only become more important in the future. Digital identity not only applies to humans, but also to all devices, applications, systems, AI, digital products and even individual data points. Securing these identities is paramount, but even more important, is understanding how they drive and enable user experience, functionality and data mobility across the organization. At IndyKite, we see digital identity as the starting point for enabling businesses to build modern solutions, deliver incredible customer experiences and ensure trustworthy AI.

3. How will digital identity transform the Canadian and global economy? How does your organization address challenges associated with this transformation?

Modern organizations around the world are undermined by siloed data and disconnected identities. The advent of AI tools is increasing pressure for leaders to address data challenges in the organization to ensure future viability. IndyKite enables organizations to capture, connect and control their data in a flexible and dynamic way, to drive better decisions, security, machine learning and AI and solve challenges.

4. What role does Canada have to play as a leader in this space?

Canada holds a place of global influence as a leading voice in many sectors. By pioneering a secure and accessible digital identity framework, Canada has ensured the sustainability of its modern economy into the future and created a blueprint for other nations to follow.

5. Why did your organization join the DIACC?

As digital identity is a an essential part of the future, it needs modern approaches and frameworks that enable innovation, without being restricted by legacy thinking. DIACC is an ideal forum for public and private sector leaders to discuss, design and accelerate these approaches to ensure digital trust into the future.

6. What else should we know about your organization?

Powered by graph technology, the IndyKite platform increases visibility, trust and control of your data. This enables data pipelines to get the right data, to the right place and in the right context to drive enhanced product development and new revenue channels. It also enables the secure sharing of data beyond the bounds of your organization, and better customer journeys with native identity workflows. More details can be found at www.indykite.com

Imagine a world where combating climate change and protecting the environment is integrated into every step of global trade. 

In this episode, hosts Reid Jackson and Liz Sertl are joined by Lea-Ann Bigelow, Director of Green Trade at U.S. Customs and Border Protection (CBP). With a wealth of experience in environmental regulation and sustainability, Lea-Ann shares how U.S. Customs is evolving to meet the challenges of climate change through innovative trade practices.

Lea-Ann discusses how CBP's efforts are not just about regulating imports but about leading the charge in reducing emissions, enhancing traceability, and fighting environmental crimes. By integrating sustainability into the global supply chain, these initiatives are paving the way for a cleaner, safer world.

 

In this episode, you’ll learn:

How U.S. Customs and Border Protection is pioneering green trade practices to reduce emissions and enhance sustainability across global supply chains.

The implementation of advanced traceability systems to combat environmental crime and ensure compliance in international trade.

The collaborative strategies between government and industry that are shaping a more resilient and environmentally responsible future for global trade.

 

Jump into the Conversation:

[00:00] Introducing Next Level Supply Chain

[00:40] Lea-Ann Bigelow Discusses Green Trade Initiatives at CBP

[01:23] The Dark Side of Trade: Environmental Crime and Its Ties to Other Offenses

[01:52] Why GS1 Connect Is Crucial for Environmental Compliance

[02:55] The Role of GS1 Standards in Enhancing Global Trade Compliance

[04:41] Developing the Green Standard for Global Trade

[04:50] International Collaboration on Environmental Regulations

[05:31] Navigating Complex Global Environmental Regulations

[06:02] Closing Thoughts: The Future of Green Trade

 

Connect with GS1 US:

Our website - www.gs1us.org

GS1 US on LinkedIn

 

Connect with the guests:

Lea-Ann Bigelow on LinkedIn

Public Review Ends October 11th

OASIS and the LEXIDMA TC are pleased to announce that DMLex V1.0 CSD04 is now available for public review and comment. 

DMLex is a data model for modelling dictionaries (here called lexicographic resources) in computer applications such as dictionary writing systems. DMLex is a data model, not an encoding format. DMLex is abstract, independent of any markup language or formalism. At the same time, DMLex has been designed to be easily and straightforwardly implementable in XML, JSON, NVH, as a relational database, and as a Semantic Web triplestore.

The documents and all related files are available here:

LEXIMDA Data Model for Lexicongraphy (DMLex) V1.0
Committee Specification Draft 04
06 September 2024

Editable Source (Authoritative):
https://docs.oasis-open.org/lexidma/dmlex/v1.0/csd04/dmlex-v1.0-csd04.pdf
HTML:
https://docs.oasis-open.org/lexidma/dmlex/v1.0/csd04/dmlex-v1.0-csd04.html

Schemas:

XML: https://docs.oasis-open.org/lexidma/dmlex/v1.0/csd04/schemas/XML/

JSON: https://docs.oasis-open.org/lexidma/dmlex/v1.0/csd04/schemas/JSON/

RDF: https://docs.oasis-open.org/lexidma/dmlex/v1.0/csd04/schemas/RDF/

Informative copies of third party schemas are provided:

https://docs.oasis-open.org/lexidma/dmlex/v1.0/csd04/schemas/informativeCopiesOf3rdPartySchemas/

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download https://docs.oasis-open.org/openc2/ap-pf/v1.0/csd02/ap-pf-v1.0-csd02.zip

How to Provide Feedback

OASIS and the LEXIDMA TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

The public review starts September 10, 2024 at 00:00 UTC and ends October 11, 2024 at 23:59 UTC.

Comments may be submitted to the project by any person through the use of the project’s Comment Facility: https://groups.oasis-open.org/communities/community-home?CommunityKey=b7061122-77c2-424a-8859-018dce26037f

Comments submitted for this work by non-members are publicly archived and can be viewed by using the link above and clicking the “Discussions” tab.

Please note, you must log in or create a free account to see the material. Please contact the TC Administrator (tc-admin@oasis-open.org) if you have any questions regarding how to submit a comment.

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification. 

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the LEXIDMA TC’s can be found at the TC’s public home page: https://www.oasis-open.org/committees/lexidma/

Additional references:

[1] https://www.oasis-open.org/policies-guidelines/ipr/

[2] http://www.oasis-open.org/committees/lexidma/ipr.php

Intellectual Property Rights (IPR) Policy

Intellectual Property Rights (IPR) Policy

The post Invitation to comment on LEXIDMA DMLex Version 1.0 – CSD04 appeared first on OASIS Open.

What to Do When Your User Research Project Starts to Veer Off Course

User research is a journey, and like any journey, it doesn’t always go exactly as planned. We’ve written previously about starting your own user research journey and questions to ask that can help get you off on the right foot.

Sometimes though, despite all best intentions and diligent planning with your chosen selection of pre-mortems, checklists, Gantt charts, or Kanban boards, a user research project can still go off course.

There are many reasons why this might happen, and many may seem well beyond your control. In this post, we’ll share some strategies we’ve found helpful in regaining momentum and getting a project back on track.

Common Issues in User Research cc-by-nd Bryan Mathers for WAO

Before we explore solutions, it’s important to recognise some of the issues that can derail a user research project.

Unclear Objectives
Without a clear understanding of what you want to find out, your project can quickly lose focus. For example, if you’re researching a digital tool’s usability but haven’t defined whether you’re focusing on ease of navigation, visual design, or performance, you may end up collecting feedback that’s too broad or irrelevant. This can lead to scattered efforts and data that doesn’t fully answer the questions you initially set out to explore. Clarity in your objectives also helps you stay within scope — after all, projects that become too complex or overly broad can be difficult to manage. Recruitment Challenges
Finding the right participants is crucial, but sometimes, despite your best efforts, recruitment doesn’t go as planned. You may find that a particular community or demographic is underrepresented or face difficulty finding enough respondents due to limited access or poor engagement. This can delay your project and result in a participant pool that’s not as diverse or representative as it needs to be. External Dependencies
Often, research projects rely on external factors like stakeholder input, third-party data, or collaboration with other teams. For example, you could be relying on receiving data from a partner organisation or feedback from a legal team before being able to proceed. When these dependencies fall through, your project can come to a standstill. Strategies to Get Back on Track cc-by-nd Bryan Mathers for WAO

Now that we’ve identified some common issues, let’s look at how you can regain momentum and steer your project back on course.

Revisit and Refine Objectives
If your project is losing direction, it might be time to revisit your initial objectives. What is the overarching research question you’re trying to answer? Is your objective still relevant? Do they need to be refined based on what you’ve learned so far? Narrowing or reaffirming your focus can help streamline your efforts and ensure that the data you collect is meaningful and actionable. Simplify Your Scope
If you’ve taken on more than you can manage, don’t hesitate to simplify your project’s scope. Focus on the most critical questions and the areas that will have the greatest impact. It’s better to complete a smaller, focused project successfully than to stretch resources too thin across a larger, unfocused one. Adapt Your Recruitment Approach
When recruitment isn’t going as planned, consider adapting your approach. If your initial outreach didn’t yield the desired results, explore alternative channels or adjust your criteria. Techniques like reaching out through community organisations or leveraging existing networks can help you connect with a broader range of participants while maintaining diversity and inclusivity. Adjust Your Methods
If certain methods aren’t yielding results, be flexible and try different approaches. For example, if individual interviews aren’t providing the depth of insight you need, consider adding focus groups? The ability to adjust and adapt is a strength in user research. Communicate and Realign with Stakeholders
If external dependencies are causing delays, clear communication is key. Communicate with stakeholders regularly to identify any roadblocks and realign expectations. Perhaps your pre-mortem foresaw some of the issues that have emerged and have a plan to mitigate already in place? Sometimes, simply clarifying timelines or adjusting deadlines can help get things moving again. Refresh the Team
If a project is dragging on and fatigue is setting in, prioritise tasks based on their impact and feasibility. Reassign team members or bring in extra help if possible. Sometimes, a fresh perspective or additional hands can help push through bottlenecks. Staying Resilient: Embrace the Learning Process cc-by-nd Bryan Mathers for WAO

Remember, setbacks and challenges in user research are not uncommon, especially when working to include a wide range of voices and experiences. Each obstacle offers an opportunity to learn, grow, and improve your approach. By staying resilient, being flexible, and maintaining clear and empathetic communication, you can navigate difficulties and ensure that your research is both inclusive and impactful.

Ultimately, the ability to adapt and respond thoughtfully to challenges is what strengthens your user research and makes it more effective. Every project, even those that face hurdles, contributes valuable lessons that can be applied to future work. Embrace these lessons, and use them to enhance your research practices, ensuring that all voices are heard and valued.

Need help? We do this a lot, get in touch!

Staying on Track was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

Public review ends October 10th

OASIS and the XLIFF TC are pleased to announce that XLIFF v2.2 CSD01 Parts 1 & 2  are now available for public review and comment. 

This spec is a multi-part specification which defines Version 2.2 of the XML Localisation Interchange File Format (XLIFF). The purpose of this vocabulary is to store localizable data and carry it from one step of the localization process to the other, while allowing interoperability between and among tools.

The documents and all related files are available here:

XLIFF Version 2.2 Part 1: Core
Committee Specification Draft 01
18 July 2024

Editable Source:
https://docs.oasis-open.org/xliff/xliff-core/v2.2/csd01/xliff-core-v2.2-csd01-part1.xml
HTML (Authoritative):
https://docs.oasis-open.org/xliff/xliff-core/v2.2/csd01/xliff-core-v2.2-csd01-part1.html
PDF:
https://docs.oasis-open.org/xliff/xliff-core/v2.2/csd01/xliff-core-v2.2-csd01-part1.pdf

Schemas: https://docs.oasis-open.org/xliff/xliff-core/v2.2/csd01/Schemas/

XLIFF Version 2.2 Part 2: Extended
Committee Specification Draft 01
18 July 2024

Editable Source:
https://docs.oasis-open.org/xliff/xliff-core/v2.2/csd01/xliff-extended-v2.2-csd01-part2.xml
HTML (Authoritative):
https://docs.oasis-open.org/xliff/xliff-core/v2.2/csd01/xliff-extended-v2.2-csd01-part2.html
PDF:
https://docs.oasis-open.org/xliff/xliff-core/v2.2/csd01/xliff-extended-v2.2-csd01-part2.pdf

Schemas: https://docs.oasis-open.org/xliff/xliff-core/v2.2/csd01/Schemas/

For your convenience, OASIS provides a complete package of the specification document and any related files in a ZIP distribution file. You can download the ZIP file at:

How to Provide Feedback

OASIS and the XLIFF TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

The public review starts September 9, 2024 at 00:00 UTC and ends October 10, 2024 at 23:59 UTC.

Comments may be submitted to the project by any person through the use of the project’s Comment Facility: https://groups.oasis-open.org/communities/community-home?CommunityKey=f7b70a54-5dd7-4ea9-9d6f-018dce262ff9

Comments submitted for this work by non-members are publicly archived and can be viewed by using the link above and clicking the “Discussions” tab.

Please note, you must log in or create a free account to see the material. Please contact the TC Administrator (tc-admin@oasis-open.org) if you have any questions regarding how to submit a comment.

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification. 

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the XLIFF TC’s can be found at the TC’s public home page: https://www.oasis-open.org/committees/xliff/

Additional references:

[1] https://www.oasis-open.org/policies-guidelines/ipr/

[2] http://www.oasis-open.org/committees/xliff/ipr.php

Intellectual Property Rights (IPR) Policy

The post Invitation to comment on XLIFF v2.2 CSD01 appeared first on OASIS Open.

By Atsuhiro Tsuchiya, APAC Market Development Sr. Manager

In June, Google and the FIDO Alliance hosted a highly successful event in Tokyo that brought together innovative minds from various universities and companies. The event was marked by a high level of participation and competition, showcasing the latest advancements in authentication technologies.

Event Highlights:

High Participation: The event saw an impressive turnout, with around 200 participants from 25 different universities and companies. Cutting-Edge Innovations: Participants showcased groundbreaking solutions aimed at enhancing security and convenience in authentication processes. Technical Workshops: Engaging workshops provided a platform for sharing practical knowledge and experiences.

Key Features:

Real-World Implementations: A notable aspect of this event was the participation of teams focused on implementing their solutions in real-world services. This added a layer of practicality and relevance, making the event highly impactful. High-Level Competition: The level of competition was exceptionally high, reflecting the advanced state of current research and development in the field. In particular, the teams from universities all proposed a high level of implementation.

Awards and Recognition:

Grand Winner: Keio University SFC-RG pkLock team (Keio University)

The team developed an innovative authentication system for IoT space that combines security and user convenience, making it a standout solution in the competition.

FIDO Award 1: SKKN (Waseda University)
This team was recognized for their advanced authentication technology that promises to enhance security in various applications.

FIDO Award 2: TOKYU ID (Tokyu)
Their solution focused on integrating authentication technologies into everyday services, demonstrating practical and scalable applications.

Google Award: Team Nulab (Nulab)
The team impressed with their user-friendly authentication app that combines multiple security features to provide a seamless user experience.

What We Learned from the Event:

Collaboration is Key: The event underscored the importance of collaboration between academia and industry. By working together, we can accelerate the development and implementation of innovative authentication solutions.

Focus on User Experience: Many of the successful solutions emphasized the need for a seamless and user-friendly experience. Security should not come at the expense of convenience.

Scalability and Practicality: Solutions that can be easily integrated into existing systems and scaled to meet the needs of various applications are crucial for widespread adoption.

Continuous Innovation: The rapid advancements in authentication technologies highlight the need for continuous innovation and adaptation to stay ahead of emerging threats.

Acknowledgements: We would like to extend our heartfelt thanks to the tutors from the Japan Working Group for their invaluable support and guidance throughout the event. Their expertise and dedication were instrumental in making this event a success.

These award-winning solutions highlight the diverse approaches and innovative thinking that are driving the future of authentication technologies. Each team demonstrated a unique blend of creativity, technical expertise, and practical application, making this event a true showcase of excellence in the field.
The FIDO Alliance is excited to share the outcomes of this event and looks forward to continuing to support and foster innovation in authentication technologies. To learn more about the background and details, please read the full event report, Passkeys Hackathon Tokyo event report.

It’s time for another episode of the Identity at the Center podcast! This week, Jim McDonald sat down with Deneen DeFiore, Chief Information Security Officer at United Airlines. They discuss her career journey in identity and access management, with a focus on her past experiences at General Electric and her current initiatives at United Airlines. The conversation emphasizes the importance of integrating customer identity with enhanced trust and personalized experiences, the significance of team building and professional growth, and balancing business and technical expertise in leadership.

Watch the episode here: https://www.youtube.com/watch?v=KVmYRDv7jHM

#iam #podcast #idac

Public review - ends October 8th

OASIS and the OpenC2 TC are pleased to announce that OpenC2 Actuator Profile for Packet Filtering Version 1.0 is now available for public review and comment. 

OpenC2 is a concise and extensible language to enable machine-to-machine communications for purposes of command and control of cyber defense components, subsystems, and systems in a manner that is agnostic of the underlying products, technologies, transport mechanisms, or other aspects of the implementation. This specification defines an Actuator profile for Packet Filtering (PF). Packet filtering is a cyber defense mechanism that denies or allows traffic based on static or dynamic properties. The Actuator profile collects Actions, Targets, Arguments, and Specifiers along with conformance clauses to enable the operation of OpenC2 Producers and Consumers in the context of PF.  The documents and all related files are available here:

OpenC2 Actuator Profile for Packet Filtering Version 1.0
Committee Specification Draft 02
08 August 2024

Editable Source (Authoritative):
https://docs.oasis-open.org/openc2/ap-pf/v1.0/csd02/ap-pf-v1.0-csd02.md
HTML:
https://docs.oasis-open.org/openc2/ap-pf/v1.0/csd02/ap-pf-v1.0-csd02.html
PDF:
https://docs.oasis-open.org/openc2/ap-pf/v1.0/csd02/ap-pf-v1.0-csd02.pdf

Schemas: https://docs.oasis-open.org/openc2/ap-pf/v1.0/csd02/Schemas/

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download https://docs.oasis-open.org/openc2/ap-pf/v1.0/csd02/ap-pf-v1.0-csd02.zip

How to Provide Feedback
OASIS and the OpenC2 TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

The public review starts September 7, 2024 at 00:00 UTC and ends October 8, 2024 at 23:59 UTC.

Comments from TC members should be sent directly to the TC’s mailing list. Comments may be submitted to the project by any other person through the use of the project’s Comment Facility: https://groups.oasis-open.org/communities/community-home?CommunityKey=9ae0f0f9-24b5-44ea-9fe7-018dce260e09

Comments submitted for this work by non-members are publicly archived and can be viewed by using the link above and clicking the “Discussions” tab.
Please note, you must log in or create a free account to see the material. Please contact the TC Administrator (tc-admin@oasis-open.org) if you have any questions regarding how to submit a comment.

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [1] applicable especially [2] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved OASIS specification. 
OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC’s work.

Additional information about the specification and the OpenC2 TC’s can be found at the TC’s public home page: https://www.oasis-open.org/committees/openc2/


Additional references:
[1] https://www.oasis-open.org/policies-guidelines/ipr/
[2] http://www.oasis-open.org/committees/openc2/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode

The post Invitation to comment on OpenC2 Actuator Profile for Packet Filtering Version 1.0 appeared first on OASIS Open.

The post The SLAP – Requirements for Practical Verifiable Credentials    appeared first on Velocity.

We’ve got another episode of The Identity at the Center podcast for you this week! This one is sponsored by Zilla Security. We spoke with Nitin Sonawane of Zilla Security about disrupting the identity security and governance space with innovative solutions such as Zilla Universal Sync (ZUS) and how AI and ML can streamline and enhance access reviews and compliance.

Watch the episode here: https://www.youtube.com/watch?v=QLiSUgYyZwU

You can learn more about their Zilla at https://zillasecurity.com/

#iam #podcast #idac

Maintenance release 2.11 daniela.duarte… Thu, 09/05/2024 - 07:53 Maintenance release 2.11

GS1 GDM SMG voted to implement the 2.11 standard into production in Aug 2024.

Key Milestones:

See GS1 GDM Release Schedule

As content for this release is developed it will be posted to this webpage followed by an announcement to the community to ensure visibility.
GDSN Data Pools should contact the GS1 GDSN Data Pool Helpdesk to understand the plan for the update. Trading Partners should work with their Data Pools (if using GDSN) and/or Member Organisations on understanding the release and any impacts to business processes.

GDM 2.11 contains updated reference material aligned with ADB 2.5 and GDSN 3.1.28.

 

Updated For Maintenance Release 2.11

GDM Standard 2.11 (Aug 2024)

Local Layers For Maintenance Release 2.11

China - GSMP RATIFIED (April 2022)

France - GSMP RATIFIED (November 2023)

Germany - GSMP RATIFIED (November 2023)

Poland - GSMP RATIFIED (November 2023)

Romania - GSMP RATIFIED (December 2021)

USA - GSMP RATIFIED (February 2023)

Finland - GSMP RATIFIED (November 2023)

Netherlands - GSMP RATIFIED (May 2024)

Italy - GSMP RATIFIED (May 2024)

 

Release Guidance

GDM Market Stages Guideline (June 2023)

GDM Attribute Implementation Guideline (February 2024)

GPC Bricks to GDM (Sub-) Category Mapping for GDM 2.10 and 2.11 (April 2024)

Attribute Definitions for Business (Aug 2024)

GDM (Sub-) Categories (October 2021)

GDM Regions and Countries (17 December 2021)

GDSN Release 3.1.28 (Aug 2024)

Tools

GDM Navigator on the Web 

GS1 GDM Attribute Analysis Tool (May 2024)

GDM Local Layer Submission Template (May 2024)

Training

E-Learning Course

Future Release Documentation

GPC Bricks to GDM (Sub-) Category Mapping for GDM 2.12 (Aug 2024)

Any questions

We can help you get help you get started using the GS1 standards

Contact your local office

We had a great conversation with Andrew Shikiar from the FIDO Alliance on the latest episode of the Identity at the Center podcast. We dove into the world of authentication, covering everything from different use cases to the importance of passkeys and regional adoption trends. We also got the inside scoop on Authenticate 2024, a can't-miss event for anyone in the identity space. Andrew also announces a new discount code just for IDAC fans to the FIDO Alliance Shop to get yourself some swag!

Check out the episode and let us know what you think:

https://youtu.be/quY-pEDa_5Y?si=RN9wfYnJBD1kc98e

Don’t forget about our discounts!

Authenticate Conference - Use code **IDAC15** for 15% off: https://authenticatecon.com/event/authenticate-2024-conference/

FIDO Alliance Shop - https://shop.fidoalliance.org/ - Use code **IDAC10** for a discount on your purchase!

#iam #podcast #idac

We believe that 3 pillars are required in Healthcare to support a FAIR data economy: Data Quality, Data Interoperability and Data Solidarity. Two previous blogs describe the first 2 pillars. […]

Most of us today are accustomed to unlocking our smartphones with a simple glance or touch. In the blink of the tech industry’s eye, biometric authentication has quickly become a normal part of our daily lives.

Consumers love the convenience and security of biometrics, which has helped propel its growth and mainstream adoption. In the FIDO Alliance’s last global barometer survey, biometrics ranked top as the most secure and the preferred way to log in by consumers.

But for biometrics to continue its success, there is a reputation issue and ‘elephant in the room’ that is holding back consumers, governments, and other implementers alike from full trust and confidence: bias.

Are biometric technologies biased?

Concerns have been circulating for some time about the accuracy of biometric systems in processing diverse demographics. In the UK in 2021, for example, Uber drivers from diverse ethnic backgrounds took legal action over claims its software had illegally terminated their contracts as its software was unable to recognize them.

In the FIDO Alliance’s recent study, Remote ID Verification – Bringing Confidence to Biometric Systems Consumer Insights 2024, consumers made clear that they are concerned about bias in biometric facial verification systems.

While over half of respondents indicated they believe face biometrics can accurately identify individuals (56%), others in the survey report a different experience. 

A quarter of respondents felt they had been discriminated against by biometric face verification systems (25%).

Organizations like NIST have been closely monitoring the disparities in bias performance for some time – with NIST’s most recent evaluation ​​of solutions across different demographics released this year. The headline is: Not all biometric systems are created equal.

As face verification has become adopted globally, the accuracy in identifying diverse demographics has gone from weakness to strength, with most leading solutions today operating with extremely small margins of error. However, less sophisticated solutions do exist and are perpetuating a far bigger reputational and adoption challenge.

Inclusivity and accessibility in remote identity

Inclusivity is just one part of the problem. Bias impacts the entire user experience and erodes faith in the technology overall. Half of American and British consumers in the survey said they would lose trust in a brand or institution if it were found to have a biased biometric system, and 22% would stop using the service entirely.

Remote identity solutions unlock huge benefits for governments, organizations, and consumers alike. Consider already how many more scenarios where we are asked to prove who we are virtually today – starting a new job, opening a bank account, signing legal documents. And, as outlined earlier, we know consumers already love using biometrics – 48% of those we surveyed preferred biometrics to enroll and verify themselves remotely.

However, the excitement of more remote identity solutions is understandably mixed with these bias concerns, causing some organizations to delay or reconsider implementation. We’re in an age where digital inclusivity is highly scrutinized, especially for public services, and governments are increasingly calling for a way to demonstrate equity.

Equitable biometrics systems are both a practical and a moral imperative. So how do we get there? 

Addressing bias in biometric systems

The FIDO Alliance has launched its Face Verification Certification program, with mitigating bias as a key priority. It assesses a face verification system’s performance across different demographics, including skin tone, age, and gender, in addition to far more wide-reaching security and  performance tests.

Why is independent certification for biometrics important?

Currently, testing levels are completed on a case-by-case basis, per organization. This means it’s expensive and time-consuming, and what ‘good’ looks like varies widely. The FIDO Alliance’s program is based on proven ISO standards and has been developed by a diverse, international panel of industry, government, and subject matter experts. This means it is unrivaled in its ability to set equitable performance benchmarks.

More broadly, certification and independent global testing catalyze innovation and technological adoption. Whether launching an identity verification solution or including it in related regulations, open standards and certification set a clear performance benchmark. It removes considerable duplicated efforts, improves the confidence of all stakeholders, and ultimately drives up the performance of all solutions on the market.

How is bias evaluated?

At this time, the FIDO Alliance program considers false reject rate (FRR) for bias, using FRR methodology, and is measured at the transaction level across skin tone, age, and gender. ISO 19795-10 has multiple options for measuring differential performance. One option is described in the Section: Reporting differential performance against a benchmark (Section 7.4.2). In this approach, testers seek to compare the performance of one or more demographic groups to a specific benchmark. FIDO has chosen this approach given the small sample size of the individual groups (50+ per group). For skin tone, groups are defined and distributed across three brackets based on the Monk Scale. For gender, groups are defined and distributed across male, female, and other. For age, groups are defined and evenly distributed across four age brackets. 

The benchmarks are set at 6% (95% confidence interval), based on bootstrapping simulations. These simulations covered a spectrum of scenarios, population sizes, correlation between attempts. The benchmark chosen reduces the probability that a group will be considered different when it actually is not, i.e., finding a difference by chance (<5%).

What is the value of certification for Biometric Vendors? Independent validation of biometric performance Opportunity to understand gaps in product performance to then improve and align with market demands Demonstrate product performance to potential customers  Improve market adoption by holding an industry-trusted certification Leverage one certification for many customers/relying parties  Benefit from FIDO delta and derivative certifications for minor updates and extendability to vendor customers Reduce need to repeatedly participate in vendor bake-offs What is the value of certification for Relying Parties? One-of-a-kind, independent, third-party validation of biometric performance assessing accuracy, fairness and robustness against spoofing attacks Provides a consistent, independent comparison of vendor products – eliminating the burden of maintaining own program for evaluating biometric products Accelerates FIDO adoption to password-less Commitment to ensure quality products for customers of the relying parties  Requirements developed by a diverse, international group of stakeholders from industry, government, and subject matter experts Conforms to ISO FIDO Annex published in ISO standards What is the value of certification with FIDO accredited laboratories?

FIDO Accredited Laboratories are available worldwide and follow a common set of requirements and rigorous evaluation processes, defined by the FIDO Alliance Biometrics Working Group (BWG) and follow all relevant ISO standards. These laboratories are audited and trained by the FIDO Biometric Secretariat to ensure lab testing methodologies are compliant and utilize governance mechanisms per FIDO requirements. Laboratories perform biometric evaluations in alignment with audited FIDO accreditation processes. In contrast, bespoke, single laboratory biometric evaluations may not garner sufficient trust from relying parties for authentication and remote identity verification use cases.

What are the other ISO Standards that FIDO certification conforms to?

In addition to ISO/IEC 19795-10, vendors and their accredited lab are adhering to the following ISO standards:

Terminology
ISO/IEC 2382-37:2022 Information technology — Vocabulary — Part 37: BiometricsPresentation Attack Detection
ISO/IEC 30107-3:2023 Information technology — Biometric presentation attack detection — Part 3: Testing and reporting
ISO/IEC 30107-4:2020 Information technology — Biometric presentation attack detection — Part 4: Profile for testing of mobile devices
– FIDO Annex, published 2024Performance (e.g., FRR, FAR)
ISO/IEC 19795-1:2021 Information technology — Biometric performance testing and reporting — Part 1: Principles and framework
ISO/IEC 19795-9:2019 Information technology — Biometric performance testing and reporting — Part 9: Testing on mobile devices
– FIDO Annex, published 2019Bias (differentials due to demographics)
ISO/IEC 19795-10:2024 Information technology — Biometric performance testing and reporting — Part 10: Quantifying biometric system performance variation across demographic groups – FIDO Annex, under developmentLaboratory
ISO/IEC 17025:2017, General requirements for the competence of testing and calibration laboratories Enhancing Confidence in the Biometrics of Identity Verification

The FIDO Alliance continues to champion the cause of combating bias and enhancing security measures in remote biometric identity verification technologies through its Identity Verification and Biometric Component certifications. The FIDO Certification Programs offer reliability, security, and standardization to certify biometric solutions for remote identity verification, and has specifically set benchmarks for face verification technologies to test for bias.

In addition to the Face Verification program, the FIDO Alliance emphasizes the importance of rigorous testing and certification processes in ensuring that identity verification solutions are trustworthy and secure, including the Document Authenticity (DocAuth) Certification. These programs offer solution providers the opportunity to differentiate themselves in the market by leveraging FIDO’s independent, accredited test laboratories and industry-recognized brand.

Learn More about FIDO Biometric Certifications

As digital identity verification landscapes evolve, the demand for independently verified and unbiased biometric systems becomes increasingly vital. The introduction of the FIDO Alliance’s Face Verification Certification Program reinforces the commitment of solution providers to proactively address trust, security, and inclusivity in biometric identity verification technologies.

To learn more, download the in-depth consumer research on remote ID verification here, and discover the certified providers backed by FIDO certification to stay ahead with secure and trustworthy biometric identity verification technologies.

Part 2: Understanding Feedback Loops

This is the second post in a series exploring the fundamentals of Systems Thinking. This is an approach that helps us make sense of complex situations by considering the whole system rather than just its individual parts.

This series is made up of:

Part 1: Three Key Principles Part 2: Understanding Feedback Loops (this post) Part 3: Identifying Leverage Points

In the first post, we explored the foundational principles of Systems Thinking: Drawing a Boundary, Multiple Perspectives, and Holistic Thinking. Now, we’ll build on that foundation by examining Feedback Loops, another crucial concept in Systems Thinking.

Feedback loops are essential for understanding how systems behave, adapt, and evolve over time. By mastering the dynamics of feedback loops, you can identify how small changes can ripple through a system, leading to significant outcomes, whether intended or unintended.

1. What are feedback loops?

“You think that because you understand ‘one’ that you must therefore understand ‘two’ because one and one makes two. But you forget that you must also understand ‘and.’” — Donella Meadows

Feedback loops are the mechanisms by which systems regulate themselves. They can either reinforce a particular behaviour (positive feedback) or counteract it to maintain stability (negative feedback). Understanding these loops helps us see how systems respond to internal and external changes, leading to growth, adaptation, or stability.

For instance, a classic example of a negative feedback loop is a thermostat regulating room temperature. When the temperature rises above the set point, the thermostat turns off the heating. When the temperature drops below the set point, the thermostat turns the heating back on. This loop maintains the room’s temperature within a desired range, counteracting any deviations. The thermostat example clearly demonstrates how negative feedback loops work to maintain stability within a system, bringing it back to a set equilibrium when it deviates.

On the other hand, social media platforms often rely on positive feedback loops to increase user engagement. When a user interacts with content, the platform’s algorithm shows more similar content, increasing the likelihood of further engagement. This creates a reinforcing cycle where user behaviour drives more of the same behaviour, leading to increased overall engagement. This example illustrates how positive feedback loops can amplify behaviours, sometimes leading to rapid growth or creating echo chambers where only certain types of content are repeatedly reinforced.

Feedback loops are crucial for identifying how systems behave over time, which ties back to the principles we discussed in the first post, particularly the importance of considering Holistic Thinking.

2. Negative feedback loops

“The major problems in the world are the result of the difference between how nature works and the way people think.” — Gregory Bateson

Negative feedback loops work to stabilise a system by counteracting changes. These loops are vital for maintaining equilibrium and preventing a system from spiralling out of control.

For example, in economics, the supply and demand mechanism operates as a negative feedback loop. When the supply of a product exceeds demand, prices tend to fall, which in turn reduces supply as producers cut back on production. Conversely, when demand exceeds supply, prices rise, encouraging increased production. This self-regulating process helps to stabilise markets by bringing supply and demand into equilibrium, preventing extreme fluctuations in prices and availability.

It’s important to understand that in the context of Systems Thinking, “negative” doesn’t imply something bad or undesirable. Instead, it refers to the type of feedback that counteracts changes, helping to stabilise a system and maintain equilibrium. Negative feedback loops are essential for preventing systems from spiralling out of control, ensuring they remain balanced and functional.

3. Positive feedback loops

“The only thing harder than starting something new is stopping something old.” — Russell Ackoff

Positive feedback loops amplify changes in a system, often leading to exponential growth or decline. These loops are self-reinforcing, meaning that as a particular change occurs, it triggers more of the same change, leading to potentially dramatic effects.

For example, in the context of climate change, positive feedback loops play a significant role in accelerating global warming. One such loop involves the melting of polar ice. As the ice melts, less sunlight is reflected back into space, and more heat is absorbed by the Earth’s surface, which in turn leads to further ice melt. This self-reinforcing loop accelerates the warming of the planet, contributing to increasingly severe climate impacts.

Again, it’s important to note that a “positive” feedback loop doesn’t necessarily have morally beneficial consequences — rather, it refers to the amplifying nature of the loop itself, which can drive both beneficial and harmful changes.

4. The interaction of Feedback Loops in Systems

“The purpose of a system is what it does.” — Stafford Beer

In most systems, positive and negative feedback loops do not operate in isolation; they interact with each other, creating complex and dynamic behaviours. This interaction can make systems resilient, allowing them to adapt to changes and maintain stability, or it can make them vulnerable, leading to oscillations, chaotic behaviour, or even collapse if not properly managed. Understanding how these loops interplay is crucial for effective system management and intervention.

In product management, the balance between feature usage and product complexity is shaped by the interaction of feedback loops. When a feature is widely used and appreciated, customer satisfaction increases, leading the product team to enhance or expand the feature (positive feedback). As the feature becomes more complex, it may introduce usability issues, decreasing customer satisfaction (negative feedback). This interaction helps maintain a balance within the product, ensuring it continues to meet customer needs without becoming overly complicated.

A similar interplay of feedback loops occurs when managing product adjustments. Increasing customer satisfaction through positive feedback can prompt further enhancements, which might initially appear beneficial. Yet, if these enhancements lead to excessive complexity, they may cause usability issues, frustrating users and resulting in negative feedback. This process highlights the delicate balance product managers must maintain to keep their product both innovative and user-friendly, illustrating the challenges of managing feedback loops in product development.

By recognising and analysing these interactions, systems thinkers can identify points of leverage where interventions can either reinforce desirable behaviours or counteract negative trends, leading to more stable and resilient systems.

5. Recognising feedback loops in your work

“Taking action to improve a problematical situation will of course itself change that situation, so that the learning cycle could in principle begin again.” — Peter Checkland

Identifying and understanding feedback loops in your work or organisational context can be a game-changer. These loops are often the invisible threads that weave through processes, projects, and relationships, dictating outcomes and driving behaviours. By recognising these loops, you can gain a deeper understanding of the forces at play and make more informed decisions that lead to sustainable success.

Get started identifying feedback loops:

Think of an area in your work where specific actions lead to similar outcomes Identify the underlying feedback mechanism — is it positive or negative or are multiple loops at play? Make adjustments to one part of the system and observe how the system changes

Here’s an example:

When our team meets a deadline, team morale improves and I’ve noticed that we often meet our deadlines with the same enthusiasm This is a positive feedback loop — success breeds further success. Figure out what works, and further incentivise it.

Conversely:

When our team misses a deadline, we tend to become stressed leading to further delays. This is a negative feedback loop — the more stressed we are, the more we miss our deadlines. We need a win, let’s deprioritise X and focus on Y because it’s an easier task. Then we’ll come back to X when team morale is improved.

Recognising these loops allows you to take proactive steps. If you identify a positive feedback loop that is driving beneficial outcomes, consider how you might reinforce or expand this loop. Perhaps you could introduce additional incentives or recognition programs to further enhance the team’s motivation and productivity. On the other hand, if you uncover a negative feedback loop that is leading to undesirable results, it’s crucial to intervene early. For example, introducing stress management resources or adjusting timelines could help break the cycle and restore balance.

Feedback loops are not limited to project management; they are pervasive in all areas of work, from customer service to organisational culture. In customer service, a positive feedback loop might occur when excellent service leads to customer satisfaction, which in turn results in positive reviews and repeat business. Recognising this loop could lead to further investments in training and support for customer service teams. In organisational culture, a feedback loop could exist where open communication leads to trust, which fosters more open communication, creating a virtuous cycle of collaboration and innovation.

By consciously identifying and managing these loops, you can transform potential challenges into opportunities for growth and continuous improvement. This approach not only helps in achieving immediate goals but also contributes to the long-term resilience and adaptability of your organisation.

Conclusion

Feedback loops are a fundamental aspect of Systems Thinking, providing crucial insights into how systems evolve, adapt, and maintain stability. By identifying and analysing these loops, we gain the ability to predict the outcomes of our actions more accurately and craft interventions that are not only effective but sustainable.

At We Are Open Co-op, we specialise in applying Systems Thinking principles, including the detailed analysis of feedback loops, to help organisations navigate and resolve complex challenges. Whether you’re looking to enhance organisational processes, improve project outcomes, or foster better relationships within your team, understanding feedback loops can be transformative.

If you’re curious about how feedback loops influence your work or how Systems Thinking can be integrated into your approach, we’re here to help. Reach out to us to explore the possibilities. And stay tuned for the final post in this series, where we’ll dive into identifying and leveraging key points within systems to drive meaningful and lasting change.

References Ackoff, R.L. (1974). Redesigning the Future: A Systems Approach to Societal Problems. New York: Wiley. Bateson, G. (1972). Steps to an Ecology of Mind. San Francisco: Chandler Publishing Company. Beer, S. (1972). Brain of the Firm. New York: Herder and Herder. Checkland, P. (1981). Systems Thinking, Systems Practice. Chichester: John Wiley & Sons. Meadows, D.H. (2008). Thinking in Systems: A Primer. White River Junction: Chelsea Green Publishing. Schön, D.A. (1983). The Reflective Practitioner: How Professionals Think in Action. New York: Basic Books. Vickers, G. (1965). The Art of Judgement: A Study of Policy Making. London: Chapman & Hall.

An Introduction to Systems Thinking was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

By LunarCrush and OriginTrail

In the rapidly evolving world of tech and finance, the demand for innovation and adaptability is higher than ever, driven by a quest for transparency for internet users. LunarCrush has been at the forefront of Social Intelligence, converting human-driven insights into actionable information for both retail and institutional stakeholders. Originally focusing on the crypto industry, LunarCrush’s Social Intelligence now extends across diverse sectors such as technology, politics, travel, music, and more. Recognizing the convergence of crypto, the Internet, and Artificial Intelligence (AI), LunarCrush is making a significant leap forward in their transparency efforts through social intelligence. By launching the Social Intelligence Paranet on the OriginTrail Decentralized Knowledge Graph (DKG), LunarCrush aims to enhance content collection through incentivized crowdsourcing and enable the creation of AI-powered services on this trusted knowledge base.

The Decentralized Knowledge Graph and the Social Intelligence Paranet

The Social Intelligence Paranet will operate on the OriginTrail DKG, a permissionless peer-to-peer network that ensures all social content published to the Paranet is discoverable, verifiable, and attributed to its owners. This setup allows AI services leveraging this knowledge base to avoid challenges like hallucinations, managed bias, and intellectual property violations. For an in-depth understanding of the technical design of paranets, DKG, and decentralized Retrieval-Augmented Generation (dRAG), we recommend reviewing the OriginTrail Whitepaper.

The Social Intelligence Paranet Initiative

Aligned with LunarCrush’s growth trajectory, the Social Intelligence Paranet will initially target the crypto sector, attracting high-quality content creators and community members from various crypto projects. LunarCrush will also mine knowledge tied to their social insights, such as Alt Rank, Top Creators, and Sentiment analysis. Beyond knowledge mining, the Social Intelligence Paranet will feature the first AI-powered tool to interact with top knowledge assets on the Paranet, supported by LunarCrush. This AI-powered tool will be accessible to users paying with BUZ tokens. All BUZ tokens spent by users will be recycled as additional rewards for knowledge mining.

In the upcoming weeks, a comprehensive proposal for the Social Intelligence Paranet will be submitted to the NeuroWeb community for approval. The proposal will include:

- Knowledge Assets created from LunarCrush APIs

- An incentives model for knowledge miners targeting the first category of knowledge

- A demo of the LunarCrush AI tool

Advancing the Wisdom of the Crowds

The traditional wisdom of the crowds concept eliminates idiosyncratic noise associated with individual judgment by averaging a large number of responses. Social Intelligence takes this concept further by unlocking actionable information through high-quality, curated knowledge enhanced with specific domain expertise. The rise of AI introduces the potential for another leap forward in extracting wisdom from a vast body of knowledge. Incentivized crowdsourcing to collect superior social content provides an ideal foundation for AI services to uncover wisdom that is not immediately apparent. While a conversational tool is the initial step, subsequent developments will include AI agents performing comprehensive tasks such as market analysis and prediction market suggestions. As the Social Intelligence Paranet expands beyond the crypto field, it promises to support enhanced decision-making powered by the wisdom of the crowds across various topics.

Growing the Buz Economy: Announcing the Social Intelligence Paranet Launch was originally published in OriginTrail on Medium, where people are continuing the conversation by highlighting and responding to this story.

Editors

Sean Miller, RSA

Abstract

Enterprises should consider using passkeys, especially if they are currently relying on passwords. By replacing these credentials with passkeys, enterprises will immediately reduce the risk of phishing and eliminate credential reuse, improving authentication service security. Different types of FIDO authenticators may be used to meet users’ needs with a balance between convenience and security. For enterprises that require high levels of identity assurance, internal security policies, or regulatory requirements, additional scrutiny is needed to determine the appropriate type of passkey. It is important to look at both the enterprise as a whole, as well as parts of the organization because high assurance requirements may not apply to the entire enterprise.

For many high assurance scenarios, attested device-bound passkeys may be more desirable. Relying parties with high assurance requirements will need to decide whether to accept all types of authenticators and adapt their authentication flow based on the attestation characteristics or reject registrations from unattested or unacceptable authenticators at the risk of a poor user experience.

Audience

This white paper is intended for IT administrators and enterprise security architects who are considering deploying FIDO authentication across their enterprises and defining life cycle management policies. This paper provides an overview of the different use cases for multi-factor authentication MFA and the FIDO Authenticator choices available to administrators. The intent is to help guide administrators in choosing the right authenticator types for their specific environment. Companies requiring higher levels of security, such as those involved in healthcare, government organizations, or financial institutions that have a hard requirement around the control of the credential, in particular should read this white paper.

It is assumed that the reader has an understanding of FIDO architecture, relying parties, protocols, and has read “FIDO EDWG 2023 Papers – Introduction” that introduces key concepts used in this white paper.

1. Introduction

This document focuses on deploying passkeys for enterprise users in high assurance environments.
Readers can find an introduction to the series of papers here. The introductory whitepaper provides additional descriptions and links to all papers in the series, which cover an array of use cases from low to high assurance. Most enterprises will likely have use cases that span more than one of these papers, and readers are encouraged to review the white papers relevant to their deployment environment.

This white paper examines what it means to be in a high assurance environment and how that may influence how FIDO is used. More specifically, the document addresses the challenges with password-only authentication and proposes passkeys as a stronger, phishing-resistant alternative to using passwords to authenticate users. Additionally, the document provides some adoption considerations for IT and security professionals to consider to ensure compliance with regulatory and security requirements for high assurance authentication scenarios. This white paper examines the use cases of registering a device, using a registered device, and dealing with recovering a lost device.

A key part in deciding if a passkey should be allowed in an environment is based on attestations. Attestations can be provided for credentials as part of the registration process, which relying parties can trust as provenance of the authenticator being used. For high assurance enterprise scenarios, attestations should always be requested. What can be discovered from the attestation associated with the credential, or the absence of any attestation, can help drive policy decisions about whether to accept the registration. Without any attestation, it may be difficult for the relying party to decide if the credential should be allowed. They may reject the registration outright, making for a poor user experience, or the enterprise may choose to employ additional, conditional multi-factor authentication (MFA) along with FIDO authentication to meet the high assurance requirements. With an attestation, the enterprise has assurances about the provenance, manufacture type, certifications, and features of the authenticator and often can rely on these assurances as MFA devices, providing multiple factors like credentials and a PIN to unlock the authenticator.

Synced passkeys work well in many use cases and can still work for some high assurance scenarios, depending on the security or regulatory requirements of the enterprise. Synced passkeys are attractive because of their recoverability and ease of use; however, they also change where credentials reside and who controls them. Given this external control of the credentials, some additional MFA may be desired for synced passkeys where the enterprise has control of the lifecycle management of the MFA method.

The remainder of this white paper will examine enterprises or organizations that have high assurance requirements based on Authenticator Assurance Levels [7] and FIDO Certified Authenticator Levels [8] to operate.

download the white paper 2. Passkey Use Cases

This section will focus on use cases around passkeys in an enterprise or an organization. There are many use cases for enterprises where synced passkeys work very well for ease and convenience in registering devices, using devices, and recovering lost devices since the credentials are available on other devices. It is highly recommended that organizations look at all the benefits of synced passkeys to determine if they are appropriate for the organization. However, the use of synced passkeys, while convenient, may not meet all the security requirements for an enterprise or organization needing high assurance (e.g., AAL3 requirements). AAL3 level has several requirements with the most significant being the use of a hardware-based authenticator. Please refer to NIST for more detail on the different levels of Authenticator Assurance Levels (AAL) [7]. Quite often, AAL3 applies to companies and organizations requiring higher levels of security, such as those involved in healthcare, government, or finance, which have a hard requirement around the control of the credential, specifically, that it is device-bound and never copied.

2.1. Registration
The enterprise or organization should first consider what device(s) they will support in their environment and how they will manage the provisioning of devices. For example, an organization may support an environment where users can bring their own device (e.g., mobile phone), or an organization may have very strict requirements around issued devices that meet specific security requirements such as PIN length, particular user presence features, or even specific hardware models. Finally, organizations need to consider whether they will allow passkeys to reside on multiple devices or just a single device. This has both security and recovery implications that need to be considered.

Organizations may have use cases that require credentials to be device-bound and not copyable at all, in which case synced passkeys are not recommended. Organizations may choose to allow synced passkeys alongside traditional MFA mechanisms, replacing the password with a passkey. However, if the organization has strict requirements for where the credentials can reside, they should look closely at restricting use to device-bound passkeys. These factors will decide how organizations manage registration. All these cases put some added burden on the relying party if types of passkeys need to be restricted.

The relying party may need to check if some requirements are met during the registration process, such as requiring an authenticator that meets or exceeds the FIDO L1+ certification [8]. To assess the authenticator’s compliance with these requirements, the authenticator must provide an attestation that can be validated and examined. If an authenticator does not meet the requirements of L1+ then, the relying party may be forced to reject the registration since nothing can be proven about the provenance of the credential, or the party may consider an implementation with additional MFA to meet the requirements of high assurance.

If an attestation is provided, the relying party can check what type of device it is and if it meets the requirements of the enterprise or organization. The relying party may also want to restrict based on the unique identifier for the authenticator, provided an attestation is available. The unique identifier, known as an Authenticator Attestation Globally Unique Identifier (AAGUID), can be used to look up the details against the FIDO Alliance Metadata Service [2] to understand what type of device is being registered, the certification level, and what features it provides.

Enterprise Attestation is another form of attestation that can be leveraged during registration. This is implemented by some authenticator vendors to add additional information that is unique to the organization. Including this additional information as part of the attestation and narrowing allowed authenticators can be used to further enhance the registration experience.

Similarly, there may be flags about whether the credential is eligible for backup and/or if it has been backed up. These flags cannot be trusted, however, without some attestation that the device is certified. A relying party might decide to allow or deny the registration based on this information as well as other information provided at runtime.

Unfortunately, if the relying party fails the registration of a credential, it forces the user to repeat the registration process again with a different authenticator at step one. Although WebAuthn [5] does not support a preflight mechanism to identify suitable authenticators, relying parties may provide feedback to the user before registration to identify acceptable authenticators. Additional guidance can be provided after failed registration to guide the user’s choice of authenticator. This guidance should be explicit and identify why the authenticator was rejected during registration, which authenticators meet the RP’s requirements, and guidance on managing browser-mandated optionality on communicating attestations.

Relying parties should be able to be more prescriptive in describing requirements of authenticators, allowing for a much better user experience where the end user can only select authenticators that meet the requirements and remove this burden from relying parties. These changes have been proposed to WebAuthn, but they have not yet gathered the support of platform vendors.

Another approach for enterprises might be not to offer any registration use case exposed to the end user. Instead, the enterprise would manage the lifecycle of registering the devices before they are provisioned to users. Similarly, the enterprise might provide some form of supervised registration experience to ensure only authorized authenticators are provisioned and registered. This avoids a number of pitfalls with the user experience mentioned above but puts more lifecycle management burden on the enterprise.

2.2. Sign In
Once a credential has been registered, FIDO credentials can be accessed when needed at authentication. The application(s) will leverage the WebAuthn browser API or platform passkey APIs to perform a FIDO authentication using a registered device. Depending on the type of registered device, there will be multiple factors involved in the authentication, like the entering of a PIN or a user presence challenge. The requirement for these interactions is there is a high level of assurance that the user is who they say they are, and they are not impersonating any user. These requirements need to be enforced during the registration process to ensure devices are allowed to meet the requirements of the enterprise or organization.

The only difference in this use case between synced passkeys and device-bound passkeys is what needs to be authenticated. For device-bound passkeys, the original hardware device used during the registration process is needed. Synced passkeys may be accessed from multiple devices that have access to an account hosted by a passkey provider. Furthermore, some synced passkeys may be shared after registration. Relying parties do not have a mechanism for identifying shared credentials in the current specifications, making it harder to understand and manage the lifecycle of synced passkeys.

There are several enterprise use cases covered in the white paper on “Choosing FIDO Authenticators for Enterprise Use Cases” [4]. Organizations should review these to evaluate how FIDO is leveraged. In particular, an organization planning to rely on FIDO as a first factor (passwordless) or a second factor is a key decision, and the white paper may help organizations understand what truly requires high assurance. For example, there may be a specific project, or a use case may apply to an entire industry driven by government or regulatory requirements. Employees might be allowed to use a synced passkey to access a laptop for example, but then need to use a device-bound passkey to sign in to a specific application restricted to certain employees with a particular clearance level.

2.3. Recovery/Lost Device
Recovery is where a synced passkey shines. If one loses a FIDO device that holds a credential, they can just access the credential from a different device that shares the same platform account. This is convenient, but also means that a passkey is only as secure as the platform account with which it is associated. Enterprises should examine the vendor solutions to understand how secure it is before relying on a service external to the organization. For example, does it provide end-to-end encryption with keys that are not known to the vendor? What additional measures like MFA are used to secure the user’s account? What process is used for account recovery? End users may not be concerned about such matters, but these details may represent a security concern for the organization’s security administrators. The organization’s security requirements need to be examined to see if an external party can store and manage credentials. Furthermore, without requiring attestations, the relying party has no idea who or what is the issuer of a credential—whether it be the platform, a roaming authenticator, a browser plug-in, or something else. As a result, the relying party cannot provide any guidance as to how to recover access to the credentials while providing high assurance. An alternative form of account recovery external to recovering the FIDO credential would be needed to verify the identity of the user and issue a new device and credentials. Finally, the recovery of a passkey from a provider when using synced is not known to the relying party. This represents a potential attack that the enterprise is unaware of.

For device-bound passkeys, the recovery process is more involved and will likely require the involvement of a help desk [6] to issue a new device and possibly revoke access for the old device. This is a security-first approach over convenience that allows an enterprise or organization to control who has devices. It does mean there are additional steps needed for the end user before they can regain access. However, this gives enterprises more control over the lifecycle of the credentials, allowing enterprises to revoke or expire authenticators at any point and be able to guarantee that credentials are not copied or do not exist outside enterprise controls. Some enterprises have solved this by provisioning multiple devices so users can self-recover. Ultimately, there is a business decision to be made regarding recovery models. In some cases, it may be appropriate to block access until the user can receive a new device, taking loss of productivity over a lower security model. The extra burden highlighted in the registration step if an enterprise chooses to manage the registration experience has a direct impact on the recovery/replacement experience.

2.4. Unregistering
At some point an employee will either leave a project or the enterprise overall. The enterprise will want to be sure they have control over credentials and unregister their use so access is no longer possible. This is a bigger consideration when it comes to synced passkeys where the enterprise does not have full control of the lifecycle and management of the credentials. If synced passkeys require additional MFA, the enterprise can control the MFA aspect, expiring the factors involved so authentications no longer are allowed. Device-bound passkey environments have much more control over unregistering devices, either by physically handing in a device and knowing no copies were made, or invalidating/expiring the device so subsequent authentication attempts fail.

The credential lifecycle requires the ability to disable or remove a credential, whether due to a change in status of an employee, such as a leave of absence or separation from the organization, or due to the potential loss or compromise of a credential. Passkeys differ from passwords in these instances since the user may have multiple passkeys registered with the relying party, as opposed to passwords, where the user is expected to only have one password per relying party. In the case of a permanent separation between the user and enterprise, disabling the user account and/or rotating the credential in the service is standard practice to ensure the user is no longer able to authenticate. If the separation is temporary, such as for leave of absence, enterprises may choose to rotate all the user’s credentials or disable the user account until the user returns.

In the case of credential loss, the next steps are dependent upon the deployment scenario. Users with device-bound passkeys who lose their security key should have the credential revoked by the service. Synced passkeys create additional challenges. If the device has been compromised, all credentials resident on the device, including those resident in different passkey providers, should be treated as compromised and revoked by the RP. If the user’s passkey provider account has been compromised, the impacted credential(s) stored with the provider must be revoked. To facilitate revocation in these scenarios, RPs should allow credentials to be named or otherwise identified by the user during registration to facilitate the revocation of specific credentials where possible. Administrative controls must narrow their focus on eliminating credentials from the RP rather than removing the credential private key material from either hardware security keys or a passkey provider’s sync fabric, which may not be possible.

3. Deployment Strategy

In a high assurance environment, the enterprise is likely going to want to manage the distribution and retirement of all authenticators. Device-bound passkeys would be managed by IT and provisioned to individuals. Relying parties would need to check for attestations and only allow the registration of authenticators that are managed by the enterprise or organization. If attestations are absent or do not meet the security requirements, the registration should fail. Processes should be established to manage the pool of authenticators to ensure they are retired when individuals leave or no longer require high-level access. Lastly, the organization or enterprise should define what the process looks like for recovering lost/stolen devices. Depending on how critical the access is to the continuity of the business, multiple hardware devices might be issued for a given individual to ensure they always have access.

4. Conclusion

There is no argument that passkeys are a strong phishing-resistant alternative option to traditional passwords. In an enterprise environment, it is important to look at security and regulatory requirements to determine if synced passkeys work, or if there are stricter constraints such as internal security policies, regulatory, or compliance requirements that require the use of device-bound passkeys. With either approach, enterprises should spend the time to understand how registration, management, and recovery of FIDO credentials will be managed. This includes important use cases like storage of credentials (external), recovery of lost credentials, and unregistering devices when employees leave. Based on the requirements of the enterprise, passkeys may work without any customizations, or enterprises may need to invest to ensure their authentication experience is more managed and filtered to specific devices.

5. Next Steps: Get Started Today Use FIDO standards. Think about what your relying parties are supporting and consider your enterprise security requirements. Passkeys are far more secure than passwords. Look for the passkey icon on websites and applications that support it.

For more information about passkeys, visit the FIDO Alliance site [3].

6. References

[1] FIDO Deploying Passkeys in the Enterprise – Introduction
[2] FIDO Alliance Metadata Service – https://fidoalliance.org/metadata/
[3] Passkeys (Passkey Authentication) –
https://fidoalliance.org/passkeys/#:~:text=Can%20FIDO%20Security%20Keys%20support,discoverable%20credentials%20with%20user%20verification.
[4] FIDO Alliance White Paper: Choosing FIDO Authenticators for Enterprise Use Cases –
https://fidoalliance.org/white-paper-choosing-fido-authenticators-for-enterprise-use-cases/
[5] WebAuthn – https://fidoalliance.org/fido2-2/fido2-web-authentication-webauthn/
[6] FIDO account recovery best practices –
https://media.fidoalliance.org/wp-content/uploads/2019/02/FIDO_Account_Recovery_Best_Practices-1.pdf
[7] NIST Authenticator Assurance Levels – https://pages.nist.gov/800-63-3-Implementation-Resources/63B/AAL/
[8] FIDO Certified Authenticator Levels – https://fidoalliance.org/certification/authenticator-certification-levels/

7. Acknowledgements

We would like to thank all FIDO Alliance members who participated in the group discussions or took the time to review this paper and provide input, specifically:

Matthew Estes, Amazon Web Services John Fontana, Yubico Rew Islam, Dashlane Dean H. Saxe, Amazon Web Services, Co-Chair FIDO Enterprise Deployment Working Group Johannes Stockmann, Okta Shane Weeden, IBM Khaled Zaky, Amazon Web Services FIDO Enterprise Deployment Group members

Editors

Jerome Becquart, Axiad
Greg Brown, Axiad
Matt Estes, Amazon Web Services

Abstract

The intent of this whitepaper is to provide guidance for organizations as they analyze the abilities and features of both device-bound passkeys and synced passkeys to determine how both credential types can be utilized in a moderate assurance environment. In this paper, the term “moderate assurance” refers to an environment or organization where the legal, regulatory, and security requirements are flexible enough to allow for the use of both types of credentials, using synced passkeys to replace passwords and multi-factor Authentication (MFA) for standard user accounts and device-bound passkeys for user accounts that require the highest level of protection and assurance. The paper is designed to provide a comparison of features and requirements that are supported by device-bound passkeys and synced passkeys, providing a vision of how both types of credentials can be utilized together in an organization that has moderate assurance needs.

Audience

This white paper is one in a series of white papers intended for anyone who is considering deploying FIDO Authentication across their organization, including IT administrators, enterprise security architects, and executives.

Readers can find an introduction to the series of papers here. The introductory white paper provides additional descriptions and links to all papers in the series, covering an array of use cases from low to high assurance. We expect that most enterprises will have use cases that span more than one of these papers and encourage readers to review the white papers that are relevant to their deployment requirements.

The white paper assumes that the reader has a foundational understanding of FIDO2 credentials and the role they play in the
authentication process; introductory information on FIDO2 can be found here: FIDO2 – FIDO Alliance.

1. Introduction

The initial implementations of FIDO2 credentials were created as device-bound passkeys on either a roaming authenticator or platform authenticator, where the private key of the credential is stored on the device’s authenticator and not allowed to be exported, copied, backed up, or synchronized from the authenticator. This configuration presents a very secure and phishing-resistant solution for authentication that gives relying parties (e.g., web sites or service providers), a very high level of confidence that the user and the device are legitimate users of the system. With this high level of assurance, however, comes some challenges – primarily regarding usability and account recovery. For example, because there is no way to get the private key off the authenticator, if the device the private key is stored on becomes lost or damaged, then access to the resources that key authenticated would be lost. With device-bound passkeys, the solution is to register a second device-bound passkey with every relying party. This creates a more difficult user experience as the user would be required to register both authenticators. This is somewhat reduced for organizations that have consolidated their authentication flow by using an identity provider (IdP) to federate access to their applications, as the relying party is then the IdP itself.

To solve these challenges, in May 2022 Apple, Google, and Microsoft announced their intent to support synced passkeys in their operating systems. Synced passkeys have many of the same characteristics of device-bound passkeys, including the continued use of private and public key pairs. One significant difference, however, is that synced passkeys allow for the private key of the credential to be synchronized to other devices the user owns that exist in the same vendor’s synchronization fabric ecosystem (e.g., iCloud in the Apple ecosystem). Synced passkeys also allow for the creation of a more streamlined and user-friendly experience. All passkeys share several common security properties, are highly phishing resistant, and use unique key pairs to enable strong authentication. However, it is also important to note the difference between synced and device-bound passkeys. For example, synced passkeys introduce new security considerations when analyzed against a device-bound passkey. Conversely, synced passkeys can more easily address account recovery challenges.

As organizations work to evaluate how and where both credential types can be utilized in their environment, they will need to review and understand their organization’s legal, regulatory, and security requirements. When organizations evaluate these requirements, they will many times refer to the combination of these requirements as an authentication assurance level (AAL) and will reference documentation from the National Institute of Standards and Technology (NIST), which provides guidance and recommendation for different assurance levels. While there is currently work underway by NIST to update these assurance levels to better incorporate synced passkeys, the current standards can be helpful when evaluating the implementation of device-bound passkeys and synced passkeys into an organization. More information regarding NIST and AALs can be found here: Authenticator Assurance Levels (nist.gov).

In terms of this white paper, a moderate assurance environment is an organization that has several different authentication use case scenarios that can be met by a combination of AAL1 and/or AAL2 as well as AAL3 levels of assurance. This white paper will dive deeper into the advantages and disadvantages of both device-bound passkeys and synced passkeys to provide a comparison between the two that an organization can use along with their own legal, regulatory, and security requirements to determine how and where they can implement both device-bound passkeys and synced passkeys into their moderate assurance environment so that they can take advantage of the secure, phishing-resistant, and user friendly authentication process that FIDO2 credentials provide in all parts of their organization.

download the white paper 2. FIDO Credential Adoption Considerations

When organizations are evaluating the use of both device-bound passkeys and synced passkeys to support the AAL1, AAL2, and AAL3 requirements of their organization, there are several factors that they should consider. These factors are described below and are intended to provide the organization with the information they need to help analyze both types of credentials and determine where they can be used in their enterprise.

2.1. User Experience
In terms of user experience, the goal of using FIDO credentials to authenticate to a system has always been to provide an easy-to-use and effortless process for the user. The original FIDO implementations provided a streamlined sign-in experience, but still presented some user experience challenges.

Passkeys introduce several enhancements to help provide improve user experience including a new feature called “passkeys Autofill UI” that provides users easier access to the creation of the passkeys and provides an autofill-like experience where users simply pick the credential they want to use when authenticating and no longer type in their username or password. This experience becomes quite easy to use and is very similar to the experience that most users already like and are comfortable with when using solutions such as password managers. Creating a passkey user experience that users like more than their current password experience removes the hurdle to adoption that has been seen with previous passkey implementations.

2.1.1 Backup, Lost Devices, and Recovery
With device-bound passkeys, the private key is stored on and not allowed to leave the authenticator. This creates a very secure solution but does create challenges for users and enterprises regarding backup of the key data, loss of the authenticator, and addition of new authenticators for the user. While there are recommended recovery practices for device-bound passkeys (FIDO_Account_Recovery_Best_Practices-1.pdf (fidoalliance.org)), synced passkeys work to resolve these challenges in a more user friendly manner. With the implementation of a synced passkey solution, the user no longer must register multiple authenticators with a relying party to ensure continued access in the event of a lost authenticator. If an authenticator is lost, a user can recover their passkey by using the recovery process provided by the passkey provider. Additionally, synced passkeys make for a better user experience as a user does not have to register unique credentials per device or maintain multiple device-bound passkeys to minimize the risk of credential loss. Once configured, synced passkeys are available across all devices synced with the passkey provider.

Synced passkeys do, however, create a dependency on the passkey provider and their synchronization fabric. Each provider implements their own synchronization fabric, which includes their own security controls and mechanisms to protect credentials from being misused. Organizations with specific security or compliance requirements should assess which provider(s) or hardware security keys meet their requirements.

Synced passkeys have a lower security posture as they allow the private key on the authenticator to be synchronized to authenticators of other devices the user has in the same vendor’s ecosystem. Organizations should also be aware that there currently are no standards or systems that allow them to keep track of what devices these credentials have been created and stored on, nor mechanisms to identify when the credential has been shared with another person. For use cases in an organization that require a high level of assurance, the fact that this information cannot be determined or obtained means that synced passkeys would not be a good solution for those specific organizational use cases, and they should look to device-bound passkeys to support those use cases.

2.3 Attestation and Enforcement of Credential Type
Attestation is a feature that is designed to enhance the security of the registration process. Attestation mechanisms are defined by the specifications as an optional feature, though most hardware security keys implement it. Attestation is the ability of the authenticator to provide metadata about itself back to the relying party so that the relying party can make an informed decision on whether to allow the authenticator to interact with it. This metadata includes items such as an Authenticator Attestation Globally Unique Identifier (AAGUID), which is a unique ID that represents the vendor and model of the authenticator, the type of encryption that the authenticator uses, and the PIN and biometric capabilities of the authenticator. Some authenticator vendors also support a feature called Enterprise Attestation that allows an organization to add additional uniquely identifying information in an attestation that is included with an authenticator registration request, with the intent to use this additional information to support a controlled deployment within the enterprise where the
organization wants to allow the registration of only a specific set of authenticators. Additional information about Enterprise Attestation can be found in this white paper: FIDO-White-Paper-Choosing-FIDO-Authenticators-for-Enterprise-Use-Cases-RD10-2022.03.01.pdf (fidoalliance.org).

At the time of publication, synced passkeys do not implement attestation, which means they are not an appropriate solution for scenarios with highly privileged users that require higher levels of assurance or for organizations that want to implement Enterprise Attestation. To support these highly privileged users, relying parties and organizations have historically looked to, and will need to continue to look to, device-bound passkeys and authenticators from vendors that support and include attestation in their solutions. For organizations that have regulatory, legal, or security requirements that require all users to be treated as high privilege users or have a need to implement Enterprise Attestation, it is recommended that only device-bound passkeys be implemented in their environment. A companion white paper, “High Assurance Enterprise Authentication,” provides details on this scenario and can be found here: https://media.fidoalliance.org/wp-content/uploads/2023/06/FIDO-EDWG-Spring-2023_Paper-5_High-Assurance-EnterpriseFINAL5.docx-1.pdf. Moderate assurance organizations can support all their users by implementing synced passkeys for their standard users to replace passwords and MFA with a more secure solution and then use device-bound passkeys for highly privileged users and their access to resources that require the highest level of assurance.

Implementing both types of passkeys in the same authentication domain does however create an additional challenge that will require organizations to take additional steps to ensure that the correct type of passkey is used when accessing resources: for example, ensuring that a highly privileged user is using a device-bound passkey and not a synced passkey when accessing a resource that requires a high level of assurance. Organizations can leverage the user risk evaluation and policy engine framework of their Identity Provider to solve this challenge. Watermarking the user’s session with an identifier representing the AAL (or other properties of their choosing) to be used in downstream authorization decisions can also be used to solve this challenge. In federated authentication environments, this may be communicated using standards such as the Authentication Method Reference (amr, RFC8176) standardized by OpenID Connect.

3. Conclusion

In moderate assurance environments, both device-bound passkeys and synced passkeys may be implemented together to provide a more secure authentication solution for all use cases of the organization. The more user-friendly synced passkeys can be implemented to replace passwords and MFA for users with standard assurance level requirements, giving them a more secure authentication method that is also easier to use. For highly privileged users in the organization that require the highest level of security, device-bound passkeys can be issued that provide an even higher level of security and an additional level of trust in the authentication process. The white paper provides information comparing synced passkeys, with their better user experience, against device-bound passkeys, with their enhanced security features. Using this information, organizations can evaluate device-bound passkeys and synced passkeys to determine how both can be leveraged in their organization to provide easy-to-use and secure authentication methods that meet and exceed the requirements of their moderate assurance environment.

4. Next Steps

The next step for organizations is to start the evaluation of FIDO2 credentials so that organizations can move away from passwords, which are susceptible to phishing and are well documented to be a significant weakness in their overall security posture. Organizations that have a moderate assurance need and will implement both device-bound passkeys and synced passkeys should determine which credential type will provide the best return on investment, work towards implementing that credential type first, and then follow up by completing the deployment of the other credential type when possible. Implementing either type of FIDO2 credential is a large step forward in moving to a passwordless environment and significantly increasing the overall security posture of the organization.

5. Acknowledgements

We would like to thank all FIDO Alliance members who participated in the group discussions or took the time to review this paper and provide input, specifically:

Karen Larson, Axiad Jeff Kraemer, Axiad Dean H. Saxe, Amazon Web Services, Co-Chair FIDO Alliance Enterprise Deployment Working Group Tom Sheffield, Target Corporation FIDO Enterprise Deployment Working Group Members

In Episode 3, we talk to Justin Sherman, founder of Global Cyber Strategies and adjunct professor at Duke University’s Sanford School of Public Policy. We talk about data brokers, identity resolution and customer data platforms–the OG data suppliers, and whether or not the selling of personal information is safe for humankind.

The post “Unsafe at Any Click” – Episode 3 appeared first on Internet Safety Labs.

Editors

Khaled Zaky, Amazon Web Services

Abstract

This white paper describes the need for a more secure and convenient solution for authentication. Passwords have long been the standard for authentication, but the risks inherent to passwords reduce their efficacy as an authentication mechanism. Multi-factor authentication (MFA) solutions have been on market for some time, but their widespread adoption has been slow due to various barriers. Passkeys are an authentication solution that reduces the adoption barriers of traditional MFA mechanisms, while offering improved security, ease of use, and scalability over passwords and classic MFA solutions. Passkeys utilize on-device biometrics or PINs for authentication and provide a seamless user experience. This white paper outlines the benefits of passkeys, the user experience, and adoption considerations for enterprises.

1. Introduction

Passwords have long been the standard for authentication, but their inherent security flaws make them exploitable. Many passwords can be easily guessed or obtained through data breaches, and the reuse of passwords across multiple accounts only exacerbates the problem. This vulnerability makes them susceptible to credential stuffing attacks, which use leaked or commonly used passwords to gain unauthorized access to user accounts. In fact, passwords are the root cause of over 80% of data breaches, with up to 51% of passwords being reused. Despite these security concerns, many consumers and organizations continue to rely solely on passwords for authentication. According to a recent research by the FIDO Alliance, 59% of consumers use only a password for their work computer or account.

Traditional multi-factor (MFA) mechanisms, such as one time passwords (OTPs) delivered via SMS, email, or an authenticator app, are used by organizations to reduce the risk associated with a single-factor, password-based authentication system. Organizations using single-factor authentication with passwords, or those that have deployed OTPs to reduce phishing and credential stuffing, can implement passkeys as a password replacement to provide an improved user experience, less authentication friction, and improved security properties using devices that users already use—laptops, desktops, and mobile devices. For an introduction to passkeys and the terminology, please see the FIDO Alliance’s passkeys resource page. In the following pages, we will focus on migrating existing password-only use cases to passkeys. For additional use cases, please see here.

download the white paper 2. Why Are Passkeys Better than Passwords?

Passkeys are a superior alternative to passwords for authentication purposes and offer improved usability over traditional MFA methods. They offer several benefits such as better user experience, reduced cost of lost credentials, phishing resistance, and protection against credential compromise.

Synced passkeys offer a consistent authentication experience for users across multiple devices. This is made possible by leveraging the operating system platform (or a third party synchronization fabric such as that from password managers) to synchronize cryptographic keys for FIDO credentials. This allows for quick and easy sign-in using biometrics or a device PIN. Synced passkeys also improve scalability and credential recovery. With synced passkeys users do not have to enroll a new FIDO credential on every device they own, ensuring that they always have access to their passkeys, regardless of whether they replace their device.

On the other hand, device-bound passkeys such as security keys can be used on multiple devices allowing for cross-device portability. Unlike synced passkeys that are accessible on any synchronized device, device-bound passkeys are tied to the specific physical security key.

In terms of security, passkeys are built on the FIDO authentication standards, providing strong resistance against the threats of phishing and credential stuffing. Additionally, passkeys rely on existing on-device security capabilities, making it easier for small and medium enterprises to adopt stronger authentication methods.

Finally, passkeys offer a comprehensive solution for secure and efficient authentication that is better than passwords and traditional MFA authentication methods. With a seamless user experience, improved scalability, and enhanced security, passkeys are a valuable solution for organizations of all sizes.

3. Passkeys User Experience

3.1 Create a passkey visual UX/UI

Note: This section will provide an overview of the passkey registration and sign-in process using examples. Note The FIDO Alliance User Experience Working Group has developed UX guidelines for passkeys that are available here.

In the passkey registration flow, users are first prompted to provide an email or username along with their password to authenticate.

2. Then, users simply follow the prompts to provide their on-device biometric or PIN authentication.

3.2 Sign in with a passkey visual UX/UI

To sign in with a passkey, a user just selects the email or username. Available passkeys will be shown in the passkey autofill user interface. 4. Adoption Considerations for Enterprises

Within businesses large and small, there are systems and services dependent upon single factor authentication using passwords. We collectively refer to these use cases as “low assurance use cases.” For low assurance use cases, technology leaders can displace password-only authentication mechanisms with passkeys, dramatically reducing the risk of phishing, and eliminating password reuse and credential stuffing. However, even for low assurance use cases, businesses must consider factors that will influence their choice of technology and implementation, which we outline below.

As a prerequisite to deploying passkeys in the enterprise, leaders must clearly define the set of use cases, users, and the suitability of passkeys for this set.

4.1 Does the relying party (RP) support passkeys?
At the time of writing (Q2 2023), passkeys are a relatively new technology, and as such broad-based support is not guaranteed. As organizations review their systems to identify candidates for migration to passkeys, leaders must start by identifying where passkeys are supported within their ecosystem.

First, for in-house developed/managed applications, how can passkey support be added to the application(s)?If a single-sign on (SSO) mechanism is used to federate multiple applications and services, adding passkey support to the Identity Provider (IdP) can propagate support for passkeys to numerous federated applications, creating a rich ecosystem of services supporting passkeys with engineering efforts focused on the SSO IdP. Conversely, if the environment uses multiple independent applications, each of which uses password-based authentication, organizations will have to prioritize FIDO implementation across their suite of applications to leverage passkeys, or consider migrating to a federated authentication model where the IdP supports passkeys.

Second, third-party developed or hosted applications may or may not support passkeys. If an organization’s service provider does not support passkeys today, inquire when support is expected. Alternatively, if the organization is pursuing a federated identity model, does the service provider support inbound federation?If so, end users can authenticate to the IdP with a passkey before federating to the service providers’ systems.

4.2 Which devices are used to create, manage, and authenticate with passkeys?
After identifying a set of targeted applications or IdPs, identify the users of the applications and the devices they use to access the same. Generally speaking, users on modern operating systems, browsers, and hardware will have broad support for passkeys registered on a platform device, using a credential manager, or with a hardware security key. There are tradeoffs with each mechanism.

Today, passkey providers allow users to register passkeys that are synchronized to all of the devices the user registered with the sync fabric. Passkeys providers may be part of the operating system, browser, or a credential manager which stores and manages passkeys on behalf of the user. If the user loses or replaces their device, the passkeys can be synchronized to a new device, minimizing the impact on users. Typically, this is a good solution for users who use a small number of devices on a regular basis.

Conversely, hardware security keys create device-bound passkeys; they never leave the device. If a user loses their hardware key, they must have a backup or perform account recovery for all credentials stored on the device. Passkeys may be shared with other users if they are not hardware bound.

Hardware security keys require connectivity to the user’s computing device through USB, Bluetooth, or NFC whereas providers are always available on the user’s devices once bootstrapped. Platform credentials may be used to authenticate on nearby devices using the FIDO Cross-Device Authentication. Enterprises should consider whether users who move between a number of shared devices should synchronize passkeys across all the shared devices, use hardware keys, or use the hybrid flow to best support their work style.

When users operate on shared devices using a single account (or profile), passkeys registered to the platform or credential managers are not a good fit. Device bound passkeys on a hardware key are recommended for this scenario. If the user carries a mobile device, consider registering a passkey on the device and using the cross device authentication flow to authenticate users.

Unlike passwords, all of the passkey solutions reviewed above provide strong phishing resistance and eliminate credential theft from the RP and reuse.

4.3 Registration & Recovery
If there are no restrictions on which device(s) or platform(s) the user can register their passkeys, users may self-provision passkeys by bootstrapping a new credential from their existing password using the device(s) of the user’s choice. If using hardware security keys, organizations should provide two per user to allow for a backup credential.

As long as a password remains active on the user account, the user can recover from credential loss following the self-provisioning described above. This step is only required if the user is unable to restore their credentials from their passkey provider.

5. Conclusion

Passkeys offer a significant improvement in security compared to traditional passwords, but it is important to carefully evaluate and understand the adoption considerations before proceeding with an implementation. Organizations should ensure its technical requirements, security, and management preferences align with the passkey solution. Not all use cases are suitable for a passkey-only implementation. For additional deployment patterns, see the other white papers in this series here.

6. Next Steps: Get Started Today

Organizations should upgrade their authentication method and take advantage of the stronger security that passkeys provide. Based on the FIDO authentication standards, passkeys offer a robust solution to the growing threat of phishing attacks. Look for the passkey icon on websites and applications that support it, and take the first step towards a more secure future. Don’t wait. Make the switch to passkeys today!

For more information about passkeys, visit the FIDO Alliance site.

7. Acknowledgements

We would like to thank all FIDO Alliance members who participated in the group discussions or took the time to review this paper and provide input, specifically (in alphabetic order):

Jerome Becquart, Axiad Vittorio Bertocci, Okta Greg Brown, Axiad Tim Cappalli, Microsoft Matthew Estes, Amazon Web Services John Fontana, Yubico, Co-Chair FIDO Enterprise Deployment Working Group Rew Islam, Dashlane Jeff Kraemer, Axiad Karen Larson, Axiad Sean Miller, RSA Dean H. Saxe, Amazon Web Services, Co-Chair FIDO Enterprise Deployment Working Group Tom Sheffield, Target Corporation Johannes Stockmann, Okta Shane Weeden, IBM Monty Wiseman, Beyond Identity FIDO Enterprise Deployment Working Group Members

Editors

Dean H. Saxe, Amazon Web Services, Co-Chair FIDO Enterprise Deployment Working Group

1. Introduction

Last year FIDO Alliance, Apple, Google, and Microsoft announced their intentions to support passkeys— FIDO credentials that may be backed up and made available across devices that are registered to the same passkey provider. Since then, we have seen the support for passkeys and beta implementations by multiple platforms and password managers. Enterprises have expressed interest in passkeys but do not know where to start, what type of passkeys work in their environment, or how passkeys fit in their authentication strategy.

It is important to note that FIDO Alliance has embraced the term “passkey” to describe any passwordless FIDO credential. This includes synced passkeys(consistent with the original announcement and intent) as well as device-bound passkeys – which are FIDO authentication credentials that cannot leave the issued device (e.g., on a FIDO Security Key).

In the following series of papers, the FIDO Enterprise Deployment Working Group (EDWG) will provide guidance to leaders and practitioners on deploying FIDO solutions scaling from SMBs to large enterprises. With recognition that there are a variety of different use cases for FIDO credentials, from synced passkeys to device-bound passkeys, this series will identify key decision points for identifying which solution(s) are a good fit across different enterprise use cases. Enterprises are likely to find there are multiple FIDO-based solutions required to meet their different use cases.

As organizations evaluate how to use passkeys in their environment, they will need to determine the legal, regulatory, and security requirements of their organization and evaluate how both synced passkeys and device-bound passkeys can meet these requirements.

We assume that the reader has a high level understanding of the FIDO protocols, if not, please consult https://passkeys.dev/.

download the white paper 2. Why Choose Passkeys?

Passwords are the root cause of over 80% of data breaches, and up to 51% of passwords are reused, making them subject to credential stuffing attacks. FIDO credentials are inherently more secure than passwords due to their design. These credentials are unique cryptographic key pairs scoped to a specific origin (e.g., https://fidoalliance.org/) to prevent discovery by unrelated services. Unlike passwords, FIDO credentials are highly phishing resistant, and the credential—a private key—cannot be stolen from the relying party (RP) servers.

FIDO credentials can be utilized across a variety of use cases—from low to high assurance, balancing user experience, convenience, and security. Authenticators—ranging from hardware security keys to biometric hardware in phones, tablets, and laptops to password managers—enable enterprises to choose the right tools for their unique environments.

While all FIDO credentials are based on cryptographic key pairs, they do not exhibit the same security characteristics, nor are they all suitable for all use cases. For example, hardware security keys may be FIPS certified devices with device-bound passkeys. RPs can identify these credentials based upon the attestation statements provided at registration. On the other hand, synced passkey implementations synchronize key material through a cloud-based service. The export and management of credentials in a third-party service introduces additional considerations and may not meet every organization’s security requirements. The table on page 4 summarizes the use cases and properties of device-bound and synced passkeys.

As you read the series you may encounter terminology that is unique to the FIDO ecosystem. Please consult the FIDO Technical Glossary for definitions of these terms.

We expect that most enterprises will have use cases that span more than one of these papers. Wherever organizations find themselves on this journey, they can start using FIDO credentials today to reduce credential reuse, phishing, and credential stuffing.

In the first paper, we examine how organizations can deploy passkeys to their users who are using passwords as their only authentication factor. By deploying passkeys, companies can immediately reduce the risk of phishing or credential stuffing for their staff while using corporate or personal devices for authentication. https://fidoalliance.org/fido-in-the-enterprise/.

There are many organizations that have deployed classic second factor authentication solutions such as SMS OTP, TOTP, and HOTP. In many cases, these deployments were tactical responses to reduce the success of phishing attacks. However, none of these mechanisms are immune to phishing. In the second paper of the series, we examine how passkeys can displace less phishing resistant mechanisms while improving the authentication user experience. https://fidoalliance.org/fido-in-the-enterprise/.

Enterprises in regulated industries may be obligated to utilize higher assurance authentication for some, or all, of their staff. These companies (or other companies with stringent security requirements) may be able to deploy synced passkeys, device-bound passkeys, or both to meet their authentication requirements. The third paper in the series provides guidance on deciding which FIDO-based solution(s) can meet these requirements. https://fidoalliance.org/fido-in-the-enterprise/.

The final paper describes using device-bound passkeys where functional or regulatory requirements require high assurance
authentication. These scenarios use attestation data to securely validate the hardware devices used to generate and manage passkeys.

This attestation data can be used to ensure compliance with regulatory and security requirements for regulated enterprises and use cases. https://fidoalliance.org/fido-in-the-enterprise/.

Device-Bound PasskeysSynced PasskeysLow AssuranceSufficientSufficientModerate AssuranceSufficientMay Be SufficientHigh AssuranceMay Be Sufficient
Dependent upon the authenticator and
regulatory/compliance requirements (e.g. FIPS
140)Insufficient

PortabilityMay be portable between devices & ecosystems e.g. hardware security keys)

Limited by available connectivity options (USB,
NFC, BLE)Portable within the Passkey Provider ecosystem


Shareable / CopyableNo – device bound credentials cannot be exportedMay be supported. Dependent upon the passkey
providerAccount RecoveryMinimize credential loss scenarios by registering
multiple device-bound passkeys

Account Recovery via enterprise RP defined
mechanismsCredential recovery via Passkey Provider defined mechanisms to bootstrap a new device

Account Recovery via enterprise RP defined
mechanismsCostPotential additional cost to obtain and provision
hardware security keys if device-bound keys are
unavailable in the platform ecosystemBuilt in to existing platforms

Possible additional cost for third party/non-platform passkey providers 3. Acknowledgements Vittorio Bertocci, Okta Greg Brown, Axiad Jerome Becquart, Axiad Tim Cappalli, Microsoft Matthew Estes, Amazon Web Services John Fontana, Yubico, Co-Chair FIDO Enterprise Deployment Working Group Rew Islam, Dashlane Sue Koomen, American Express Jeff Kraemer, Axiad Karen Larson, Axiad Sean Miller, RSA Tom Sheffield, Target Corporation Johannes Stockmann, Okta Shane Weeden, IBM Monty Wiseman, Beyond Identity Khaled Zaky, Amazon Web Services FIDO Enterprise Deployment Working Group Members

Editors

Khaled Zaky, Amazon Web Services
Monty Wiseman, Beyond Identity
Sean Miller, RSA Security 
Eric Le Saint, Visa

Abstract

This document intends to provide a comprehensive understanding of attestation’s role in enhancing and advancing the digital security landscape, specifically with respect to authentication. It focuses on the core function of attestation: verifying the origin and integrity of user devices and their authentication materials. FIDO credentials are discussed with a focus on how they offer more secure alternatives than traditional password-based systems and how FIDO attestation enhances authentication security for both Relying Parties (RPs) and end-users. In this document, RPs are those entities that provide websites, applications and online services that require the need for secure user access by confirming the identity of users or other entities. FIDO Alliance’s historical journey is presented with practical analogies for understanding FIDO attestation, its enterprise-specific technical solutions, and privacy aspects involved in the attestation process.

Audience

Targeted for CISOs, security engineers, architects, and identity engineers, this white paper serves as a guide for professionals considering the adoption of FIDO within their enterprise ecosystem. Readers should possess a baseline understanding of FIDO technologies, the meaning of attestation, and have a desire to understand why and how to implement attestation.

download the white paper 1. Introduction

While authentication is widely understood, attestation may be less familiar to many practitioners in the information technology field. Attestation, as understood within the FIDO protocols, confirms a set of properties or characteristics of the authenticator. In the physical world, we can rely on examining an object to inspect its properties and verify its authenticity. In the interconnected digital world, physical inspection is not practical. Devices used for FIDO authentication should be carefully checked before use, especially if their source or contents are uncertain. Certain transactions, especially those related to government, healthcare, or financial institutions, demand higher assurance, and it is vital that the Relying Party (RP)  confirms the authenticator’s legitimacy in these cases. To ensure that high-assurance transactions are legitimate, RPs can employ attestation to verify the authenticity and properties of the authenticator.

A note on terminology: The term “key” and “key pair” is common to several types of keys described in this paper. To alleviate this confusion the term “passkey” will always be used when referring to a key used to authenticate a user. Use of other instances of the term ‘key’ will be specific by either the context or a modifier such as Attestation Key.

In traditional password-based systems, it may be assumed that users and RPs keep passwords confidential. Because this assumption is not consistently enforced, breaches can occur. Using passkeys instead of passwords is a significant improvement, but some RPs may need more stringent policies to verify the authenticity of the authenticator and its properties.

Unlike passwords, passkeys use securely generated key material allowing access to websites and apps. Users and RPs rely on the authenticator for storage and management of this key material and therefore share the responsibility for secure handling of passkeys.  All actors and components of the FIDO solution, including the authenticator, RP, and the passkey provider (when applicable), together ensure a robust security framework. This is in contrast to passwords, where the secure handling of passwords depends primarily on the user’s memory, behavior, the RP, and password managers (if used). RPs can leverage attestations to verify that passkeys are securely handled within  properly implemented FIDO certified devices.

Attestation provides RPs with information about the authenticator protecting the user’s passkeys. This provides a means for the RP to enforce security policies for FIDO authentication. In the following sections, we delve deeper into the concept of attestation, its purpose, real-life scenario comparisons, and the problems attestation solves.

1.1 Real-World Analogies for FIDO Attestation

Drawing parallels with everyday security protocols offers significant insights. Both digital and physical environments demand rigorous checks and balances to validate identities and fortify trust. FIDO Attestation reflects the trust and verification processes familiar in the physical world.

To understand the pivotal role of FIDO attestation, consider its application in real-world identification and verification practices. These analogies underscore its integral function and efficacy:

Identity Document Verification: Just as individuals may produce official documents such as passports or driver’s licenses to authenticate identity, the verifier (e.g., immigration official) wants proof of the document’s authenticity and therefore checks for the relevant seals and marks. FIDO attestation provides proof of the authenticity of a user’s authenticator, offers statements for examination, and provides cryptographic signatures for verifying the authenticity of the authenticator and the statements. Gaining Trust Through Authentication: Think of moments where trust is contingent on proof of identity or authority.  For example, accessing a secure facility where a guard authenticates you based on your identity documents, authorizing access to the facility. FIDO attestation fosters trust in digital environments when used to confirm the authenticator provenance and authenticity during online registration. Countering Threats and Weaknesses: In real-world scenarios, ID checks exist to counteract impersonation, forgery, and fraud. FIDO attestation identifies the origins of authenticators and assists RPs to detect registrations from devices with known vulnerabilities, thereby enabling them to ensure that users employ only secure devices. 2. Practical Implications and Use-Cases of FIDO Attestation

2.1 From the Perspective of a Relying Party 

Delving deeper into FIDO attestation provides invaluable insights into critical roles fortifying authentication systems:

Assured Authenticator Security and Compliance: For RPs operating in sensitive sectors, for example,  finance or the public domain, there’s a heightened need to ascertain that authentication devices are secure and meet specific standards. FIDO attestation helps ensure that authenticators accessing services are not only secure, but also adhere to specific standards and regulations. Authenticator Model Specificity and Trust in FIDO Authenticator Models: FIDO attestation is tailored to distinct authenticator models, ensuring that cryptographic proofs during registrations validate said authenticator model authenticity. Beyond general trust in the attestation process, this specificity allows the RP to confirm that the passkey used in the registration request originates from a particular FIDO authenticator model. Such granularity is paramount for RPs where the details of authenticator models are crucial due to regulatory or security reasons. Verification Through Attestation Signature: As a user sets up a new account, the onboarding RP can authenticate that the “attestation signature” linked to the freshly generated passkey is indeed from a genuine authenticator model. Incident handling and Response: If a vulnerability is discovered in an authenticator, RPs checking attestations have the ability to discover which authenticators may be affected and require additional authentication factors or registration of a new credential for impacted users. 

2.2 From the Perspective of the End-User

Although end users may not be aware of the technical details, FIDO attestation can enhance their online security:

Enhanced Trust in Services: When using services, particularly in high-assurance sectors such as  banking or government portals, users can experience increased confidence. They understand that the RP isn’t just authenticating but is also ensuring that authenticators accessing the platform adhere to specific standards. Authenticator Compliance: FIDO attestation assures RPs of authenticator compliance and security,  giving users the benefit of reliable functionality of their authentication devices paired with desired RP-related services. Transparent Registration and Onboarding:  The registration process is designed for seamlessness, but includes an additional step when an RP requests attestation of a FIDO authenticator.  At this step, users must provide their consent to share the attestation metadata with the RP. This ensures that while backend verifications related to attestations, certification path validations, and authenticator compliance are streamlined, the user is aware of and has approved the process. 3. FIDO Attestation Explained

In this section we describe FIDO attestation and FIDO attestation types.

3.1 What is FIDO Attestation?

Within the FIDO authentication framework, attestation is a process for verifying the authenticity of a user’s authenticator during the authentication process. The attestation can be used in conjunction with the FIDO Alliance’s metadata service [1] to get more information about the authenticator including the model and certification level. An optional level of attestation, known as enterprise attestation, allows for further verification of specific authenticators, see section 4.5.

Note that the term ‘attestation’ might have  different meanings outside of the context of FIDO. This paper discusses attestation only within the scope of the FIDO Alliance.

In FIDO registration, a key step is the creation of a user authentication passkey, which occurs regardless of whether attestation is involved. During this process, the user’s authenticator—such as a smartphone—generates a unique cryptographic key pair for each RP. The private key is securely stored within the authenticator, while the public key is shared with the RP, establishing a secure authentication framework. Additionally, during registration, the authenticator may provide an attestation, offering further assurance about the authenticator’s integrity.

In addition to generating the user’s authentication passkey, the FIDO authentication framework includes an optional attestation process. When attestation is requested, the authenticator may provide an attestation (synced passkeys do not currently provide attestations) by using an Attestation Key to sign the AAGUID  (Authenticator Attestation Globally Unique ID) along with the passkey public key, creating signed evidence that establishes a trust anchor for the RP to validate that the authenticator properties meet the RP conditions through the MDS (FIDO Alliance’s Metadata Service [1], see section 3.3 for additional information).  If the authenticator cannot provide an attestation, the RP can authenticate the user with the passkey, and may obtain authenticator information (e.g. AAGUID), but it may not obtain verifiable evidence that the required authenticator properties are present.

This attestation process helps protect against supply chain attacks, such as the introduction of substitute or counterfeit authenticators. By verifying the authenticity of the authenticator, the RP understands the properties of the authenticator and assesses whether it meets the expected security standards, particularly during the registration phase, to ensure the device’s legitimacy.

FIDO attestation is thus a key component of the broader security and privacy objectives of the framework. It minimizes reliance on passwords, fosters strong device authentication based on public-key cryptography, and aims to offer a standardized and interoperable approach to authentication across different platforms and devices.

3.2 Types of FIDO Attestation

There are several types of FIDO attestation which differ in how the attestation statement is signed. Note that none of these attestation types except Enterprise Attestation provide information about the specific authenticator. This is to preserve user privacy.

Self-attestation: The attestation statement is signed by the user’s passkey. This provides integrity protection for the attestation statement and provides no other assurances. Basic attestation: The attestation statement is signed by a key created by the authenticator’s manufacturer and embedded into the authenticator. This provides integrity protection of the attestation statement and proof of the authenticator’s manufacturer. For privacy purposes, this key must be duplicated across many of the same authenticator’s model (current FIDO Alliance requirement is >100,000 devices). It is not unique to a specific authenticator instance. Attestation CA (AttCA) or Anonymization CA (AnonCA): This is similar to basic attestation, except the attestation statement is signed by a TPM Attestation Key. In this case, the TPM, a hardware-based module where cryptographic operations occur and secrets are stored securely without leaving the module, has its Attestation Key’s certificate signed by a trusted authority managing the authenticator. Enterprise attestation: This is discussed in section 4.5,

It should be noted that the FIDO2 Specifications work along with the WebAuthn specification [2]. The type of attestation used is determined by examining fields within the attestation object which are defined in the WebAuthn specification. Further definitions provided by the WebAuthn specification includes a number of different types of formats, for example: packed, TPM, and Android-key as well as supporting custom formats if needed.

3.3 Using AAGUID

The Authenticator Attestation GUID or simply AAGUID, uniquely identifies the authenticator’s make (manufacturer) and model. It does not uniquely identify the specific authenticator. The AAGUID  is returned by the authenticator when attestation is requested by the RP and  the RP may use it to determine if the authenticator’s make and model meets its policies. Among other uses, the AAGUID is the lookup value within the FIDO (MDS) [1] providing the RP detailed information about the authenticator.

The authenticator’s conveyance of the AAGUID provides no proof of its integrity or authenticity. The RP must trust the specific authenticator to provide truthful information.

This point is important to emphasize:

The AAGUID without attestation is “informational” only and does not provide any assurance of its authenticity. Attestation provides a signature providing a level of assurance (depending on the type of attestation) of the authenticator’s identity. 4. Technical Solutions 

This section describes the sequence of events and involved components that make up FIDO attestation.

4.1 Authentication vs. Attestation Keys 

The use of keys and methods for user authentication from FIDO have been introduced in previous documents, but the use of  keys and methods used for attestation may not be familiar.  

User Authentication: This is the process where the user demonstrates possession of the correct system credentials, utilizing a passkey instead of the traditional password, which is a common application of FIDO technology. Attestation: This is the process of the authenticator using a key that is not assigned to a user, but instead  assigned to the authenticator,  to digitally sign a message providing proof of the message’s authenticity. The message involved is called the “attestation statement” and contains information about the authenticator. When the attestation statement is digitally signed by the authenticator’s attestation key, the RP can verify the validity of the attestation statement.

In summary:

A passkey authenticates the user to an RP An attestation key signs an attestation statement to authenticate its origin

As stated in section 3.3 an RP may obtain the authenticator’s make and model by simply checking the authenticator’s AAGUID against the Metadata Service to get this information. Without being digitally signed by a key trusted by the RP, the RP has no proof this information is authentic or associated with the authenticator being queried. 

Note: As discussed in section 3.2, there are several attestation types. One of these, “self-attestation”, uses the User Authentication key to sign the attestation statement. This is not technically a contradiction, but a simplification provided to allow integrity protection, not authenticity, of the attestation statement.

4.2 Trust in the Attestation Key – Trust Chain

Fundamental to attestation is the RP’s trust in the Attestation Key. The Attestation Key must be generated by a trusted source and protected by the authenticator. The trusted source is typically the authenticator’s manufacturer however, in the case of “Attestation CA (AttCA) or Anonymization CA (AnonCA)”, a trusted agent or Certification Authority (CA) is asserting the authenticity of the authenticator. The public part of the Attestation Key is obtained by the RP using a trusted channel, typically the FIDO MDS [1], mentioned previously.

4.3 FIDO Attestation Sequence

Attestation uses a key pair associated with an authenticator, not a user. It is important that all authenticators of the same make and model return the same attestation statement. The format of the attestation is examined later in this section, but it is important to understand that, at a high level, the attestation provides information about the type of authenticator, and it is not specific to a single device.

The following steps (1.a or 1.b then 2.) summarize a FIDO authenticator’s attestation lifecycle:   

1. Authenticator Manufacturing: There are two models for provisioning the Attestation Key: case “a” for roaming authenticators, such as smartphones or USB security keys used across multiple platforms, and case “b” for platform authenticators, which are built-in authentication mechanisms within devices like laptops or smartphones.

Note: This two-model distinction is not architecturally required by the FIDO Specification, but it is the practical implementation known today and provides a simplified explanation for the purpose of this paper. Also, the descriptions are generalizations and manufacturers may deploy different methods than described here – this is only a generalization.

Roaming Authenticator: The authenticator manufacturer generates an Attestation Keypair (AK) for a specific authenticator model. The manufacturer creates a certificate with the AK’s public key. The AK Certificate is commonly put into the MDS. This allows a RP to retrieve the AK Certificate from a trusted source, MDS, when an AAGUID is provided. The AK Certificate itself is usually signed with the authenticator’s manufacturer’s issuer key. This creates a verifiable cryptographic chain from the authenticator back to its manufacturer. Platform Authenticator: The authenticator is not shipped from its manufacturer with an attestation key that can be used for FIDO attestation. Instead, it relies on persistent keys within the platform authenticator. These keys are crucial cryptographic elements that the attestation service uses to generate a FIDO Attestation Key. The attestation service is trusted by the Relying Party to provide assurance in the platform authenticator’s integrity and compliance. The attestation service creates an attestation key that is used to sign an attestation object which asserts the properties of the authenticator. The RP must trust the attestation service in the same way it trusts the roaming authenticator’s manufacturer.

2. User Provisioning with Attestation: During registration (setting up the new account), a new User Credential (a passkey) is created with a unique cryptographic key pair, and the public key is sent to the RP. The RP may optionally require an attestation. Note that the User or the authenticator may ignore the requirement for attestation. If the authenticator possesses an attestation key and it is allowed by the User, the user’s public passkey (along with the attestation statement) will be sent to the RP signed with the attestation private key. This allows the RP to verify the attestation statement which includes the User’s Public passkey for the newly created User. Therefore, providing confidence/proof that the User’s private passkey originated from a specific authenticator with known properties.

4.4 A General Description of the Attestation Lifecycle

The attestation key generally has an associated attestation certificate, which links to a trusted root certificate of the Manufacturer. Once the RP has determined the authenticity of the signed attestation statement, the RP can use the attestation statement along with the MDS to learn more about the authenticator. For example, the RP may want to understand what level of encryption is used and what type of activation secrets is leveraged (e.g., biometrics) with a certain level of accuracy, etc. In order to get details about the authenticator an AAGUID value identifying the authenticator model is sent to the RP along with the newly created public passkey. Since the  AAGUID represents a specific group of authenticator instances such as specific product release with a specific characteristic, specific form factor, or enterprise branding, an RP can use this AAGUID to lookup more information about the authenticator from the MDS.

As shown in the diagram, the attestation object, if provided, will indicate the format of the attestation statement, and then include some data the RP can examine. The attestation object includes a statement that typically contains a signature as well as a certificate or similar data providing provenance information for the attestation public key.  Detail of the attestation object is provided in section 9.1 of the Appendix.

RPs should first verify the signature of the attestation statement and once verified, then examine the attestation statement.  Once the RP has identified the attestation statement’s format and type, the RP then reviews the contents and compares the contents against its policy.

An example attestation response resulting from a  direct request to the authenticator by an RP is provided in 9.2 of the Appendix. The AAGUID provided in the attestation response can be used to obtain additional  details about the authenticator from the FIDO Metadata Service.

4.5 Enterprise Attestation

By default, FIDO allows an authenticator to provide only product information using the AAGUID and high-level information about its type and capabilities, explicitly prohibiting an authenticator from providing uniquely identifying information.  However, Enterprise attestation removes that limitation, as it binds a unique authenticator key pair to a serial number or equivalent unique identifier.

4.5.1 Use Cases

Enterprises actively manage authenticators for various purposes and are essential for securing high-value assets. While employees may select their own authenticators, enterprises may limit authenticators per employee and revoke them upon a departure or loss, as they oversee the entire process from purchase to collection. Additionally, enterprises may prioritize manageability and traceability to safeguard resources. Upon a threat incident, forensic investigations may need to trace activities related to a particular authenticator and correlate the authenticator’s usage activity patterns in order to discover anomalies or the source of threat. Tight management enhances their ability to ensure non-repudiation for transactions. High-risk users may be assigned dedicated authenticators from the enterprise for access to restricted sensitive information or services. These authenticators are assigned specific PINs and are acquired through trusted supply chains. 

Certain enterprise deployments require the use of FIDO authenticators with enterprise attestation in order to identify specific device identities (e.g. device serial numbers). Enterprise Attestation validation must also be supported by the organization’s specific Relying Parties. These practices actively address enterprise-specific needs for improved control over device provisioning and lifecycle management.

4.5.2 Process

4.5.2.1 Provisioning 

Provisioning for enterprise attestation, is modified from the process described in section 4.3 to include both authenticator unique information in the attestation statement and to add any specific RPs permitted to receive this unique information from any set of RPs permanently “burned” into the authenticator by the authenticator’s manufacturer. The authenticator performs enterprise attestation only to those RPs provisioned to the authenticator. Other RPs may still perform any other type of attestation that excludes the unique identifier.

Authenticators that have the enterprise attestation burned into them must not be sold on the open market and may only be supplied directly from the authenticator’s manufacturer to the RP.  An RP wanting an enterprise attestation enabled authenticator will order them directly from the authenticator’s manufacturer by providing a list of RP IDs (RPIDs). These specific RPIDs are the ones permanently burned/written to the authenticator.

4.5.2.2 User Registration with Enterprise Attestation

During a FIDO user registration described in section 4.3, the RP may indicate the need for enterprise attestation. This will uniquely associate the user with the specific authenticator by providing proof of the authenticator’s unique identifier. During user registration the authenticator verifies that the requesting RP (using its RPID) is among those listed in the permanently provisioned list of RPID permitted to perform enterprise attestation. If approved, this unique identifier is added to the attestation object and signed by the Attestation Key. The RP should validate the attestation object and, optionally, the certificate link/chain used to sign the attestation object. The RP can then verify, at user registration time, that the unique identifier was indeed purchased by the enterprise and may include that verification in its records.

The implementation used by an RP to authenticate the uniquely identifying information varies by authenticator. Some authenticators may use vendor facilitated methods where the enterprise provides a list of the RP IDs to the manufacturer and those are imprinted into the authenticators. Another is where some enterprise managed platforms maintain a policy, such as an enterprise managed browser. Rather than imprinting the list of allowed RPs into the authenticator, an enterprise managed platform will make the determination if the enterprise attestation is provided to the RP based on the policy.

5. Privacy Implications and Considerations

While attestation provides a valuable assertion of trust for authenticators, privacy concerns can arise from the information shared during attestation. Some privacy considerations include:

While the attestation properties described in this paper include a broad set of privacy controls, implementers should consider these capabilities against regional and local privacy policies. Attestation enables sharing information, such as authenticator’s make and model, firmware version, or manufacturer details, with the RP. Concerns may arise regarding the potential exposure of sensitive authenticator-specific data and the subsequent tracking or profiling of users based on this information.  For this very reason, an attestation batch of at least 100,000 is recommended so it is not a small pool to identify devices from. Non-enterprise attestation prevents the association of multiple passkeys within an authenticator with different RPs, thus safeguarding user privacy. For example, a person using a single authenticator may create a User Authentication passkey (passkey1) for RP 1 (RP1), then create a new User Authentication passkey (passkey2) for RP 2 (RP2). Even though the person is using the same physical authenticator for both RPs and using attestation, even if RP1 and RP2 collaborate, they cannot determine that passkey1 and passkey2 are from the same authenticator, therefore, they cannot determine the transactions are from the same person. Enterprise attestation adds uniquely identifying information (e.g., a device serial number) allowing an authorized RP to track the use of a specific authenticator across several pre-provisioned RPs within the enterprise. It is expected that users in this environment have an understanding of this property and the value it adds to the enterprise.  6. Adoption and Deployment Considerations

RPs can determine the registration requirements for a FIDO authenticator, as  reflected in their preference for attestation conveyance. Some RPs may not require attestations to decide if registration is allowed. Other RPs may have security requirements that require an attestation object in order to make risk decisions. Security requirements may be based on characteristics of the authenticator (e.g., whether it requires a PIN) or could be as specific as the model of authenticator(s) allowed. Finally, in more protected environments, some RPs may require additional enterprise attestations to ensure an authenticator is known, controlled, and trusted by the enterprise.

7. Conclusion

FIDO attestation, a component of the FIDO and WebAuthn standards, validates the authenticity of a user’s authenticator. This process provides a defense against various threats such as supply chain attacks, counterfeit authenticators, and substitution attacks. For RPs requiring higher authentication assurance, attestation is a FIDO-centric mechanism to obtain that assurance. For RPs that need to ensure the authenticity of specific authenticators,  attestation provides these RPs assurance that they are dealing with a known and trusted device.

By generating unique key pairs for each RP that a user registers with, FIDO underscores its commitment to user security, eliminating potential cross-service vulnerabilities. The enterprise attestation feature provides organizations with better management of authenticators used by their personnel and is vital to environments that prioritize precise device management.

FIDO attestation brings certain privacy considerations. Disclosing authenticator-specific information, user device fingerprinting and the potential for user tracking, all highlight the importance of a privacy-aware approach. All stakeholders, including RPs, manufacturers, and users, must navigate the path between enhancing security and preserving user privacy.

FIDO attestation is adaptable.  RPs have the discretion to request their desired level of attestation, ensuring a tailored approach suitable for both specialized services and large enterprises.

In summary, FIDO attestation augments online authentication. With a focus on public-key cryptography, unique key pairs, and specific attestation processes, its efficacy is maximized through careful deployment, thorough understanding of its capabilities, and a consistent commitment to user privacy.

8. Acknowledgments

The authors acknowledge the following people (in alphabetic order) for their valuable feedback and comments:

FIDO Enterprise Deployment Working Group Members Dean H. Saxe, Amazon, Co-Chair Enterprise Deployment Working Group Jerome Becquart, Axiad IDS, Inc. Johannes Stockmann, Okta Inc. Tom De Wasch, OneSpan North America Inc. Tom Sheffield, Target Corporation John Fontana, Yubico 9. Appendix

9.1 Attestation Object

Appendix Figure 1 – Attestation object*
*layout illustrating the included authenticator data (containing attested credential data) and the attestation statement.

9.2 Example Attestation Object

attestationObject: {   "fmt": "packed",   "attStmt": {     "alg": -7,     "sig": "3045022100da2710ff0b5f5e5d72cda8c1e650f0b696e304942e55138672aa87a5e370a92d02205fd1a48bbda4757aac21252c7064f21130aba083151ab8ae75a26a356b675495",     "x5c": [       "3082026f30820213a003020102020404ae6da1300c06082a8648ce3d04030205003077310b3009060355040613025553310b3009060355040813024d413110300e06035504071307426564666f726431193017060355040a1310525341205365637572697479204c4c4331133011060355040b130a4f7065726174696f6e733119301706035504031310525341204649444f20434120526f6f743020170d3232303632333034323132315a180f32303532303632323034323132315a30818c310b3009060355040613025553310b3009060355040813024d413110300e06035504071307426564666f726431193017060355040a1310525341205365637572697479204c4c4331223020060355040b131941757468656e74696361746f72204174746573746174696f6e311f301d06035504031316525341204453313030204649444f20426174636820343059301306072a8648ce3d020106082a8648ce3d0301070342000465f2b3189a6dd2f7df9de784c1c8fd00ae804ac8de7bea042d00563dcd5d7a40948ae59d9dcf8722d8b6025ba98fbb80e6698bbe5003e4db4d80c4a50a3348e4a37330713021060b2b0601040182e51c010104041204107e3f3d3035574442bdae139312178b39301f0603551d23041830168014b851a38b84da69c9fd5b467c1f8e374ac0433419300c0603551d130101ff04023000301d0603551d0e041604142806df6c60b1656a78f97a28e168e5ec8d2937b4300c06082a8648ce3d0403020500034800304502210088122ea59cca8480ed57a0a60a2e203302b4d93713f837be7acc3a2c895c6251022010f67d709ea2dc04ca63aec8d341dc9e562909dcea3f2a4abee2bdfd21dd162d"     ]   },   "authData": {     "rpIdHash": "f95bc73828ee210f9fd3bbe72d97908013b0a3759e9aea3d0ae318766cd2e1ad",     "flags": {       "userPresent": true,       "reserved1": false,       "userVerified": true,       "backupEligibility": false,       "backupState": false,       "reserved2": false,       "attestedCredentialData": true,       "extensionDataIncluded": false     },     "signCount": 4,     "attestedCredentialData": {       "aaguid": "7e3f3d30-3557-4442-bdae-139312178b39",       "credentialId": "c0a3eb62197b77edd0cd1c73bffeb068dcc2595cfdf2e4dc01478bddc9cefcf52282f95bc73828ee210f9fd3bbe72d97908013b0a3759e9aea3d0ae318766cd2e1ad04000000",       "credentialPublicKey": { "kty": "EC",         "alg": "ECDSA_w_SHA256",         "crv": "P-256",         "x": "D3Ki/INLfrmlNogo8d1lK7kBT4Fh3wPyVt/kusDAMKY=",         "y": "M11KJSPXRiBn1ZtAo1eynxvaUXqipZJYV0AT0gC2czo="       }     }   } },

Appendix Figure 2 – Example Attestation object

10. References

[1] FIDO Alliance Metadata Service – https://fidoalliance.org/metadata/
[2] WebAuthn Specification – Attestation Section – https://www.w3.org/TR/webauthn-3/#sctn-attestation

In the MyData Matters blog series, MyData members introduce innovative solutions and practical use cases that leverage personal data in line with MyData values. What is fairsfair? Coming fresh into […]

The cover page of the Weekend Review section of The Wall Street Journal, July 20, 2012

On July 9, 2012, not long after The Intention Economy came out, I got word from Gary Rosen of The Wall Street Journal that the paper’s publisher, Robert Thomson, loved the book and wanted “an excerpt/adaptation” from the book for the cover story of  the WSJ’s Weekend Review section. The image above is the whole cover of that section, which appeared later that month.

In the article I described a new way to shop:

An “intentcast” goes out to the marketplace, revealing only what’s required to attract offers. No personal information is revealed, except to vendors with whom you already have a trusted relationship.

I also said that this form of shopping—

…can be made possible only by the full empowerment of individuals—that is, by making them both independent of controlling organizations and better able to engage with them. Work toward these goals is going on today, inside a new field called VRM, for vendor relationship management. VRM works on the demand side of the marketplace: for you, the customer, rather than for sellers and third parties on the supply side.

The scenario I described was set ten years out: in 2022, a future now two years in the past. In the meantime, many approaches to intentcasting have come and gone. The ones that have stayed are Craigslist, Facebook Marketplace, Instacart, TaskRabbit, Thumbtack, and a few others. (Thumbtack participated in the early days of ProjectVRM.) We include them in our list of intentcasting services because they model at least some of what we’d like intentcasting to be. What they don’t model is the full empowerment of individuals as independent actors: ones whose intentions can scale across whole markets and many sellers:

Scale gives the customer single ways to deal with many companies. For example, she should be able to change her address or last name with every company she deals with in one move—or to send an intention-to-buy “intentcast” to a whole market.

Should we call the sum of it “i-commerce“? Just a thought.

Back to the Wall Street Journal article. It is clear to me now that The Customer as a God would have been a much better title for my book than The Intention Economy, which needs explaining and sounds too much like The Attention Economy, which was the title of the book that came out ten years earlier. (I’ve met people who have read that one and thought it was mine—or worse, called my book “The Attention Economy” and sent readers to the wrong one.)

Of course, calling customers gods is hyperbole: exaggeration for effect.  VRM has always been about customers coming to companies as equals. The “revolution in personal empowerment” in the subhead of “The Customer as a God” is about equality, not supremacy. For more on that, see the eleven posts before this one that mention the R-button:

That symbol (or pair of symbols) is about two parties who attract each other (like two magnets) and engage as equals. It’s a symbol that only makes full sense in open markets where free customers prove more valuable than captive ones. Not markets where customers are mere “targets” to “acquire,” “capture,” “manage,” “control” or “lock in” as if they were slaves or cattle.

The stage of Internet growth called Web 2.0 was all about those forms of capture, control, and coerced dependency. We’re still in it. (What’s being called Web3 is, while “decentralized” (note: not distributed), it is also based on tokens and blockchain. ) Investment in customer independence rounds to nil.

And that’s probably the biggest reason intentcasting as we imagined it in the first place has not taken off. It is very hard, inside industrial-age business norms (which we still have) to see customers as equals, or as human beings who should be equipped to lead in the dance between buyers and sellers, or demand and supply, in truly open marketplaces. It’s still easier to see us as mere consumers (which Jerry Michalski calls “gullets with wallets and eyeballs”).

So, where is there hope?

How about AI? It’s at the late end of its craze stage, but still here to stay, and hot as ever:

Can AI provide the “revolution in personal empowerment” we’ve been looking for here since 2006? Can it prove our thesis—that free customers are more valuable than captive ones—to themselves and to the marketplace?

Only if it’s personal.

If it is, then the market is a greenfield.

Some of us here are working at putting AI on both sides of intentcasting ceremonies. If you have, or know about, one or more of those approaches (or any intentcasting approaches), please share what you know, or what you’re got, in the comments below. And come to VRM Day on October 28. I’ll be putting up the invite for that shortly.

 

In the years since passkeys were first announced, a lot has changed in their availability to consumers, nomenclature across platforms, and even implementation requirements. However, one thing that has yet to change is the need for more awareness on what passkeys are, how they work, and their benefits.

In this webinar we debunk common misconceptions associated with passkeys, which we’ve heard from customers, FIDO members and industry participants, and see pop up across social networks. By doing so, we’re confident we can help drive our industry towards a passwordless world.

Authentication is a complicated problem with ever-creeping scope. Passkeys provide phishing-resistance at the point of authentication, but you need protection at enrollment and during the authenticated session thereafter, too, to truly fortify the authentication process against evolving threats. 

In this discussion, authentication experts walk through all of the components of a user authentication workflow, highlighting areas of innovation and future steps for securing enrollment, authentication, and sessions.  

We have a bonus Sponsor Spotlight episode of the Identity at the Center podcast for you this week sponsored by Semperis.

Jim McDonald hosts Eric Woodruff, Senior Security Researcher at Semperis, to discuss the company's approach to identity security. They delve into Semperis' tools like Purple Knight and Forest Druid, focusing on their capabilities in detecting and mitigating Active Directory and Entra ID vulnerabilities. The conversation covers the critical role of prevention and response in ITDR, the impact of ransomware on Enterprise ID infrastructures, and the importance of ensuring a trusted state in Active Directory.

You can watch it on YouTube at https://youtu.be/UwIP0hQmv00?si=BBYvcVbO9cZqET-Q

More at idacpodcast.com

#iam #podcast #idac

Today marks 300 episodes of the Identity at the Center podcast. We celebrated by doing what we do best - talking about IAM! We took the opportunity to answer a couple of listener questions including “what is identity at the center” and whether using SSN to validate caller identities is a good idea (it’s not).

You can watch it here: https://www.youtube.com/watch?v=VXxBIG2UI8s

The website: idacpodcast.com

#iam #podcast #idac

Part 1: Three Key Principles

This is the first post in a series exploring the fundamentals of Systems Thinking. This is an approach that helps us make sense of complex situations by considering the whole system rather than just its individual parts.

Why is Systems Thinking important? Whether you’re navigating challenges in your professional life or making decisions in your personal life, Systems Thinking offers a series of powerful lenses through which to view the interconnectedness of various elements. By understanding how different parts of a system influence one another, you can identify more effective solutions, anticipate unintended consequences, and make better-informed decisions. This holistic approach is particularly valuable in today’s complex world, where problems are rarely isolated and simple fixes can often lead to new issues!

This series is made up of:

Part 1: Three Key Principles (this post) Part 2: Understanding Feedback Loops Part 3: Identifying Leverage Points

In this first post, we’ll explore three key principles that are foundational to a Systems Thinking approach: Drawing a Boundary, Multiple Perspectives, and Holistic Thinking. These principles provide the groundwork for seeing beyond surface-level problems and understanding the deeper, often hidden, relationships and patterns within any system. By applying these principles, you can begin to approach challenges with a mindset that seeks to comprehend the whole rather than merely addressing symptoms, leading to more sustainable and impactful solutions.

1. Drawing a boundary

“The only problems that have simple solutions are simple problems. Complex problems have complex solutions.” — Russell Ackoff

In Systems Thinking, one of the first steps is to draw a boundary around the system you’re examining. This boundary defines what is included within the system and what is considered external. It’s crucial because the way you set this boundary determines the scope of your analysis and influences the insights you gain.

A boundary can be drawn in various ways. It might cut cross-functionally across an organisation, considering multiple departments and their interactions. Alternatively, it could include several organisations, looking at an entire ecosystem rather than a single entity. These choices lead to different conclusions and strategies. Boundaries help manage complexity by allowing you to concentrate on specific parts of the system without getting overwhelmed by the whole.

For example, when we started working with the Digital Credentials Consortium (DCC) based at MIT, we had to make a decision about where to draw the boundary. We could have drawn it very narrowly to focus just on the DCC team, which would have focused mainly on operational issues and decision-making. Our brief, however, was to help with a communications strategy, which meant drawing a wider one. This included organisations who were aware of the DCC, but not directly involved with them.

Draw a boundary too wide, and it becomes difficult to identify ways to create meaningful change. For example, if we included all of Higher Education, it would have become an impossible project to manage. In the end, we identified key stakeholder groups (e.g. registrars) and included them within the boundary. That meant purposely excluding other stakeholders (e.g. vendors) so that we could work on communications that would resonate and create change.

2. Multiple perspectives

“We live in a world of problems, not puzzles. Problems are tangled with uncertainty, ambiguity, and value conflicts.” — Geoffrey Vickers

Every system is viewed differently depending on the perspective of the observer. Recognising and incorporating multiple perspectives is a cornerstone of Systems Thinking. Each stakeholder sees the system from their own unique angle, and by considering these diverse viewpoints, we can uncover hidden dynamics and potential conflicts.

For instance, with the DCC project, we needed to gain the perspectives of different members of the team, the Leadership Council, and key stakeholder groups. Each had different opinions and concerns, which helped us create an effective and holistic communications plan, balancing the needs of all stakeholders and provide a way forward.

3. Holistic thinking

“Insight, I believe, refers to the process by which a shift in perspective reveals a coherent pattern that had previously been obscured from view.” — Mary Catherine Bateson

Holistic thinking involves seeing the system as a whole rather than just focusing on individual parts. It contrasts with reductionist approaches, which break down a system into its components. While reductionism can be useful, it often misses the interactions and relationships that make the system function.

In the DCC communications strategy project, it was important not to take a reductionist approach focused on individual aspects, but rather think more holistically. We needed a way that considered how these elements interact. For example, by creating a cadence for communications which re-uses content from one platform, and which helps scaffold stakeholder understanding. By considering the Verifiable Credentials ecosystem as an interconnected whole, we were able to think about how a communications strategy could encourage adoption, without burning out DCC staff.

Conclusion

In this post, we’ve explored the three foundational pillars of Systems Thinking: Drawing a Boundary, Multiple Perspectives, and Holistic Thinking. These principles offer a powerful framework for tackling complex problems, allowing you to see the bigger picture, understand diverse viewpoints, and recognise the intricate connections that drive systems. By applying these concepts, you can develop more effective strategies, avoid unintended consequences, and create sustainable solutions.

At We Are Open Co-op, we specialise in helping organisations integrate these Systems Thinking principles into their everyday practices. Whether you’re navigating organisational change, developing strategies, or addressing societal challenges, our approach can help you uncover deeper insights and achieve lasting impact.

If you’re interested in how Systems Thinking can transform your organisation, we’d love to collaborate with you. Stay tuned for the next post in this series, where we’ll delve into practical applications of these principles, providing you with tools and examples to put Systems Thinking into action.

References Ackoff, R.L. (1974). Redesigning the Future: A Systems Approach to Societal Problems. New York: Wiley. Bateson, M.C. (1994). Peripheral Visions: Learning Along the Way. New York: HarperCollins. Beer, S. (1972). Brain of the Firm. New York: Herder and Herder. Friston, K. (2010). The free-energy principle: a unified brain theory? Nature Reviews Neuroscience, 11(2), pp. 127–138. Vickers, G. (1965). The Art of Judgement: A Study of Policy Making. London: Chapman & Hall.

An Introduction to Systems Thinking was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

AutoGreenCharge mobile app coming soon to app stores near you

We’re thrilled to announce that Energy Web’s AutoGreenCharge mobile app has completed development and will soon be released on the Apple App Store and Google Play Store, enabling electric vehicle owners to charge with 100% renewable electricity.

AutoGreenCharge is a mobile app that provides unprecedented transparency and traceability for EV charging. It works by:

Connecting your EV: Our partnership with Smartcar makes it easy for data to be shared with the Autogreencharge app from a wide range of EV models Tracking Your Charging Sessions: Every time you charge your car, AutoGreenCharge collects data about your charging session. Matching Renewable Energy: the app matches your charging session with renewable energy certificates from markets around the world and creates a publicly verifiable proof that your electricity comes from clean sources. Tracking Your Green Proofs: you can easily view and verify your green proofs for each charging session within the app.

In addition to the mobile app, AutoGreenCharge is also available for enterprise customers. The solution can serve as a powerful tool for EV fleets, charge point operators, and automakers looking to decarbonize charging and offer new sustainability solutions to their customers.

We’re excited to bring AutoGreenCharge to EV owners everywhere. Stay tuned for the official launch and get ready to experience the future of electric vehicle charging.

There’s still time to sign up for the beta launch on https://www.autogreencharge.com/.

About Energy Web

Energy Web is a global non-profit organization accelerating the energy transition by developing and deploying open-source decentralized technologies. Our solutions leverage blockchain to enable new market mechanisms and decentralized applications that empower energy companies, grid operators, and customers to take control of their energy futures.

Clean EV Charging at Your Fingertips was originally published in Energy Web on Medium, where people are continuing the conversation by highlighting and responding to this story.

The EU’s Digital Markets Act requires six big tech “gatekeepers” (Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft) to provide continuous and real-time data portability mechanisms to users. We’re calling on the […]

Imagine a world where ensuring patient safety and improving healthcare outcomes begins with something as simple as smart inventory management.

In this episode, hosts Reid Jackson and Liz Sertl are joined by Chris Anderson, Director of Technical Program Management at VUEMED. Chris, with nearly a decade of experience in data management and analytics, shares the intricate world of inventory management solutions for hospitals—focusing on implantable medical devices. 

Chris also discusses how a unified system not only enhances the tracking of medical devices but also bolsters patient safety through more effective recall management and improved patient outcomes.

In this episode, you’ll learn:

How unique device identification (UDI) standardization is transforming hospital inventory management, enabling more precise tracking and significantly improving patient safety outcomes.

Insights into the seamless integration of GS1 standards within healthcare supply chains and learn practical approaches to overcoming compliance pitfalls and maximizing data utility.

The emerging trends and legislative updates that are set to impact future supply chain regulations in healthcare, providing a strategic edge to stay ahead in a rapidly evolving landscape.

 

Connect with GS1 US:

Our website - www.gs1us.org

GS1 US on LinkedIn

 

Connect with the guests:

Chris Anderson on LinkedIn

Kia ora,

If Tina had been in the Oceania Room at Te Papa Tongarewa last Tuesday, and for the two Digital Trust Hui Taumata that preceded it, like some of you were, I think this would have been her observation. It certainly was for another singer. The buzz in the room was palpable from the very start. Compared to the previous two years, this event saw increased attendance (214 registered, 202 in the room), more international and local speakers, and an increase in panels and roundtable discussions. It’s tangible evidence that Digital Trust is entering the consciousness of more people, accompanied by a desire to ‘get stuff done’. To that end – amongst several other great presentations, panels and exhibits of things currently in progress for those that wish to opt-in – NZTA showcased its NZTA vehicle status app, DINZ member Worldline walked us through its Digital Identity Acceptance Network at POS terminals, and DINZ member Xebo demonstrated the application of its information assurance platform for a document (quote) using verifiable credentials in the exhibition area. We are hugely grateful to the Hui’s partners, speakers and panellists, without whom this fantastic event would not have been possible.
 

Awareness and education play the most critical role in people’s adoption of these new services. In their absence, misinformation and disinformation fill the vacuum. A case in point is the jaw-dropping statistic from DINZ’s research published last year regarding the extent to which organisations are trusted to protect identity and use personal data responsibly. Government agencies only scored 51%. And yet, OPC’s Approved Information Sharing list is much more limited and evidentially contradicts the surveillance conspiracies that swirl around the internet.  

Similarly with the opt-in Digital Identity Services Trust Framework, where it’s not widely known that it’s primarily targeted at service providers to help keep their clients’ (you and me) information private and secure from fraudsters by introducing best practices, such as adopting protected reusable verifiable credentials that you decide who gets to see – so you are not forced to hand over documents to all and sundry for copying, which carry the risk of targeted data theft.    

In my closing remarks at the Hui, I asked each attendee to consider what single action they can undertake right now to improve Digital Trust in Aotearoa. And I’m asking again here. There is a private-sector-initiated awareness and education module all set to go. Will your organisation step up to its corporate social responsibility in this domain and help sponsor it? Reach out to me if you’re interested to know more.  

Lastly, please take some time to listen to the first of DINZ’s new podcast series, Digital Identity in Focus here. And if you’re interested in collaborating on a brief submission on the CPD Bill, please contact me here. 

Ngā mihi Colin Wallis
Executive Director, Digital Identity NZ

Read full news here: ‘Simply the Best’ | August Newsletter

SUBSCRIBE FOR MORE

The post ‘Simply the Best’ | August Newsletter appeared first on Digital Identity New Zealand.

The Human Colossus Foundation is excited to announce the publication of a groundbreaking new paper titled "Decentralised Semantics: A Semantic Engine User Perspective," authored by Carly M. Huitema, Paul Knowles, Philippe Page, and A. Michelle Edwards. This paper marks a significant advancement in how researchers search information through advanced semantic data management. The Semantic Engine developed in the agri-food sector leverages Overlays Capture Architecture (OCA) as a basis for semantic harmonisation and information discovery.

Citation

Huitema, C.M., Knowles, P., Page, P. and Edwards, A.M. (2024)
Decentralised Semantics: A Semantic Engine User Perspective.
Data Science Journal, 23: 42, pp. 1–5.
DOI: https://doi.org/10.5334/dsj-2024-042

Addressing the Challenges of FAIR Data Implementation

The paper addresses a critical issue in implementing the Findable, Accessible, Interoperable, and Reusable (FAIR) data principles. While many research groups strive to make their data FAIR, they often encounter challenges documenting the context in which data was collected, processed, and analysed. This lack of machine-actionable, contextual metadata frequently renders data less reusable and visible outside the immediate research team.

To overcome these challenges, the authors present the first version of the Semantic Engine, a tool designed to facilitate the creation of decentralised, machine-actionable metadata schemas. This tool is handy when data is collected across multiple projects and institutions, such as Agri-Food Data Canada.

Leveraging Overlays Capture Architecture (OCA)

The Semantic Engine is built upon the Overlays Capture Architecture (OCA), a flexible and extensible standard hosted by the Human Colossus Foundation. OCA supports decentralised collaboration and reproducibility by allowing multiple contributors to work on different aspects of a data schema without compromising the integrity of the core data structure. This approach is particularly beneficial in the agri-food sector, where data heterogeneity and decentralised research efforts are expected.

The Semantic Engine is built upon the Overlays Capture Architecture (OCA), a flexible and extensible standard hosted by the Human Colossus Foundation. OCA supports decentralised collaboration and reproducibility by allowing multiple contributors to work on different aspects of a data schema without compromising the integrity of the core data structure. This approach is particularly beneficial in the agri-food sector, where data heterogeneity and decentralised research efforts are expected.

Applications and Future Implications

The Semantic Engine, freely accessible at semanticengine.org, allows researchers to create, edit, and manage OCA-based schemas. It has been thoroughly tested by researchers at the University of Guelph and is designed to be user-friendly for the broader research community.

The potential applications of OCA and the Semantic Engine extend beyond the agri-food sector. The paper highlights ongoing projects in Canada and Switzerland and the EU Horizon project 'NextGen,' which uses OCA to harmonise semantic data in cardiovascular personalized medicine.

The release of the "Decentralised Semantics: A Semantic Engine User Perspective" paper represents a significant step forward in making research data more FAIR and usable. By leveraging the Semantic Engine and OCA, researchers can ensure that their data is well-documented, reproducible, and accessible to a broader audience. The Human Colossus Foundation is proud to support this critical work and looks forward to its continued impact on the research community.

You can access the full paper here and explore the Semantic Engine at semanticengine.org for more information.

GLEIF is pleased to have broadened its engagement and participation in Trust Over IP Foundation (ToIP) by becoming a member of the ToIP Steering Committee in March 2024, recognizing the importance of well-functioning governance to the ongoing success of the foundation. GLEIF has been a member of ToIP, as a Founding Contributor member, since May 2020.

With the verifiable Legal Entity Identifier (vLEI), GLEIF has pioneered a new form of digitized organizational identity to meet the global need for automated identification, authentication and verification of legal entities across a range of industries. By creating the vLEI, GLEIF is now answering to this urgent and unmet need of pioneering a multi-stakeholder effort to create a new global ecosystem for organizational digital identity.

The verifiable Legal Entity Identifier vLEI concept is simple: It is the secure digital counterpart of a conventional Legal Entity Identifier (LEI). In other words, it is a digitally trustworthy version of the 20-digit LEI code which is automatically verified, without the need for human intervention. The vLEI concept is also very much in-line with ToIP Technical and Governance Frameworks as detailed below.

The vLEI Trust Chain demonstrates the ability to chain the issuance of vLEI credentials as well as providing the foundation for the automated verification of vLEIs back to GLEIF which enable cryptographic verification of the identity of an organization back to its validated LEI identity.

vLEIs go further though in being able to cryptographically tie persons to organizations in the roles in which the persons are representing or engaging with these organizations. vLEI Role Credentials combine three concepts – (1) the organization’s identity, represented by the LEI, (2) a person’s identity and (3) the role that the person plays for the organization. 

GLEIF works to advance digital trust standards in the neutral ToIP forum through participation in the Ecosystem Foundry Working Group, the Issuer Requirements Task Force of the Governance Stack Working Group and as a co-chair of both the ACDC/KERI Task Force and Technical Stack Working Group. It is here in which the technical specifications of the KERI Suite have been drafted and have begun the process of approval to become published ToIP standards. The KERI Suite of specifications is made up of 3 documents – the Key Event Receipt Infrastructure (KERI) specification, the Authentic Chained Data Containere (ACDC) specification and the Composable Event Streaming Representation (CESR) specification. 

GLEIF also contributed to the development of the ToIP Ecosystem Governance Metamodel and companion guide. The verifiable LEI (vLEI) Ecosystem Governance Framework is based on the ToIP Governance Metamodel.

The post ToIP Welcomes GLEIF to our Steering Committee appeared first on Trust Over IP.

It’s time for another new episode of The Identity at the Center Podcast! We talked with Microsoft Product Manager Merill Fernando about the current state and future plans for Entra ID and the importance of DevOps and governance in identity management.

Watch it here: https://www.youtube.com/watch?v=szPgsyQUpQU

More info: idacpodcast.com

#iam #podcast #idac

A step-by-step guide from WAO Image CC BY-NC Visual Thinkery for WAO

In a recent post we outlined the early stages of our user research and evaluation project with Jobs for the Future (JFF) and the International Rescue Committee (IRC). Building on that, we also shared a post on the principles that drive our approach to user research.

Now, we offer a comprehensive guide for those who are embarking on user research for the first time, or those looking to refine their current practices.*

1. Define the Scope 🔍

Every successful project starts with a clear definition of its scope. This involves establishing the “Who, What, When, Where, Why, and How” before taking any further steps. By doing so, we create a shared understanding with our clients, which is vital for ensuring that everyone is on the same page. This clarity enables us to guide the project effectively, making informed decisions at every stage. Without a well-defined scope, projects can easily lose focus, leading to wasted time and resources.

2. Identify Stakeholder Groups 👫

Identifying the relevant stakeholders is the next crucial step. Stakeholders are those who have an interest in the outcome of the project or who may be affected by it. For our JFF/IRC project, we concentrated on engaging employers, IRC staff, and, where possible, IRC clients. Each group brought unique insights that enriched our understanding of the Job Readiness Credential’s effectiveness. Engaging a broad spectrum of stakeholders ensures that the research reflects a wide range of experiences and perspectives, making the findings more robust and actionable.

3. Create Surveys (Quantitative Data) 📊

Once stakeholder groups are identified, we design surveys tailored to each group to gather quantitative data. This data is essential for identifying trends and patterns that might not be immediately obvious. For example, in our work on this project, we developed a survey for employers that asked them to rate various aspects of the Job Readiness Credential, including its design and usability. The data collected provided a solid foundation for further analysis, allowing us to make evidence-based recommendations. Surveys are a powerful tool for collecting data at scale, providing a broad overview that can guide more detailed exploration.

4. Develop a User Research Guide (Qualitative Data) 📝

Quantitative data provides a broad picture, but to gain a deeper understanding, we complement it with qualitative research. This involves developing detailed guides for our interviews, which help us stay focused while remaining open to unexpected insights. The qualitative data gathered through interviews adds depth and context to our findings. For instance, while a survey might tell us that a particular feature is unpopular, an interview can reveal the underlying reasons why. By combining quantitative and qualitative data, we create a more comprehensive picture of the user experience.

5. Create Transcripts 🎤

Conducting interviews is only the beginning. To extract meaningful insights, we transcribe the conversations using tools like Sonix.ai. These transcripts are then reviewed and edited to ensure clarity and accuracy. This step is crucial because it allows us to focus on the most relevant insights without losing any nuance. By thoroughly reviewing the transcripts, we ensure that the final analysis accurately reflects the participants’ perspectives. This meticulous approach to data processing is what allows us to provide our clients with reliable and actionable insights.

6. Apply Snowball Sampling ❄️

In some cases, the initial set of stakeholders might not be sufficient to capture the full range of perspectives. This is where snowball sampling comes in. By asking participants to recommend others who might have relevant insights, we can expand our research to include a wider range of voices. For example, in the JFF/IRC project, we explored the possibility of engaging a representative from Indeed, the HRTech platform. This approach allows us to gather additional perspectives that might otherwise be overlooked, ensuring that our research is as comprehensive as possible

7. Use AI to Gain Initial Insights 🤖

With the increasing availability of AI tools, we’ve integrated them into our process to generate early insights from the data we collect. Tools like GPT-4o and Claude help us quickly identify key themes and patterns in the data. These AI-generated summaries provide a useful starting point, allowing us to focus our analysis on the most promising areas. However, AI insights are not the final word; we carefully review and refine them, combining them with our own expertise to ensure a balanced and nuanced analysis. This approach allows us to work more efficiently without sacrificing quality.

8. Synthesise Findings 📚

After collecting and analysing both quantitative and qualitative data, we synthesise the findings into a comprehensive report. This report brings together the survey results, interview insights, AI-generated perspectives, and our own analysis. The goal is to provide our clients with a clear and actionable summary of our findings. We often create both a visual summary and a more detailed report. The visual summary is designed for quick reference, while the detailed report offers a deeper dive into the data, providing clients with the insights they need to make informed decisions. By presenting our findings in this way, we ensure that our research is not only informative but also practical and easy to use.

Conclusion

At We Are Open Co-op, user research is all about helping people make better decisions with insights they can trust. Our experience with the Job Readiness Credential project shows how dedicated we are to this work.

We’re here to support you in your own research efforts, whether you’re just starting out or looking to refine your approach. As our work progresses, we’ll continue to share insights that can help you make the most of your user research journey.

* Note that user research and user testing can get very involved and scientific. Going into more detail and depth is definitely important if you are doing things at scale. This post is aimed at encouraging those who may not have in-house capacity to get started for the first time!

Demystifying User Research was originally published in We Are Open Co-op on Medium, where people are continuing the conversation by highlighting and responding to this story.

Carlsbad, Calif, August 14, 2024 – The FIDO Alliance has announced its agenda today for Authenticate 2024, held October 14-16, 2024, at the Omni La Costa Resort and Spa in Carlsbad, California.

Now in its fifth year, Authenticate is the only industry conference dedicated to all aspects of user authentication, and has become a ‘must attend’ cybersecurity event. This year’s event includes over 100 sessions and 125 speakers from across the globe, offering the latest innovations, expertise, and essential discussions for the digital identity industry, with an emphasis on passwordless authentication using passkeys.

Check out the Authenticate 2024 Agenda and register at https://authenticatecon.com/event/authenticate-2024-conference/.

Authenticate is perfect for CISOs, security strategists, enterprise architects, UX leaders, and product and business executives at any stage of their passwordless journey. Attendees will dive into practical content on authentication and identity security. The topics explored include FIDO technology basics, achieving business results, best practices for implementation in various use cases, UX factors, and case studies from the real world — all hosted in a resort environment that fosters collaboration, networking, and community building.

The 2024 keynote speakers have extensive experience implementing passwordless solutions for workforces and consumers and represent renowned organizations such as Amazon, FIDO Alliance, Google, Microsoft, Sony, Visa, and Yubico. The conference offers four stages with dedicated content tracks tailored to match attendees’ levels of expertise, interests, and implementation stages. Additionally, attendees will be able to get to know FIDO solution providers and join networking events to connect with peers and industry experts.

The Authenticate 2024 agenda features the following 11 content-rich tracks:

Business Case and ROI for Passkeys Technical Fundamentals and Features of Passkeys IAM Fundamentals UX Fundamentals of Passkeys Identity Verification Fundamentals Passkeys for Consumers Passkeys in the Enterprise Passkeys for Government Use Cases and Policy Making Passkeys for Payments The Passwordless Vision and the Future of Passkeys Complementary Technologies and Standards Sponsoring Authenticate 2024

Authenticate 2024 is accepting sponsorship applications for companies to showcase their solutions to key decision-makers and connect with potential customers. To learn more about the available on-site and virtual sponsorship options for the 2024 event, visit the Authenticate Sponsors page here. Due to the limited opportunities remaining, interested parties are encouraged to reach out to the Authenticate team soon at authenticate@fidoalliance.org.

About Authenticate

Authenticate 2024 is the leading conference dedicated to all aspects of user authentication, with a focus on FIDO standards. Celebrating its 5th year, the event will take place October 14-16, 2024 at the Omni La Costa Resort and Spa, offering both in-person and virtual attendance options. The conference gathers global leaders working to advance stronger, phishing-resistant authentication, and provides the latest educational content, technical insights, tools, and deployment best practices.

Authenticate 2024 is hosted by the FIDO Alliance, the cross-industry consortium that provides standards, certifications, and market adoption programs to accelerate the utilization of simpler, stronger authentication innovations like passkeys. The signature sponsors for the 2024 Authenticate conference include industry leaders Cisco, Google, Microsoft, and Yubico. 

Visit the Authenticate 2024 website to register now and use the early bird discount (through September 9, 2024). Follow @AuthenticateCon on X for the latest updates. 

Authenticate Contact

authenticate@fidoalliance.org

PR Contact

press@fidoalliance.org

We are pleased to announce that Liad Wagman has joined Internet Safety Labs as our newest Advisor. Liad is currently serving as the Dean and Professor of Economics at the Rensselaer Polytechnic Institute’s Lally School of Management.   

Liad brings a wealth of experience from his previous tenure at the Illinois Institute of Technology, where he served as the Dean and Professor of Economics and a key figure in spearheading innovative STEM and lifelong learning programs at the Stuart School of Business.  

Now at Rensselaer, Liad continues to influence the academic and business landscapes, emphasizing the importance of ethical practices within economics and technology. His decision to join ISL as an Advisor is driven by a shared commitment to enhancing product safety within the tech industry.  

“Solutions that align incentives for ethical behavior can benefit society by enabling stakeholders to make more informed decisions, reducing uncertainty, and fostering trust,” Wagman commented, highlighting his vision for his role at ISL.  

At ISL, we are excited about the perspectives and insights Liad will bring to our mission. His extensive background and forward-thinking approach will be invaluable as we continue our work to make the internet a safer and more transparent space.  We extend our deepest gratitude to Liad and all our advisors, whose expertise helps propel our mission forward.  

Please join us in warmly welcoming Liad Wagman to Internet Safety Labs!  

The post Introducing Our Newest ISL Advisor: Dr. Liad Wagman appeared first on Internet Safety Labs.

Disentis, July 28 to August 9

Nestled amidst the majestic Swiss Alps and the picturesque Disentis Monastery, the 2024 Summer Academy of the German Studientstiftung des deutschen Volkes and Max Weber Programm was an inspiring setting for over 70 passionate students. Among them, six vibrant working groups explored pressing societal matters, ranging from sustainability to digital health. One such group took on the challenge of envisioning a secure and inclusive European Health Data Space (EHDS).

A vision for the future of health data.

With the recent legislative work of the European Parliament and Council, the European Union is taking a visionary step towards establishing the EHDS. Beyond its benefits for patients and research, the EHDS has the potential to leverage digital technologies to significantly enhance the resilience and long-term sustainability of Europe's universal healthcare systems, provide a unique economic advantage, and set global standards in privacy, individual protection, and data governance.

For a European health data space that can be adopted by everyone (including patients!), individuals must rely on a system that embeds information security by design. A working group approached the question by leveraging the participants' diverse perspectives as stakeholders in a European Health Data Space.

Under the leadership of Philippe Page from the Human Colossus Foundation's Research Council, an international team of eleven students from diverse disciplines embarked on the mission to address key aspects of the EHDS. Their goal was to create a safe, accessible, and economically viable solution that would benefit patients and researchers alike.

Three guiding questions anchored their deliberations:

How might EHDS revolutionize medical research pathways via expanded data accessibility?

What measures could ensure the EHDS contributes to the EU economy without compromising health data privacy from commercial exploitation?

Which components constitute a secure, scalable infrastructure that meets the EHDS expectations and security demands? Would such an implementation prove sustainable?

The working group organized itself into three distinct focus groups, each addressing specific themes related to the broader topic. These subgroups operated autonomously throughout the sessions, diving into their subjects. Daily, the working group would collaborate in a collective session to share insights on primary/secondary data usage, discuss findings, and harmonize perspectives to manage risks in commercial usage. Through these collaborative efforts, the participants crafted a first draft of a position paper encompassing essential questions about the future development of the EHDS.

In conclusion, the Human Colossus Foundation thanks the organisers for creating space for bringing new ideas forwards in a manner respecting everyone’s perspective. The vision initiated during the retreat in Disentis Monastery is just the beginning. With plans to reconvene in 2025, the group aims to build upon its foundational ideas. Its aim is to create a safer, more inclusive European Health Data Space that sets global benchmarks in privacy, individual protection, data use in research, and data governance.

Subscribe to our newsletter

Databases on Ceramic

OrbisDB has emerged as a premier database solution for the Ceramic Network. Building on the foundation laid by ComposeDB, OrbisDB brings significant advancements in functionality, performance, and user experience. This blog post will elaborate on the connection between Ceramic and OrbisDB, highlight OrbisDB's new features, and showcase its value to developers.

ComposeDB: The Original Building Block

ComposeDB was the first database and has become an integral technology for many decentralized applications built on Ceramic, such as Passport.xyz, Zuzalu City, CharmVerse, and Lateral DeSci.

ComposeDB has been instrumental in dapp development on Ceramic because it introduces a robust, scalable, and user-friendly approach to data management. It supports structured data models, advanced queries, and the integration of decentralized identities, all while leveraging Ceramic's fast performance and high transaction capacity.

OrbisDB: A Practical Evolution

3Box Labs designed Ceramic as an open network upon which an ecosystem of data-handling solutions could emerge. We launched ComposeDB in 2023 as the first database service on the network.

While ComposeDB represented the first database service offered on Ceramic and introduced many advancements for interacting with Ceramic, the need for simple onboarding, hosted nodes, SQL, and easy integrations with other services led the Orbis team to create OrbisDB.

Built initially as the Ceramic-based infrastructure for Orbis Social, OrbisDB evolved from a template implementation used by leading crypto projects such as Iggy Social, CoinEasy, Autonolas, and Gitcoin Schelling Point, into a slick set of interface services for data on Ceramic, including a UI for no code deployment, integrated hosting, support for additional languages, and a blue sea of possibilities made possible by plugins.

Key Upgrades with OrbisDB Simplified Ceramic Developer Experience: Rapid Ceramic Onboarding: OrbisDB offers a web app and SDK for storing and managing datasets on Ceramic, no-code, or CLI. Hosted nodes: OrbisDB makes Ceramic DevOps easy with an in-built hosted node service. Accelerated Customization: Extend the functionality of your database with plugins. Build plugins for other developers. Database Language Choice: SQL Queries: Using PostgreSQL as its indexing database, OrbisDB offers scalable performance and the benefits of traditional scaling methods. GraphQL: (already available on ComposeDB) and vector embeddings are both in development. Plugin Ecosystem: Optional and Versatile: Developers can easily add plugins to OrbisDB. These plugins are optional and designed to perform operations beyond the core's scope, providing additional functionality and connections to other blockchain services. Recently released plugins for Dune (link) and Base (link) make data visualization and importing on-chain data from any Base smart contract code-free and straightforward. Open source: Plugins are open source. Users can build and share plugins with other developers in the ecosystem. Do anything with plugins: Combine on-chain transactions from Base or other EVMs with verifiable data on Ceramic (e.g., enable mutable and verifiable metadata) Provide sybil-resistance and instant reputation score to all user-generated data using Passport.xyz or Verax attestations. Easily token-gate your applications via pre-defined indexing logic Resolve ENS Domain names directly from any datasets in one click Enable a single query from multiple data sources (API, on-chain, Ceramic data, etc.)

Get Early Access to OrbisDB Studio

OrbisDB represents a practical evolution of databases on Ceramic, building upon the foundations laid by ComposeDB and significantly improving experience, languages, and interoperability.

Projects have already started building on OrbisDB in beta, including Index Network, Plurality, and Flashcards, for various use cases, including a blockchain event listener and storing encrypted user data and educational content.

We're excited to work with Orbis to support the future of decentralized data management. OrbisDB Studio, accessible later this year, will offer the developer experience improvements discussed above. Sign up here to get on the waitlist for early access.

Learn more about OrbisDB at useorbis.com

It’s cybersecurity season in Las Vegas and I’m inspired to write an overdue post on why I hate the phrase “cyber civil defense”. Actually, I don’t hate the phrase, I disagree with its usage. Being the literal sort I am, I have to of course start with a long look at what the three words seem to mean.  

Cyber: aka technology; though perhaps a more detailed definition would include “software driven” and “internet connected” as necessary attributes.  

Civil: in this context, I think it means “citizens” or just “people”.  

Defense: The catch with this term is that it’s unclear what or who is being defended and by what or whom. For instance, this innocuous three-word phrase could mean any number of things: 

Civilians defending “cyber” [tech] from other civilians.  Civilians defending other people from civilians.  Tech defending civilians from other civilians.  Tech defending civilians from tech.   Tech defending tech from civilians. (ew.) 

I could go on but my head hurts. 

Civilian defense seems to imply a kind of volunteer force to defend people from cyber threats (what kinds of threats?).  

Here’s where the wheels fall off this phrase: what about when the call’s coming from inside the house? Meaning, what about when the technology—as designed and with perfect integrity—is itself harmful to people? I’m not fine with using the phrase in the context or implication of defending people from risks from commercial technology itself because doing so: 

– Reinforces that it’s acceptable for commercial technology (i.e. commercial products) to be a thing that civilians need to protect themselves from, 

– Gaslights people into thinking that it’s somehow their responsibility to protect themselves against commercial technology that is evolving faster than the governance around it, bolstered by staggering amounts of financial resources, and whose risks are admittedly poorly understood by the makers themselves, but with just a little more elbow grease, you, dear user, can maybe be marginally less at risk.  

– Smacks a bit of a military operation. I don’t want to join an army, I just want to have reasonably safe technology products.  

– Also it’s a smidge paternalistic. (I can almost hear the “little lady” in there…) 

The good news is we already have a phrase to describe risks of commercial products on humans. It’s called Product Safety.  

But product safety is an abject failure when it comes to commercial software and software-driven technology. In the US we have a dedicated product safety commission, but their scope hasn’t been updated since 2008, and was hamstrung by budgetary contractions in the Consolidated Appropriations Act of 2019. Other agencies pick up pieces of product safety in the style of the blind men and the elephant, using their granted powers to maximum effect. The failure, however, is with the law makers. We have not updated ideas of “products” and “product safety” to keep pace with the internet age and citizens pay the price every day.  

Sadly, from my research, it usually does take around 50 years after the launch of a new commercial product for US product safety laws to emerge, so we’re depressingly on time. For example, seatbelts became mandatory on January 1, 1968, sixty years after the commercial launch of the Fort Model T. 

The EU recognized this gap in 2023 with their updated product safety law. As we in the US still wait for a federal privacy law, perhaps we can leapfrog ahead to a reimagined federal product safety law. Good news: we at ISL have tons of data, know-how, and tools to support this; it doesn’t have to start from scratch. But it would take extraordinary intestinal fortitude on behalf of the lawmakers to create something that meaningfully throttles the myriad risks technology foists upon us today. It would take precise regulation and a financially backed commitment to enforcement.  

I won’t be holding my breath, but we are absolutely here for that moment if and when it comes. Meanwhile, in the likely event the US government continues to ignore product safety for technology, ISL will continue to champion the safety of all tech users through our maturing safety labels and research.  

The post In Defense of Cyber Product Safety for Civilians (or Something)   appeared first on Internet Safety Labs.

To mark the entry into force of the eIDAS Regulation 2.0 in May 2024, the Blockchain Berlin news platform has published a comprehensive review of the IDunion research project’s work over the past three years.

While the original aim of the project was to develop a decentralised identity management system based on blockchain, the project was subsequently refocused on federated data storage using the OpenID4VC protocol family developed by the consortium partners. The integration of these protocols into the eIDAS 2.0 Architecture Reference Framework (ARF) by the EU confirms IDunion’s expertise and its important contribution to digitalisation in Europe.

The article presents various possible use cases for digital credentials, such as the digital student ID card of the TU Berlin or the digital product passport for seamless identification and transparency of product sustainability data.

Click here to read the article

On this week’s episode of The Identity at the Center podcast, we take an entire episode to answer a listener question about IAM RFPs and how to get the maximum value out of that process.

You can watch it here: https://youtu.be/rwn3CTRlPP0

Visit idacpodcast.com for more.

#iam #podcast #idac

New Initiative to Drive Sustainability, Circular Economy, and Data Interoperability Across Europe

In response to the sustainability and circularity data sharing needs highlighted in the EU Green Deal and the new Circular Economy Action Plan (CEAP), the European Commission adopted the Ecodesign for Sustainable Products Regulation (ESPR) in March 2022. This regulation establishes the Digital Product Passport (DPP) system, designed to provide essential information on a need-to-know basis to support sustainable production and enable the transition to a circular economy. The DPP aims to boost material and energy efficiency, extend product lifetimes, and optimize product design, manufacturing, use, and end-of-life handling.

Beyond facilitating sustainability and circularity-related data sharing among economic operators along value chains, the DPP is intended to create new business opportunities through digital and circular value retention and optimization, such as product-as-a-service, repair, reuse, remanufacturing, and recycling. It also helps consumers make sustainable choices and allows authorities to verify compliance with legal obligations.

Currently, there are numerous initiatives for such data sharing systems at the industry sector, platform, or individual company level. However, there is a lack of standardization in data definition, data format, and IT infrastructure, which hinders cross-sectoral interoperability. To address this, the EU Commission initiated the CIRPASS Coordination and Support Action (CSA) in October 2022, with the project set to conclude in March 2024. The focus is on batteries, electronics, and textile sectors. By the project’s end, CIRPASS will propose a clear cross-sectoral definition and description of the DPP system, identify key data for circularity, and define requirements for product identification and data exchange protocols to support further legislative and standardization developments.

To ensure inclusivity, an open call for pilot proposals was widely disseminated, forming the CIRPASS-2 project consortium, which will run from May 2024 until April 2027. Alongside 17 partners, CIRPASS-2 will demonstrate functioning Digital Product Passports in real-world settings through circular pilot deployments and use cases in textiles, electrical and electronic equipment, tires, and construction value chains.

CIRPASS-2 will show that the DPP, as a digital transformation initiative, helps strengthen the Union’s resilience and data sovereignty. It will develop a DPP data space fully aligned with Europe’s ongoing efforts in this field (such as SIMPL and DSSC) and emphasize interoperability based on harmonized standards. The focus on open source and architecture will also foster the EU data economy while ensuring compliance with data regulations. By taking the conceptualized DPP and pilot solutions and deploying them at scale, CIRPASS-2 aims to bridge the gap between digital technology research and market deployment. The project will contribute directly to Digital Europe Programme (DEP) objectives through its results and will provide extensive policy and business recommendations to further these goals.

CIRPASS-2 is an Innovation Action project funded by the European Commission’s Digital Europe Programme, running from May 2024 until April 2027. With 13 lighthouse pilots, the project will demonstrate functioning DPPs in real settings and at scale across four target value chains: textiles, electrical and electronic equipment, tires, and construction materials. Additionally, CIRPASS-2 will create a broad community of DPP stakeholders to facilitate the deployment of DPPs in various product sectors across Europe and beyond.

About Energy Web

Energy Web is a global non-profit organization accelerating the energy transition by developing and deploying open-source decentralized technologies. Our solutions leverage blockchain to enable new market mechanisms and decentralized applications that empower energy companies, grid operators, and customers to take control of their energy futures.

CIRPASS-2 Launches to Advance Digital Product Passports was originally published in Energy Web on Medium, where people are continuing the conversation by highlighting and responding to this story.

Andrew Shikiar, FIDO Alliance Executive Director & CEO

In a significant move to bolster software security, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations have released new guidance that organizations can use to demand better security from their software vendors.

The Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem underscores the pivotal role that software customers play in digital supply chain security. The guide outlines high-priority security requirements from the earliest stages of software development, a principle central to creating “secure by design” products.

Among the items highlighted are phishing-resistant authentication methods, such as passkeys, as a default feature in software products. Announced on Tuesday, August 6, 2024, at Black Hat USA, this new guidance represents a vital step forward in securing the digital supply chain in the United States and worldwide.

Secure by Demand, Secure by Design

This new guidance complements CISA’s recent Secure by Design Guide aimed at technology manufacturers to improve their software product security. By focusing on the procurement aspect in the supply chain, the new guidance advises software buyers to demand modern security features from technology manufacturers, such as phishing-resistant authentication and passkeys. By doing so, customers can drive demand for security as a baseline feature and compel technology manufacturers to adhere to secure design practices.

The guidance also includes an assessment to evaluate software security and include security requirements in contracts. It encourages a proactive procurement approach, where a buyer can assess a manufacturer’s security and capabilities to reduce vulnerabilities and strengthen resilience. The guide establishes best practices for secure software procurement and highlights the product security features that bolster supply chain security and interoperability.

Passkeys Take Center Stage

CISA’s guidance aligns with the recent guidance from the National Institute of Standards and Technology (NIST) in their digital identity guidelines on authentication and lifecycle management. In supplemental guidance, NIST SP 800-63Bsup1, NIST affirmed that synced passkeys meet Authentication Assurance Level 2 (AAL2) requirements and device-bound passkeys satisfy Authentication Assurance Level 3 (AAL3). The two guidance documents emphasize the importance of security, including digital identity and authentication best practices, across the digital supply chain.

The Secure by Demand guidance empowers IT buyers, who can drive market demand for secure software features, such as passkeys and FIDO authentication. Given that weak or stolen passwords account for 80% of hacking-related breaches and credential phishing has skyrocketed by 967% since 2022, buyers can use the guide’s security assessment to evaluate software security, including passkey capabilities, and improve security risk management in the supply chain. With this guidance, CISA aims to increase awareness and drive market demand for secure software.

Key Recommendations for Software Manufacturers

CISA’s Secure by Demand guide outlines several critical requirements that customers should evaluate when procuring software, and includes questions to assess a software manufacturer’s security capabilities in the following areas:

Authentication: Manufacturers should support secure, standards-based Single Sign-On (SSO) and implement phishing-resistant multi-factor authentication (MFA) or passkeys — by default, and at no extra cost. Eliminating Vulnerabilities: Systematic efforts should be made to address and prevent classes of software defects, such as SQL injection and cross-site scripting vulnerabilities. Secure Defaults: Security logs should be provided to customers without additional charges, ensuring transparency and accountability in software security. Supply Chain Security: Ensuring the provenance of third-party dependencies via Software Bill of Materials (SBOM) and robust processes for integrating open-source components are vital. Vulnerability Disclosure: Transparency and timely reporting of vulnerabilities, including authorization for security testing by the public, is crucial for maintaining trust and improving security outcomes. A Call to Action for Security Leaders

The guidance for those manufacturing or procuring software across the software supply chain is clear: passkeys improve third-party supply chains and ensure higher security standards in software procurement and development processes. By integrating passkeys into authentication processes, organizations can strengthen end-to-end digital identity lifecycle management and significantly reduce the risks of phishing and social engineering attacks.

To learn more about CISA’s Secure by Demand guidance, visit https://www.cisa.gov/resources-tools/resources/secure-demand-guide.
Ready to go passwordless? Learn how to implement passkeys or find a passkey deployment partner using the FIDO Certified Directory and FIDO Certified Member Showcase.

Trend is Your Friend: Knowledge Graphs at the Heart of Gartner’s Impact Radar — Here is How the Decentralized Knowledge Graph (DKG) Enhances Reliable AI

Gartner puts Knowledge Graphs at the epicenter of their 2024 Impact Radar right next to Generative Artificial Intelligence (GenAI). Here is WHY knowledge graphs (KGs) are so important for Artificial Intelligence (AI) and how Decentralized Knowledge Graph (DKG) helps power trust at Internet scale.

Knowledge Graphs in support of reliability of the GenAI

KGs act as intelligent maps for AI, aiding in understanding connections, explaining decisions, enhancing learning through Retrieval-Augmented Generation (RAG) to reduce hallucination and bias in AI.

Initially developed by Meta, RAG is a type of AI system that combines two main tasks: retrieving information and generating answers. Think of it like a smart assistant that not only looks up facts but also puts them together in a way that makes sense. By using KGs, RAG systems become smarter and more reliable.

They can understand questions better, provide accurate answers, connect different ideas, search quickly, show their sources, and bring together knowledge from various topics. This helps users find the information they need and helps drive more reliable AI based on the transparent use of knowledge sources.

Decentralized Knowledge Graph (DKG): Trust the Source

“We live in a time of abundant connectivity and alas abundant misinformation. The OriginTrail Decentralized Knowledge Graph (DKG) is an evolving tool for finding the truth in knowledge. In particular, we see knowledge graphs improving the fidelity of artificial intelligence.”

Dr. Bob Metcalfe, Internet pioneer and Ethernet creator

Driving data interconnectivity, interoperability, and integrity, the Decentralized Knowledge Graph (DKG), importantly advances knowledge graphs (KGs). It addresses the challenges of data ownership, AI hallucinations, and bias with the Decentralized Retrieval-Augmented Generation (dRAG) that enhances RAG by organizing external sources beyond a single organization in a DKG for AI models to use — from a single source to networks of sources.

Most importantly, the DKG allows users to go beyond the limitations of siloed data of a single organization to achieve integrated, decentralized knowledge access from multiple sources, all while preserving the lineage, or provenance of it all. This then drives the reliability and accuracy of AI well beyond a single source. The DKG also provides a connective layer (or a middleware) that allows for centrally operated knowledge graphs to interoperate with other information sources.

Are you building an enterprise-grade AI solution that requires reliability and trust beyond a single source?

Go check the solutions used by world-class organizations built on OriginTrial DKG and schedule a demo.

Trend is Your Friend: Knowledge Graphs at the Heart of Gartner’s Impact Radar — Here is How the… was originally published in OriginTrail on Medium, where people are continuing the conversation by highlighting and responding to this story.

Join us to talk about the ideas and approaches behind our organisational strategy for 2024 - 2025

The post 22 AUG: Join us to launch our new Organizational Strategy appeared first on The Engine Room.

The post LERs and Blockchain: Why, Where and How?   appeared first on Velocity.

Food safety is intricate, and for some, it can be emotional. But as food safety evolves, technology and innovation are more crucial now than ever.

 

Reid Jackson and Darin Detwiler, Founder and CEO of Detwiler Consulting Group, discuss the intricacies of food safety. Darin, an expert with over 31 years of experience, opens up about his journey, which began with the tragic loss of his son to E. coli and evolved into a lifelong commitment to improving food safety standards.

 

They discuss the roles that new technologies and procedures play in fortifying food safety systems, the emotional and operational challenges faced by professionals in the field, and the essential human elements—like courage—that drive meaningful change. They also address the complexities of balancing short-term and long-term goals in food safety investments, emphasizing the importance of preparing and integrating cutting-edge solutions amid ongoing production challenges.

 

In this episode, you’ll learn:

How integrating advanced digital solutions like data analytics and blockchain can simultaneously address long-term and short-term goals within the food safety sector, ensuring a sustainable and secure supply chain.

The importance of cultivating courage within food safety leadership roles, emphasizing the critical need for a proactive approach in preventing and mitigating safety crises.

The transformative role of social media in empowering consumers as active stakeholders in food safety, contributing real-time data, and enhancing industry transparency and responsiveness to potential risks.

 

Connect with GS1 US:

Our website - www.gs1us.org

GS1 US on LinkedIn

 

Connect with the guests:

Darin Detwiler on LinkedIn

More about Detwiler Consulting Group  - https://www.herculeaneffort.net/

 

In response to Graeme Muller’s open letter from NZTech to New Zealand Government officials, DINZ and its Biometrics Special Interest Group wish to emphasise our support for the concerns raised. The letter, published yesterday, highlights significant concerns about the OPC’s proposed Code of Practice for biometrics, which could negatively impact businesses, innovation, and the economy. 

“DINZ is fully committed to supporting the Office of the Privacy Commissioner (OPC). We believe that privacy-enhancing technologies introduced by our industry can complement the OPC’s role in protecting privacy. Collaboration between the OPC and businesses should not be seen as a trade-off but as a partnership with mutual benefits.” says Steven Graham, Head of Biometrics (ANZ) & Innovation, NEC New Zealand Limited and Chair of DINZ Biometrics Special Interest Group.

Following the publication of this letter the Privacy Commissioner reached out to NZTech CEO Graeme Muller to assure NZTech members that the process is far from finished, they are still reviewing the feedback and there will be further opportunities for stakeholders to engage. Given how important biometrics are for privacy, productivity and economic growth, DINZ, and NZTech look forward to the OPC publishing their proposed next steps and engaging in real consultation with experts in biometrics.

VIEW FULL LETTER

The post DINZ Supports NZTech’s Biometrics Concerns appeared first on Digital Identity New Zealand.

Submitted by: Joni Brennan, President

List of recommendations

Recommendation 1: That the government prioritize digital trust in four areas critical to Canada’s leadership and the privacy, security and protection of our people and industries, including: Digital Trust in Citizen Services; Digital Trust in Finance and Regulatory Digital Trust in Public Safety; and Digital Trust in Business and Industry Recommendation 2: That the government recognize the necessity of embracing and prioritizing privacy-protecting verification and authentication tools as part of its Artificial Intelligence (AI) strategy. Recommendation 3: That the government allocate the funding needed to support the adoption of digital trust tools to the benefit of government, businesses, and citizens alike.

Introduction

The spread of misinformation is evolving around the world at a concerning pace. Bad actors are finding new battlegrounds and frontiers every day, and information and images generated by AI are being used to push political agendas and false narratives, scam and steal money and identities, and, even worse, lure online. 

Similarly, AI is also evolving rapidly, with risks as significant as the benefits. Further, now that AI is generative, users can manipulate images and information at unprecedented speed and scale, and vast amounts of inaccurate and malicious information make it difficult for people and organizations to verify information authenticity.

In today’s era of information warfare, authenticity and verification must be prioritized — particularly given the role of digital trust and identity verification in the delivery of government and business services.

Our submission and recommendations reflect the deep experience and expertise of DIACC’s member organizations, and our collective commitment to working with leaders in both the public and private sectors to secure verifiable information authenticity to the benefit of government, industry, and citizens alike by prioritizing inclusive and accessible privacy-protecting digital trust and verification capabilities.

About DIACC

The Digital Identification and Authentication Council of Canada (DIACC) was created following the federal government’s Task Force for the Payments System Review, with a goal to bring together public and private sector partners in developing a safe and secure digital ecosystem.

DIACC is guided by a belief that our public safety, civic engagement, and economic prosperity depend on leveraging trusted solutions and using well-established risk mitigation and certification tools. DIACC is committed to accelerating digital trust adoption and reducing information authenticity uncertainty by certifying services against its Pan-Canadian Trust Framework — a risk mitigation and assurance framework developed collaboratively by public and private sector experts that signals trustworthy design rooted in security, privacy, inclusivity, accessibility, and accountability.

Recommendations

Recommendation 1: That the government prioritize digital trust in four areas critical to Canada’s leadership and the privacy, security and protection of our people and industries, including:

Digital Trust in Citizen Services; Digital Trust in Finance and Regulatory; Digital Trust in Public Safety; and Digital Trust in Business and Industry.

Digital Trust in Citizen Services

DIACC advocates for digital trust in citizen services, emphasizing the importance of secure, privacy-respecting, and user-centric solutions through collaboration between government, private sector, and civil society. Leveraging our collaborative partnerships, we developed the Pan-Canadian Trust Framework (PCTF) – a risk mitigation and assurance framework that extends standards and open source code to help service providers ensure risk mitigation and user care.

As public services continue to move online, digital trust and verification services will be critical for ensuring that services are secure and accessible. From online healthcare consultations to digital government services, these technologies provide the necessary security infrastructure to protect public interactions and data.

Through partnerships with organizations such as DIACC, the government is encouraged to prioritize innovation in digital trust technologies through pilot projects, research, and education. Collaboration with various sectors will ensure the development and implementation of secure, efficient, inclusive, and accessible digital trust solutions, fostering a reliable digital ecosystem for accessing healthcare, banking, and government services.

Digital Trust in Finance and Regulatory

Canadians benefit from being a highly banked jurisdiction with broad inclusivity and accessibility – according to the Canadian Bankers Association, approximately 99 per cent of Canadian adults have a bank account.

Existing financial regulations provide powerful and internationally recognized tools that act as a solid foundation to fight fraud and foster a more verified, authentic, and trustworthy ecosystem that supports the needs of people, governments, and businesses alike. However, the government is encouraged to build on the existing regulatory framework and develop new regulations to facilitate secure digital transactions, including compliance with anti-money laundering (AML) and know-your-customer (KYC) regulations.

Further, digital trust and verification services will be critical as the government moves forward with its commitments to open-banking, with interoperability also being paramount as the federal framework and existing provincial frameworks work together.

Similarly, the government has committed to reducing incidents of mortgage fraud and strengthening proof of borrower and title insurance, and digital trust and verification services can and should play a critical role in making that commitment a reality.

Digital Trust in Public Safety

DIACC believes that implementing digital trust and verification services are essential for enhancing public safety. Digital verification can play a crucial role in protecting vulnerable populations, including children, the elderly, and individuals with disabilities.

By ensuring that only authorized personnel have access to sensitive areas such as schools, healthcare facilities, and care homes, digital trust services can help safeguard these groups from potential harm. Further, digital trust and verification services enable secure and reliable cross-border identity verification, facilitating international collaboration in law enforcement, disaster response, and public health.

By prioritizing advanced authentication methods that ensure individuals and organizations are who they claim to be, we can help prevent unauthorized access to sensitive information and critical infrastructure, minimize financial scams and misuse of personal data, and enhance public safety for all Canadians.

Digital Trust in Business and Industry

Enhanced security is a primary benefit of digital trust and verification services for businesses and industries. These services provide robust security measures that protect businesses from fraud, identity theft, and cyber threats. Ensuring that only authorized individuals have access to sensitive information and resources, these services help maintain the integrity of business operations.

By prioritizing digital trust in business and industry and implementing authentication and verification tools, the government can help drive the following benefits:

streamlined business processes by automating identity verification and reducing the need for manual checks; faster, more efficient operations and reduced administrative costs, allowing businesses to allocate resources more effectively; data minimization and the secure handling of personal information, increasing customer confidence; a competitive advantage for Canadian businesses by helping them innovate and offer their customers new, secure digital services; and a reduction in incidents of fraud, resulting in significant cost savings for businesses. These savings can be reinvested into other business areas, driving growth and innovation and improving overall business performance.

Recommendation 2: That the government recognize the necessity of embracing and prioritizing verification and authentication tools as part of its AI strategy.

In today’s world, where AI is becoming smarter every day, and information can be generated and manipulated at unprecedented speed and scale, ensuring the accuracy and trustworthiness of information is critical. It is vital to maximize the benefits of an AI and Artificial General Intelligence (AGI)-fueled data ecosystem for Canada while also fostering citizen trust and protecting their safety.

To effectively address the challenges we’re facing while realizing the benefits of AI, the federal government should prioritize verification and authentication tools as part of its broader AI strategy. Prioritization must include funding, collaboration, and urgent action to support the development, adoption and certification of tools that verify information authenticity while protecting privacy and empowering Canadians. Governments, banks, telcos, tech companies, media organizations, and civil society must work together to deploy open, standards-based solutions and services to verify the authenticity of information.

The economic imperative of investing in these capabilities is clear. According to a study by Deloitte, the Canadian economy could unlock an additional 7 per cent (CAD $7 trillion) in economic value through AI and AGI technologies. People and organizations can only realize this potential for the good of society by investing in tools, processes, and policies that support verifying the authenticity of the information generated and processed by AI and AGI technologies.

Recommendation 3: That the government allocate the funding needed to support the adoption of digital trust tools to the benefit of government, businesses, and citizens alike.

Today, solutions can signal verified trust by getting certified against a technology-neutral risk and assurance framework like DIACC’s Pan-Canadian Trust Framework, developed collaboratively by public and private sector experts.

Verifiable information authenticity relies on critical principles, including provenance and traceability: provenance establishes the origin and history of information, ensuring it comes from a reliable source, while traceability allows for audibility of the flow of information, enabling people, businesses, and governments to verify its accuracy and authenticity. These principles are essential in combating the spread of misinformation and disinformation, which can have far-reaching consequences in an AI-fueled world.

Provenance and traceability are potent information authenticity tools that can help:

businesses and professionals reduce liabilities and meet obligations to verify information about their clients and their operations; citizens and residents interact securely and efficiently with governments; customers and clients transact with privacy and security anywhere, anytime; industries manage decision-making and securely supply chains using trusted data; producers verify essential data related to environmental, safety, and operational goals and creators track intellectual property to ensure fair payment and cultural protection.

Conclusion

Our public safety, civic engagement, and economic prosperity depend on leveraging trusted solutions, well-established risk mitigation and certification tools, and powerful collaboration to ensure regulations set informed guardrails that put people’s benefits, protections and agency to control data at the center of the design. The evolving AI-fueled information landscape presents unprecedented challenges and opportunities for innovation and progress. By prioritizing verifiable information authenticity, inclusive and accessible solutions,  and investing in digital trust, we can ensure that people and organizations realize the benefits of AI and AGI while mitigating its risks

Thank you once again for the opportunity to provide our input in advance of Budget 2025 and as we collectively move forward on the path to a digitally and economically prosperous Canada.

Join us for the launch of our new report sharing learnings from our research into information ecosystems in Latin America and the Caribbean.

The post 27 AUG – Report launch event: Information ecosystems in Latin America and the Caribbean appeared first on The Engine Room.

Toronto, Ontario – August 6, 2024: DIACC is thrilled to announce the appointment of its Board of Directors following the recent election at DIACC’s Annual General Meeting (AGM) on June 27, 2024, where renowned leaders and visionaries from various sectors converged.

“On behalf of the DIACC Board, I am thrilled to welcome our newly elected and re-elected board members,” said Dave Nikolejsin, Chair of the DIACC Board. Their expertise and dedication are invaluable as we advance digital trust in the global digital economy. We will continue to work together to advance a secure, efficient, privacy-respecting, and inclusive digital ecosystem.”

The new and returning Directors bring fresh perspectives and experience-based commitment to DIACC’s mission. Their leadership will help the council ensure its initiatives align with and influence standards and practices that mitigate security and privacy risks. DIACC’s leadership works collaboratively to support a more inclusive, secure, and efficient global digital economy that benefits people and organizations of all sizes.

This diverse group of leaders joins DIACC’s esteemed roster of Directors, bringing together a wealth of expertise and collective experience crucial in guiding and shaping the future of digital trust, verification, and privacy protection.

DIACC Board of Directors:

Chair: Dave Nikolejsin, Independent, Strategic Advisor with McCarthy Tetrault Vice-Chair: Jonathan Cipryk, Vice President & Head of Technology Functions, Manulife * Treasurer: Andre Boysen, Independent  Manish Agarwal, Chief Information Officer, Government of Ontario * Neil Butters, Vice President & Head of Product Architecture, Interac Corp * Mike Cook, CEO, Identos Balraj Dhillon, General Manager of Product Platforms and Channels, Canada Post Giselle D’Paiva, Digital Identity Leader, Government and Public Sector, Deloitte Erin Hardy, General Counsel & Chief Privacy Officer, Service New Brunswick * Hesham Fahmy, Chief Information Officer, TELUS Marie Jordan, Senior Director Global Standards Management, VISA Jonathan Kelly, Assistant Deputy Minister for Government Digital Transformation, Province of Quebec Karan Puri, Associate Vice President, TD Bank * CJ Ritchie, Associate Deputy Minister and Government Chief Information Officer, Province of BC Pierre Roberge, Independent

* Indicates newly appointed.

The DIACC Board of Directors works closely with public and private sectors, academia, and civil society stakeholders to foster collaboration, reduce uncertainty, and accelerate the adoption of trustworthy services in the digital services ecosystem.

DIACC is confident that its Board of Directors collective insights and strategic direction will drive significant progress in the digital trust and verification space. Their dedication to fostering innovation and trust in digital services is invaluable as we work towards a future where secure and reliable digital identities are accessible to everyone.

“On behalf of the DIACC Board, I am thrilled to welcome our newly elected and re-elected board members,” said Dave Nikolejsin, Chair of the DIACC Board. “Their expertise and dedication are invaluable as we advance digital trust in the global digital economy. We will continue to work together to advance a secure, efficient, privacy-respecting, and inclusive digital ecosystem.”

“Being re-elected to the DIACC Board of Directors and serving as Vice-Chair is a tremendous honour. It allows me to support identity trust in Canada during these times of rapid technological advancements,” said Jonathan Cipryk, Vice President & Head of Technology Functions at Manulife. “I will use my expertise in technology and security to foster collaboration and drive programs that benefit our community. Together, we can build a future where identity trust and privacy empower individuals and strengthen our digital economy.” 

About the DIACC:

Established in 2012, the DIACC is a non-profit coalition of public and private sector organizations committed to advancing digital trust adoption through initiatives that inform and validate private sector services, enable privacy-protecting trusted exchanges between private and public sector authorities, and foster a robust ecosystem. DIACC enhances global economic prosperity by promoting digital trust, tools and services that verify information about individuals and organizations while protecting privacy.

For inquiries, please contact: communications@diacc.ca

Tomas Tluchor Data Services Director glenda.fitzpatrick Tue, 08/06/2024 - 12:35 Member excellence

GS1 Czech Republic

Tomas Tluchor

Shannon Fuller Lead Data Governance glenda.fitzpatrick Tue, 08/06/2024 - 12:34 Member excellence

Ahold Delhaize USA

Shannon Fuller

Maintenance release 3.1.29 daniela.duarte… Tue, 08/06/2024 - 11:25 Maintenance release 3.1.29

GS1 GDSN accepted the recommendation by the Operations and Technology Advisory Group (OTAG) to implement the 3.1.29 standard into the network in November 2024.

Key Milestones:

See GS1 GDSN Release Schedule

As content for this release is developed it will be posted to this webpage followed by an announcement to the community to ensure visibility.

Data Pools should contact the GS1 GDSN Data Pool Helpdesk to understand the plan for the update. Trading Partners should work with their Data Pools on understanding the release and any impacts to business processes.

Business Message Standards including Message Schemas Updated For Maintenance Release 3.1.29

Trade Item Modules Library 3.1.29 

GS1 GDSN Code List Document (Sept 2024)

Delta for release 3.1.29 

Delta ECL for release 3.1.29 (Aug 2024)

Validation Rules (Sept 2024)

Delta for Validation Rules (Sept 2024)

Unchanged for 3.1.29

Approved Fast Track Attributes (Dec 2022)

BMS Documents Carried Over From Previous Release

BMS Shared Common Library (Dec 2023)

BMS Catalogue Item Synchronisation (Dec 2023)

BMS Basic Party Synchronisation

BMS Price Synchronisation 

BMS Trade Item Authorisation

 

Schemas

Catalogue Item Synchronisation Schema including modules 3.1.29 

Changed Schemas for 3.1.29 

Party Synchronisation Schema

Price Synchronisation Schema

Trade Item Authorisation Schema

Release Guidance

GS1 GDSN Attributes with BMS ID and xPath 

Packaging Label Guide 

Approved WRs for release (Aug 2024)

GPC to Context Mapping 3.1.29 (Sept 2024) May GPC publication 

Delta GPC to Context Mapping 3.1.29 (Aug 2024) May  GPC publication 

Migration Document (Oct 2024) Updated 

GS1 GDSN Unit of Measure per Category (Aug 2024)

Unchanged for 3.1.29

Local Code List (LCL) Page

Deployed LCLs 

GS1 GDSN Module by context 

Warning Messages Presentation (Mar 2024)

Flex Extension for Price commentary (Dec 2018)

Any questions

We can help you get help you get started using the GS1 standards

Contact your local office